In owner-operated lower middle market businesses below $10 million in EBITDA, the founder is rarely just a leader — they are the operating system of the business. Standard operational due diligence, designed to evaluate documented information, systematically fails to surface this. The key-man risk you don't find in the data room is the one that destroys post-acquisition value.

Every diligence checklist has a section on key-man risk. It asks about customer concentration, management depth, and whether the business is overly dependent on any single individual. It's a standard question, and most sellers have a standard answer: they've built a strong team, the business runs well without them, there's depth in the organization. In the lower middle market, that answer is systematically overstated — and in owner-operated businesses below about $10 million in EBITDA, it's frequently not true at all. The founder or owner isn't just a leader. They are, in many cases, the operating system of the business: the living repository of customer relationships, pricing logic, institutional memory, and judgment calls that never made it into any policy document. You won't find that in a data room.

Standard diligence is designed to evaluate documented information: financial statements, contracts, employee records, customer lists. It's very good at surfacing what has been written down. Standard operational due diligence frameworks are rarely designed to surface what hasn't. What it systematically fails to surface is the degree to which the business depends on things that exist only in the seller's head. Who approves the exceptions to standard pricing? Who knows which customers need extra lead time and why? Who understands why a particular product mix is more profitable than the margin analysis suggests? Who manages the vendor relationship that keeps the business out of allocation? In most lower middle market acquisitions, the answer to each of these questions is a variation of the same name.

Operational concentration risk: the degree to which a business's institutional knowledge, customer relationships, and pricing logic exist only in the seller's head — the dimension of key-man risk that systematically fails to surface in standard operational due diligence.

Why Standard Diligence Misses Operational Concentration Risk

We were deep into diligence on a business in the specialty food manufacturing space — healthy margins, recurring revenue, a production team that had been together for years. During management interviews, we started asking a simple question: if we needed to understand how X works, who would we call? The answers were revealing. Pricing decisions: the owner. Key customer accommodations: the owner. Which vendors to call when the primary supplier had an issue: the owner. The historical context for why certain product lines had been discontinued: the owner. By the end of the management interview process, we had drawn what we started calling the dependency map — a visual of which operating decisions flowed through which people. The owner sat at the center of almost every thread. The business ran well because he ran it. The question was what it would run like without him.

How Key-Man Risk Should Change Your Deal Structure

This discovery — a textbook post-merger integration risk — didn't kill the deal. It changed the deal structure and the post-merger integration plan substantially. We built in a longer earnout tied specifically to operational milestones — not just revenue, but documented handoffs. We structured a twelve-month overlap with the seller in a defined advisory capacity, with explicit deliverables: pricing model documented, top twenty customer relationships transitioned with account history, three key vendor relationships formally introduced with context. We also moved fast to identify which members of the existing team could absorb each of those functions, and we started investing in them before close. It worked, but only because we caught it in time to plan around it.

This is one of the most systematically underdiagnosed failure points in lower middle market operational due diligence: key-man risk is identified too late to be addressed in the deal structure, and the transition plan is built around a gap that was visible during diligence.

The question we now ask in every management interview session is some version of this: if the seller took a three-month sabbatical starting tomorrow — no phone, no email — what would break? If the honest answer is anything other than 'not much,' you have a key-man problem, and it needs to be in the deal structure. The data room won't tell you this. You have to ask.

Key Framework — Operational Due Diligence

The Three-Month Sabbatical Test

The most reliable key-man risk diagnostic in lower middle market operational due diligence: if the seller took a three-month sabbatical tomorrow — no phone, no email — what would break?

• If the honest answer to the sabbatical test is pricing decisions, key customer relationships, or vendor management: you have an undisclosed post-merger integration failure point, and it needs to be in the deal structure.

• The dependency map — a visual tracing which operational decisions flow through which individuals — should be a standard deliverable in every management interview process.

• Key-man risk belongs in the deal structure: earnouts tied to operational milestones, not just revenue; defined transition deliverables; explicit handoff timelines.