Applying Electronic Discovery Principles to Due Diligence in Mergers and Acquisitions

Tuesday, February 6, 2018 by Tom Barce

ma-800x534-e1530270158125

By Tom Barce, VP of Thought Leadership, KLDiscovery; and Steven Frangioni, Director of Fund Accounting, GPB Capital Holdings, LLC

How certain are today’s corporate buyers, sellers and their transactional lawyers that they are leveraging, analyzing and scrutinizing the right data to achieve optimal due-diligence amidst mergers and acquisitions? The break-neck speed of innovation in high-tech markets that is motivating investment is also leading to costly trends in litigation and associated electronic data discovery (ediscovery), which should be a cause for concern and motivate an enhanced approach to pre-sale scrutiny.

Many inherent complications are involved when one company acquires another. There are a whole host of economic concerns along with a number of regulatory hurdles that must be overcome. A similarly difficult challenge involves the handling of electronically stored information (ESI). While mergers and acquisitions (M&A) is a broad term that describes a number of different business arrangements, a typical scenario involves one company purchasing another and taking over its business operations. These types of transactions often require the migration of ESI and integration of at least some systems. In most cases, certain records belonging to the acquired company will be of no business value to the acquirer once the merger is complete, such as promotional materials or quality control records of discontinued products. After this ESI is identified the natural response might be to have it destroyed. At times, document destruction is necessary to mitigate or prevent various risks, such as many forms of fraud, extraneous storage costs or litigious fishing expeditions through trivial, legacy data. Granted, there is usually some records destruction that occurs during a typical merger. The situation is far trickier when you consider that, in many circumstances, the acquired company's legal obligations transfer over to the purchaser. Among those legal obligations is the duty to preserve ESI that may become evidence (and subject to ediscovery) in a particular legal or regulatory matter, hence the risk and complexity involved. Lack of awareness does not necessarily absolve the acquiring company from destruction of ESI, similar to receiving a speeding ticket despite not knowing you were in a school zone.

One important point for both the seller and purchaser to consider is the extent to which the acquiring company views litigation risks in a similar manner to the divesting company, such that it would implement an identical litigation hold.  If not, that specific risk needs to be addressed, perhaps in the agreement of purchase and sale. Second, are the companies making sufficient and appropriate operational arrangements to ensure the litigation holds remain in place during the physical transfer of the assets? The consequences of failure to do so could be the inadvertent removal of litigation holds, and attendant spoliation of evidence.

Due diligence is a critical step and primary factor in the overall success of mergers and acquisitions. Due diligence involves an analysis of the information and documentation that an acquirer wishes to see prior to signing a deal. Typically, a buyer will request to review the financial statements and projections, contractual agreements and other company-specific details of the seller. Due diligence should be both a retrospective and forward-looking process whereby the buyer analyzes the historical performance and the future prospects of a target.

In an increasingly electronic world, the due diligence process needs to involve a discussion about the target company’s materiality threshold for establishing litigation holds, a review of the litigation hold implementation process at the target, an audit or due diligence into the specific litigation holds in place for material matters, workflow analysis of preservations in place, and determination of data collection and a tracing of the collected assets.  In addition, acquiring companies should measure the scope and value of a target organization’s information technology (IT) infrastructure. By evaluating what a company’s IT infrastructure looks like and what the associated costs are, an acquirer should be able to better understand how well the businesses are aligned. Further, the evaluation could provide critical insights into the company’s data management practices. A succinct, well-managed information technology ecosystem is not necessarily easy to accomplish or maintain, yet the relative simplicity or complexity will inform the level of investment or risk being acquired. Consider, for example:

  • Whether the target company will require a significant investment in IT resources to continue to meet growth projections.
  • Similarly, are the current IT assets already optimized and well managed or is there material room for improvement?
  • Simply put, will the acquiring company be able to find, use and profit from the actual information it is acquiring?

Consider the costs, challenges and impacts of any of the following, real-life, data-driven scenarios and how they might be avoided, detected or contained pre-acquisition?

  • A company acquires another organization only to subsequently learn the former executives conducted business on personally-owned devices.
  • Outgoing employees take proprietary data with them.
  • Conversely, a company acquiring certain assets from one organization takes custody of data that is not relevant to the acquired business and subsequently needs to return co-mingled information from dozens of former employees.
  • Historical knowledge related to relevant, legacy systems is lost due to employee attrition.
  • Valuable and proprietary data from legacy systems is not in the same format as the acquiring company’s systems.
  • International subsidiaries maintain unintegrated billing systems.

All of the above scenarios occur more frequently than our readers may prefer to imagine. Of course, these situations can lead to intellectual property disputes, enforcement actions or cost a lot of extra time and dollars to unwind.

A prime example of cause for concern is healthcare private equity (PE). While overall PE deal value fell in 2016, healthcare private equity surged to $36.4 billion in disclosed deal value, the highest level since 2007[1]. With many buyers chasing a limited number of choice targets, valuations continued to rise. Healthcare deal teams at traditional PE buyout funds faced heated competition for deals as new categories of players entered the fray. They included generalist PE investors, technology investors, sovereign wealth funds, pension funds and family offices. That creates an opening for investors to help targets become more competitive in the marketplace through cost-cutting, carve-outs and bolt-on acquisitions.  Meanwhile, the healthcare industry handles some of the most sensitive and valuable private information for their customers and are one of the most heavily regulated industries. Therefore, effective or ineffective information management and maintenance can have far-reaching implications.

As competition in this space increases so does complexity and speed at which the transactions need to close. Carve-outs, bolt-on acquisitions, multiple co-investors, elaborate debt stacks and quick closings (it isn’t unheard of to close in under 30 days) naturally leads to added risk of improperly migrating ESI, destruction of critical documents, lack of in-depth legal due diligence, incomplete system migrations and potential gaps in data integration. The impact of dealing with these scenarios post close can be extremely costly and require an excessive amount of manpower to correct, hence damaging returns on the investment and in some cases so much so the deal eventually fails.

Including thoughtful inquiries about the following can reveal critical risks and opportunities related to acquisition and integration of a company’s most critical asset, which is their data, because it truly contains modern companies’ DNA.

  • Organization of network infrastructures
  • Logical organization of project and department files
  • Cloud-hosted technologies
  • Ownership of information technology assets (computers, laptops, tablets, mobile devices)
  • Policies and employee agreements regarding use of company information
  • Implemented data loss prevention technology

In closing, a thorough understanding of the controls in place regarding ESI and forward-thinking outlook to potential legal, governance, compliance, data preservation and ediscovery risks are crucial for proper due diligence. These can be minimized by drafting appropriate safeguards into the representations and warranties clauses, and to escrow clauses that provide for mitigation of risks, including litigation risks, through contingency funds set aside. In the words of Confucius “A man who does not plan long ahead will find trouble at his door.” A well thought out strategic plan on risk assessment and due diligence will greatly increase the success of the deal.

[1] https://globenewswire.com/news-release/2017/04/19/1010564/0/en/Private-Equity-Investors-Flock-to-Healthcare-as-a-Safe-Haven-Amid-Macro-Turbulence-Pushing-Deal-Value-to-36-4-Billion-in-2016-Its-Highest-Level-in-Nearly-a-Decade.html