Reducing the Risk of Post-Merger Discovery Surprises in M&A
As companies are bought and sold, legal obligations may transfer with the acquired entity to the purchaser. The transferred legal obligations typically carry with them the responsibility to preserve and potentially produce electronically stored information (ESI) that may become evidence pursuant to a legal or regulatory proceeding. When this potential evidence is in electronic form, someone unfamiliar with the legal matter may see a hard drive as just old hardware able to be disposed of during the transition or an outdated server that may be a candidate for decommissioning.
Hard drives, servers, and other storage devices may store potentially relevant data necessary to meet basic preservation requirements and support or refute the allegations in a matter. During an M&A transaction, the resources responsible for the handling of hard drives, servers, and other sources of information may change as departments are reorganized. Legal proceedings often last many years, and the electronic filesnow deemed to be evidencemay no longer be needed for any business purpose and may be easily mistaken by a new or transferred employee for expired data that can be discarded.
Evidence handling requires certain protocols be followed that are critically important to establish and maintain a chain of custody and the integrity of the data. Specialized experience and knowledge are required to manage the process of transferring evidence given the associated security, confidentiality, and operational considerations.
Individuals inexperienced in handling evidence may be charged with managing hard drives and other data storage during a transition, and may not yet have the required knowledge to discern when information being moved or removed relates to a legal proceeding. If the data is lost, altered, or otherwise compromised, or if information created after the acquisition relating to the proceeding is not preserved, the ultimate outcome of the proceeding may be negatively affected as a result. Companies that assign trained and knowledgeable personnel to manage electronic evidence as transitional changes are made reduce the risk of impairing a legal or regulatory matter due to spoliation of evidence.
Due Diligence Activities
During mergers and acquisitions, the process of due diligence is used to confirm key value drivers and uncover material facts that could have either a positive or negative impact on valuation and, therefore, expected returns. The due diligence process carries additional significance in that, if performed skillfully, it may offer the buyer support in disputes that can arise over undisclosed information.
A comprehensive due diligence process includes an evaluation of the target companys financial, legal, and commercial activities (among others), including information technology, to determine points of risk and value prior to the execution of the transaction. This process provides an acquirer with confidence in the value it ascribes to the target, and a basis for asserting its position on key deal terms and conditions such as representations, warranties, andin certain casestransition services agreements (TSA).
Assigning a value to the level of risk is complicated because it is based upon subjective assumptions. The financial impact of legal proceedings on assessed value is impacted by, amongst other things, the targets level of compliance with discovery obligations, which even under normal circumstances can be difficult to achieve. Compliance by employees unfamiliar with the legal system is challenging even in the normal course of business because it requires building a shared understanding of a complex topic among a large number of people with different perspectives. In an M&A environment, this becomes even more difficult because many of the employees who are relied upon for executing discovery responsibilities may have transitioned into new roles post-closing or may have been separated from the company.
A company involved in a legal proceeding has an obligation to preserve physical and electronic materials that may be used as evidence in the proceeding. Preservation of a true and complete body of evidence, to the extent that it exists, is seen as foundational to the integrity of the legal system. This principle is perhaps best expressed in United Medical Supply Co. v. United States, 77 Fed. Cl. 257, 258-59 (Fed. Cl. 2007), as follows:
Aside perhaps from perjury, no act serves to threaten the integrity of the judicial process more than the spoliation of evidence. Our adversarial process is designed to tolerate human failingserring judges can be reversed, uncooperative counsel can be sheparded, and recalcitrant witnesses compelled to testify. But, when critical documents go missing, judges and litigants alike descend into a world of ad hocery and half measures and our civil justice system suffers.
The obligation to preserve physical and electronic data relating to a legal proceeding is viewed by the courts as being of paramount importance. For example, in a stock deal, this obligation may transfer to the buyer who takes on responsibility for the legal proceeding from the seller. Electronic files often reside out of the line of sight of the legal department during normal business activities because they are in the possession of individual employees or technical personnel and may perhaps lay dormant for years. Because of this, evidence may easily be left behind during a complex or rushed integration. The individuals entrusted with this work should have a solid knowledge of corporate technology systems and processes, a familiarity with technology transformation projects, and an understanding of the requirements for preserving and handling electronic evidence.
The Importance of Specialized Knowledge of Discovery and Technology Transformation
The process of transferring data carries with it concerns relating to security, confidentiality, and technical operations. The data being transferred is likely to be commingled with the sellers information and may require segregation by the seller. The data may also include personally identifiable information (PII) belonging to customers, employees, or individuals corresponding with employees.
This PII may be protected by HIPAA and various state laws in the United States, and by various data protection authorities internationally. This information warrants a secure transfer mechanism, with multiple authentication factors, and may require special consent from the owners of the information if it is to be transferred internationally. The requirements vary by country, state, principality, or other jurisdiction, and overlapping (and often conflicting) requirements must be accommodated. Obtaining direction from local counsel familiar with data privacy requirements is highly recommended prior to moving data internationally.
From an operational perspective, the protocol for preserving evidence changes from the effective date of the transaction through the completion of the integration as the technology environment and process morph. In large transactions, moving tens of thousands of employees from one computer network or email system is not completed overnight, nor are the hundreds of centralized and decentralized applications and data instantly converted and migrated.
Technology integrations are complicated and can take many months, sometimes even more than a year, to complete. During this transition, data sources such as hard drives, home drives, share drives, email platforms, and shared databases change physical locations, are moved to different backup systems, receive different security permissions and retention requirements, are stored on different hardware and managed by different software, or may be subject to disposition.
Keeping preserved evidence intact during a rapid and expansive technology migration is difficult, and should be managed by dedicated resources with knowledge of discovery requirements, and with access to the companys technology and operational environment. Finally, at the end of the transition, the permanent protocols for conducting discovery should be reconciled for consistency with the buyers protocols. Inconsistencies, where appropriate to maintain, should be carefully considered and the decision parameters documented.
Assign Experienced Individuals
Companies engaging in M&Aparticularly in stock deals where the buyer assumes all known and hidden liabilities of the seller, and where significant legal proceedings are in progressare well advised to include an assessment of discovery obligations during the due diligence process. The acquirer should develop a comprehensive plan to integrate the existing set of stored evidence, as well as a protocol for ongoing management of electronic evidence as part of the post-acquisition integration plan. This has the potential to minimize litigation risk and increase the likelihood of realizing the expected value of the deal.
Chris Ruggeri is a principal and the mergers and acquisitions services leader of Deloitte Financial Advisory Services; Bart Siegel is a senior manager in the analytic and forensic technology practice of Deloitte.