How M&A Due Diligence Goes Wrong

Mergers and acquisitions have been a popular growth strategy in recent years, as record-low interest rates and healthy stock market give senior executives ample capital to do a deal.

That being said, plenty of M&A deals still fail. According to Bloomberg, $390 billion in deals fell apart in 2014. In recent years, anywhere from 5 to 13 percent of all M&A deals failed, and some say the rate could hit as high as 20 percent in 2015.

Deals collapse for many reasons, from regulatory disapproval to clashing CEO egos. Most painful, however, is a deal is consummated quickly that later proves to be a mistake.

Perhaps employee cultures clash, the target company is runs afoul of regulators, technologies don’t integrate, or the books were cooked. All are problems that could be sniffed out with proper due diligence, but pre-purchase investigations often miss the mark.

“If you are doing due diligence the same way today that you were five years ago, I don’t think that’s adequate,” says Richard Plansky, executive managing director at consulting firm K2 Intelligence.

Cyber-Security

Start with cyber-security risks that fail to get adequate due diligence. A recent survey by the law firm Freshfields Bruckhaus Deringer found “a worrying level of complacency toward the assessment of cyber-risks during M&A deals.” To wit: 90 percent of dealmakers said cyber-breaches would cut the value of a proposed deal, and 83 percent said a deal might even get canceled if breaches are found during due diligence. But 78 percent also said they don’t look at cyber-risks while performing due diligence.

“We all see how cyber-security might affect an M&A process, either by shifting the value of the target or by breaching the confidentiality of the process,” says Chris Forsyth, co-leader of Freshfield’s cyber-security practice. “Those are ways an M&A process could be derailed, but nobody has quite worked out what the best practices should look like in managing that exposure.”

Companies must also consider the data privacy implications of a deal. Last year, the Federal Trade Commission scolded Facebook following its acquisition of the WhatsApp messaging service. The FTC fired off a letter to executives at both companies, worried that while WhatsApp made certain promises about limits on what data it collects, maintains, and shares, those protections exceeded what Facebook offered at the time. The FTC made clear that post-acquisition, Facebook would be required to preserve WhatsApp’s stronger policies.

“A lot of the laws, particularly non-U.S. laws, are pretty strict in regard to customer data protection,” says Bill Kucera, co-chair of the M&A practice at law firm Mayer Brown. “If your target has a problem, there may be fines, lawsuits, and reputational damage. I’m not suggesting that every deal needs a six figure due diligence review of cyber-security with world renowned experts, but there needs to be a plan.”

Skimping on Research

Another enemy of solid due diligence: time, pure and simple.

“The pressure to close a deal causes a lot of companies to rush through the transactional due diligence process too quickly,” says Dan Wangerin, business professor at Michigan State University who researches M&A trends.

A hurried approach can lead to the mistake of placing too much faith in the information provided by the target. “There can be a reliance on the seller’s auditors, and too much faith put into the quality of the audits they performed,” Wangerin says. “Companies place a little too much faith, and do not push back hard enough, on some of the really important assumptions in their evaluations of the target’s financial statements.”

“If you are doing due diligence the same way today that you were five years ago, I don’t think that’s adequate.”
Richard Plansky, Executive Managing Director, K2 Intelligence

An infamous example: Hewlett-Packard’s acquisition of Autonomy in 2011. The deal valued Autonomy at $11.7 billion, a price many analysts argued was unrealistic. Those warnings proved true. Within a year H-P was forced to write off $8.8 billion of Autonomy's value, accusing its leadership of “accounting improprieties, misrepresentations, and disclosure failures.” The lawsuits and regulatory probes have been flying ever since.

A company may want to retain the services of a forensic accountant to assist pre-deal research, says Sherry Rahbar, a partner with CFO Edge, an M&A consulting firm. An investigative approach to financial records can vet the accuracy of the target company’s financial statements and review existing contracts to gauge the accuracy of stated revenue and expenses, she says. An expanded review can also flag unrealistic budgets and forecasts, unrecorded and understated liabilities, overstated sales, and understated expenses.

A common mistake with pre-deal research is a reliance on simple Web searches to seek out information, Plansky says. “The truth is that all Internet research is not created equal,” he says. The “surface” part of the Web, indexed by Google and others, and visible with a simple search, accounts for only about 20 percent of the whole Internet.

A search through that unsavory “dark Web,” visited via peer-to-peer networks, can find Websites that sell counterfeit goods, diverted products, and perhaps even the valuable intellectual property that sparked a deal in the first place.

KEEPING CORRUPTION OUT OF THE DEAL

The following, from a resource guide for Foreign Corrupt Practices Act compliance published by the U.S. Department of Justice and the Securities and Exchange Commission, offers due diligence guidance for companies taking part in an M&A deal.

Conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions.

Ensure that the acquiring company’s code of conduct and compliance policies and procedures regarding the FCPA and other anti-corruption laws apply as quickly as is practicable to newly acquired businesses or merged entities.

Train the directors, officers, and employees of newly acquired businesses or merged entities, and when appropriate, train agents and business partners, on the FCPA and other relevant anti-corruption laws and the company’s code of conduct and compliance policies and procedures;

Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

Disclose any corrupt payments discovered as part of its due diligence of newly acquired entities or merged entities.
The DoJ and the SEC will give meaningful credit to companies who undertake these actions, and, in appropriate circumstances, THE DOJ and SEC may consequently decline to bring enforcement actions.
Source: Department of Justice.

“A very significant portion of a company’s value is not measured in the physical stuff that they own; it is measured in their intellectual property and it can be quite easy to compromise,” Plansky says. “If you look in forums and see the intellectual property of a targeted company being trafficked or targeted that’s relevant in terms of whether you even do the deal. It can affect the purchase price, terms of the deal, and controls you will want to have in place to protect what you are buying.”

Have a Plan

Kucera urges companies to take their time when developing a pre-deal strategy. “A common mistake is that buyers go into due diligence without a clear plan,” he says. Rather than rely on a static checklist, the approach should be tailored to the needs of the acquirer, the value of the deal, and reflect an appropriate risk assessment of both parties.

In a perfect world, time and cost would be no object, “but we all know that in the real word that doesn’t happen,” Kucera says. “It may very well be that from a rational business decision a lighter touch, or no touch, is decided for a particular topic. It may turn out that it was a bad decision, but as long as it was thought through and rationalized up front it may still have been the right business decision.”

A final, important consideration: Can you defend your due diligence if regulators come knocking? That is an especially important question for any companies dabbling in emerging markets, oil & gas, or other industries prone to bribery, that can trigger Foreign Corrupt Practices Act compliance.

“Buyers are definitely sensitive to anti-corruption due diligence,” Kucera says, “and the government has gone on record saying that buyers who actually do anti-corruption due diligence can be a mitigating factor if it turns out that the target did have some issues that the buyer inherits.”

Next week we will dig deeper into M&A due diligence with a look at technology integration issues that often emerge post-deal. Systems in place to manage finances and accounting, supply chains, and other crucial functions may not integrate as expected, so how can you best assess the internal control and compliance risks that may arise and minimize business disruptions?