Pre-acquisition due diligence is critical in M&A work

By Tom Fox2018-04-04T10:00:00+01:00

No comments

Most compliance practitioners did not focus on the pre-acquisition component of mergers and acquisition due diligence until after the release of the 2012 FCPA Resource Guide by the Justice Department and Securities and Exchange Commission. As was made clear by the FCPA Guide and the subsequent Opinion Release 14-02, however, engaging in robust pre-acquisition due diligence can go a long way toward helping a company avoid FCPA liability.

Of course, if your company merges with an entity that was violating the FCPA and continues to do so, it is no longer it who is violating the FCPA but now you.

Recent reports on cyber-security breaches, however, also demonstrate the business reasons for engaging in robust pre-acquisition due diligence from the cyber-security perspective. Businesses more fully understand the higher risks of cyber-penetration from outside; whether through third parties or through acquired entities. They are, therefore, managing these risks more robustly.

The theft of customer data is on the forefront of many companies these days, but cyber-theft can also include such information as intellectual property and software code. Loss of a company’s crown jewels can lead to a catastrophic economic loss. Some of the areas of inquiry include review of cyber-security policies and procedures, training of employees, interviews with key employees around cyber-intrusions, and other similar risks.

If there are gaps in cyber-security, it can negatively impact the financial value of the transaction. ADP Security Chief Roland Cloutier has said from his perspective that it could “kill the deal” if data was exfiltrated from a target company. Even if it does not kill a deal, a cyber-security issue can drastically lessen the value of a transaction, such as the reduced price that Verizon paid for Yahoo.

The bottom line is that pre-acquisition due diligence is becoming more and more critical, far beyond the financial perspective—from the compliance perspective to the cyber-security perspective to infinity and beyond.

Topics

No comments

Article
Carreyrou at TPRM: Theranos warning signs were there, but partners failed to spot them
2020-09-18T22:26:00Z
John Carreyrou explained to third-party risk professionals at CW’s TPRM Virtual Summit that the mistakes made by Theranos’s business partners were entirely preventable—had they done their proper due diligence.
Article
Compliance official key to Comtech sanctions penalty
2020-09-18T16:36:00Z
The alleged actions of an export compliance official are at the heart of “egregious” apparent OFAC sanctions violations by New York-based Comtech Telecommunications Corp. and its wholly owned subsidiary regarding sales in Sudan.
Article
Brockmeyer at TPRM: Regulator expectations for monitoring third parties
2020-09-17T16:52:00Z
Former chief of the SEC’s FCPA Unit Kara Brockmeyer shared what regulators are looking for when they assess a company’s relationship with its third parties at Compliance Week’s TPRM Virtual Summit on Thursday.

No comments yet

You're not signed in.

Pre-acquisition due diligence is critical in M&A work

Topics

Related articles

Carreyrou at TPRM: Theranos warning signs were there, but partners failed to spot them

Compliance official key to Comtech sanctions penalty

Brockmeyer at TPRM: Regulator expectations for monitoring third parties

No comments yet

Only registered users can comment on this article.

Membership exclusive: Carnival compliance case study

Pre-acquisition due diligence is critical in M&A work

Topics

Related articles

Carreyrou at TPRM: Theranos warning signs were there, but partners failed to spot them

Compliance official key to Comtech sanctions penalty

Brockmeyer at TPRM: Regulator expectations for monitoring third parties

No comments yet

Only registered users can comment on this article.