Mitigating Data Risk in M&A Transactions

What to Do When a Deal Falls Apart

What happens after a planned deal falls apart? In the process of seeking approval, a wealth of sensitive company information is transferred between entities – from financials to intellectual property. This article explores how a company can properly recover following the dissolution of a merger.

For a company closing an acquisition, it’s a heady time. Months of due diligence, back-and-forth negotiations and organizational strategy gives way to the challenges of integration. But for every company celebrating the next chapter for their business, dozens more are sent back to the drawing board after a potential deal falls apart. This is more common than one might think – if 200 companies hit the deal pipeline, only about 40 will reach the letter of intent stage. Of that 40, just 15 might reach the deal finish line, leaving everyone else trying to put the genie back in the bottle.

Those who are back at the drawing board – whether the deal would’ve been industry-changing or one that simply furthered a company’s goals – all face the same problem. The former buyer – possibly a direct competitor – has just seen a lot of proprietary information. You can’t erase memories, but how can you ensure that they no longer have access to the spreadsheets, financial statements and internal knowledge that are all part of the due diligence process? Data security becomes critical for both the buyer and sellers. The risk of information leaks must be immediately mitigated, particularly if your deal has reached the letter of intent stage – a point in time when vast amounts of sensitive information has been exchanged.

Of course, everyone has signed non-disclosure agreements, but the information is out there and it’s time to eliminate the exposure as quickly as feasible.

This is a proof point in favor of using enterprise virtual data rooms (VDR) built for M&A activity. With robust permissions and security certifications, a VDR becomes the official vault of a transaction, available only to those who have the right access at any given stage of the transaction. As easily as access is given, it can be taken away with a few mouse clicks, slamming the virtual vault door shut on those who once had access.

Prior to the widespread use of virtual data rooms, this was a manual process. Documents were gathered and destroyed by hand. With thousands of documents and often more than a million pages, this was a time-consuming activity largely reinforced only with trust and legal agreements indicating that document access had been eliminated.

Control the Access, Control the Deal

Now, thanks to Information Rights Management (IRM), a VDR with this feature revokes rights quickly, ensuring documents instantly vanish for the party who previously had access. The safety and efficiency this tool provides after a deal crumbles can’t be overstated. In addition to this rapid revocation, IRM supports the electronic destruction of data, protecting individual downloaded documents containing sensitive information from unauthorized access. Once VDR access is revoked, so is the party’s access to any documents – even ones that were previously downloaded are protected in an IRM environment.

Controlled access to critical business data and information management tools balances buyer and seller needs during the transaction period. But if a deal fails, these controlled access tools provided within an enterprise-grade VDR quickly become the seller’s friend, providing several immediate mitigation advantages, including:

• Resource monitoring and auditing: VDRs provide the ultimate document control by allowing you to choose to have all documents viewable only on-screen, leaving no stray print-outs or downloads to worry about. Once the deal is dead, you can revoke those permissions immediately, and former potential buyers have no workaround for post-deal access.
• Robust document security: If you do want to allow a little more document access than just on-screen viewing, controlled access allows the seller’s administrators to establish strict admission privileges on a person-by-person basis. This includes limited print capabilities; on-screen watermarking to prevent image or video captures; accurate tracking of access and usage time; and restriction of file transfers, downloading or copying. If the buyer needs to print something out, their activity is tracked within the VDR, so you know what documents may be unsecured and need to be destroyed.
• Flexible, multi-tiered document access: Not everyone needs to know everything at all times. As certain stages in the deal are met, additional information can be shared by the seller. You don’t have to put everything on the table all at once, and you have ultimate control every step of the way. Should your deal dissolve, you know what documents have been held back and which have been shared, even if they have already been loaded.

Ultimately, the legal contracts, NDAs and other agreements must govern anything that has been printed or downloaded absent IRM protection, or whatever remains in the heads of the buyers. However, with the immediate permissioning (and un-permissioning) capabilities of a robust, purpose-built VDR, you can begin to protect your shared assets as soon as a deal falters.

From Optimism to Ashes — and Back to Optimism

Just because a deal falls apart doesn’t mean you can’t try again.

The VDR that you just worked in with your first buyer can be immediately shared with a new or existing target with no additional work, even months later. No endless copying, courier bills and reams of paper like the physical data rooms of old. Just invite new users and establish new permissions and you are back to the bargaining table faster than ever. The right deal is out there, and a VDR staged for due diligence is the most efficient business tool to have at your fingertips.