Rena Verma discusses trends in recent M&A activity and the growing assignment of Chief Transformation Officers to oversee the integration of various functional and operational units, along with the continued development of Integration Management Offices to ensure day-one readiness.
CCBJ: What trends do you see emerging from recent M&A activity?
Rena Verma: M&A activity stayed strong in 2019 from large acquisitions and strategic divestitures to smaller bolt-on acquisitions. Although from a year-on-year growth standpoint the activity cooled slightly this year in the U.S., the overall value remained stable as large scale, multi-billion-dollar deals in the pharmaceuticals sector, media and aviation dominated the news cycle. As an example, CBS-Viacom announced its merger recently which would form one of the largest media companies in the world. In the pharma sector, there is Bristol-Myers Squibb’s acquisition of Celgene. Also in the pharma sector, there was an announcement by AbbVie of their acquisition of Allergan. So, there is significant activity, and a lot of it is in health care and pharma space with some notables across industries in highly litigious sectors from an information governance perspective. We are also seeing not only an increase in the deal size, but also an increase in their scope and complexity. To make sure the post-deal integration is executed as smoothly as possible requires a cross-functional team made up of the best talent from the two merging companies. To lead the transformation and set the company on a path to harness the strategic objectives behind the deal, organizations are allocating dedicated resources, setting-up an Integration Management Office (IMO) and bringing external resources to assist with what is called Day-One operational readiness.
What is an integration management office (IMO)?
An integration management office is typically set up by the CEO or the COO, who appoints a Chief Transformation Officer to oversee the integration of various functional and operational units across the two companies. The central IMO sets up sub-IMOs for each major function in the company, such as Human Resources (HR), to make sure that payroll and critical HR and employee information is accessible and integrated on day one of operation of the combined company. Finance, another major function, needs to do its own integration.
There is the Information Technology (IT) function which needs to integrate everything from email to information in various business systems; and the Sales function and R&D if the organization relies heavily on research and new product development for its sales pipeline. These primary functions tend to dominate the resources from an integration standpoint. Legal, Compliance, Data Privacy and Security and relatedly Records and Information Management functions are becoming increasingly important due to changing regulatory landscape (think he focus on various privacy regulations in the EU, and recently, the U.S.) and the associated reputational harm from non-compliance. These issues fall under the umbrella of Information Governance. More recently we are seeing a cross-functional sub-IMO to identify a list of priority information governance initiatives from a legal, compliance, data privacy and security both for pre-deal due diligence and post-deal integration for going live as the combined company.
Essentially, the IMO is the overseer of the various integration activities across the organization and serves as the focal point for issue resolution, prioritization of initiatives, and securing budget and resources for integration activities.
What information governance considerations are important to strengthen the risk posture of the new organization?
There are a few key areas that the stakeholders from legal, compliance, and data privacy and security need to focus on during pre-deal due diligence of the acquisition target as well as post-deal integration to mitigate the risk and cost associated with the deal. One of the top considerations in data privacy and security is to understand the data privacy framework and policies and the applicable laws and regulations at the target company, then there is contract intelligence and analysis to understand the acquisition target’s relationships with its customers and vendor partners. Then there are legal holds and data preservation considerations as well as intellectual property (IP) information that needs to be merged, brought over or separated. And finally, the teams need to make sure that the companies and IMOs have the right resources to support the various information governance initiatives.
Can you elaborate on some of these considerations and how organizations can address them?
While there is pre-deal due diligence required to evaluate the merits and risks of the deal, I will focus on post-deal considerations from an information governance perspective. Regarding data privacy, it has taken a life of its own in the last couple of years with the advent of the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA), which has sparked a broader conversation around the need for a national privacy law in the U.S.
So whether a transaction involves HIPAA, GDPR, the CCPA or any other data protection laws, organizations must assess and mitigate risk relating to personal data. It is critical to understand the flow of data at the target company – what information is received through what sources, what is done with it, where and why it is stored, for how long, who has access to it, as well as what is the data privacy framework at the company and have there been any data breaches in the past, and how they were addressed. Ideally, a company with a robust data privacy framework will have a data inventory and a data map that answers many of these questions and makes it easier to merge the data map of the two companies in order to take action to maintain compliance with various applicable data privacy regulations. For example, if the parent company did not previously do business in the EU but as a result of the merger will now be doing business in the EU and will come in possession, custody or control of data for EU citizens, it must now position itself to be compliant with the General Data Protection Regulation (GDPR). To assist with the information governance aspects of data privacy and security, the IMO should consider hiring specialized expertise in these areas which typically is outside the scope of the M&A transaction lawyers.
Regarding contract intelligence, in order to optimize and harness the value of the deal, deal teams are engaged in analyzing the acquisition targets’ contracts with its customers and vendor partners. This can be a daunting task considering that few organizations have a centralized database of contracts, let alone the technology to search for and identify necessary information in a short amount of time to facilitate decision making regarding the value of the deal. To identify this type of contractual information they should consider leveraging outside technology providers and experts who can utilize sophisticated artificial intelligence (AI) algorithms and custom workflows to quickly collect and synthesize the information across hundreds of contracts.
Moving on to legal holds and data preservation. When companies merge, the legal team needs to assess the litigation profile of the acquisition target. For any active matters that will be brought over as part of the acquisition or separated as part of the divestment, the law department needs to identify lists of custodians and data sources that are on litigation hold and will need to make arrangements for continued preservation of the data subject to the litigation hold. Typically, in-house e-discovery teams, in conjunction with the paralegals and legal-IT business partner, can address this. For organizations with complex active litigation, setting up a dedicated legal IMO to coordinate various data preservation activities with cross-functional resources at the parent and the target company is advisable. The legal IMO would also need to coordinate with data privacy stakeholders to understand the regional and local regulatory landscape as well as cross-border data transfer limitations to address ediscovery related data preservation and production obligations of the combined company or at the company that is being divested.
Then there are IP protection considerations. From a post-deal information governance perspective, divestitures don’t always get the same attention as acquisitions. When a company divests, it is critical for the parent company to separate its IP from departing network servers and other data sources that may contain critical business information and trade secrets. Stakeholders in various regions need to collaborate on creating workflows for identifying files, folders and systems that contain IP in order to separate documents and data for removal from the divesting company.
What are the benefits of bringing in advisors to support the transaction? And can you share some of your tasks, projects, stories or case studies?
As with any project, it is important to have the right expertise to do the job right, and it becomes even more important when the stakes are high. Information Governance professionals specializing in data privacy and security, legal technologies and electronic discovery have the expertise to address the areas we just discussed. One of the key benefits is the deep industry and regulatory experience that external experts bring to the table as they have a vast knowledge of how different companies in different industries are handling similar mergers and can hit the ground running quickly. Another benefit is that in-house teams are often stretched thin supporting the day-to-day work so bringing outside experts can supplement the in-house team with the right expertise right off the bat.
They can also help create a long-term roadmap for transformative projects such as system and process upgrades to meet the new needs of the merged company and can staff to scale.
As an example, I am reminded of a large healthcare and pharma merger.. The company was divesting a few of its businesses to other companies while it was acquiring a big piece of business from yet another pharmaceutical company. The deal had a lot of moving parts and they had brought me and my team in to put together a project plan that covered various information governance workstreams. We served as an extension of the legal department, championing their interests with the information governance and records management, IT, HR, and the business units.
How can your organization reduce the burden on in-house teams during a merger acquisition or divestiture?
Companies engaged in an acquisition or divestiture need to look at whether they have the right resources to support integration and separation activities. Do they have the resources to quickly respond to these four areas – data privacy, contract intelligence, IP protection, legal holds – or do they need to bring in external support and secure sponsors and budget for the integration activity? Outside experts can support in-house teams by developing workplans, defining roles and responsibilities, identifying the technology and tools to assist with data intensive activities and provide experienced resources to staff the IMO. Bringing in experts like those at FTI Technology also brings industry specific expertise to the integration management office which can be a huge advantage in a deadlines driven environment when you are trying to integrate or divest companies in a specific industry.