Due diligence is a necessary part of any M&A transaction. This process can be an exhaustive deep dive into the target company’s history. In some cases, the buyer wants to assure itself of certain highly confidential and sensitive aspects of the target’s operations and assets. We most commonly see this arise in relation to proprietary software and source code, customer lists, executive compensation, and the risks become most acute where the buyer and target are competitors.

Exposing this information creates certain major risks for both parties.

Most obviously, if the deal falls apart, the target could have enabled or even created a formidable competitor with a unique view of the target’s strengths and weaknesses, strategies and assets. On the other side, the buyer who walks away could struggle to prove that growth in lieu of purchasing the target was built on something other than misuse of the former target’s confidential information.

As such, it is in the interests of both parties to carefully consider when and how to exchange this kind of information. The roadmap starts with the assumption that the parties have a standard non-disclosure agreement.

1. Consider the Timing

Closing is not the only significant event in a deal. There are a number of key inflection points that parties can use to determine the best time to share. Financial data is often shared prior to getting to a letter of intent (LOI) – a document that gives, in a non-binding form – the key business points of a deal. After an LOI is signed, diligence usually kicks off in earnest. Counsel for the parties begin drafting the deal documents. As those documents develop, the parties should see an ever-reducing set of issues and an ever-growing confidence that the deal will close. Ironing out certain key disconnects can be a trigger for parties to share information like customer lists.

2. Consider the Scope of Diligence

Diligence is an expensive process for both parties and limits the speed the deal can proceed. Further, technical diligence such as a source code review can be even more costly and time-consuming. Therefore, it benefits the buyer to determine what information is necessary either because it mitigates risk or speaks to value. This kind of strategic diligence reduces deal costs. In addition, if the deal does not proceed, a buyer does not have the opportunity to, nor can be accused of, misusing information that it never received. With that said, strategic diligence sometimes remains an extensive deep dive in order to ensure that the buyer can get comfortable.

Further, the buyer could use other methods to protect its investment and thus limit the scope of its diligence requests. Comprehensives representations and a solid plan for recovery in the event of breach, such as a large escrow account might be able to bridge the uncertainty when certain aspects of the target company are not available for diligence.

3. Consider the Method

Best practice is to exchange diligence using a secure data room. When exchanging highly sensitive information, additional functionality can help control information flow. Different members of the deal team can be provided different scope and levels of access. Generally, there should be a match between the information provided to each individual and their role in the transaction.

As an extra level of protection, the buyer may agree to form a “clean team” – a select group of individuals who will review information on behalf of the buyer and provide analysis without actually disclosing the information. Generally, the members of the clean team will enter into an enhanced non-disclosure agreement that usually limits both what the clean team member can disclose to the wider deal team and prevents the clean team member from participating in activities competitive to the target. 

A buyer may decide to use a group of its own employees as a clean team, but the buyer will need a large pool of candidates to choose from. Each clean team member needs sufficient expertise to analyze the information. Further, the buyer must have no intent to use that clean team member in future activities that, if the deal falls apart, might compete with the target. Lastly, there may be regulatory restrictions on who may participate in diligence – certain of the buyer’s corporate officers, for example, may be precluded.

In the alternative, buyers can engage third parties to perform this function. It is not uncommon for buyers to use external consultants to run audits of source code, particularly to identify open source elements where the target’s value is primarily driven by proprietary software.

The success of a clean team is dependent on a solid and enforceable clean team agreement that is then stringently followed in practice. There is no point, for example, forming a clean team if the highly sensitive information is then available to the entire deal team.

Procopio routinely assists with deals that involve highly sensitive information. We create pragmatic information sharing strategies that allow our clients, whether on the buy-side or sell-side, to effectively complete the due diligence process while maintaining as much protection as possible. Reach out if we can assist you in your next deal.