Flying Blind with Compliance and Risk Management
Tech assets that have been designed in a vacuum of compliance and risk management often fall into the “bad” asset category. Design constraints, metadata collection, or regulatory requirements must frequently be incorporated from the beginning of a project. When things go really wrong, they can taint an entire asset or business. Understanding these potential risks begins with diligencing the culture of compliance and risk management – or lack thereof.
To be clear, this doesn’t mean that you need to start with the headcount for compliance or legal departments. There are plenty of high-quality, valuable assets built without a full team of attorneys or a Chief Risk Officer. What’s most important is that the people who designed or developed technology or data products had an appreciation for risk management and regulation. While compliance and legal departments can certainly help, most risk is generated by the individuals making daily decisions about what features to build or what data to collect.
Traditional diligence approaches often identify some elements of this “cultural awareness,” like product design documentation, risk registers, or related policies and procedures. However, there is no substitute for technical diligence on the infrastructure, source code, data, and machine learning models. Even the best-intentioned policies and procedures cannot guarantee that software or data does not run afoul of regulatory frameworks like GDPR, HIPAA, or ITAR. While many of these topics may be covered in purchase agreements, acquirers do best to identify these issues before closing. Even when these risks don’t sink the deal or result in price adjustments, the parties can begin working towards risk mitigation or rep and warranty disclosures.
Making Strategic Strategic Acquisitions
Companies looking to make a strategic tech acquisition should go into negotiations with a clear assessment of where the technology assets actually stand. It’s easy to jump to thoughts of what the future could look like with the acquired technology or data, but acquirers should ensure that their hopes of the future are backed up by the actual state of these assets. If the diligence supports the hopes, then the outcome is “YAY! A great strategic acquisition!” If the diligence suggests that there are serious issues with the technology (whether technical, legal, or another high-impact area), then the outcome might look more like “Yikes! We dodged a bullet” or “Let’s talk numbers.”
One company’s tech trash may be another company’s treasure. Just make sure you look inside the treasure chest before you buy it.
Our technology due diligence services arm potential acquirers with the information needed to determine whether an acquisition is actually strategic, the state of the tech assets, and where to focus their negotiating budget. In some cases, an acquisition is beneficial, even if the tech assets are less than ideal or expose the acquirer to risk – the important factor is having this information prior to negotiating deal terms so that the valuation and reps and warranties are aligned with actual risk.