Due Diligence: Recognizing And Assessing Risk In Uncertain Times

Tuesday, January 1, 2008 - 01:00

Ken Yormark


Investments go sour; mergers become unglued. When significant business decisions go seriously wrong, corporate decision-makers can expect shareholders and regulators to demand explanations. They will want to know whether a failed investment resulted from genuinely unforeseeable developments or a lack of due diligence.

"Due diligence" is not just a catch phrase for lawyers and business school graduates. Nor is it a synonym for "audit," despite the importance of financial and accounting considerations. Due diligence is a legal standard and a professional or business process of investigating, verifying and evaluating information that is material to making decisions about the acquisition of a significant asset or investment. Due diligence does not eliminate risk or guarantee results, but it plays an important part in recognizing and managing risk. And although due diligence analyzes risk in prospective terms, it can be used as a legal defense when errors and unfortunate choices are subjected to retrospective scrutiny in court.

Long a staple of merger and acquisitions practice, due diligence has grown to cover additional transactions, such as the acquisition of real property, intellectual property or securities. It also has evolved beyond a straightforward review of a target company's financials or obligatory search for regulatory skeletons in the corporate closet. In the current environment, due diligence might employ focused analyses of foreign regulatory environments, international supply and distribution networks, industry-specific market conditions, litigation exposure, pension and benefit funding, loan performance and virtually any other business, legal or financial issue that could affect the outcome of a transaction.

Buyer Be Wary

For those who don't believe that due diligence is essential, it may help to recall some business disasters that could have been prevented by proper due diligence. The most infamous example, perhaps, is that of the venerable U.K. engineering equipment firm, Ferranti Ltd. When Ferranti acquired U.S. defense contractor International Signal and Control (ISC) in 1987, it must have looked like a good catch. That is, until Ferranti learned ISC's CEO had doctored the books, filling them with fake contracts and accounts receivable. Worse, Ferranti also discovered - far too late - that ISC's real business was illegal arms sales.

Ferranti's collapse under the weight of ISC's debt and misrepresentations was a clear lesson for organizations around the world: Due diligence requires an examination that goes to the substance underlying a company's books and records. But just how far below the surface should such an investigation go?

The extent and type of diligence that is due depends on the purpose and nature of the transaction. Clearly, different risks and opportunities are involved in acquiring an existing business in another country, a global marketing partner, an undeveloped construction site, or full patent rights to a new web-based technology, which should be reflected in the due diligence strategies adopted. And due diligence is not the exclusive domain of those on the buyer's side of the equation; sellers also need to protect themselves, particularly when making a sale in stages or contemplating future payments based on performance or funding.

More complicated transactions, such as mergers and acquisitions, place the greatest demands on those performing due diligence investigations. Just becoming familiar with the books and records of a large company can be a challenge. When a time crunch is added to the mix, it may be more expedient to turn to the expertise of the target company. Increasingly, presale due diligence is being performed by the targets of mergers and by businesses actively seeking a buyer or major investor. Due diligence performed by the entity being sold or acquired speeds up the process considerably, presenting internal information that an unassisted buyer might not find easily.

Of course, relying exclusively on a seller's representation is a risk itself, which may or may not be reasonable. Even when a seller guarantees the reliability of due diligence analysis, the buyer who does not investigate the seller's history and ability to make good on its guarantees may find its reliance was misplaced. Similarly, a seller may find it is later accused of misrepresentation, even though it had intended only to assist, rather than replace, the buyer's due diligence.

Still, when buyers attempt to perform due diligence on their own, they may overlook critical information, especially when the vendor is in a different industry or jurisdiction from the buyer. These pragmatic concerns have contributed to the popularity of third-party experts in due diligence. Ironically, choosing an independent specialist requires a certain amount of diligence as well. Does the third party have sufficient expertise in the relevant markets, regulations, technologies and industry? Does it have a good track record and reputation? Has it presented a clear strategy? Are its rates reasonable? In other words, is it a good overall fit for the purpose and parties?

Congress: The Ultimate Due Diligence "Enforcer"

Regardless of who actually performs the due diligence for a transaction, there are certain corporate undertakings that require an extra layer of caution. Most notable for their imposition of strict standards and liability are the Public Company Accounting Reform and Investor Protection Act of 2002 (more commonly known as the Sarbanes-Oxley Act) and the Foreign Corrupt Practices Act (FCPA). Each of these two federal laws has considerable impact on acquisition and merger activities. Given the fact that all publicly traded companies must comply with Sarbanes-Oxley and that any business, even a privately held one, is subject to the FCPA, the number of organizations affected by one or both of these acts is enormous.

Sarbanes-Oxley, passed in the wake of stunning corporate scandals early in the decade, requires corporate officers to certify the accuracy of their company's internal controls and financial disclosures. The certification requirements carry both civil (Sec. 302) and criminal (Sec. 906) consequences.

Once a merger or acquisition has occurred, the CEO or CFO of the acquiring or new entity must certify the controls and accuracy of the newly combined entity by the end of the first quarter in which the transaction was completed. Without substantial due diligence prior to the acquisition, it can be nearly impossible for corporate officers to so swiftly certify the new entity. As might be expected in the Sarbanes-Oxley era, acquiring companies are no longer willing to proceed without the confidence provided by a comprehensive due diligence investigation. Aware of the new realities, target companies have become, by necessity, much more cooperative in such investigations than they were in less-regulated eras.

Would Ferranti have been able to avoid its "crash and burn" with the ISC deal if it had applied due diligence standards encouraged by Sarbanes-Oxley? Perhaps. Even if the same flagrant misrepresentations were made, a due diligence investigation that included verifying the status of major customers, suppliers and vendors could have revealed the fraud early in the game.

Foreign Interests, Without The Intrigue

The FCPA seeks to prevent any U.S. business from engaging in corrupt activity in foreign countries. It applies not just to businesses with offices or facilities in foreign countries, but to those that engage in business activities abroad via independent agents, such as sales representatives. Activity by brokers, affiliates, marketers, agents and joint venturers are all included within the accounting and anti-bribery provisions of the FCPA. What makes the FCPA so important to mergers and acquisitions is that violations and liability for improper acts are inherited by the acquiring company.

Recognizing and avoiding corruption and bribery for purposes of the FCPA is not as simple as might be expected. The underlying intent of the act is to prevent bribery of government officials for the purpose of gaining a commercial advantage. In some countries, it may not always be clear who is or is not a government official. This is especially true in countries where the state owns or operates some or all businesses.

The result is that some activities completely legitimate in one country are deemed illegal when they take place in another country. For example, wooing company executives with a lavish weekend retreat may be an effective and legal marketing campaign in Japan. Promote a company or product the same way in China and it may be a criminal violation of the FCPA. Similar limitations apply directly to certain industries, such as defense and aerospace, where companies contract directly with national governments.

Other violations of the FCPA can be disconcertingly mundane. For instance, the accounting provisions prohibit any mischaracterization of employee expenses. As an example, this means if an agent or employee mischaracterizes travel expenses by attributing entertainment expenses to the cost of car rentals, the company is in violation of the FCPA.

When the inherited liability of the FCPA is combined with the self-reporting and certification requirements of Sarbanes-Oxley, it should not be surprising to see more companies voluntarily reporting violations of the FCPA discovered through the due diligence phase of mergers and acquisitions. Staggering fines already have been imposed on some well-known companies. In March 2005, Titan Corporation, a defense contractor, agreed to disgorge profits and pay penalties totaling $25 million. Just one month later, Tyco International agreed to pay fines and penalties exceeding $50 million for violations committed in Brazil and by an affiliate in South Korea. With increasing globalization of markets, FCPA violations will continue to be rigorously pursued by regulators - and uncovered through due diligence.

Obviously, Sarbanes-Oxley and the FCPA are only two, albeit major, legislative incentives to undertake due diligence in the area of mergers and acquisitions. Other legal and regulatory considerations drive due diligence practices in other contexts. Antitrust laws continue to shape the targets of mergers and acquisitions, environmental laws can considerably affect the choice of building sites, and violations of OSHA regulations may conceal the true cost of business operations. Also, no one should forget the countless state and local laws that affect labor, construction and taxation.

An Ounce Of Prevention

Ultimately, due diligence is a process that enables critical decisions to be made in an informed manner. It is a straightforward concept with an often complex execution, but in the end, it is all about simple common sense. After all, who would want to make important decisions without a full picture of costs, benefits, risks and potential problems? Compared to the penalties that can be inflicted by the marketplace or prosecutors, the efforts of due diligence appear to be a very sound investment.

Ken Yormark is Managing Director with Protiviti, which provides financial investigation, litigation consulting, due diligence, e-discovery and computer forensic services.

Please email the author at ken.yormark@protiviti.com with questions about this article or Protiviti's litigation support services.