A records management checklist for mergers and acquisitions

Information governance due diligence is key to avoiding surprises

Many companies have stepped up their merger and acquisition activity, but an area often an overlooked by M&A teams is records management. Assessing a target acquisition’s record management and information governance program can avoid potential surprises, smooth the integration and ultimately increase the value of the acquisition.

“We acquired one smaller company and only later found out about a number of significant compliance problems around their record retention,” an associate general counsel for a financial services company recently confided. “Had we known about these problems, we would have not done this acquisition.”

Furthermore, poor records management practices from an acquired company can hamper efforts to smoothly integrate the acquired business. One general counsel from a manufacturing company reported: “Upon completion of the acquisition, we received several truckloads of documents from a warehouse they used for storage . We had no idea what was in the boxes or which business units they came from.”

Other potential issues also can occur with electronic records. Integrating records management into your M&A process can help provide a better understanding of what types of information may exist in various repositories and how that information will need to be mapped, not only for ongoing business operations but also from a retention management perspective. Furthermore, many mergers are driven by the acquisition of intellectual property. The ability to unlock the value of this IP is dependent in part on the quality of the acquiree’s record, document, and source control systems. It is a mistake to assume that the engineering division, for example, has all of their design documents in a single application or centralized server. Key records could exist on local laptops, in cloud storage locations or on systems not supported or known by IT.

Companies should carefully assess their acquisition targets’ records management and information governance capabilities and risk as part of the due diligence process. A good place to start is to develop M&A records management checklists, such as this one:

  1. Understand the current M&A framework, plan and checklist requirements. Start this process as your M&A team is being formed.
  2. Establish a preliminary records management project plan and schedule with your core team. This plan should address steps for integration of records and information into the newly combined entity. Collect and document any enterprise of departmental records management policies, schedules and procedures. Access records management organizational structure, risk and compliance or audit findings related to records management policies.
  3. Identify both onsite and offsite paper storage locations. Be sure to ask about remote locations and even local storage rental lockers. Assess whether these facilities have current box inventories and have a process for routine deletion of older documents.
  4. Develop a high-level map of where electronic information resides, and on what types of systems.
  5. Ask for an inventory of all current and legacy backup tapes. Also be aware of other removable media that may exist such as large inventories of CDs/DVDs or microfiche.
  6. Document anticipated legal and compliance risks including active litigation/investigations, information on legal holds and preservation of custody. Review the current legal hold processes and documentation supporting these holds within the target company. Ensure these processes are consistent with current legal standards. Identify any current litigation that could be put at risk for ineffective discovery. Also investigate any history of regulatory compliance issues related to production of information.
  7. Consider any special transfer requirements for the protection of sensitive, private, confidential and personal information. These requirements are particularly important for operations overseas. Identify any potential compliance conflicts for migrating data from countries with restrictive privacy requirements. Likewise, assess for intermingled privacy information.
  8. Understand potential custodians and locations of intellectual property , what format it is stored in and how accessible this information is to others. This documentation can be key both in leveraging existing IP, as well as defending ownership of IP against claims.

Sophisticated M&A teams include records management, privacy and e-discovery specialists as part of the due diligence team. It is important that this team assess the gaps, and understand the risks these pose as well as how much of an impediment to combining the organizations. While no potential acquisition will have a perfect information governance program, you want to avoid surprises.

Key Takeaways

  • Record compliance and discovery risk have the potential be hidden liabilities within acquired companies.
  • Good information governance practices may be key to unlocking the value of acquired intellectual property
  • Create a record management and information governance checklist as part of your due diligence process
  • Consider including information governance professionals on your M&A team
  • It is unlikely that any acquisition target will have full compliance. Assess your risks and ability to remediate issues.

 

Legal Information Is Not Legal Advice

Contoural provides information regarding business, compliance and litigation trends and issues for educational and planning purposes. However, legal information is not the same as legal advice -- the application of law to an individual or organization's specific circumstances. Contoural and its consultants do not provide legal advice. Readers should consult with competent legal counsel for professional assurance that our information, and any interpretation of it, is appropriate to each reader’s particular situation. Copyright © Contoural, Inc. 2013

Join the Conversation

Advertisement. Closing in 15 seconds.