The Mask of Today’s M&A Digital Complexity -- January 11, 2007 (Also appearing in the MBA NewsLink)
After the deal has been announced, the three most chilling words the markets, customers, and employees can hear are “We sincerely regret…” What usually follows is an announcement on future directions, missed synergies (i.e., revenues, profits, or achievements), or increasingly common, is the announcement of “unexplained or inadvertent disclosure” of corporate information or “digital assets” including customer or privacy records.
With today’s multifaceted M&A challenges, the securing of digital assets and their future usage must be an overriding concern for project teams and executives alike during post-deal efforts. Traditionally, these assets are commonly sheltered from disclosure by stringent systems and application controls under the watchful eye of highly skilled employees and stringent processes. However, with today’s widely dispersed and readily available data services and aggregators, existing protections may prove insufficient when dealing with the often chaotic M&A integration events.
M&A post-deal integration efforts are often marked with employee downsizing, reorganizations, and consolidations creating the potential for intentional or unintentional digital asset dispersion and disclosure. These leaks not only damage the brand or reputation of the company; they can have lasting negative impacts with customer relationships, market acceptance of new products, runoffs, and even find their way repeatedly into news headlines heightening the concerns. For those individuals who put “the deal” together, they begin to assess the impact to their investment resulting in further, often reactionary, actions.
So what can be done, really done, to safeguard the digital assets during the “shifting sands” of post-deal M&A activities and organizational commotion? The “Mask of Digital Complexity” is comprised of six fundamental components each with a unique but interdependent architecture that compliments the others.
- Security and Protection: Supported by the adoption of “hazard, maps,” M&A teams need to leverage the existing best practices, actions, techniques, and management disciplines to increase all levels of risk-warranted safeguards and restrictions. Minimally, these actions need to be extended beyond the M&A organizations and include trading partners, aggregators, and outsourcers.
- Corporate and Customer Privacy: This category of protection should be comprised of three distinct segments 1) Customer and corporate requirements, 2) Privacy management, and 3) Collection techniques. By adopting a holistic framework, the M&A effort can leverage the already overburdened resources and schedules with integrated efforts and effective lessons learned.
- Regulatory Oversight and Audits: As some of our organizations know first hand, often times the governing rule of law or enforcement is not just about the guidelines, but about the “spirit of the law.” Therefore, significant diligence and continuous improvement must be put in placed on required information and reporting guidelines across very diverse systems of record. Expert guidance from compliance teams and Chief Risk Officers will be mandatory as costs and needs are mapped against business concerns, M&A process integration, and technology diversity.
- Data Collection and Storage: Depending upon the geographic “footprint” of the enterprises being integrated and the prior strategies adopted, the ability to extract, map, transform, and populate post-deal processes, applications, and infrastructures can be very problematic. The recoverability and protection of these assets during the post-announcement can severely strain budgets, outsourcing arrangements, system availability, and tempers just for starters. “Virtual” technology solutions for securing informational assets may be an answer if the organization promotes and adheres to process rigor and discipline.
- Application and Management Systems: This area is the most common of the six categories and one that is the first to be addressed by integration teams. The challenge and opportunity for improvement frequently centers on licensing, maintenance, and resource costs. Implications of this effort which are seldom addressed includes the recoverability, migration, storage, compliance, and retention of legacy information needed for integrated reporting, legal defense, and shareholder actions.
- Principles, Policies, and Procedures: While well known, the selection of these within a post-deal M&A environment implicitly determines key aspects of the corporate culture, operating risks, and management philosophies. The intrinsic value of these principles, policies, and procedures if properly done can be incorporated into rules-based systems and automated decision making (from macro to micro). Without these the rationale driving definitive implications cannot be consistently determined resulting in fragmented efforts and continual restart and rework.
It should be noted that depending upon organizational offerings, additional categories may be required. Regardless, it is very common that only one or a couple of these categories are addressed in the hurried M&A post-deal environment. These fragmented actions result in an inability to sustain improvements, implement best practices, and a false sense of security. Often times, it is months after the M&A transaction closes that inconsistencies or inappropriate actions are discovered contributing to expensive and lengthy retrofitting.
Regardless of the inherent risks of post-deal M&A events, rest assured that these pitfalls will not lessen the enthusiasm of those seeking deals. Niccolo Machiavelli in the sixteenth century gave the best reason why we continue with M&A events, “Never was anything great achieved without danger.” Alas, it truly comes down to achieving the proper risk to reward supported by varying levels of preparedness. So, how does your organization measure and mitigate risks for your M&A’s post-deal digital assets?
For 2008 MBA entries, click here