Governance Reform’s Impact on M&A And Corporate Finance Deals

By Todd B. Pfister, Edwin D. Mason and Gary Levinson

After being in a slump for three years, the level of merger and acquisition (M&A) activity seems to be picking up as the U.S. economy improves. Today, however, with public companies – and a growing number of private companies – adopting tighter corporate governance practices, the rules for all M&As and other corporate finance deals have changed dramatically.

The characteristics of those changes were examined at a breakout session titled "Governance Reform’s Impact on M&A and Corporate Finance Deals" during Foley & Lardner’s 2004 National Directors Institute (NDI).

Todd B. Pfister, a partner in the Chicago office of Foley & Lardner, told attendees that many M&A deals today are subject to the regulations found in the Sarbanes-Oxley Act of 2002 (SOX). SOX is regarded as perhaps one of the most comprehensive federal corporate governance laws ever adopted. The provisions cover not only public-to-public company deals, but also extend to acquisitions of a private company or division of a public or private company by a public company.

For both acquiring and target companies, the two most relevant SOX provisions are Sections 302 and 404.

Section 302 requires both the CEO and CFO to certify in every quarterly or annual report filed with the U.S. Securities and Exchange Commission (SEC) that they:

• Are responsible for disclosure controls and procedures

• Have evaluated the effectiveness of the controls and presented their conclusions

• Have disclosed to the audit committee of the board and to the auditors any significant control deficiencies and acts of fraud

• Have indicated significant changes in internal controls

Section 404 requires corporate managers to:

• Accept responsibility for effectiveness of the company's internal controls over financial reporting

• Assess the controls regularly and evaluate their effectiveness using suitable control criteria

• Prepare a written annual assessment of the effectiveness of the controls

• Have independent outside auditors attest to the effectiveness of their assessment

• Disclose any material weaknesses in the controls

Under Section 404, management's assessment and the independent auditor's report thereon must be included in each annual Form 10-K most publicly traded companies file with the SEC. The Form 10-K provides a comprehensive overview of the company’s business and financial condition.

NDI program attendees, including many who were contemplating M&As and other financial deals, wondered how much money and time would be involved in complying with those provisions.

Costs associated with achieving compliance must be factored into the transaction model and overall investment decision. Even private target companies that are currently exempt from most SOX provisions should consider complying to increase their marketability to public acquirers. Acquiring companies need to consider:

• How the rules apply, depending on the type of company that is being targeted and the planned transaction structure

• What the relevant target company characteristics are, including the complexity of the business entity, whether its systems are centralized or decentralized, and the complexity of its accounting processes

• An assessment of the target’s ability to comply with Sections 302 and 404, including time and cost, as well as suggested due diligence

• The impact on transaction agreements

The time required for completing due diligence depends on whether the target company's controls are well-documented. If they are, it could be assessed in a relatively short time frame and would be relatively easy to do. If not, it could take 500 to 1,000 hours, or even longer. It is recommended that companies considered to be a target begin preparing for this type of scrutiny of their internal control processes and related documentation.

The SEC has acknowledged that, in the case of a material acquisition, it may not always be possible to conduct the required assessment within the time frame between closing and year-end reporting. Therefore, it has granted management a one-year "reprieve" for including the internal controls over financial reporting of the acquired business in its assessment. This reprieve is subject to the following disclosure requirements:

• Identify the acquired business and disclose that management excluded such business from its report on internal control over financial reporting

• Indicate the significance of the acquired business to the consolidated financial statements

• Disclose any material change to its internal control over financial reporting due to the acquisition

If compliance of the combined company is not possible within one year, the buyer should consider the possible grim results.

Mr. Pfister suggested the acquiring company’s management meet with the target company’s officers and its audit committee to request that the target complete its controls assessment between the time the transaction is signed and its closing date, and request updates to ensure the timeline is being met.

In addition, he recommended that the buyer seek indemnification from the target for controls work that must be conducted, emphasizing the importance of completed thorough representations and warranties in the following areas:

• Financial statements

• Quality of internal controls

• CEO and CFO certifications

• Any loans to executives and directors

• All legal proceedings

• Timeliness and completeness of SEC filings

"However," Mr. Pfister said, "these alone are not enough" to ensure compliance. There is no substitute for thoughtful, well-focused, and thorough due diligence.

Using a fictional case study of a public company listed on the New York Stock Exchange, Inc., offering to buy another public company listed on The NASDAQ Stock Market with a probable closing in the fourth quarter of 2004, panelist Gary Levinson of Deloitte & Touche LLP took attendees through a series of hypothetical questions. He is partner in charge of his firm’s Central Sector Mergers and Acquisitions Practice.

Question 1 – Since the target had to restate earnings for fiscal year 2002 because of possible weakness in its internal controls, what kind of due diligence issues arise under SOX?

Answer – These internal control problems raise the stakes for compliance and should therefore be a focus of the due diligence process.

Question 2 – The target company has foreign subsidiaries and joint ventures. In addition to traditional financial due diligence, what else should the buyer do to comply with SOX?

Answer – Assess the target’s SOX compliance plans and the likelihood of bringing its efforts up to the required standards of internal controls expected by the buyer and within the required time frame. Strive to understand the target’s processes and procedures, and estimate the associated costs and man-hours.

Due diligence efforts should include the foreign operations, as these subsidiaries are part of the consolidated financial statements and the related internal controls within the scope of management's assessments and the auditor's internal control attestations.

Joint venture investments should be evaluated to consider whether the controls will have to be evaluated. Generally, for equity method investments, the evaluation of the controls resident at the entity is not required. Mr. Levinson suggested retaining local professionals, ideally those with an understanding of the target company’s operations.

Question 3 – What concerns should the acquiring company have over the target’s lack of effort in complying with the internal controls provisions of SOX Section 404?

Answer – Be aware that the internal control problems could still exist, and the costs and required effort of making them compliant could be significant. The target’s problems will increase the nature and extent of the buyer’s due diligence, and they increase the risks that could develop after closing. Any material weaknesses in the target company’s internal controls identified after the one-year "reprieve" cannot be corrected to avoid an adverse opinion, nor can they be tested retroactively.

To protect its interests, the buyer should impose focused, rigorous due diligence and require, as a condition to close, that the target complete specified actions in the area of internal controls evaluation by the closing deadline. It should consider seeking indemnification from the target for controls issues and problems that surface after the closing.

Panelist Edwin D. Mason, chair of the Business Law Department in the Foley & Lardner Chicago office, urged buyers to closely examine these issues early. "You could have bankers looking skeptical if you don’t have all your documentation in place." The principal focus of his practice is mergers, acquisitions, and public and private capital formation transactions.

Question 4 – What special timing concerns are there in closing the deal in the fourth quarter of 2004 under SOX?

Answer – The SEC has acknowledged that, in the case of a material acquisition, it may not always be possible to conduct the required assessment within the time frame between closing and year-end reporting. Therefore, it has granted management a one-year "reprieve" for including the internal controls over financial reporting of the acquired business in its assessment. This reprieve is subject to the following disclosure requirements:

• Identify the acquired business and disclose that management excluded such business from its report on internal control over financial reporting

• Indicate the significance of the acquired business to the consolidated financial statements

• Disclose any material change to its internal control over financial reporting due to the acquisition

Question 5 – Can the buyer rely on the integrity of the target company’s prior SEC reporting and audited financial statements?

Answer – If the transaction were a hostile one, it might compel greater reliance on SEC filings without other due diligence. Even if the target company had been SOX compliant, practically it is not desirable to rely entirely on the former auditor’s attestation.

Question 6 – Are there any special contract provisions with SOX implications that should be included in the merger agreement?

Answer – In addition to requiring a completed controls assessment as a condition to closing, and seeking indemnification or purchase price reduction to cover the cost of completing necessary controls work, the buyer should consider two other provisions: First, add or amend representations and warranties to cover SOX issues. Second, include SOX non-compliance problems in the definition of a material adverse condition. "Sit down with the target’s counsel," Mr. Levinson suggested. "Beef up the agreement with more warranties and indemnifications. Arm-wrestle over the closing conditions."

Question 7 – If SOX non-compliance is discovered between the signing of a merger agreement and the closing, what are the consequences? What can the buyer do to protect itself?

Answer – The buyer should consider including the SOX non-compliance problems in its definition of a material adverse condition. This type of non-compliance could require a significant investment of time and money to remediate effectively. It could also adversely affect management’s ability to report on the combined companies’ internal controls for financial reporting and its auditor’s internal control attestation. The rules of the Public Company Accounting Oversight Board (PCAOB), which was created as a result of SOX, do not permit an "except for" opinion.

Question 8 – What are the consequences of discovering SOX non-compliance after closing?

Answer – Once the deal closes, it becomes the buyer’s problem. In addition to the adverse effects involved in the combined company’s SEC filings, it could also reduce the credibility of its management in the marketplace. That could adversely affect the company’s stock price, deal valuation, and marketplace reputation. It could also result in personal liability for executive officers.

Question 9 – How would these issues and concerns differ if the target were a private company? A larger public company? A foreign corporation with U.S. operations? A division of a large public company?

Because few SOX provisions currently apply to private companies, it is likely even greater due diligence would be involved. Such a company would probably not have addressed controls within the perspective of Section 404.

This type of target would likely understand Section 404 requirements and be on the same compliance timetable as the buyer.

Assuming it is not a foreign SEC filer, the target might not be required to comply with SOX. In such a case, required due diligence would be greater. Differences in business cultures, as well as applicable laws and related auditing standards, could further complicate internal controls evaluation.

The quality of the controls at the division could depend on the relative materiality of the division to its parent, which could make it more difficult for management and auditors to feel confident enough to make assertions and attestations. This type of transaction may also require a transition services agreement, because the buyer might need to rely on the seller for guidance after the closing. The buyer should consider the impact of this on its ability to assess and test external controls over the acquired business.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.