<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=289257&amp;fmt=gif">
Sign Up
Log In
Sign Up
Log In


Free Peer Benchmark Analyzer

Securing Confidential Documents During a Merger or Acquisition

Jeremi Karnell
Aug 8, 2017

As a financial advisor, you may be called upon to assist clients during a merger or acquisition. Likewise, your own firm could be acquired or in the process of merging with another. In both cases, parties on both sides of the transaction will need to exchange highly sensitive documents. This data is absolutely necessary for both parties to view and understand in order to move forward with the deal. At the same time, it's the company's most closely guarded information. It's not something that is shared without serious forethought, trust, and legal agreements.

While non-disclosure agreements are standard practice, once a document leaves your possession, you've lost control over it. What happens if the other party stores a copy on a USB stick, only to lose it or have it stolen? Even with an NDA in place, hackers could intercept an unsecured email or stumble upon your data when snooping around the other party's poorly secured network.

There are simply too many potential variables to risk putting your most sensitive data out there, and fortunately, there is a better way to protect your data: using a virtual data room.

How Sensitive Documents Used to Be Secured

Before the advent of secure online storage, physical data rooms were commonly used to exchange the necessary information. Hard and electronic copies of sensitive data were made available by appointment -- and surveillance was constant, either view security guards or surveillance cameras (or both). No copies could leave the building.

Physical data rooms served their purpose, but they were far from convenient. Key participants had to travel to a specific location to examine sensitive data, adding extra time and hassle to the process. The location wasn't necessarily in the same town or state, either, requiring the expense and time requirements associated with overnight travel. Plus, company and external lawyers, accountants, executives, and various assistants often needed to be present.

Why Online File Sharing Services Aren't Quite Secure Enough

Wait, you're thinking, we use an online file sharing service to securely share our files and avoid data loss. While this is an improvement over physical data rooms and unsecured email, it's not a full-fledged solution.

For example, a CEO could share the link with a secretary or paralegal so they can conduct further research and you'd never know it. Did the secretary sign an NDA? Probably not. What if the paralegal prints off a copy and later tosses it in the trash at the law library?

Another problem with using a standard document sharing solution is how these solutions integrate with individual users' computers. Dropbox and OneDrive, for example, can both download documents to a folder on the user's hard disk, synchronizing them in the background. Thus, even if a user name and password is required to access a document online, that same document could be stored on the other party's hard disk without any restrictions whatsoever.

Meanwhile, once these documents leave your control, anything could happen. They could be altered, printed, or shared without your knowledge -- and even if you did discover them out in the wild, you'd have no way of knowing who the responsible party might have been.

Free Webcast

How a Virtual Data Room Better Protects Your Most Sensitive Data

Virtual data rooms are like online file sharing services in many respects, but with advanced security features best suited to protect company financials, capitalization tables, personnel records, and other sensitive merger and acquisition documents.

While different providers have their own unique feature sets, some of the more common features to look for include:

  • 256bit encryption and SSL encryption -- This is a given to prevent hackers from intercepting data while its being transmitted as well as to ensure that your data cannot be viewed by the service provider or any unauthorized individuals.
  • Data backups, file recovery and version histories -- Again, these should be a given but it doesn't hurt to double check to be sure the solution you're considering has a solid backup and recovery system in place to protect the documents you've entrusted to their care.
  • Permissionbased user roles -- Remember the CEO who asked a paralegal to do some research, handing off your confidential documents as part of the task? There are certainly legitimate reasons for involving other trusted staff members in M&A and due diligence processes, but it's smart to maintain control over this. Permission based user roles is a good way to do so. Working with the other party, you can create user roles and assign permissions on your terms as well as enforce other provisions such as restricting printing or requiring an NDA before access is granted.
  • Automatic NDA generation -- Some virtual data room providers can present an NDA to be signed before a user can access a document for the first time. Not only does this help to ensure that all NDAs have been signed, it also puts individuals on notice that the data they are accessing is highly sensitive and should be treated as such.
  • Audit logs -- With user roles, you have a complete audit trail that documents all access to your data. For example, you can see who viewed a document, when they viewed it, and for how long along with other activities such as whether they printed the document.
  • Restrictions -- What if you could prevent users from sharing or printing your documents? You can with several virtual data room providers. Each file can be restricted based on your preferences and the individual user roles you've set up. For example, you may want the CFO to have full access to your financials including the ability to print hard copies. Meanwhile, you may prefer to restrict midlevel managers to view only and prevent secretaries and administrative assistances from accessing those documents completely.
  • Watermarks -- Watermarks add yet another layer of accountability to your confidential data. For example, if a document is printed, a prominent watermark can make it clear that the document is confidential and not to be shared. Moreover, some watermarks will include the individual's name who printed the document, putting individuals on alert that they will be held accountable for mishandling the document.
  • Revoked access -- What happens when a key participant from the other party leaves their company? Rather than relying on the other company to repossess company issued laptops and storage devices, you can simply revoke access to your virtual data room. Likewise, individual access can be revoked once their tasks have been completed, ensuring that data is protected from casual snooping. 

How Financial Services Firms Involved in Mergers and Acquisitions Can Benefit from a Virtual Data Room 

Virtual data rooms are relatively inexpensive on a per-month basis, often costing just a few hundred dollars per month. You'll likely find that the monthly fee is much less than manning a physical data room for your clients, and you may be able to include the cost of the service into your client fees.

By providing a secure, virtual, and deeply controlled private data room for M&A documents, your clients will see just how much you value confidentiality. This further builds trust, a quality you must earn over time. It can also set your firm apart from other firms.

The increased security and audit trails enhances transparency and accountability throughout the process. Again, as you share detailed reports showing how has accessed each document and what actions they took, your standing as a trusted advisor only improves. You may also be able to provide additional insights based on the other party's actions. For example, if the other party interacts with the M&A documents frequently and for long time periods, this could indicate serious interest in the offer. On the other hand, a quick 5-minute glance at a document or two over the course of several weeks could indicate a lack of interest.

Modern virtual data rooms tend to be user-friendly and easy to use. They're typically intended to be used for short-term projects like mergers and acquisitions, due diligence, and audits rather than for routine interoffice collaboration. However, if you're working with high net worth clients and Fortune 500 companies, providing the highest level of storage, access, and security could give your firm an edge.

As with any cloud-based service, choosing the right solution requires time comparing features, benefits, and costs. Trial versions are generally available, allowing you to try each service before you commit to one for a merger or acquisition.

More articles related to: M&A

Subscribe by Email