Photo by Eviart/Shutterstock.comTechnology Compliance Considerations in International Acquisitions
It is crucial to obtain a clear understanding of the pre-existing IT infrastructure at the time of purchase.
December 01, 2017 at 12:05 AM
5 minute read
When a company is considering expanding into international markets, growth through mergers or acquisitions is an obvious consideration. Acquiring a pre-existing foreign company provides a ready-made starting point for operations with an established history in the market, but also comes with risks to a U.S. company that cannot be overlooked. While there are many business and legal considerations in making such an acquisition, there are two core areas of technology oversight risks that should always be top of mind: accounting systems and IT infrastructure.
|Visibility Into Company Accounting Systems
Many large U.S. companies are accustomed to having a comprehensive accounting application that provides for effective oversight and auditing from a centralized location. A variety of tools can be used for this sort of oversight, but generally they will allow for review of detailed accounting information supporting general ledger entries in addition to more comprehensive “rolled-up” data. Some will also link to items like receipts or purchase orders related to transactions. In certain parts of the world where U.S. companies might seek to expand, accounting systems may be less advanced and provide a significantly lower level of accessibility. Due to variations from country to country in local accounting requirements, concern with GAAP and other U.S. standards may be completely unfamiliar to a target company. Smaller entities may have an almost completely paper-based accounting system, or they may rely on basic tools like spreadsheets maintained by a company employee rather than the kind of multipurpose application that might be used in the United States.
Understanding how the accounting system in the target company functions, where data is stored, who has access to it, where and how supporting documentation is maintained, and what portion of the information will be readily available to the parent company are all key concerns—a company cannot direct and control activity that it cannot see. Once a good understanding of the pre-existing accounting system has been obtained, post-acquisition integration of that system into the pre-existing systems of the company, including any internal audit function, is a crucial internal control for a U.S. company to put into place. Keeping external auditors apprised of this work is also a key consideration.
|Access to Email and Other Electronic Data
Most U.S. companies have policies and procedures in place for management of email and other electronic data. Generally, those policies include those governing employer access to data, data backup and restoration, systems for creating legal holds, and other similar tools. Outside of the United States, however, the rules may be substantially different. There may be local laws that impact data privacy in different parts of the world that can vary from country to country and can require localization or otherwise restrict transfer of certain data. The policy that an American company has in place may not work in an international location at all, or may require additional steps to become effective. For example, in some countries, unions or works councils may need to be notified or employees may need to consent individually to any use of potentially “personal” data. The forms used in the United States may not be sufficient in other jurisdictions. Moreover, what constitutes “personal data” can vary materially from jurisdiction to jurisdiction. U.S. entities are familiar with protecting personally identifiable health information, for example, but in other countries even a document we would consider to be exclusively “business related” could be “personal” under local law. Data protection regimes in the EU and China certainly are two items to consider.
How does a company prepare for these issues? It is crucial to obtain a clear understanding of the pre-existing IT infrastructure in a company at the time of purchase. A company can ask questions like: How many email domains are in use? Does the company have a data map in place that details what sort of information sits on which server? Where and how is that data stored? What sorts of document retention policies are in place? How many servers are in use and what is located on each of them? What sorts of internal controls are placed on specific hardware use? Do employees use company telephones or is there a bring-your-own device policy in place? It is also important to understand any pre-existing written policies on these issues so that a company can make decisions about any changes to those policies that may be required. A company must also understand local laws regarding these issues and confirm that their preferred approach complies with those laws. It is also key to global inter-operability to find good local counsel on these issues, and to make sure that local counsel is working carefully with your U.S. counsel to harmonize approaches from jurisdiction to jurisdiction.
Thorough due diligence on these issues and rapid integration into parent company policies and culture is important to a successful acquisition. Asking the right questions and obtaining the right advice at the beginning of a transaction can prevent later problems with an acquisition.
Paige Montgomery is a commercial disputes and litigation partner in the Dallas office of Sidley Austin. Her practice involves board and committee engagements in internal and government investigations. She can be reached at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
The Narcissist’s Dilemma: Balancing Power and Inadequacy in Family Law
8 minute readTrending Stories
- 1AI Governance In Practice
- 2Section 1782 Practice Pointers From Recent Decisions
- 3Democratic State AGs Revel in Role as Last Line of Defense Against Trump Agenda
- 4Decision of the Day: Split Circuit Panel Bars Enforcement of Ivory Law's 'Display Restriction' on Antique Group Members
- 5Chiesa Shahinian Bolsters Corporate Practice With 5 From Newark Boutique
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
