Technology Compliance Considerations in International Acquisitions
It is crucial to obtain a clear understanding of the pre-existing IT infrastructure at the time of purchase.
December 01, 2017 at 12:05 AM
5 minute read
Photo by Eviart/Shutterstock.com
When a company is considering expanding into international markets, growth through mergers or acquisitions is an obvious consideration. Acquiring a pre-existing foreign company provides a ready-made starting point for operations with an established history in the market, but also comes with risks to a U.S. company that cannot be overlooked. While there are many business and legal considerations in making such an acquisition, there are two core areas of technology oversight risks that should always be top of mind: accounting systems and IT infrastructure.
Visibility Into Company Accounting Systems
Many large U.S. companies are accustomed to having a comprehensive accounting application that provides for effective oversight and auditing from a centralized location. A variety of tools can be used for this sort of oversight, but generally they will allow for review of detailed accounting information supporting general ledger entries in addition to more comprehensive “rolled-up” data. Some will also link to items like receipts or purchase orders related to transactions. In certain parts of the world where U.S. companies might seek to expand, accounting systems may be less advanced and provide a significantly lower level of accessibility. Due to variations from country to country in local accounting requirements, concern with GAAP and other U.S. standards may be completely unfamiliar to a target company. Smaller entities may have an almost completely paper-based accounting system, or they may rely on basic tools like spreadsheets maintained by a company employee rather than the kind of multipurpose application that might be used in the United States.
Understanding how the accounting system in the target company functions, where data is stored, who has access to it, where and how supporting documentation is maintained, and what portion of the information will be readily available to the parent company are all key concerns—a company cannot direct and control activity that it cannot see. Once a good understanding of the pre-existing accounting system has been obtained, post-acquisition integration of that system into the pre-existing systems of the company, including any internal audit function, is a crucial internal control for a U.S. company to put into place. Keeping external auditors apprised of this work is also a key consideration.
Access to Email and Other Electronic Data
Most U.S. companies have policies and procedures in place for management of email and other electronic data. Generally, those policies include those governing employer access to data, data backup and restoration, systems for creating legal holds, and other similar tools. Outside of the United States, however, the rules may be substantially different. There may be local laws that impact data privacy in different parts of the world that can vary from country to country and can require localization or otherwise restrict transfer of certain data. The policy that an American company has in place may not work in an international location at all, or may require additional steps to become effective. For example, in some countries, unions or works councils may need to be notified or employees may need to consent individually to any use of potentially “personal” data. The forms used in the United States may not be sufficient in other jurisdictions. Moreover, what constitutes “personal data” can vary materially from jurisdiction to jurisdiction. U.S. entities are familiar with protecting personally identifiable health information, for example, but in other countries even a document we would consider to be exclusively “business related” could be “personal” under local law. Data protection regimes in the EU and China certainly are two items to consider.
How does a company prepare for these issues? It is crucial to obtain a clear understanding of the pre-existing IT infrastructure in a company at the time of purchase. A company can ask questions like: How many email domains are in use? Does the company have a data map in place that details what sort of information sits on which server? Where and how is that data stored? What sorts of document retention policies are in place? How many servers are in use and what is located on each of them? What sorts of internal controls are placed on specific hardware use? Do employees use company telephones or is there a bring-your-own device policy in place? It is also important to understand any pre-existing written policies on these issues so that a company can make decisions about any changes to those policies that may be required. A company must also understand local laws regarding these issues and confirm that their preferred approach complies with those laws. It is also key to global inter-operability to find good local counsel on these issues, and to make sure that local counsel is working carefully with your U.S. counsel to harmonize approaches from jurisdiction to jurisdiction.
Thorough due diligence on these issues and rapid integration into parent company policies and culture is important to a successful acquisition. Asking the right questions and obtaining the right advice at the beginning of a transaction can prevent later problems with an acquisition.
Paige Montgomery is a commercial disputes and litigation partner in the Dallas office of Sidley Austin. Her practice involves board and committee engagements in internal and government investigations. She can be reached at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Trending Stories
- 1Class Action Accusing Dave's Killer Bread of Mislabeling Protein Contents Cleared to Continue, Judge Rules
- 2SEC Files Lawsuit Against Elon Musk Over Untimely Twitter Ownership Disclosure
- 3Survey Finds Majority of Legal Professionals Still Intimidated by AI Despite Need to Streamline Mounting Caseloads
- 4FTC Launches Inquiry of Single-Family Rental Home 'Mega Investors,' Issues PBM Report
- 5Womble Bond Dickinson's Wilmington Office Sees New Leadership as Merger Is Completed
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
