Answer ... As mentioned in question 2.1, only limited due diligence is undertaken in public M&A transactions. The comments in this section are therefore principally focused on private M&A transactions.
Before legal due diligence is carried out on the target, it is important to ensure that the legal team has a good commercial understanding of the target, how it is structured and its principal counterparties. Often, this can be achieved by a review of the information memorandum prepared in relation to the target.
(a) Commercial/corporate
In ordinary commercial due diligence, a buyer will take steps to understand the target’s ‘material’ contracts, based on a commercial assessment of the target’s business. The buyer should diligence contracts which:
- contain any unusual or onerous terms, or are of an abnormal nature;
- are not on an arm’s-length basis;
- are long term (or from which the target cannot easily extricate itself);
- cannot readily be performed by the target; or
- may result in a financial loss to the target.
As a consequence of Brexit, a buyer should also obtain information on the target’s supply chain, to understand:
- the extent to which the target is in compliance with the new UK-EU regulatory regime (and the steps that need to be taken if not); and
- whether any tariffs may apply to the target in connection with the export or import of any products, goods or services in which it is involved.
Brexit will continue to have a material impact on UK businesses that trade with or sell services to EU-based individuals and businesses, and this will be a major focus of due diligence for the foreseeable future.
(b) Financial
Financial due diligence will usually be conducted by reporting accountants to the buyer, and will typically analyse:
- audited accounts;
- management accounts;
- financial control systems;
- accounting policies (including revenue recognition); and
- tax (including corporation tax returns and UK value added tax returns).
The reporting accountants will produce a financial and tax due diligence report, which will accompany the legal due diligence report prepared by the buyer’s counsel.
(c) Litigation
Legal due diligence will examine any pending, threatened or actual litigation in relation to the target. This could relate to:
- disputes with customers or suppliers;
- employee disputes or litigation;
- regulatory disputes – for instance, with the UK Financial Conduct Authority if the target is a regulated financial services business or the UK Information Commissioner’s Office where there has been a breach of data protection legislation; or
- tax disputes with Her Majesty’s Revenue and Customs (HMRC), the UK tax authority. In recent years, HMRC has taken a more activist approach, and therefore the requirement to diligence past or current tax disputes between a target and HMRC is becoming more prevalent.
(d) Tax
Tax due diligence is normally carried out as part of the financial due diligence on a target. The main focus will be to determine whether the provision for taxation in the target’s accounts have been correctly prepared.
For a company within the charge to UK tax, this will cover corporation tax, as well as matters such as the Pay as You Earn System (under which employers must deduct an amount on account of the income tax and national insurance contributions due from employees) and withholding tax obligations on payments of interest and other sums to third parties.
In addition, it will be important to determine whether there are any particular features of the target’s tax position that might indicate potential issues in the future. For example, if the target has entered into a transaction that has been subject to disclosure under the Disclosure of Tax Avoidance Schemes Rules, this may be a material consideration to take into account when assessing how likely it is that the target may be involved in litigation with HMRC.
The due diligence process should also seek to ascertain whether there are features of the target’s tax profile that depend on specific rulings or concessions that may (or may not) survive a change of ownership. An example of this might be a transfer pricing agreement entered into with one or more tax authorities around the world.
If the target forms part of a broader group, the due diligence exercise may also want to consider the position of other members of the group. While the United Kingdom does not have a general rule of fiscal consolidation, the normal position is that each company is responsible for its own tax position – there are some exceptions to this rule. For VAT purposes, members of a group do have joint and several liability, so that if the target is leaving a VAT group, the position of the other members may need to be taken into account.
(e) Employment
Employment laws and practices change frequently in the United Kingdom, often as a result of updated guidance from the courts, and this is especially likely to be the case in the coming years following Brexit.
At the time of writing, UK-specific employment due diligence employment-related issues include the following:
- understanding any issues relating to and the support available to employers under the UK’s Coronavirus Job Retention Scheme (or ‘furlough’ scheme, as it is commonly referred to);
- considering the historic approach to holiday pay and what is included when calculating it (following a series of cases relating to commission, overtime and other variable pay);
- clarifying whether any contractual enhanced redundancy pay entitlement exists, which may bind the buyer in the future; and
- establishing whether any employee or worker requires permission to work in the United Kingdom and ensuring that copies of relevant documents are held if so.
The Transfer of Undertakings Regulations (TUPE) are likely to apply in private M&A deals structured as business purchases, which can create considerable additional obligations and limitations for the parties. One of the consequences of TUPE applying to a transaction is that an information and (in some cases) consultation process must take place with transferring employees in advance of closing. In transactions involving a significant number of employees, that process can take a number of weeks and should be factored into the deal timetable.
(f) Intellectual property and IT
IP due diligence should ascertain the extent of the registered and unregistered intellectual property that the target either owns or relies upon to carry out its business. The target will often provide the buyer with a schedule of all such intellectual property and the buyer will then take steps, as far as possible, to verify that information. The buyer will also take steps to ascertain that the target is properly licensed to use any third-party intellectual property that it relies upon, and to understand the terms and limitations of such licences (including any required royalty payments).
Following the United Kingdom’s exit from the European Union, as from 1 January 2021, there are certain specific rules in relation to the registration status of EU intellectual property in the United Kingdom. On 1 January 2021, the UK Intellectual Property Office created comparable UK IP registrations for all registered community designs, international designs, registered EU trademarks and international trademarks that were protected at the end of the transition period. The new UK rights are treated as if they had been applied for and registered under UK law (with protection from the original priority date). A buyer should ensure that for any applications which were ongoing at 31 December 2020, separate applications have been made to register such rights within the United Kingdom, as comparable rights will not be automatically created if the registration had not completed prior to that date.
As regards IT, a buyer will want to ascertain the extent of any IT relied upon by the target in order to perform the business. This is especially key to understand whether the target is reliant on any IT that it does not own (and again, to understand the terms on which such IT is licensed to the target).
If the target sells services or goods that heavily rely on certain software, then ideally the target will own such software. As such, the buyer should ensure that the target does own the software (and that any rights of creators of the software, who may be employees or consultants of the target, have been properly assigned to the target company). The buyer should also check whether such software is reliant on any open-source software, for which specific licences and rules apply.
(g) Data protection
The buyer should take steps to conduct due diligence on the target’s compliance with applicable data protection laws.
The target must keep records of its data processing activities and should also have accurate records of any data breaches. The buyer should be comfortable that it understands the extent of the data processing activities carried out by the target, including:
- the data that the target processes;
- the subjects of such processing; and
- the legal grounds on which the target relies to carry out such processing.
The buyer will want to understand the extent to which the target transfers any personal data internationally. Transfers from the United Kingdom to any country outside of the European Economic Area (EEA), which is not identical to the European Union, will require additional safeguards, as set out in the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. For a period of four months (with a possible further extension) following the United Kingdom’s withdrawal from the European Union, personal data transfers from the EEA to the United Kingdom can continue without further safeguards, provided that the United Kingdom continues to apply its existing data protection regime without amendment (in brief, that the United Kingdom continues to apply the terms of the EU GDPR legislation).
The buyer should be satisfied as to whether it needs to implement any additional safeguards for any international data transfers and, following the expiry of the interim period mentioned above, may need to make further provision based on whether the United Kingdom has become subject to an adequacy decision by the European Union.
(h) Cybersecurity
Cybersecurity due diligence has assumed greater importance in recent years, particularly in view of the reputational and financial damage caused by attacks/loss of data, including the powers of the relevant authorities to issue fines. For example, the UK Information Commissioner’s Office (ICO) recently issued a fine of £18.4 million to Marriott following a data breach affecting Starwood hotels which occurred prior to Marriott’s acquisition of Starwood, but which only came to light after the acquisition. The ICO noted in particular that Marriott had failed adequately to diligence Starwood’s systems prior to the purchase.
Typically, appropriate due diligence in this area involves both legal and technical reviews of security and data policies and issues relevant to the target’s business/sector. Where initial responses raise any red flags, security experts may need to be employed to scrutinise target systems/data.
(i) Real estate
Real estate due diligence should ascertain the extent of owned and leased real estate assets that the target relies upon to carry out its business. Diligence in this regard will obviously depend on whether the target is ‘asset-lite’ as opposed to ‘asset-rich’; and clearly, real estate due diligence will be much more involved for the purchase of a physical retail business as opposed to, for instance, a technology business.
The buyer will be provided with a schedule of all such real estate assets and will then take steps, as far as possible, to verify that information. This will include:
- reviewing the United Kingdom’s Land Registry official copies and title plans, and any leases and ancillary documents (almost all properties in the United Kingdom are registered with the Land Registry other than short-term leases);
- undertaking due diligence searches in relation to each of the properties. These searches are comprised of searches from the local municipal authority and various utilities providers, as well as specialist search providers that can supply ‘desktop’ environmental and flood searches (the latter being an increasingly important issue given climate change); and
- obtaining replies to specific and detailed property pre-contract enquiries (Commercial Property Standard Enquiries) from the seller.
The objective of such due diligence will be to establish:
- that the target owns or validly leases the properties;
- that there are sufficient rights to access and service the properties;
- that there are no covenants or other matters that might affect the use of the properties;
- that planning/zoning consent exists for the use of the properties without any unacceptable conditions;
- that there are no environmental matters that might affect the use or costs of operating the properties (eg, energy efficiency, flooding or contamination); and
- the extent of liabilities and costs relating to each of the properties (eg, rent and service charge, rates).
It is usual for the legal due diligence to be accompanied by surveys of each of the properties by a qualified building surveyor, who will prepare a report to the buyer on the physical condition of the properties and other associated matters. The surveyor will usually want to review the results of the legal property due diligence and buyer’s counsel should also see a copy of the surveys to ensure that any matters raised by each are covered by the other.