Corporate and M&A Law Committee Legal Due Diligence Guidelines

Mergers and acquisitions is a huge market, with thousands of transactions completed every year. Legal due diligence carried out by potential acquirers in order to analyse the conditions of the businesses they intend to buy are standard and frequently involve not only various legal practice areas but also professionals from various jurisdictions. Well-conducted due diligence processes tend to bring clarity to parties involved in transactions, thereby mitigating the risk of litigation post-closing between buyers and sellers, and contributing to successful post-closing integration of targets into acquirers. The objective of these guidelines for conducting legal due diligence investigations in the context of M&A transactions (the ‘Guidelines’) is to provide useful information on topics that are relevant in M&A legal due diligence, as well as practical guidance for conducting well-organised due diligence processes. In this regard, these Guidelines are intended to serve as an overview and baseline to legal practitioners around the world, promoting a broader comprehension of what would be expected by clients and, therefore, helping to improve the quality of due diligence investigations. Within that broader goal, these Guidelines also intend to serve the purpose of providing a document that is of universal application and usefulness, irrespective of specific legal regimes, and identify key principles and a useful methodology for other stakeholders who undertake due diligence outside a classic M&A scenario as a way of identifying and mitigating legal, regulatory and business risks (it being clear that local specificities and requirements need to be taken into account in the context of specific transactions or situations).

1. Why is due diligence important?
There are many reasons why an interested party may want or need to perform due diligence. In the context of corporate or asset transactions, due diligence is an instrument for a potential buyer (and as the case may be for the seller itself) to get more information about the target company, business or assets, its status, potential contingencies and liabilities, thereby enabling the parties to make informed decisions while negotiating the deal. Following completion, the buyer can be helped in its efforts to integrate the acquired business by using the information acquired during the course of the due diligence process. In issuances of securities, a properly conducted due diligence process may be used by underwriters to establish a defence against claims for material misrepresentations or omissions contained in registration statements or prospectuses. In cases of improper corporate conduct, a due diligence investigation can enable a company to reduce its losses, identify the perpetrator, gather evidence for a criminal prosecution or civil trial, and recover losses, among other objectives. In health and safety and related situations, due diligence may help a company or its management to defend themselves against claims filed by harmed third parties. And the list goes on. To summarise, due diligence is generally required or advisable whenever interested parties or managers need to act with care, or be able to demonstrate they have done so.

2. How does due diligence vary depending on the context?

2.1. M&A transactions
In the context of M&A, the due diligence process plays a key role in the valuation of the target by the buyer, and in the structuring of the transaction and the contractual protections needed by the buyer, as well as enabling the potential buyer to gain as much background information possible about the business to be acquired. In terms of substantiating the valuation, the due diligence exercise seeks to find and quantify (as the case may be) material facts, and potential contingencies and liabilities relating to the target company, as well as possible obstacles for the completion of the transaction. Therefore, its scope is usually comprehensive, involving different types of experts and, on the legal side, various areas of practice. At the end of the process, buyers typically expect to receive comprehensive reports describing the target, identifying red flags and helping them to quantify liabilities (when possible) so that they may be able to confirm their interest in the target and properly negotiate the transaction documents with the seller.

2.2. Offerings of shares
In offerings of shares, the legal due diligence process aims to confirm that all relevant information about the issuer, including matters regarding the members of its management team and controlling shareholders, if applicable, is properly disclosed in the offering documents. The scope of the revision requires the involvement of various areas of practice of outside counsel engaged in the offering, which review relevant information, observing certain threshold amounts and periods pre-agreed among the issuer and underwriters through their respective counsel. The range of information to be reviewed depends on the type of business activities developed by the issuer, including mostly information about litigation in general against the issuer, environmental, tax, labour, regulatory, real estate and criminal matters, among others. In addition, a review of the issuer’s key contracts (including those of a financial nature) is essential in order to ensure that the offering will not lead the issuer to breach any of its covenants. Furthermore, the due diligence process conducted in initial public offerings of shares aims to identify possible practices and governance structures developed by the issuer that may be incompatible with the rules and requirements applicable to a publicly held company, allowing legal counsel to propose alternatives to solve any issues that could hamper or prevent the issuer from listing its shares and carrying out the offering.

2.3. Debt offerings and financing transactions
In the context of debt offerings conducted with disclosure documents, the legal due diligence process also aims to confirm that all relevant information about the issuer, if applicable, is properly disclosed, however, with less focus on shareholders and corporate governance structures, and more focus on the overall indebtedness and liabilities of the issuer and its ability to manage its capital structure. In cases of financing transactions or private placement of debt without disclosure documents, the scope of the due diligence review is typically agreed with the banks and creditors involved, with no need for a full-blown due diligence effort. In any case, the scope of review normally has a particular emphasis on financial agreements and instruments, in order to ensure that the offering or financing transaction or private placement of debt will not lead the issuer to breach any of its covenants

2.4. Asset transactions
In the context of an asset transaction, a due diligence investigation is performed on the targeted assets, as well as on the seller with respect to its ability to sell the assets, focusing on potential liabilities that may materialise as a matter of succession, group or joint and several liability. It is worth noting that the analysis of the targeted assets focuses not only on issues of title and regularity but also platform transfer and integration aspects. As far as the targeted assets are concerned, due diligence may generally comprise the analysis of facilities, intellectual property (IP), contracts with suppliers and clients to be assigned, and licences and permits. If the deal is structured as a carve-out, it may be assumed that new licences will have to be obtained by the new owner of the assets. In reference to liabilities, due diligence should cover contingencies that may be attached to the assets involved (eg, environmental liabilities and lack of applicable licences) and those that may adversely affect such assets (eg, material disputes with suppliers or clients, or involving IP). Due diligence on the seller is also of special concern, first, to assure that the seller is in good standing and in a positive financial situation (so as to assure that the transaction will not be subject to challenge by creditors) and second, to analyse contingencies (eg, labour and tax) of the seller that may possibly be inherited by the buyer as a matter of succession or similar concepts provided by law.

2.5. Corporate internal investigations
Internal investigations can be initiated for a variety of reasons, including allegations of corruption, fraud and other improper conduct. A thorough due diligence investigation in these circumstances may enable a company to reduce its losses, identify the perpetrator, gather evidence for a criminal prosecution or civil trial, and recover some or all of its losses. It may also shed light on weaknesses in the company’s control structure, thereby helping to shore up the company’s internal defences against future employee misconduct. Once the factors to be considered are defined, boards of directors, board committees and corporations must decide if they will be represented by the corporation’s in-house counsel or outside counsel. Following that, an investigation plan should be developed: (1) defining purpose and scope; (2) identifying all potential sources of information; (3) determining custodians and employees to be interviewed; and (4) determining forensic accounting work. Prior to the collection, preservation and processing of documents, hold notices should be addressed to the custodians with instructions regarding the preservation of documents and information. The scope of the work should comprise a review of internal documents, data and information, including those of a contractual, financial and/or accounting nature. At the conclusion of the investigation, a final report, in either oral or written form, or both (considering the advantages and disadvantages of both cases), should be developed addressing the background, executive summary, review of the investigation, findings, conclusions and recommendations on appropriate remedial actions, and enhancing of internal controls the company may carry out in order to prevent future violations, following which a decision on whether or not to disclose the report or the findings of the investigation to the relevant authorities will typically be made.

3. What are the main types of due diligence in M&A transactions?

3.1. Legal due diligence
In the context of M&A transactions, the legal due diligence process plays a key role in the valuation of the target by the potential buyer, and in the structuring of the transaction and the contractual protections needed by the buyer, as well as enabling the buyer to gain as much background information as possible about the business to be acquired. Legal due diligence may typically cover corporate, contracts, real estate, environmental, IP, insurance, competition, regulatory, compliance, tax, employment and litigation legal aspects. Legal due diligence is typically conducted by law firms enabled to practice the law of the jurisdictions involved, which tend to play a leading role in the overall due diligence process, coordinating with several other types of experts depending on the circumstances of each case.

3.2. Environmental due diligence
As a precondition to identifying and analysing the relevant legal risks connected with a certain site, factory or product, it is crucial to establish a solid factual basis. This will often necessitate the involvement of external experts (eg, environmental scientists and technical experts), especially when risks cannot be evaluated on the basis of existing documentation, but require on-site inspection. In view of the manifold aspects of environmental investigations, the danger of overstretching the limits as well as the costs and expenses of environmental due diligence is evident. In order to avoid excessive expenditure, the scope of the investigation must always be customised to the context of the transaction.

3.3. Forensic due diligence
Forensic due diligence aims to uncover those risks that if undetected may lead to serious consequences, such as financial damage, erosion of faith in the company and reputational damage (eg, corruption and bribery, tax fraud, forgery, violation of environmental laws and other noncompliance issues). The focus in forensic due diligence is to identify such threats. Forensic due diligence is normally carried out by a forensics firm.

3.4. Accounting/financial due diligence

Financial due diligence, which is typically conducted by financial advisers, contains the investigative financial analysis of a business. In financial due diligence, among other things, the key drivers behind the financial, commercial, operational and strategic position of the target are analysed and validated. Financial due diligence typically includes the analysis of the following aspects of the target: a review of the business plan; historical performance; balance sheet; financial projections; cashflow generators and predictions; working capital; capital expenditure; analysis of the markets, industries, competition and countries; and risk management. Financial due diligence should not be confused with an audit or review of the annual accounts in accordance with generally accepted accounting standards. The scope of financial due diligence is different from an audit. In financial due diligence, the information contained in the annual accounts is typically not verified, unless explicitly stated in the report. Consequently, no opinion or any other type of confirmation relating to the financial accounts or internal control systems of the target are typically provided in financial due diligence.

3.5. Commercial/market due diligence
Commercial (or market) due diligence refers to the due diligence and assessment of commercial factors such as market, competition and external business environment. It helps potential buyers to understand the market segments in which the target operates, the industry and business outlook for its products, key competitors and the effectiveness of its operating model. It can be critical when an acquisition is in a new area for the buyer, and should involve detailed primary and secondary research, as well as interviews or surveys of competitors, suppliers and customers. Commercial due diligence may be carried out by the potential buyer itself, and consulting firms may also be engaged to provide support in specific areas.

3.6. Operational due diligence
Operational due diligence examines core operations, as well as back-office functions to assess current performance and downside risks. It includes the review of a wide range of operational risks across the company, including regulatory compliance, information technology, sales and marketing, operations and accounting, administration, valuation and service providers. It allows for a better assessment of the target and prepares the acquirer for a more effective integration of the business by assessing the state of the target, ability to support future growth, level of investment that may be required and gaps that need to be remediated. It allows management to make informed decisions, while reducing risk. Operational due diligence may also be carried out by the potential acquirer itself, with the occasional support of outside experts.

3.7. Valuation due diligence
Last but not least, great emphasis needs to be placed on disciplined and thorough valuation analysis, which is the key to guiding the negotiation, and structuring a deal in a way that makes financial sense and increases shareholder value. The first step in the valuation process is to establish the market value of the target, without regard to buyer-specific synergies. That provides the buyer perspective on a baseline valuation that the board of the target company might expect to realise in the transaction. It also establishes a reference point by which the buyer can analyse and evaluate how much additional synergy it brings to the table over and above market-level synergy. The next phase of valuation analysis involves assessing what the value of the acquirer will be pro forma for the acquisition. This review is conducted from the perspective of a particular buyer and reflects what the value of the acquisition is to that specific buyer. Acquisition valuation involves the use of multiple analyses to determine a range of possible prices to pay for an acquisition candidate. There are many ways to value a business, which can yield widely varying results, depending upon the basis of each valuation method. Among the most commonly used when valuing a company as a going concern are: (1) discount cashflow analysis; (2) comparable company analysis; and (3) precedent transactions. Financial advisers are often employed to assist potential buyers in valuations.

4. How to advise the seller versus the buyer?
4.1. Advising the seller
While advising the seller, outside counsel must help the client to maintain the confidentiality of its non-public information. Non-public agreements impact the governance of corporations and contain a great deal of confidential information. Even the act of disclosing the names of a corporation’s shareholders may violate their expectation that such information would remain private. A non-disclosure agreement (NDA) should be put in place before non-public documents are shared with the buyer and its counsel. Alternatively, non-public agreements may be shared, but only after all confidential information is redacted.
In order to control costs, if the seller expects to negotiate with more than one potential buyer, a due diligence package should be prepared for distribution to potential buyers or for inclusion in a data room. The initial package would include, without limitation, the constitutional documents of the entity, evidence of the legal existence of the entity, search results regarding pending litigations, and copies of trademark, patent and copyright filings. Once an NDA is in place, a second package should be prepared that includes all documents that affect the governance and financial attributes of the entity, including, but not limited to, finance and security agreements, and all significant contracts between the entity and third parties.

4.2. Advising the buyer
On the other hand, when representing the buyer, counsel must help to ensure that: (1) the buyer receives what it bargains for; and (2) once negotiated, there is nothing that would preclude the transaction from coming to fruition.

To illustrate (1), outside counsel should consider the following: if the buyer negotiates for shares of stock with preferential rights, then their value is less if the seller may issue new shares with greater rights; if a seller’s subsidiary or affiliate is guaranteeing an obligation of the seller, then the guarantee is of limited value, if any, to the buyer unless the guarantor’s expenditure is restricted or the establishment of a reserve is required; and if the seller’s revenues are dependent upon a small number of contracts such that the loss of one or more would be detrimental to the continued existence of the seller, then the business risk must be evaluated.
To illustrate (2), counsel should consider the following: the likelihood of obtaining all requisite approvals from seller’s investors and/or regulatory agencies; whether the structure of the transaction is such that it will trigger the time, expense and distraction of one or more lawsuits; and provisions in, or absent from, the constitutional documents of the seller that make the sale more expensive and time-consuming. If acting for the buyer, should counsel accept the information provided by the seller as true? Alternatively, should it conduct a parallel due diligence review to make sure that the information provided is accurate and none is missing? Should it demand the same level of due diligence with respect to subsidiaries and affiliates of the seller? One must consider the cost and likelihood of potential risks if a parallel review is not conducted or information related to affiliates is not provided. Which party pays the cost? Will a breakup fee or liquidated damage payment offset the time and expense of the negotiation process? Should the buyer’s counsel accept the legal opinion of the seller’s counsel in lieu of some due diligence or should it require an opinion from counsel of its choice? Will representations suffice? When representing the seller, should counsel deny the buyer’s due diligence requests if they are too broad? How much of the time and expense related to due diligence can be shifted onto the buyer? What is the likelihood that the due diligence review will reveal a problem that would be best for the seller to cure rather than having to meet the demands of the buyer as to what constitutes a cure? Should counsel deliver legal opinions or subject the seller to the scrutiny of the buyer’s counsel? Regardless of whether counsel represents the seller or buyer, the exact amount of due diligence required is an ‘art’, not a science. There is no per se ‘rule’. The answer is determined based upon the bargaining position of the parties, size of the transaction and amount of risk at issue.

5. How to define the scope of due diligence and customise the process
to the context?
Defining the scope of legal due diligence is crucial to an efficient process to meet the proposed timetable of the transaction and adapt to buyers’ expectations that relate to the cost of due diligence. Evidently, the scope, details and intensity of the due diligence process should be adapted to the timing, value, materiality and specificities of each transaction, considering also the human resources available for the parties involved. The main aspects to be considered are the type of business the target company operates, the time period the review should comprehend and the context of the transaction. The legal due diligence process will vary considerably from one business to another, and so will the information to be analysed and reviewed. Therefore, the investigation has to be tailored to the business of the target company and respective risks that may be associated therewith. A variety of factors that relate to the business of the target company are typically considered, such as the corporate purpose, business operations, structure, main products, sales format, strategies, and portfolio of customers and main suppliers, among others. Outside counsel expertise in the relevant sector is a valuable asset for defining an appropriate scope and avoiding inefficiencies in the process. As far as the period to be reviewed is concerned, one criterion to be considered is the applicable statute of limitation for third parties to bring claims against the target because, if practicable, the due diligence review should cover the entire period with respect to which liabilities may be outstanding. Finally, the scope of legal due diligence should be adapted to the context of the transaction, thereby insuring that the investigation matches the buyer’s interests in the deal and avoiding unnecessary expenses. For example, if the target is a reputable listed entity (therefore subject to regular public disclosure), then the potential buyer may be able to become comfortable with a narrower due diligence scope than when the target is a troubled private company. In addition, if the seller is financially sound or will provide guarantees, and the transaction documents are pro-buyer, then the potential buyer may need less due diligence effort than in the case in which the seller is in a weaker financial position, will not offer any guarantees and insists on pro-seller transaction documents. Below is a brief description of the various legal areas that may integrate the legal due diligence scope.

5.1. Corporate
Among the objectives of corporate legal due diligence are to confirm that the target is in good standing and the shares to be acquired are free of any liens or encumbrances; to verify the corporate structure of the target, composition of its corporate capital (especially the existence of shareholders other than the seller and their rights) and possible outstanding obligations that the target may have (relating, eg, to dividend distributions); to identify applicable corporate approvals that are required for the consummation of the transaction; to check possible restrictions that may apply to transfers of shares or voting rights; and to assess potential related risks that may affect the target or transaction, as well as to provide inputs for the structuring of the deal itself.
In order to achieve these goals, corporate due diligence typically involves reviewing: (1) the organisational documents and any other relevant corporate documents, including minutes of board or committee meetings, corporate registries and shares certificates (if any) of the target; (2) any shareholders’ or voting agreements and similar documents; (3) corporate reports and any other communications to the company’s stakeholders, as well as press releases and communications to the market (in the case of publicly held companies); and (4) possible other rights and obligations that may still be in force, arising under past M&As in which the target may be involved.
When the target company is a Delaware entity, Delaware law requires some, but not all, of the constitutional documents to be filed and available to the public. In contrast to the rules of other countries, there is no central registration office that maintains all of the constitutional documents related to a Delaware entity. As a result, there is typically the need to obtain certain constitutional documents from the entity itself. If a corporation is at issue, its Certificate of Incorporation is available from the Office of the Secretary of State of Delaware, but its bylaws are not. Nor are other documents that affect the financial and structural aspects of an entity filed, such as shareholder or stock option agreements. If the Delaware entity at issue is a limited liability company, limited partnership or statutory trust, then a notice filing only is typically all that is available from the Secretary of State of Delaware. Although it is possible to obtain a certificate from the Secretary of State of Delaware that certifies the legal existence (ie, ‘good standing’) of a Delaware entity, such a certificate does not address whether or not a Delaware entity can enter into the transaction at issue. A review of the corporation’s bylaws is required because there may be restrictions against, or conditions that must be fulfilled prior to, the ability of the Delaware entity to act.

5.2. Contracts
The first step in contracts due diligence is to identify the contracts that are material to the target company’s business, among commercial contracts, operational contracts and financial contracts. Materiality criteria may include amounts involved and strategic importance to the business from the perspective of the buyer. While reviewing material contracts, in addition to summarising the main rights and obligations, and amounts involved, one must pay special attention to the clauses that may be triggered as a result of the transaction, such as change of control, early termination and penalty clauses, as well as identifying enforceability issues, default situations and other weaknesses that the buyer may need to consider before committing to the transaction. In this regard, if the transaction is likely to breach material contracts, or if there are other issues that would need to be addressed prior to closing so that the buyer may get what it proposes to pay for, then the parties may need to negotiate appropriate conditions precedent to the closing of the transaction, such as the obtainment of third-party consents or amendments to existing contracts, in order to remove any such obstacles.

5.3. IP and privacy
5.3.1. IP
In most companies, IP rights (IPR) form a substantial part of the company’s assets and value, for instance, rights in creative works, like music, audiovisual content, text, pictures or rights in software, data, inventions, know-how, designs, marks, trademarks, or company or domain names. Depending on the industry sector, other IPRs may also be of relevance, for instance, topography rights in computer chips, geographic indications in the food industry or crop rights in agriculture. Usually, a due diligence request list would provide a broad definition of the term IPR. As a starting point, the due diligence exercise should investigate the status quo of the IPR owned or licensed by or to the company, as well as IPR-related risks. It is of the essence to determine whether the IPR can be transferred and whether it has been pledged or is otherwise subject to third-party rights. It must be established whether the use of the IPR would violate third-party rights or whether third parties would violate the IPR and whether there are any opposition procedures or any IPRrelated litigation.The relevant IPR register (eg, for domain names, patents or trademarks) is typically only declaratory; the registered status may differ from actual ownership; this is relevant for the representations (reps) and warranties in the purchase agreement. Priority (ie, for registered rights, the date of application) is essential with regard to older or younger conflicting rights. Due diligence should also determine the (remaining) duration of protection and any measures taken to effect or prolong the registration. As with most other assets, the transaction structure (asset or share deal) must be taken into account. In an asset deal the buyer should determine whether the relevant IPR and licence agreements could be freely transferred from the seller to the buyer without any third-party approval (licensor, licensee, author, inventor or similar) being required. In share deals, change-of-control clauses may be relevant. In the field of owned or licensed software, it may also be of interest whether the relevant software contains open-source elements and licence terms.

5.3.2. Privacy
In the information age, the protection of data of identified or identifiable natural persons (‘personal data’) has become an important element of legal compliance. Data protection and privacy laws impose numerous duties on a company and gives the persons concerned personal rights and claims against the company. In due diligence, the buyer should establish compliance by the target with data protection laws. In an asset deal the buyer must determine whether a database with personal data could be transferred to the buyer with or without approval by the persons concerned. Corresponding provisions should be included in the purchase agreement. In view of the substantial fines threatened by certain data protection laws (eg, the European Union General Data Protection Regulation (GDPR)), the buyer would, for example, want to establish whether the target or assets are under current investigation by the data protection authorities or whether there are any claims asserted by the persons concerned.

5.4. Regulatory
Every country has its own rules and regulations with respect to M&A. These include a complex regulatory framework involving matters such as structuring the acquisition, exchange controls, governmental and third-party approvals and consents, and tax clearances, which should be taken into consideration on the elaboration of the timeframe of the transaction. Regulated sectors of the economy typically include airports, aviation, communications, financial, food and beverage, healthcare and life sciences, insurance, mining, oil and gas, ports, power, real estate, transport, and water and sanitation, among others. Foreign investment is also subject to government control in many 1 jurisdictions, an area that requires special attention, especially as approval criteria may not be strictly objective.

5.5. Antitrust

Where there is reason to believe, based on publicly available information (eg, antitrust agency decisions and press reports), that the target in a transaction is: (1) currently under investigation by an antitrust agency; (2) subject to a consent order or other type of settlement with an antitrust agency; or (3) active in an industry in which cartel activity (or other types of widespread anticompetitive conduct) has been found to have occurred, targeted due diligence should be conducted to understand the potential antitrust risk that may be assumed as a result of the transaction. If the target is currently under investigation by an antitrust agency, additional due diligence should be conducted to understand the nature of the alleged conduct that is under investigation; the results of any internal company investigations conducted to date as to the conduct alleged; the status of the overall investigation, including what the antitrust agency has requested from the target in the way of information, documents and data, and what has already been produced in response to those requests; the implications if the allegations are proven, including any fines, damages or other punishments that may apply; and whether any settlement discussions are currently under way between the target and the antitrust agency. If the target is currently subject to a consent order or other form of settlement arrangement with ongoing obligations with an antitrust agency, additional due diligence should be conducted to understand the ongoing obligations of the target under the terms of settlement and the length of those obligations; the target’s efforts to comply with those obligations; and whether the antitrust or any third party has alleged non-compliance with the settlement arrangement. If the target is active in an industry in which an antitrust agency has recently found that cartel behaviour has occurred and any market participants are currently operating under a consent decree, additional due diligence should be conducted to understand the compliance policies and programmes put in place to avoid the recurrence of similar conduct going forward; whether there have been any instances of non-compliance with those policies since their implementation; and any systems put in place to identify the same or similar types of conduct should they recur. In certain circumstances and industries, due diligence regarding other forms of anticompetitive conduct may be warranted, including, for example, resale price maintenance and excessive pricing. However, including such issues in the due diligence process is always the result of a balancing of the costs of doing so and the potential risk associated with an infringement. One alternative to conducting due diligence on a particular issue may be to address the risk through appropriate reps and warranties in the transaction documents. Antitrust rules and procedures can vary significantly from jurisdiction to jurisdiction, so practitioners should consider engaging antitrust specialists in those jurisdictions in which investigations are ongoing or settlements are in place to evaluate their potential implications.

5.6. Labour and employment
The importance of labour and employment (L&E) due diligence in international M&A transactions, while critical, is often downplayed. If the focus is on acquiring workforce and talent, a thorough due diligence of ‘people issues’ assumes even greater importance. In the past, M&A deals have failed as a result of ineffective employee communication, inability to retain key employees and/or failure of cultural integration. Depending on the type of transaction, due diligence on employment and human resources aspects is not just time-consuming but also tricky. As such, employment is inherently local, with local issues indigenous to each region. In transactions that span the globe, a targeted international L&E due diligence approach requires experts to be engaged across different fields, including L&E, compensation and benefits, ethics and anti-bribery, compliance, human rights, accounting and tax, and immigration. The team must look out for workers claims, pending or concluded proceedings, turnover of personnel, stability issues, pattern of bias, discrimination, labour union strikes and lockouts, claims filed with labour authorities, defined benefit and multi-employer plans, employee health and safety, and so on. In this global economy, it is highly probable that an M&A will involve expats and foreign personnel, which also requires immigration and social security experts. Failure to comply with applicable labour laws or contractual arrangements could lead to long and contentious litigation, and could lead to high reputational risk. Furthermore, it might damage the necessary trust between employer, employees and employee representatives. L&E due diligence should also focus on the information and consultation obligations required to implement the transaction. Some jurisdictions recognise the doctrine of the continuing employer, which mandates that the new employer must take over the service seniority and service conditions of the employees. Employees who are taken over need to be integrated into the existing conditions of service and benefits, something that could create a challenge, especially if the proposed changes are detrimental to their interests. Most jurisdictions protect workers’ interests in such situations. M&A transactions also entail redeployment of resources or a redesign of roles. This could involve playing with job titles, descriptions and duties, and service conditions. Often, transfers and relocations may be inevitable given the need to support some functions and reduce head count in other service verticals. In addition, L&E due diligence should focus on cost-related issues that may have an impact on price adjustment. In this connection, liabilities found during due diligence may impact the cost. However, there are also a number of situations in which several workers are not taken over by the buyer, leading to the seller terminating their employment (unless they can be redeployed) based on compliance with applicable laws and contractual arrangements. There could be relevant severance costs associated. In certain countries, this may trigger negotiations with a union or other employee representatives, or the labour authorities as well. Finally, L&E due diligence should also focus on executive issues because the implementation of the deal may lead to a change in the management structure, involving high executive terminations, or significant changes to contracts of employment and compensation structures applicable to executives. Termination of service contracts might also be caused by change-of-control clauses. Therefore, a global and regional L&E due diligence approach and checklist is needed; a one-size-fitsall approach does not typically work to create a successful M&A.

5.7 Tax
The main objective of tax due diligence is to identify potential tax risk areas and, to the extent possible, quantify the related potential tax exposure within the target company. Identified tax risks can have a significant impact on the market value of the target company and might constitute a crucial argument in the price negotiation process. In addition, tax due diligence aims to define which contractual protections should be included in the legal documents with respect to tax (ie, tax-related provisions, such as tax warranties and tax indemnities). The process of tax due diligence involves an investigation of the target company through reviewing documents and interviewing management. The first step to be taken as part of this process is to determine: (1) the tax areas to be investigated (this generally includes corporate income tax, value added tax (VAT)/sales taxes and employee taxes (wage taxes and social security)); (2) the materiality threshold to be applied; (3) the period to be reviewed (in practice, the last three to five years that are open for reassessment by the tax authorities are generally taken into account, or otherwise the relevant statute of limitation period); (4) the scope and depth of the tax due diligence mandate of the due diligence team; and (5) the format of the tax due diligence report.

5.8. Litigation
In order to define an adequate scope for litigation due diligence, it is important to understand the economic activity developed by the company under analysis, and the particularities and challenges of its business. In the context of an M&A transaction, the main purpose of litigation due diligence is to provide the most accurate information regarding the target’s existing contingencies in order to aid the buyer to define a fair price to be paid for the company. It is important to consider that often, the amount involved in a particular litigation proceeding may be irrelevant to its materiality. Certain claims, for example, may not involve material amounts; however, they may pose other types of threat to the target, such as negative reputational consequences, or the creation of a precedent that may influence the outcome of similar existing or future claims.

5.9. Real estate
In the case in which real estate is involved in an M&A transaction, it is important to first assess what type of M&A deal it concerns. For example, does it concern the merger or acquisition of a real property (investment) company or a holding company (with foreign subsidiaries that are the owner of the real property), or does the real property just come with the deal because, for example, the target company only has its office there? The answer to these questions determine the scope of real estate due diligence in the context of M&A transactions, and influence the time and resources available for this type of due diligence. It also determines the extent to which and declarations are applicable, and have their conditions been met in order to get, for example, participation exemption for investment in the foreign property companies, and what are the consequences of the envisaged M&A deal in relation thereto, potential risks in relation to dividends that have been distributed, impact of any debt leverage financing, and the like? Another important tax issue in M&A deals is transfer tax because it might also be incurred if the target company is the owner of the real property and the shares in the target company will be (partly) purchased by the buyer, depending on the applicable tax regime.

5.9.5. Restrictions on foreign ownership
When the buyer is a foreign person, it is also important to assess whether there are restrictions on foreign ownership of real estate in the target jurisdictions. Typical restrictions apply to real estate in border areas, but may have a much broader scope depending on the jurisdiction and type of property involved.

5.10. Environmental
As environmental law has manifold impacts on all kinds of industrial and business activities, the object(s) of an M&A transaction will typically be subject to a vast corpus of regulations on environmental law, involving both risks and opportunities. In many cases, especially when dealing with large industrial sites located in several jurisdictions, it is virtually impossible to scrutinise all areas of business and production as to their compliance with environmental law in every single aspect. Thus, environmental due diligence should focus on issues of relevance for the decisions to be made in the transaction at hand. What are the decisive factors for tailoring the scope and depth of environmental due diligence to the needs of the transaction?
First and foremost, one needs to give due consideration to the object and objectives of the relevant transaction. It makes a great difference whether one is dealing with an industrial plant producing chemicals or with office buildings of an information technology (IT) company. In the same vein, it is crucial to understand the objectives underlying the transaction: does the buyer want to continue production or close down one or several departments? In the first case, environmental due diligence needs to thoroughly investigate plant permits and technical standards employed. In the latter case, the main focus is on issues arising in connection with decommissioning of installations. Another decisive factor for customising the scope of environmental due diligence are the risks involved in the business activities under review. These will guide the investigator in discerning between issues that require in-depth examination and those where a rather rudimentary check will do. For instance, where a company is involved in shipping hazardous waste, the investigator needs to examine vast and detailed documentation (eg, notifications). By contrast, where companies are engaged in online services, environmental risks are far lower, hence, reducing the scope of investigation.
Finally, the scope of environmental due diligence depends considerably on whether and to what extent a party chooses to rely on documents and data submitted by the counterparty, or whether it prefers to consult environmental or technical experts independently. In this context, eco management and audit schemes may play an important role. In addition, some jurisdictions keep public registers, listing, for instance, contaminated sites (giving access to environmental reports and analyses), permits for use of natural resources, or other licences and concessions (eg, under waste law).
With respect to these factors, environmental due diligence in M&A transactions often covers the following topics: (1) industrial sites (soil and groundwater contamination); (2) operation of plants and installations (permits and technical standards); (3) specific rights linked to the plants or their operators (eg, greenhouse gas emission certificates, mining or waste treatment licences, and concessions to distribute energy); (4) pending proceedings and litigations (eg, in the aftermath of an industrial accident); and (5) weaknesses and vulnerabilities (eg, due to outdated production technology and obligations to adapt to newer technology).

5.11. Insurance
In some countries, the insurance and reinsurance markets are regulated and supervised by regulatory entities that are responsible for establishing core rules applicable to such sectors. Therefore, if the target company’s corporate purpose involves (re)insurance-related activities (eg, brokerage), the legal due diligence scope should be broader than usual, and encompass the analysis of specific regulatory requirements set forth by applicable law and regulation. For those companies not engaged in (re)insurance-related activities, the main goal of insurance due diligence is to assess the risk exposure of the target company and its subsidiaries to potential issues involving insurance matters. In this case, the purpose of due diligence is to identify: (1) if the company retains mandatory insurance coverage, if applicable; and (2) with respect to policies purchased by the target company, the terms and conditions of the coverage, insured amounts and its effectiveness. Notwithstanding, an insurance broker should always be consulted to assess the risks to which the target company is exposed and the adequacy of the coverage purchased, vis-à-vis coverage availability in the insurance market local to the target’s core business, considering its main assets, operations, production and any other relevant aspects. By conducting insurance due diligence, liabilities arising from insurance policies of the target may also be revealed, such as: (1) lack of premium payment, which may result in loss of coverage; (2) nonpurchase of mandatory insurance coverage, which may trigger the application of penalties established within the insurance legal framework of each location; (3) unpaid or denied claims under the insurance policies purchased, which may impact on the financial stability of the target; and/or (4) expired and non-renewed insurance policies, which expose the target to the risks previously covered by proper insurance. The lack of proper insurance policies purchased by the target may result in post-transaction liabilities to the buyer. In order to avoid this issue, the parties under the potential transaction can establish that certain insurance policies should be contracted and/or renewed, as the case may be, as a condition precedent to the closing of the transaction. It is also important to analyse if the company’s subsidiaries are covered by the insurance policies. Usually, the parent company is named as a policyholder or insured of the insurance policy, while its subsidiaries or affiliated companies are named as co-insureds.
Furthermore, insurance policies may contain ‘anti-assignment’ and/or ‘change of control’ provisions that establish the early termination of the policy in the case in which the insured does not notify the insurance company of any of such transactions prior to their occurrence, as the insurance company may consider that the risks covered under the insurance policy have been substantially increased. If such policies are considered relevant in the buyer’s perspective, then the parties may agree as a condition precedent to closing that the insured company notifies the respective insurance company/ companies and obtains its/their agreement with the proposed transaction under the same terms and conditions or upon payment of an additional premium.

5.12. Compliance
Violations of the relevant anti-corruption laws may lead to substantial civil and criminal penalties, not to mention significant legal defence costs and reputational damage. Effective due diligence can help a buyer to identify those risks at the same time that it mitigates the risk of liability if they are discovered later. Proper compliance due diligence should be risk-based and take into consideration the circumstances of the target, such as geography, level of interaction with the government and use of third parties. It typically involves analysing publicly available information, document requests and interviews with management and key employees, and the target’s compliance programme, aiming at reviewing issues such as corporate policy for anti-corruption; compliance; privacy and business practices; responsibility  for designing and developing these procedures and maintaining them; existence of a policy or procedure for employees, agents, brokers, distributors and other stakeholders; role of the company board; structure of the compliance department; existence of a regular assessment of the risk of noncompliance; existence of training and education programmes in this field; and so on.

5.13. Human rights
5.13.1. Introduction
The General Assembly of the United Nations adopted the UN Guiding Principles on Business and Human Rights (the ‘UNGP’) in 2011. The three pillars of this framework are the state duty to protect human rights, the corporate responsibility to respect human rights and the need for access to remedy for victims of business-related abuse. According to Guiding Principle 13, business (which includes law firms) should avoid causing or contributing to adverse human rights impacts through their own activities, and address such impacts when they occur. Furthermore, they should seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts. Guiding Principles 17–21 set out an obligation to carry out human rights due diligence which, contrary to the regular due diligence carried out in M&A transactions, focuses on human rights risks a (target) company is causing (or is contributing to) concerning third parties, although these risks may eventually, in a derivative sense, also become risks for the (acquiring) company itself. Although the UNGP are not legally binding in themselves, they are highly respected and reflected in the Organisation for Economic Co-operation and Development (OECD) Guidelines for Multinational Enterprises and in legislation in several countries, as well as part of other binding instruments, such as the Dutch International Responsible Business Conduct Agreement in the garment sector, and government and public policy. France, for example, has adopted a statutory due diligence obligation in connection with human rights and labour conditions for larger companies (also for their activities abroad). The EU has adopted legislation regarding conflict minerals that are imported into the EU that will come into force on 1 January 2021, also requiring human rights due diligence. Next to these, the EU Non-Financial Reporting Directive requires EU Member States to implement legislation requiring large public enterprises to report on human rights policies, risk management approaches and issues in certain circumstances. Beyond that, for example, the United Kingdom has implemented a legislative reporting requirement in connection with modern slavery. Although human rights due diligence is still rarely, and certainly not systematically, carried out in M&A transactions, overlooking human rights risks may result in legal or regulatory risk, financial risk and high (reputational) damage for the (acquiring) company. For example, over 40 per cent of the mining projects in Peru were delayed or even cancelled because of human rights issues resulting in an overall damage of US$28bn in 2014. Furthermore, human rights issues may impact the ability to secure equity financial support or investment from development banks or multilateral organisations, public procurement and export credit guarantees, and there are situations in which debt funding has been withdrawn from a project following the occurrence of human rights issues or abuses.

5.13.2. Human rights due diligence
Human rights issues may arise in a variety of M&A transactions or scenarios. One may think of the acquisition of a company or assets, but also of mergers, partnerships and joint ventures. Although human rights due diligence differs from traditional transactional due diligence, opportunities do exist to combine them. In that regard, one has to bear in mind that human rights due diligence should focus on the most severe human rights risks (to others rather than the company or target itself) and address those first. Obviously, it is up to the client to choose which resources are most relevant to the transaction and which approach should be adopted, but (external) counsel can and should advise the client about the use of these resources, and how to develop an approach that is appropriate for identifying the most salient human rights issues. Local legal advice is likely to be necessary to develop the structure of an appropriate approach and implementation of due diligence investigations into human rights risks. Specific expert opinion may also be required on particular issues, such as stakeholder concerns and/or the views of civil society or local communities. Lawyers may not be best placed to undertake these aspects or local fact-finding, so it is important to discuss with the client how to identify and contact skilled local facilitators or other experts. Obviously, lawyers may still analyse the outcomes of these investigations and advise on their (legal/regulatory and reputation risk) implications. The likelihood of relevant human rights risks materialising among others things, depends on: (1) the sector, operating context and country; and (2) the expertise and capacity of management to address these identified risks. All of these issues should be taken into account when carrying out human rights due diligence to assist the client to build up a picture of its human rights risks. It is also important to ensure that the documents, information and personnel the acquiring or merging company has access to is sufficiently wide to allow the buyer to carry out human rights due diligence that is likely to be necessary in the given circumstances. The scope and timescales for completion of this type of due diligence may pose different challenges when compared with traditional due diligence, particularly if a broader range of issues must be considered (and appropriately sequenced and/or supported by external expertise) to identify and understand the different sources of human rights risks.
Many different types of human rights risks that may be connected to business activities, for example, environmental, labour or consumer rights, are covered by local legal regimes and sometimes, also by legal regimes in the home state of the acquiring or merging company. Thus, general due diligence questions about legal compliance are also relevant for assessing human rights risks. That said, general due diligence is not sufficient because, at best, it provides a partial picture of the potential human rights impacts of a target and the legal, financial and reputational risk these may cause. Even if the target is fully compliant with local laws, it may still face significant human rights challenges. This is especially likely if legal standards are below or contrary to internationally recognised standards, unclear, poorly enforced or, in case of weak governance zones, absent or non-functioning when considered as part of the broader rule of law environment. That said, combining these forms of due diligence may give rise to challenges, such as obtaining timely, high-quality information relevant to human rights risks because of the constraints imposed by confidentiality agreements between the client and target, and/or, in case of an auction sale transaction, the terms upon and the manner in which information is made available through a data room. In such cases, other ways of carrying out human rights due diligence may be necessary (eg, feedback or engagement through (trusted) third parties) to supplement these traditional forms of M&A information gathering and sharing. Beyond this, human rights issues connected to the clients’ business activities may not be expressed, perceived or analysed in human rights terms either by the client or external stakeholders. Thus, M&A counsel should be able to identify and understand these issues in their broader context, and independently from the way the client or external stakeholders frame these issues. In connection with this, one should be aware that human rights impacts may occur vis-à-vis employees (and employees of subcontractors), their customers and business partners, in supply chains and local communities, as well as end users.

6. How to negotiate an NDA?
An NDA is usually the first document to be signed between a potential buyer and the seller in an M&A process, especially those that involve due diligence. Any due diligence process requires the execution of an NDA by the party that will receive commercially sensitive information in order to avoid the unauthorised disclosure of confidential information regarding the disclosing party’s businesses and the existence of any discussions regarding the project to which the due diligence is related, and the misuse of the confidential information for any purpose other than the evaluation and analysis of the potential project. The NDA can typically be structured as a bilateral agreement, to be negotiated and signed by the receiving and disclosing parties; as an adhesion term, to be fully adhered to and signed by the receiving party; or a click through agreement, virtually agreed by the receiving party prior to accessing an online data room.
The NDA should cover any and all information of the disclosing party that is made available to the receiving party in any form, written or oral, that the disclosing party deems strictly confidential and privileged, regarding its assets, financial statements, corporate structure, strategies, business, activities and the segment in which it develops its business, as well as the interest of the parties in such a project. Usually, the NDA carves out information that is or comes into the public domain or, in any way other than the breach of the confidentiality obligation, ceases to be of a confidential nature, as well as any information developed independently by the receiving party or disclosed to it by a third party without a confidentiality obligation.
The NDA’s obligations may be judicially enforceable by the disclosing party in the case of the violation of its obligations by the receiving party, so the disclosing party may seek indemnification for losses and damages caused by the breach of the confidentiality obligation by the receiving party. However, the indemnified party must generally prove the losses and damages effectively suffered, and the link of causality existing between such losses and damages and the alleged violation of the NDA. In some cases, a penalty is negotiated by the parties so that any proved violation of the confidentiality obligation can be recovered more easily. Due to the due diligence process, the access to key employees and representatives of the disclosing party by the receiving party and its advisers is common, so a non-solicit provision is usual. Another possible request by the disclosing party is a non-compete obligation by the receiving party due to its access to business-sensitive information of the disclosing party. NDAs are commonly agreed for a period of one to three years.

7. How to manage the due diligence process?
Due diligence processes are difficult by nature. The volume of information to be reviewed, the number of parties involved and the pressure to get it done so that the parties may be able to proceed to signing as quickly as possible make it a rather challenging exercise. In that context, planning, organisation and discipline are key. Below are a few tips for an efficient due diligence process.

7.1. Forming, briefing and managing the team
Once the scope of the legal due diligence is defined, the M&A lawyers in charge of coordinating the process should spend some time in assembling an appropriate and efficient due diligence team In doing so, the coordinators should think of the focal areas of the diligence, the level of seniority needed for the task, how many people from each team should be involved, whether there are special skills required for due diligence and other applicable considerations. After the team is assembled, and ideally before starting work, the coordinators should hold a first organisational meeting or conference call to brief the team. In this discussion, the team should be informed about: (1) the characteristics of the transaction (industry of the buyer and target, type of transaction and relevance of the stake to be acquired); (2) the expectations of the client, as previously assessed by the coordinators; (3) potential points of attention that might have already been identified; (4) mechanics of due diligence; and (5) timeline (as described in more detail below). The coordinators should also take the opportunity to listen to the areas’ concerns and suggestions to shape the work to be performed.
During the course of due diligence, it is important to have a focal point in the coordination team to ease discussions with the different specialist teams involved. This person should be in close contact with the teams to make sure that due diligence is kept on track and inefficiencies are minimised. This includes keeping the team informed about the developments of the transaction, potential changes to the client’s needs and concerns, overview of the different work fronts (including for purposes of scope and cost control), and any other information deemed necessary or useful to keep the team engaged and motivated. After the conclusion of due diligence, the coordinator should take the opportunity to debrief each of the teams, discussing potential feedback and improvements for future transactions. In the end, coordinating legal due diligence teams involves dealing with people from different backgrounds and with different sensitivities and particularities, and getting them to row together in the same rhythm and direction. Soft skills, such as politeness and good relations, may be just as important as technical skills.

7.2. Structuring and instructing the team to avoid inappropriate information flows

While the due diligence process is an essential part of the process of disposing of one’s property (which, as a matter of national law, is often protected under constitutional rules), it is still subject to competition laws. Competition law issues may arise from due diligence activities where parties to a potential transaction: (1) are current or potential future competitors, or operate in vertically linked adjacent parts of the supply chain (eg, a manufacturer and distributor, or distributor and retailer); and (2) the information to be shared is confidential, and competitively sensitive about the past activities or future business strategies and competitive strategies of either the target or potential buyer. Even if done as part of bona fide due diligence activities with the aim of preparing for an M&A transaction, competition authorities may treat this type of information exchange as a potentially serious infringement of competition law. These types of competition law violations can result in significant financial penalties and, in some jurisdictions, even criminal sanctions. In order to avoid these negative consequences, it is important to structure the due diligence process and team in a way that is competition law compliant. This includes thinking about the following topics:

7.2.1. Avoiding inappropriate information flows
• Is the information necessary for the buyer(s) to evaluate the transaction?
As a part of the due diligence process, information should only be shared if it is necessary for the purpose of due diligence (evaluating the target in terms of its total value, including assets and – actual or potential – liabilities, past performance and future market potential). Particularly at a later stage of the M&A process, parties may wish to start integration planning. While such activities may be legitimate within a certain framework, they are not part of the due diligence process and should be organised separately.
• Is the information to be made available appropriate to the stage that the M&A process has reached? What is appropriate to be shared may depend on the stage of the process and number of potential buyers involved. At the beginning of the process, it may be appropriate to make available only general data (especially to a large group of potential bidders). As the process evolves (and gets closer to signing) it may be appropriate to make more detailed/sensitive information available to the remaining (serious) bidders that would allow them to fine-tune their bids.
• Is the information flowing from the target to the buyer? Sometimes, parties to an M&A process are tempted to discuss the future of the combined entity, in the process making information concerning the buyer available to the target. This is never part of due diligence and must be avoided.
• Is the information competitively sensitive? Competitively sensitive information (eg, prices, bids and proposals, competitive contract terms, strategic plans, capital investment plans and employee benefits) may need to be considered.
• Is it possible to present the information in a less competitively sensitive form (eg, historical, aggregated or blinded)? Generally, competition law treats the exchange of current, individualised information most critically as this is most likely to affect future competition. Thus, wherever the purpose of due diligence can be achieved by making historical and/or aggregated information available to the potential buyer, this route should be adopted. Members of the team should be required to justify requests for current, individualised information.
• What will happen to the information shared if the transaction does not proceed? Effective measures should be put into place to ensure that information is returned after due diligence is completed (if the recipient does not pursue the deal) or kept appropriately separate by the buyer until the transaction closes. 7.2.2. Structure of and behavioural rules for the due diligence team
• Does there exist a clearly defined due diligence team that is subject to an effective NDA? Information should only be made available to a clearly defined team whose members are subject to an effective NDA with appropriate procedural rules so as to ensure that information does not flow to any other individuals in the buyer’s organisation except those that need to review the information received in the course of due diligence.
• Has the due diligence team received competition law training and/or guidance to identify potential issues and ensure compliant behaviour? It is obviously important that the due diligence team be prepared to perform the task.
• Are the individuals receiving the competitively sensitive information responsible for the competitive activities of the potential buyer? Members of the buyer’s due diligence team designated to receive competitively sensitive information should not be currently involved in the competing operations of the buyer. Where this is not possible, however, a clean team may need to be put together. Clean teams should be structured as follows: (1) individuals need to be effectively separated from their current tasks (ideally, the separation should be physical, moving employees to a different location); (2) IT systems and other means of communication must be effectively separated (eg, put into place a ring-fenced extra/ intranet for the due diligence team); (3) the movement of information – both within the clean team and from there to other employees of the potential buyer – must be clearly documented; and (4) if the transaction is not consummated, then those individuals should not for some time (eg, one year) return to operations that compete with the former target’s business and to information concerning which they were exposed. While members of the due diligence team may be effectively separated from the relevant business, this may be more difficult to achieve with regard to senior decision-makers, both in relation to the transaction and the strategic positioning of the buyer. Care needs to be taken as to which information, and at which level of granularity, is made available to such persons, and at which stage of the process this is done. An alternative to isolating the relevant employees of the potential buyer may be the use of consultants from a third party (eg, consulting firm or outside counsel) to evaluate the most sensitive data and then report aggregated results or conclusions to decision-makers.

7.3. Preparing and customising information request lists and questions
The initial due diligence list is usually the starting point of the review process, contemplating the information and documents requests of the buyer in relation to the target company. In order to facilitate the buyer’s review of the target, it is not uncommon for the target to provide the buyer with an information memorandum containing basic information (legal, operational, etc) about the target. In addition, in competitive processes, in order to try to save time, occasionally the target will disclose a pre-prepared vendor due diligence report put together by outside counsel at the request of the target, so as to anticipate key issues to potential buyers and have them focus on such issues. The extent to which potential buyers actually rely on a vendor report instead of having their own counsel review the target’s information, however, may vary from process to process depending on factors such as degree of competitiveness and timetable of the sale process, quality of the vendor report and whether its authors will allow potential buyers to rely on it, among others. A typical legal due diligence information request list starts with a few organisational guidelines for the target’s representatives to follow during the process, such as: (1) the documents, information and/or answers to be provided in the data room (or otherwise) should use the same item numbering as used in the list; (2) any reference to a document should include its amendments, schedules and any other related documents; and (3) if a request is deemed not applicable by the target, this answer must be provided. These measures help the analysis and review of documents and information by the buyer’s advisers, making the process more agile and efficient. The information request list should be tailored and customised, including and excluding items to cover: (1) all the initial requests, duly specified, considering the buyer’s concerns in view of the most common risks and liabilities usually affecting the target’s business, thereby anticipating the crucial documents and information to be disclosed by the target; and (2) any particularity arising from the pre-agreed due diligence scope. Continuing the due diligence process will determine the additional documents, information and questions that the buyer may consider requesting from the target for review.

7.4. Organising/reviewing the data room
Information that relates to the target is made available in the so-called ‘data room’, which is an integral part of the due diligence process. Although the seller and buyer may have potentially conflicting objectives, a clean and well-organised data room can add value to the process and bring certain advantages to both sides by potentially expediting the process and improving its quality. Here are some suggestions regarding the organisation of the data room:

7.4.1. Naming documents
A consistent naming scheme should be adopted for the documents saved in the target company’s system in order to avoid difficulties in finding a particular document when uploading the documents or reviewing the data room itself. For instance, it may be beneficial to name the documents according to their type, relevant parties and dates, and/or any other element that will help to identify a document’s content without having to open the file. This would make it easier to organise the data room and find the documents at a later stage, when needed.

7.4.2. Creating folders and subfolders
Folders should be created pursuant to the categories to which the documents are related, such as accounting, human resources and legal. Then, within each category, subfolders should be created to further divide and organise the documents based on type, content and scope. If the target has subsidiaries that are part of the scope of the transaction, a subfolder should be created for each subsidiary that reflects the same pattern as the target’s folder.

7.4.3. Updating the data room in real time
It is important to keep the data room duly updated and reflecting, as much as possible, the ongoing changes and new circumstances of the target’s business in order to ensure accuracy.

7.4.4. Virtual versus physical
Traditionally, data rooms have been organised in physical rooms in which authorised parties go to review the target’s sensitive information, that is, a physical data room (PDR). Such a room is usually located within the target’s premises; however, it is not uncommon for the target to use a room somewhere else, such as in its lawyer’s office, where it is kept under constant surveillance. Because this type of data room is in a physical location, the information should be reviewed in person. While this ensures confidential information is not easily leaked, it creates additional costs and inconvenience. Nowadays, however, most data rooms are organised electronically – ‘virtual data rooms’ (VDRs) – in which the target’s files are disclosed digitally. When the data room is in the form of a VDR, there is no need to mobilise a party’s team to review the documents in loco; each member of the team can simply be given access to the VDR’s specific files and review them in the comfort and convenience of his or her own desk. Moreover, through a VDR, multiple teams may easily access the same data simultaneously, which facilitates competitive bidding processes. To ensure security, some VDRs can block downloading and printing of the files, and access can be revoked whenever necessary. Additionally, the VDR can register who has accessed files, when they have done so and which documents have been accessed (which may allow the seller to identify the most serious participants in the context of a competitive process, for instance), and the target may be able to specify different access configurations for each group of individuals involved (legal, accounting, financial and management), as well as restrict access to certain documents to be disclosed only during the second stage of due diligence.

7.4.5. Sources of information to be used
Information to be used when organising and uploading the data room must be strictly the target’s truthful and complete information.

7.5. Managing timetables, weekly calls, Q&A and red flag warnings
A pre-agreed timetable between all the parties involved in the process (including the target, buyer, and legal and financial advisers) will help to ensure a smooth process, while a constructive and continuous dialogue between the parties involved and their advisers during the due diligence exercise can help to reduce information asymmetry.

7.5.1. Timetables A well-structured timetable typically lists the main steps of the due diligence process, including the execution of the NDA, distribution of the information memorandum, opening of the data room, periodic delivery of question and answer (Q&A) lists, periodic conference calls, and delivery of preliminary and final due diligence reports, specifying dates and parties involved in each step. In competitive bidding processes, the target’s financial advisers may distribute process letters to bidders communicating basic rules that will apply to the process, including important dates and deadlines to be complied with.

7.5.2. Weekly calls
Weekly calls allow the buyer to get closer to the seller and target, as well as have a better understanding of the key findings of due diligence so as to help the parties adhere to the pre-agreed timetable.

7.5.3. Q&A
During the course of the due diligence process, and based on the information and documentation provided by the target and seller, the buyer’s advisers may send periodic (eg, weekly) lists of questions to the seller and target in order to request additional or complementary documents, or even most importantly, seek clarification regarding specific information provided by the target and seller. Such Q&A lists allow the buyer to carry out tailor-made due diligence and focus on the main issues: the issues that deserve special attention due to their potential impact on the transaction. This process will develop through the entire due diligence exercise, and it is expected that, at each Q&A round, the asymmetry of information is reduced. However, in order to have a satisfactory result, it is essential to have the target’s key management and the seller directly involved in providing the information so requested in the Q&A lists.

7.5.4. Red flag warnings
During the course of the due diligence process, the buyer’s counsel should keep the buyer appraised of any issues discovered that may potentially impact the feasibility of the transaction or materially affect its negotiation. Such red flag warnings should be made on a frequent basis (eg, weekly, or even in shorter intervals), so that the deal team may be fully aware of them as they negotiate with the seller. Examples of red flag warnings typically include: (1) in the corporate area, the existence of other shareholders of the target having rights of first refusal or tag-along rights; (2) in the contracts area, the need for third-party consent for the transaction, and the consequences of concluding the deal without having obtained them; (3) in the labour and employment area, individuals having been retained by the target not as regular employees but under alternative arrangements, such as independent contractors, temporary workers, service providers, freelancers, contract labour, outsourced vendors, trainees, interns and so on, giving rise to hidden contingencies and liabilities;
(4) in the tax area, the target appearing to be effectively managed outside the jurisdiction of which it claims to be a tax resident, attracting several risks, among which, the risk of taxation in the country where it is effectively managed, and attracting the risk of not being entitled to tax treaty benefits claimed under a tax treaty with the jurisdiction of which it claims to be a tax resident; (5) in the litigation area, proceedings that may disrupt, suspend or impede the development of the main activity of the target; (6) in the environmental area, findings that fundamentally endanger the transaction as a whole, such as the imminent expiry or withdrawal of a permit for a factory, a ban on a crucial product, or a massive contamination or liability issue; and (7) in the compliance area, falsified invoices, undocumented cashflows, disguised cashflows, unusually high commission payments, ties with governmental officials and so on.

7.6. Attending management presentations
Management presentations typically include an operational and financial overview of the target, and a review of the assumptions used in the financial projections, giving the target’s management an opportunity to highlight certain key points. It is part of the preliminary stage of due diligence, and usually gives potential buyers insight into the skills and mindset of the target’s managers. When attending management presentations, the buyer’s team should have analysed most, if not all, of the preliminary information disclosed by the target and seller, such as the teaser or executive summary, confidential information memorandum and process letter, as well as the first set of documents made available in the data room. Based on this analysis, the team should put together a high-level list of questions or issues (ten to 20 questions at the most) to address throughout the management presentation. If possible, the list should be sent to the target’s management a few days before the presentation so that they can prepare themselves and address the relevant questions in the presentation. In the case in which this is not possible, the buyer’s team should be prepared to narrow down certain key questions to address during the Q&A section of the presentation.

7.7. Conducting interviews
In due diligence, conducting interviews can play a vital role. Employees could have information crucial to the investigation and counsel will probably want them to answer as many questions as they may have. However, counsel must bear in mind that the employees being interviewed might have several reasons not to answer all questions. First, they may be contractually obligated to confidentiality. Depending on what has been agreed upon with the party being investigated, this may or may not pose a problem, but it is good to keep in mind. In addition, depending on the country, the results of the interview could be privileged. It is important to ascertain this beforehand and inform the client and the employee being interviewed. Employees may have a right not to incriminate themselves, which means that they may not have to answer questions the answers to which might lead to them being criminally prosecuted. For example, when questioning employees about tax compliance, they might reveal that they themselves had something to do with shady invoices, cashflow to an offshore company that has not been recorded, or bribery. Inform the employee whether or not the interview could be used against him or her in civil or criminal proceedings. It is important to discuss these rights and obligations with employees before starting an interview, especially so because most interviews are recorded (either on paper or audio/video). It is also good to discuss with employees their right to have an attorney assist during the interview. By doing so, discussions about the usability of the result of the interview can be prevented. While the primary obligation of the lawyer for a company in due diligence is to the client, it is important to remind other parties of their rights as they might not know them.

7.8. Putting legal due diligence results on paper
The format is very important in the preparation of the final report. Usually, smaller reports are prepared by different teams within a law firm, each one indicating the findings of the respective areas of law. When consolidating the document, the coordinator within the firm will adjust all of these into one cohesive document in the format previously agreed with the client. There are different types of report that can be used. Nevertheless, they are usually divided into four parts: a disclaimer section, an executive summary of the report, the report itself and schedules.

7.8.1. Disclaimers
The legal due diligence report should contain proper disclaimers that contextualise the purposes for and circumstances under which the report was prepared. Usually, such legal reviews are conducted in accordance with a previously agreed scope (that should be indicated in the report), refer only to certain legal aspects of the target, and are not intended to be, and should not be construed as, a legal opinion on the matters contained therein. Typical disclaimers include, among others: (1) an indication that the report has been prepared solely for the use of the client in the context of the transaction and should not be disclosed to or relied upon for any other party or purpose; (2) indication that, except if expressly indicated otherwise, the information in the report derives from a review of the documents disclosed by the target and no independent research during the legal due diligence process was conducted; and (3) an indication that it was assumed that documents provided were executed and signed by all the parties thereto, conform to the originals, and were true, accurate, complete and not misleading, and the like.

7.8.2. Executive summary
The main points of attention of which the client should be informed are summarised in an executive summary so as to allow the client to have a quick overview of the target. The executive summary typically has just a few pages and does not describe matters in full detail.

7.8.3. Report
The report usually describes, in a complete manner, the most important issues involving the target as found during the course of legal due diligence. It may also contain specific recommendations in order to help the buyer to mitigate or deal with such issues following the closing of the transaction

7.8.4. Schedules

Depending on the buyer’s needs, counsel may be required to attach to the report detailed information, or a summary of each document or set of documents reviewed, for the record and so that the buyer may use that information while managing the target’s matters following the closing of the transaction.
In a typical due diligence process, at an advanced stage (eg, when 80 per cent or so of the information has already been reviewed), the buyer’s counsel will deliver to the buyer a preliminary legal due diligence report (including the aforementioned four parts) so as to allow the buyer to perform a more thorough review of the target’s issues, be able to make more informed decisions within the scope of the negotiations with the seller, and, when necessary, push the seller to disclose more information about the target. Then, once the buyer’s counsel has been able to finally conclude its review, it will update the report and deliver a final version thereof to the buyer.

7.9. Dealing with reliance requests
In the context of financed acquisitions, financial institutions that are proposing to finance the acquisition may request that they review the legal due diligence report prepared by the buyer’s legal advisers. Delivering or consenting to such a delivery may, however, potentially expose such legal advisers to liability. In view of that, law firms are well advised to take certain precautions before delivering or consenting to the delivery of their reports. First, it is important to confirm that the legal due diligence report contains proper disclaimers that contextualise the purposes for and circumstances under which the report was prepared. Second, before delivering their report or consenting to such a delivery, law firms should: (1) become comfortable with whom they are delivering it to (eg, that the recipients are reputable financial institutions); and (2) request that such recipients execute a letter acknowledging and accepting certain terms and conditions for them to be able to receive and, as the case may be, rely on the report.

7.9.1. Non-reliance letters
The law firm may be requested to deliver or consent to the delivery of its report on a non-reliance basis. In this case, the law firm should request that the recipients execute a non-reliance letter, expressly accepting and agreeing that the report is not to be relied upon by such recipients for any purpose.

7.9.2. Reliance letters
If and when the financial institutions that will finance the acquisition request that they receive the legal due diligence report on a reliance basis, in addition to the precautions mentioned above, law firms, in order to protect themselves, typically request such financial institutions to execute reliance letters that contextualise the purposes for and circumstances under which the report was prepared, and setting forth certain assumptions, limitations and qualifications. Typical conditions include, among many others, that allowing financial institutions to rely on the report does not create a lawyerclient relationship between the law firm and financial institution; that liability of the law firm is to be limited to a certain amount; and that claims may only be brought against the law firm within a limited period of time following delivery of the report (eg, one year). Last but not least, when negotiating reliance letters, law firms should give careful consideration to which law should govern them and where disputes arising out of such letters may be resolved so that they are not inadvertently subject to unfavourable jurisdictions or laws.

7.10. Coordinating with other experts
As leaders of the legal due diligence exercise, M&A lawyers will often have to coordinate with other experts in different fields. Such coordination is key so that the process may run smoothly and all experts involved may be on track to make their contributions aligned with the timetable for the transaction, thereby avoiding unnecessary delays. In addition, close coordination among all experts involved may mitigate the risk of misunderstandings and communication failures between due diligence teams and the team negotiating the deal, which could potentially create inefficiencies or even jeopardise the transaction. Financial advisers, accounting firms, forensics experts, environmental experts and client internal experts are just a few of the many other experts that could be involved in due diligence.

7.10.1. Financial advisers
Coordination with the buyer’s financial advisers is very important throughout the entire due diligence process so that any risks, contingencies or liabilities may be duly considered in a timely manner in the financial model used to inform the negotiation of the deal.

7.10.2. Accounting firms
An accounting firm will typically be in charge of reviewing the target’s accounting, tax and labour, employment and social security routines and procedures in order to identify possible contingencies and liabilities that may affect the target, and therefore need to be considered by the buyer and its advisers while evaluating the target, and negotiating the terms and conditions of the deal with the seller. Close coordination between the lead law firm and accounting firm is important so that the accounting firm may be able to properly evaluate and weigh the risk of loss of each contingency identified and adequately report it to the buyer and its financial advisers.

7.10.3. Forensics experts
In forensic due diligence the stakes could be high. Uncovered risks could have serious consequences in ways of financial damage, erosion of faith in the target and reputation damage. Therefore, the aforementioned experts need to work under the lead law firm’s legal privilege. By doing this, the law firm maintains control of the flow of information and the outcome of due diligence.

7.10.4. Environmental experts
Environmental due diligence regularly requires a cross-disciplinary approach as opposed to mere legal considerations. Even though some jurisdictions keep public registers of contaminated sites, which are regularly evaluated by public authorities, and may even contain soil mappings and statements by environmental or technical experts, these sources of information are typically insufficient for the purposes of environmental due diligence: while they do help with the understanding of the problem, they do not offer sufficient data for the assessment of the costs and alternatives for possible solutions and remediation measures. The same holds true for understanding problems identified in the context of pending permit proceedings or litigation in the aftermath of the discharge of hazardous waste. Thus, when undertaking environmental due diligence, it is essential to consult with environmental and technical experts. Again, the need for technical or scientific expertise is not necessarily limited to issues of soil or groundwater. Expertise may also be needed in regards to processing materials. This applies especially to those jurisdictions in which recent or forthcoming legislation requires regular adaptation to best available techniques.

7.10.5. Client internal experts
Involving the client’s internal experts is also a crucial and delicate step in the due diligence process. Outside counsel must help the client to identify the type of expertise required for a specific diligence exercise (usually tax, controllership, environmental, compliance, regulatory, IP and employment experts are involved) and assist it in coordinating the efforts of the internal subject matter experts.
A successful due diligence exercise requires that the internal experts not only have deep subject matter expertise on their topic but also a general sense of how their area interplays with the other specialised areas and fits within the overall deal structure to be able to contextualise individual facts in light of the overall deal goals, and understand when to flag and/or discuss an issue with a different subject matter expert. A frequent issue in due diligence is restricting communications and involvement in the process to only a few key resources because of concerns over confidentiality. However, there are ways to effectively address the need for confidentiality while ensuring the involvement of a qualified team of experts in the process.

7.11. Conducting due diligence processes involving multiple jurisdictions
7.11.1. Introduction
Although due diligence exercises vary from deal to deal, those that involve multiple jurisdictions often introduce a range of challenges, including coordinating multiple law firms in multijurisdictional due diligence processes that increase the scale and complexity of the undertaking.
To better meet clients’ objectives, practitioners must be flexible in their approach to due diligence and knowledgeable about the types of issues that may arise in other jurisdictions but not the home jurisdiction, and vice versa (ie, issues that may arise in the home jurisdiction, but not others). Factors that may inform the proper scope of the due diligence investigation in a particular jurisdiction include the target company’s industry; the client’s institutional experience and comfort level with the jurisdiction; endogenous and exogenous time constraints on the due diligence process; and the client’s budget for the transaction or the particular stage of the transaction process.

Particularly in competitive auction situations, practitioners must be cognisant of local norms in each jurisdiction in which due diligence is being conducted. The parties may come from different cultural backgrounds, speak different languages or have different business practices. If due diligence requests appear to be unreasonable or burdensome in the eyes of the target company or its advisers, the buyer’s offer could be viewed as less attractive.
Target companies that operate in multiple jurisdictions may be subject to multiple, and sometimes contradictory, legal regimes. Practitioners should also be aware of the areas of due diligence in which United States and European buyers are increasing their focus and laws may have extraterritorial reach, including data privacy and protection, antitrust, cybersecurity and compliance with anticorruption laws, and export and sanctions laws.
Labour and employment laws vary significantly from jurisdiction to jurisdiction and, in some cases, allow target company employees to wield considerable leverage in a transaction, especially if the buyer is expecting to realise employment-related cost synergies. In certain jurisdictions, such as France and Germany, labour unions and works councils may have consultation and consent rights in the acquisition context. In addition, many civil law countries in Europe, China and Brazil require a minimum amount of severance to be paid to an employee that is terminated without cause. Other countries may limit an employer’s ability to lay off employees or unilaterally change the terms of employment. In the US, the time it takes to obtain constitutional documents and other information publicly available depends on the US state at issue. For example, documents filed with the Secretary of State of Delaware and certificates requested from the Secretary of State of Delaware are available on the same day as the request. If a document needs to be apostilled, the Secretary of State of Delaware will provide it in one to two business days. By contrast, the foregoing information is not as readily available from all US states and, as a result, time must be built into the due diligence schedule to allow for the time necessary to obtain the documents. Practitioners should also evaluate whether the transaction structure selected by the buyer may trigger additional regulatory approvals in a particular jurisdiction that would otherwise not be required if a different transaction structure were implemented.

7.11.2. Coordinating multiple law firms
Managing a multi-jurisdictional due diligence legal team can present significant substantive and organisational challenges. Each due diligence process is unique and should be tailored to the transaction for which it is being done, including, in particular, the target’s industry, the scale of the target business or assets to be evaluated, and the number of jurisdictions potentially implicated. In every case, however, careful attention to the following key issues can help to ensure that the process is effective and efficient. The composition of the local counsel team should be driven by the geographic scale of the transaction, nature of the target’s business, potential business risks and other types of liability at issue, and the client’s budget and tolerance for risk. In general, a useful starting point is to retain local counsel in every jurisdiction where the target business has: (1) facilities or other significant assets; or (2) material sales, whether the target itself sells products or services in the country, sells to distributors or other intermediaries who make sales, or from which the target makes sales into other jurisdictions. Local counsel should be selected based on the particular issues and risks in the relevant jurisdiction and, ideally, should have extensive experience in cross-border due diligence projects. It is also important to ensure that an internal client team is put in place to both ensure that the due diligence process accomplishes what it needs to, and also to evaluate the results of the due diligence effort once the process is underway. Regardless of the ultimate size of the local counsel team, one person (or firm) should be made responsible for coordinating the overall process. This central coordinator must have visibility across all due diligence work streams and jurisdictions, and be responsible for ensuring that the results are reported in a consolidated and consistent manner to the client.

7.11.3. Due diligence should be scoped by subject and jurisdiction
The scope of due diligence to be conducted in any particular jurisdiction should be clearly defined at the outset, including topics and issues to be addressed, and the budget for those efforts. For each jurisdiction, the coordinating counsel should provide clear assignments of responsibility to business, financial and legal work streams.

7.11.4. Process is key!
The coordinating lawyer or firm should hold an ‘all-hands’ due diligence kick-off meeting or conference call to ensure that all jurisdictions and work streams understand their responsibilities, priorities, deadlines and the manner in which results should be reported. Regular update conference calls should also be held throughout the process so that each work stream and jurisdiction can provide status reports, and important information can be shared.

7.11.5. Beware local legal differences: legal privilege, data privacy and more
Variations in local legal regimes can significantly complicate and delay due diligence processes, so it is critical to identify and evaluate these potential issues as early in the process as possible. Key issues that routinely arise in a multi-jurisdictional due diligence process are legal privilege and, increasingly, data privacy. The circumstances under which attorney-client communications and attorney work product are privileged and protected from discovery by government agencies and third-parties can vary significantly from one jurisdiction to another. US laws about privilege differ from those of the EU, its Member States and other jurisdictions. For example, in many jurisdictions, including the EU and its Member States, the advice of a company’s internal counsel is not protected by legal privilege. The disclosure of legally privileged materials in one jurisdiction can have significant implications in other jurisdictions. In certain circumstances, the disclosure of documents or information in one jurisdiction may waive the client’s right to claim privilege over those materials in another jurisdiction (eg, the US) where they would otherwise be privileged. The risk of an inadvertent legal privilege waiver can often be managed with careful planning and organisation. For example, clearly marking internal documents, information and reports prepared by the client to assist extennal counsel as ‘Information prepared at the request of [relevant law firm] for the purpose of legal advice’ is an effective strategy in many jurisdictions. Local counsel in jurisdictions where there is waiver risk should advise on to how to structure the local process to protect privilege. A growing number of jurisdictions have implemented privacy and data protection laws that limit the manner in which certain types of information can be shared with third parties and across different jurisdictions. Local counsel in each relevant jurisdiction should be consulted as early as possible in the process to determine whether any such rules might apply in their jurisdiction. Particularly where the target may have sales or operations in jurisdictions other than those where the client operates, local counsel should be consulted to confirm whether there are any unique local laws that may either be a relevant topic for substantive evaluation as part of the due diligence process or may impact the process by which due diligence should be conducted.

8. Artificial intelligence?
8.1. Introduction
When, in 1950, mathematician Alan Turing asked, ‘Can machines think?’, he did not imagine that this question would trigger decades of research and the rise of an entire new market. Artificial intelligence (AI), is ‘[t]he theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decisionmaking, and translation between languages’.1 The progress from Siri to self-driving cars that has taken place within a rather short span of time shows that AI is developing rapidly, improving our lives in many ways. Although it is not very likely (at least not for the time being) that AI will ever fully replace human lawyers, there are certain areas in the legal profession that would benefit greatly from the use of AI;2 due diligence is one of them and this will be illustrated briefly in the following.

8.2. Due diligence
In order to ensure competitiveness, more and more law firms have started to use AI software for due diligence. There is a very high demand for legal services, however, clients expect lawyers to do the work in a very short period of time and they are not willing to spend a great deal of money on low-value added services. The media discussion about AI has gravitated heavily around the idea that machines will soon replace human labour, leaving humans with nothing to do, or at best forcing humankind to become data scientists. If indeed technological development is inflecting the job market by making some jobs obsolete while creating new ones, the truth is that AI is not about to automate legal professions. Rather, it aims to complement human intelligence Manual due diligence is getting harder and harder; usually there is way too much data to review everything, so you do not know what you will find and what you miss; the sources can be geographically dispersed; and doing due diligence manually is prone to errors. This is where AI can be particularly helpful for lawyers; instead of a reviewing hundreds, or even thousands, of documents (which is not only a costly but also burdensome and tedious process), lawyers can focus on legal analysis. In addition, assigning the tedious tasks to a platform with AI capabilities would arguably better attract and retain top talent, which is an issue that has plagued the sector for years. Where can AI be applied? A subfield of AI is a particularly strong example of an application of intelligence: natural language processing (NLP). NLP is the development of systems that are capable of reading and understanding the language that humans speak or write. At the heart of this technology is the effort to interpret a large amount of so-called ‘unstructured data’ (ie, written and spoken data, such as Portable Document Format (PDF) files, images and audio material). In addition, lawyers mostly deal with language as they are reading contracts. NLP will make their processes much easier, faster and more precise, with less effort than ever for humans. Law firms are turning towards NLP, automated document analytics and law case reporting within due diligence processes. What does AI do in the due diligence process and how can it help? Machine learning systems are extremely good at digesting data, drawing out significant patterns and correlations at near-instant speeds. This is what makes them perfect for tasks like due diligence that involve the repetitive processing of large volumes of information.
AI is able to assist the lawyer in identifying, classifying, organising, prioritising and highlighting documents that are relevant in the context of the transaction and can therefore help to save a great deal of time and money. Not only lawyers but also the buying and selling side of the transaction can benefit from the application of AI software in the due diligence process. The accuracy of the extracted information leads to the minimisation of liabilities and risks for the seller; furthermore, it is easy to keep control over what goes into the virtual data room and protect IP, confidential information or privacysensitive information by using pseudonyms. The issue of liability and risk minimisation is also highly relevant for the buyer’s side. In addition, the post-transaction integration process and process for the verification of reps and warranties is improved greatly by the broad access of information.

8.3. Risk and liability
As already mentioned, AI can certainly be used to improve the due diligence process; however, the use of AI implies certain risks. One of the main problems that AI software users face is that hardly anyone really knows what the program is doing exactly and how it gets its results, except the few people that developed the software, of course. However, lawyers that use AI for due diligence usually only see the results, but they have to keep in mind that mistakes can still be caused by a failure in the software or by insufficient training of the program; it might, for example, occur that the system overlooks or misinterprets certain documents that contain ambiguous or not highly standardised terms.

This leads us to a second level of the problem, which is that the firm is obviously exposed to liability in this case; another question is whether the software manufacturer could be liable too. The carrying out of due diligence by a lawyer is always supposed to be a certain insurance, and risk transfer for the involved parties of a transaction: by paying a lawyer to do the due diligence, the client usually aims to outsource his own risk.
There are multiple ways to approach the topic of risk and liability: one simple solution is that the law firm that is carrying out the due diligence takes out insurance and assumes the full risk. Because the carrying out of due diligence with the help of AI software saves a great deal of money, it is also conceivable that the law firm passes on the cost advantage to the customer, who can choose an AI program itself; however, it has to assume the full risk. Another possible approach is that the law firm passes on the cost advantage to the customer, but (unlike the second approach) it can choose the program and has to assume the full risk; the client has to pay a risk premium as compensation.
Furthermore, it is possible for the lawyer who is using AI for due diligence to avoid any liability by including a disclaimer. Because the client can save a rather large amount of money if AI software is used for the due diligence process, it can be expected that it is very likely that the client is going to accept the disclaimer and is willing to assume the full risk itself.
Finally, a further question law firms face is whether or not they have to inform the client about the use of an AI software in the due diligence process. Can the client expect that only lawyers or associates are responsible for carrying out the due diligence? Particularly because AI is not yet very widely common, and people are still sceptical about it, this question is not an easy one to answer.
Another issue that has to be kept in mind is security and confidentiality; even though AI systems are highly secure, law firms that use AI software could be the subject of cyberattacks, the platform might be hacked or infected with malware.

8.4. Example:

IBM Watson IBM Watson is a data analytics processor that uses NLP. Today, IBM Watson is used in many industry sectors. What makes IBM Watson stand out compared with other analytics software is its direct relevance to business problem solving. It uses cognitive learning practices that combine the data analytics and statistical reasoning of machines with uniquely human qualities, such as self-directed goals, common sense and ethical values. There are various versions of Watson to address specific business concerns.6 Watson also plays a key role in managing unstructured data. It is able to process unstructured text and documentation by ‘learning’ a subject by pairing questions and answers after the user loads all related materials. The platform is capable of processing millions of documents, and reading 800 million pages of data per second. One of Watson’s applications is called ‘Financial Crimes Alerts Insight with Watson’. The program is able to help lawyers and financial institutions to meet regulatory anti-money laundering (AML) requirements and spot financial crime. Watson has been trained to understand complex legislation and manage financial risk. IBM’s program can perform case investigations for AML alerts significantly faster than any human ever could, moreover, the amount of false positives (red flags that turn out to be innocent) can be reduced. Overall, Watson is able to improve the efficiency of manual, timeconsuming tasks; instead, law firms and banks can utilise their staff for high-value critical business decisions rather than mundane work. Other AI programs that can be used for due diligence include Luminance, Kira Systems and ZyLAB. Data room providers such as Drooms started to combine AI in their platforms in order to perform analysis of documents, and their potential risks and opportunities directly within the data room.

8.5. Conclusion
To summarise, it can be said that AI will most likely play a key role in the due diligence process in the near future, although it should only be regarded as a helpful tool, not a substitute for lawyers. However, it can help them to reduce their repetitive workflows. The reduction of cost and time that goes hand in hand with the implementation of AI in the due diligence process will probably be the main reason for law firms to adopt AI solutions. It is important for law firms to be mindful of the risks and liability issues when choosing AI programs. However, no matter how the use of AI in the due diligence process is going to evolve in the future, it is important to note that the trend to forego due diligence at all or only perform very poor due diligence is clearly the wrong approach and not responsible at all.

9. How to use due diligence findings in the negotiation of the

9.1. Price retention and escrow
Due diligence findings are key to negotiations around price retention and escrow because these are, in principle, the most liquid guarantees that the buyer will have in respect to indemnification owed by the seller. Ideally (for the buyer), the amount of price retention and escrow should cover the amount involved in contingencies identified during due diligence, and also take into consideration hidden contingencies that were not identified during due diligence. Additionally, the release of price retention or escrow should take into consideration the expected time of the materialisation of the contingencies identified during due diligence, and, if possible, create mechanisms for the further retention of amounts related to specific materialised contingencies that for some reason will take longer to finalise in the discussion and result in an indemnifiable loss to buyer (eg, tax judicial proceedings in certain jurisdictions can take many years to reach a final result). Price retention (holdback by the buyer) is usually preferable for the buyer in relation to escrow because the buyer remains in control of the proceeds. Depositing a portion of the deferred price in escrow provides additional payment certainty for the seller, but also involves costs associated with the fees of the escrow agent, the negotiation of the escrow agreement, and analysis of potential tax impacts that depend on the holder of the escrow account (buyer or seller).  9.2. Reps and warranties Reps and warranties and due diligence findings walk hand in hand: the findings are extremely important for negotiating the package of reps and warranties of the seller. The findings enable the buyer to request specific reps and warranties of the seller that may not be covered in a standard set of reps and warranties, and also to double check the disclosure schedules to be prepared by the seller. This will be particularly relevant if the indemnification revolves around breach of reps and warranties, and not a ‘my watch/your watch’ catch-all mechanism that is common in certain jurisdictions. The buyer will push for detailed and objective reps and warranties, not leaving room for subjectivity or interpretations in determining if there was a loss arising from a breach of reps and warranties.

9.3. Indemnification clauses
As mentioned above, breach of reps and warranties is the cornerstone of indemnity in a vast number of M&As transactions, and reps and warranties are inexorably tied to due diligence findings. However, regardless of the indemnity revolving around breach of reps and warranties or a ‘your watch/my watch’ catch-all mechanism, due diligence findings are relevant to other indemnification clauses of a purchase agreement. In the same manner that the contingencies identified during due diligence assist the buyer in negotiating the size and release of a deferred purchase price, it also assists in negotiating the indemnification financial and time limitations. The indemnification cap should take into consideration the total number of contingencies identified (and also leave room for hidden contingencies); basket and de minimis should consider the nature and amounts involved in the individual contingencies; and time limits should take into consideration the nature of the contingencies vis-à-vis statutes of limitations of the applicable jurisdiction.

9.4. Reps and warranties insurance
In certain jurisdictions, it is becoming more and more common for the buyer and/or seller to contract reps and warranties insurance, assisting in protection from financial loss in the event of breaches or inaccuracies in reps and warranties. The findings of due diligence, and the number of contingencies identified, assist in selecting and negotiating the insurance coverage, and the premium involved in purchasing it.

9.5. Authority of signatories
Prior to signing, it is important that the legal advisers of the parties involved double check the power of the signatories of each signing party. Using corporate documents made available during due diligence should assist the buyer in performing such checks, but it should not be a substitution for requesting updated documentation that attests the power of the signatories immediately prior to closing. Needless to say, this should also be done by the seller and its legal advisers, regardless of the fact that no due diligence of the buyer was performed.

10. How to perform due diligence where US, EU, UN and/or UK
sanctions are in place?
Companies undertaking commercial activities on a cross-border basis should be aware of international sanctions. There are various types of such sanctions. They may be imposed by the UN, US, EU, UK and several individual EU countries. While UN sanctions are supported by all UN member nations, EU sanctions are supported by all EU Member States. In both cases, the member countries need to comply with the terms of the sanctions that are applicable to its citizens, residents and the local companies both registered and operating in those countries. Sanctions imposed by the US, technicall  speaking, do not have extraterritorial jurisdiction, except that they apply to US companies operating worldwide, US citizens irrespective of where they are located and US institutions. Considering the geopolitical importance of the US, it is quite natural that non-US countries and non-US entities do not wish to breach them, thereby risking their operations in the US. Furthermore, sanctions imposed by individual countries, such as the UK, apply to UK-based entities and British companies operating worldwide and their citizens both inside and outside the country. Generally speaking, there are around 70 countries in which there are international sanctions imposed by the aforementioned countries or organisations. In addition, there could be trade embargos, either blanket or otherwise, imposed on the sanctioned countries.
Moreover, there are lists of individuals, organisations and institutions that are barred from either investing or forming associations by entities from the sanction-imposing countries. They are classified as ‘Specially Designated Nationals’ (SDN). Their names and details are published by the sanctionimposing countries from time to time. From the context described above, it is clear that it is extremely important that companies that wish to do business/undertake commercial activities in the aforesaid 70 oddcountries must carry out detailed due diligence before acquiring any  company, or even dealing with any entity located in the sanctioned countries. This is because any breach of sanction terms may cost the loss of investment or business. Before undertaking any commercial activity in the sanctioned country, generally speaking, the following actions should be carried out: (1) conduct comprehensive due diligence in a pre-devised format; (2) compile the SDN list through a professional agency; (3) clearly identify the final endcustomer in the sanction country to ensure that it is not involved with the SDN list of banned persons; (4) prepare recusal for citizens of sanction-imposing countries working in a country that is outside the sanction if the intention is to do business with a sanctioned country; (5) prepare detailed board agenda papers for board meetings and minutes; and (6) take a view on whether the provisions of sanctions are being complied with in letter and spirit. It is possible to do business in sanctioned countries provided specific trade licences are obtained from the regulatory authorities in the countries imposing the sanctions. For example, in the case of the US, approval can be obtained from the Office of Foreign Assets Control (OFAC). Similarly, in respect of UK sanctions, trade licences can be obtained from the Export Control Organisation (ECO). As explained earlier, conducting detailed due diligence that considers the letter and spirit of sanctions is extremely important. In the following are some of the parameters that need to be considered while conducting such due diligence.

1. Confirm the identity and location of the customer, end-user and any other third-party involved in the transaction (eg, freight forwarders, transporters and agents). This is to identify whether a direct/indirect customer or other party involved in the transaction is an SDN. This is also to identify whether there is an elevated risk of the product being put to a prohibited end use and whether more complex restrictions on dealing with sanctioned territory/persons are triggered.
2. Confirm the ultimate ownership of each counterparty (shareholders and group parent companies), any known affiliates (companies known to be under the same control) and how information on ultimate ownership has been verified (eg, company records and the internet). This is to ensure that the corporate veil is pierced to understand the ultimate beneficial ownership, not only extending to companies owned/controlled by an SDN but also by the subsidiary/controlled entity of the SDN. This information will also assist with the analysis of risk regarding the end-user to ascertain if a customer/end-user is owned or controlled by a government authority in a sensitive destination, or perhaps by a parent company active in an unrelated and sensitive sector, such as defence, or if there is some other discrepancy that undermines the credibility of the customer/end-user ‘story’.
3. Confirm the identity of directors of each counterparty, and contact a person at each counterparty. This is to confirm that the parties do not fall under the SDN category, which should be verified independently, and the accuracy of the information should be ensured.
4. Confirm whether these are new counterparties or if there is an existing relationship and, if so, verify the length of the relationship. This is to verify whether new customers can be typically considered ‘higher-risk’ because less background information is known about them by the other party, requiring, as appropriate, a greater degree of scrutiny than for an existing customer. Conversely, where an existing customer inexplicably changes the payment details/route (eg, requesting that a different entity be invoiced), this would require greater scrutiny.
5. Verify, if the customer/end-user is new, how the sales opportunity was identified. This seeks to identify whether the channel through which the opportunity arose gives rise to any suspicions.
6. Verify whether there is a contract in place to cover a particular transaction, including details such as term, value, volume and nature of the product. This is to ensure that there is no reluctance on the part of the customer to enter into a formal contract, and there is no desire to conceal its true identity or keep the transaction secret.
7. Verify the nature of the product. This is to understand whether the product is subject to arms embargoes, general export control restrictions or specific sanctions regimes.
8. Confirm whether any non-standard modifications to the product have been requested and, if so, what is their nature? In particular, any requests made for armour to be fitted to a vehicle, or any fittings for a carriage or equipment that are potentially military or riot control-related modifications. This is to ensure that there are no non-standard modifications that can be used to oppress civilians.
9. Verify whether there are routine support services provided under the contract (eg, routine installation and maintenance) and if not, why. This is to verify whether a customer has opted out of standard support services, implying that the customer does not intend to use the product in the usual manner or intends to transfer the product to a third-party without informing the supplier.
10. Determine whether there are any non-standard services being requested and, if so, the details. This is to ensure that such non-standard modifications are not used for sanction-related activities.
11. Verify the end use of the product with details. If the stated end use is not consistent with the nature of the product or the profile of the customer, then this might imply that the true end use is being concealed.
12. Verify the method of payment (eg, bank transfer or cash). This is important to ensure that funds will be transferred through designated banks via normal banking channels, and also to ensure that banks do not belong to dubious locations.
13. Verify whether the payment is a one-off or in instalments. Overly favourable payment terms (eg, one-off lump sum payments when instalments are market practice) may raise suspicions.
14. Understand clearly the currency of business. For example, where the transaction has an Iranian, Cuban, Syrian or Sudanese nexus and the payment is intended to be in US dollars, this should be verified.
15. Verify details of the customer’s bank details involved in the transaction. Banks may themselves be an SDN, and so they should also be screened in accordance with standard procedures.
16. Verify whether usual credit-checks have been carried out on the customer. If this has not been done, it should raise concerns.
17. Check whether the US content in a product is within the sanctioned limits. This is to ensure that US sanctions in respect of its permissible contents in a product are adhered to (normally ten per cent of imported products).
Conducting due diligence in respect of sanctions is a complex job. This is because sanctions keep changing all the time, and technical knowledge is required to understand whether the impact of the sanctions on products covered under the sanctions is different in nature; similarly with commercial details. Where it becomes a grey area, it is always advisable to obtain clarification or trade licences from the regulatory authorities, or avoid commercial dealings altogether with the sanctioned countries.

Source: IBA Corporate and M&A Law Committee Legal Due Diligence Guidelines SEPTEMBER 2018