“Risk management is about people and processes and not about models and technology.”
— Trevor Levine
Have you ever shopped for something dangerous? Back in the 1950s, my mother wanted to buy a pressure cooker to make dinner faster (and use cheaper cuts of meat). That wasn’t an easy decision, because the early models had a reputation for occasionally exploding (there was no Consumer Product Safety Commission then). My father, a self-taught steam engineer, was skeptical that a kitchen appliance could safely contain double the normal atmospheric pressure. But Mom did her homework, researching what the problems were (usually a single pressure valve prone to clogging) and finding cookers with redundant pressure relief systems. It worked for years, and no one went to the hospital.
Companies shopping to buy other companies, or to acquire a license to their technology, also entertain risk. That’s because in the process of interviewing potential targets they can become exposed to highly valuable trade secrets. If any particular transaction doesn’t go forward, but the shopper implements similar technology, the disappointed seller may file a lawsuit claiming misappropriation.
Potential acquirors have ways to protect themselves, including sometimes insisting on contracts that deny a confidential relationship, or that allow them to “retain in unaided memory” any information they learn from the transaction. But most of the time these transactions are based on a traditional nondisclosure agreement, in which the prospective purchaser or licensee agrees to use the target’s confidential information only for the purpose of assessing the potential deal. This can put the recipient company in a very awkward position, unsure of its ability to effectively compete if the deal goes off the rails.
One way that acquisitive companies have tried to reduce this risk is through the use of “clean teams.” The term was adopted from a closely related situation of potential mergers between established competitors, where antitrust regulations prohibit pre-acquisition coordination (something called “gun jumping,” which to me sounds even more dangerous than pressure cookers). This led to the hiring of consulting firms to receive confidential business information from both sides and assess it independently, reporting to each side only “cleansed,” generic observations about the wisdom of the deal.
Clean Teams operated in “Clean Rooms,” a term itself borrowed from the semiconductor industry, where you have to put on a bunny suit to enter the highly purified environment of a manufacturing facility. The common idea here is to prevent any sort of unwanted exposure or contamination. For the traditional “clean team,” their formal independence and professionalism seemed to satisfy the regulators, while allowing informed advice to the participants.
This idea also can work when trying to maintain control of trade secrets. A prospective purchaser can arrange for an independent, trusted third party to have access to the target’s technology and business plans, reporting out only their conclusions about potential value of the deal. In theory at least this can substantially reduce the risk of disputes if the transaction is abandoned.
But not all “clean teams” are made up of external actors. Frequently companies decide to populate them with some of their own staff, either because inserting a consulting firm in the process would be too unwieldy or expensive, or because they want advice that is informed with a full understanding of the potential fit of the target or its technology. The decision to form the group in whole or in part from in-house resources is often influenced by those who want to be a part of the process.
Many of these potential acquisitions or “licensing in” of technology are driven by an unresolved question: should we develop this ourselves or get it from outside? Those within the organization who are inclined to acquire might be part of the sales function, which puts a premium on getting the functionality out to the market quickly. In opposition might be those in R&D or engineering who believe they can do this as well or better themselves. In an effort to respond to these “make vs. buy” tensions, or just to get more granular feedback on the value of the transaction, management will sometimes include insiders in the group who are exposed to the target’s confidential information.
This due diligence team formed with insiders can, in the abstract, be a “clean team,” in the sense that they can be effectively walled off from others doing internal development. In practice, however, they may find it difficult to respect the barriers established to prevent data contamination. Curious colleagues ask probing questions about the target. The risk becomes more apparent and acute when one considers that misappropriation of trade secrets does not require copying or other direct use, but can result from any knowledge that substantially influences the development of a product or process.
And it gets worse, because when the company launches its competitive product, and the jilted target brings a claim, the defense requires proving a negative: despite appearances, our internal work was not at all affected by the exposure of one or two engineers to the other company’s secrets. As many courts have pointed out, misappropriation is almost always proved by circumstantial evidence, and participation in due diligence, followed soon after by marketing of a similar product, can be a bad look.
The operational consequences can be serious. In one case, a potential acquiror gave its outside patent counsel a copy of the target’s confidential patent application, which the lawyer used to inform his own filing, resulting in a $116 million jury verdict. In another case, the diligence team was secretly working on the possible acquisition of a competitor of the target, so the court prohibited that transaction from going forward. In a third case, the potential buyer claimed independent development of its product by a third company, but it turned out that the developer had been visited by a member of the diligence team.
Preventing these kinds of disasters is not terribly complicated. First, it pays not to think of any internal team as reliably “clean,” even if they have the best of intentions. Second, the confidentiality agreement with the target can be negotiated in ways that reduce risk, such as including recitals that the acquiror is actively engaged in competitive development, limiting the scope of protectable information, or terminating restrictions after a period of time. Third, if a true “clean team” is not sufficient and some level of contamination has to be accepted, the company can effectively insulate itself by outsourcing an independent reverse engineering project based on a high level, functional specification. See my earlier post “The Art of Reverse Engineering,” here.
Thoughtful, multilayered efforts are most effective at reducing risks of otherwise dangerous activity. Take my Mom, for example. Even though she found a cooker with a separate release mechanism, she always took the time to thoroughly clean the primary pressure valve. Creating robust structures is important, but process implementation is critical.