Compliance vs Governance: The unexpected catalyst for IT strategic involvement in M&A and disposals

Micro Focus Contributor
Micro Focus Contributor
0 0 1,067

In the same way that trading markets thrive on instability, so does the strategic corporate world in terms of mergers, acquisitions (M & A) and disposals. While compliance is usually considered to be driven either by external law and regulation, or internal corporate standards, governance, one suggests, is a function of taking advantage of, and guarding against, fluctuating market conditions.

Compliance vs Governance.jpgFor example, it was reported in the UK Press in October last year that over 250 UK companies were acquired by US entities. Why? Because with uncertainty from BREXIT, major manufacturers backing out of UK subsidiaries and the fall in the value of Sterling against the US Dollar, this was a perfect time for grabbing a bargain. The international aspect of this is further compounded by US President Trump’s overt policies of increased protectionism and new World Trade deal negotiation.

But does this continue? Undoubtedly, as major British concerns are under urgent consideration by Private Equity. For example as reported on 26th July by Ben Marlow of the Daily Telegraph:

“Satellite operator Inmarsat, theme park giant Merlin Entertainment, the owner of, pubs group EI and now Cobham (the defense industry major)… the industry is sitting on a staggering $2.5 trillion (£2 trillion) of dry powder and debt has never been cheaper or more abundant.” Therefore the stage is set for increasing corporate ownership volatility.

With Sterling hitting a six year low against the Euro – and with the threat of a “ no deal BREXIT” being talked up by the new Boris Johnson Conservative Administration in the UK, one can see the risk / opportunity increasing for merger, acquisition and disposal.

But how is this relevant in the role of Governance? As the Head of Governance of a global energy company put it last year, her biggest headache is one of managing both the data and the personnel when her weekly M & A cycle is addressed. When selling, one is usually strong-armed by the purchaser to provide some years of warranty that no regulatory breach is included in the asset being acquired. But how do you know if you don’t check? And naturally the same issues arise in the due diligence on purchase.

Furthermore, GDPR raises its head again since the obligations of a Data Controller and Processor become entangled on disposal. In mid-July 2019, the UK’s Information Commissioner, Elizabeth Denham, made the following statement: “The GDPR makes it clear that organizations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition. Personal data has a real value so organizations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

So some practical deductions to be offered for anticipating and executing M & A?

  • Carry out a thorough assessment of the data that is being moved, the silos in which it is stored and the applications used for its exploitation
  • Ensure that critical Intellectual Property – as a regular component of the deal logic – is identified, indexed and managed in a defensible way
  • Identify and prudently manage the Personal Data involved in the transaction – including the obligations of Data Controller / Processor from relevant regulation
  • Ensure that the permissioning and data access authorization of personnel directly tracks the move of staff – whether it be for closure on sale or creation on purchase

In all such aspects, the extensive Security, Risk & Governance suite of Micro Focus can provide the technical capability for execution, assurance and audit.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.