In each scenario, there are risks to consider. For example, overseas investors need to factor in Foreign Investment Review Board (FIRB) considerations if there is data involved. Whether a target business is a 'national security business' under the FIRB regime due to having a direct interest in or being responsible for a 'critical infrastructure asset' within the Security of Critical Infrastructure Act 2018 is important. The Security Legislation Amendment (Critical Infrastructure) Bill 2020 is currently before Parliament and if it is passed, will significantly expand the concept of a critical infrastructure asset. In fact, financial services and markets is now a 'critical infrastructure sector' covered by the Bill.
For organisations where technology is their central product, IT considerations are front of mind during any transaction. This is particularly the case if the target is technology or software-based and outsources any of its core capabilities.
However, for those financial services organisations that use technology to enable what they do, IT is often forgotten or not prioritised during their transactions. It's here where costs can blow up.
Uncovering the hidden IT costs in M&A
Buyers need to start asking questions and understanding their target's IT systems before their deal is finalised. Key questions include:
- How can the target's systems (such as payroll and enterprise resource planning software) integrate with the buyer's own systems – or can they?
- Are there other, unknown systems that the buyer will be taking on?
- How does the target use its data? If customer data is part of the target's value, how can the buyer integrate that into their own systems?
- How reliable are the target's systems? What support do they have for when things go wrong?
If the target's main product or service is their software, it is especially important to consider intellectual property issues, including:
- Whether any open source software has been used in creating the product;
- Chain of IP ownership; and
- Whether any IT vendors or third party contractors were involved in the product or software's creation.
Overlaying all of these questions is the objective of ensuring a simple, user-friendly customer experience.
In addition, considering the government's evolving risk and regulatory requirements, organisations need to take into account if the target complies with relevant APRA outsourcing, data and cybersecurity obligations (such as CPS 231, 234, and 235).
Without proper planning and due diligence, you could end up buying a service that's great on paper, but that will cost a lot to fix or replace the moment it falls over.”
Buyers need to bring a greater sense of IT knowledge and an understanding of what can go wrong in these situations to understand the genuine cost associated with a merger or acquisition. Some of this information will be elusive. For buyers, it is critical to ask the right questions – and to keep asking until they are satisfied with the response. Bringing in the right advisors throughout the whole deal lifecycle can help.
Demerging IT systems and 'unscrambling your egg'
For organisations looking to demerge or divest certain parts of their business, it's easy for costs to blowout if they aren't managed carefully.
Organisations are looking for synergies – but just because you cut your business in half doesn't mean it will cost you half as much to run.”
When organisations sell off part of their business, one of the most difficult factors is separating the 'sold' entity and its associated enabling technology from the original entity's IT systems. This applies equally across all elements of technology requirements – from customer-facing services to back-end processing.
Typically, organisations underestimate the time and cost involved in breaking up the systems they have in place.
For example, customer data and privacy are critical considerations for customer-facing businesses. Before selling, organisations need to consider how to deal with co-joined data and how to separate it while still complying with Australia's privacy legislation. Ownership of IP is important here as well.
If not managed carefully, supplier costs can also present a significant expense.
Many agreements with IT vendors are based on quantity and economies of scale. When an organisation separates part of its business, they are going to substantially reduce the volumes that go through their technology systems. Therefore, whatever agreements they have in place with suppliers may be impacted, and suppliers may legitimately start charging them a lot more.