In most merger and acquisition (M&A) transactions, the pace of the transaction, the focus on the operational and financial performance of the target, and the competition created by multiple potential buyers make it a challenge to devote the time and resources necessary to perform thorough technology -related due diligence. This challenge is further compounded by the fact that many lawyers who have been handling M&A transactions for years simply do not know what to ask or understand the magnitude of potential risks presented by the condition of the target company’s technology environment and practices.
This is particularly problematic because now large software licensors have instituted formalized software audit programs to identify non-compliance and have assigned revenue targets to these audit teams (as they would to a sales team) in order to extract additional revenue from existing clients. In some recent examples, software audits have identified non-compliance issues that have resulted in demands for additional fees that are in the nine-figure range, which in many cases may exceed the entire value of the transaction or at least seriously impair the anticipated return on investment for an acquisition.
While not an exhaustive list of potential risks presented from inadequate technology due diligence, we have highlighted below a few of the key considerations presented by the evolving technology landscape in which companies now operate. If you are not asking these questions and considering the attendant risks, you may be leaving your company exposed to significant financial risks that are not priced into your transactions. Consider incorporating the following questions in your due diligence questionnaire and addressing the risk presented by the responses in your transaction documents.
1. Do you have an organized and active software license management compliance program? If so, please describe it.
Unfortunately, many companies do not have active software license management compliance programs and, as a result, are not in compliance with their licensed entities to the software or the terms of the applicable software license agreement. This can result in a number of compliance issues, including: 1) a number of users that exceeds the licensed number of users, 2) violation of use restrictions, 3) attributed use due to virtualization that exceeds the licensed use, and 4) violation of anti-assignment provisions. In each case, this can result in significant additional fees and impact the anticipated return on investment. If the answer to the above question is no, then proceed with caution and investigate further.
2. Are you using a software license management tool to track your use of third-party software that you have licensed and ensure compliance with your licensed entitlements?
Although software license management is critical, many companies have still not invested in the implementation of a license management tool. If your target is one of these companies, then there is a high likelihood that they are not in compliance with its licensed entities or the terms of its software license agreements. In addition, it may make it very difficult to size the potential exposure because the target hasn’t effectively tracked its use of the licensed software or mapped it back to its licensed entities to ensure compliance.
3. Are you in compliance with all of your third-party software licenses?
If the answer to this question is “yes,” then you should consider including this answer as a representation in your transaction documents. If the answer is “no,” then you will want to dig deeper to assess the potential exposure.
a. Do you allow “bots“to operate as users of any third-party software? If so, which third-party software is operated by bot users?
If the answer to this question is “yes,” then you will need to review the license agreements governing the software programs used by bots and determine whether this use is permitted and the impact on the licensing requirements. In many cases, the use of the software by a bot is equivalent to a number of human users and, as a result, many licensors require payment of additional license fees.
b. Have you moved any third-party software from your on-premises environment into a third-party “cloud environment“Are you using a dynamic virtualization program that allows the software to leverage computing capacity in the cloud environment that exceeds the computing capacity available in your on-premises environment?
If the answer to this question is “yes,” then you will need to review the license agreements governing the software programs that have been moved from an on-premises environment into a cloud environment and determine whether the software in the cloud environment is accessing and using more processors or processing power than were used in the on-premises environment and licensed under the applicable software license agreement. This is a particularly significant exposure for many companies because the decision to move software into a hosted environment and to leverage dynamic virtualization software can result in actual or attributed usage (ie, a full capacity license) that is thousands of times the usage in a traditional on-premises environment and thousands of times the licensed entitlements held by the customer. As a result, the additional license fees required to support that increased usage can be thousands of times the license fees paid by the customer.
c. Have you integrated third-party software in your environment in a continent that allows programs to become “indirect users“of other licensed software programs?
If the answer to this question is “yes,” then you will need to determine whether the integrated software requires payment of additional license fees for “indirect users” or would consider each transaction performed by the integrated software in response to a “call” from a program with which it is integrated as constituting a use of the software and requiring payment of a license fee. In many cases, the indirect use of software through calls from other integrated software programs may increase the usage of the software substantially and result in significant additional license fees. For context, a major software company requires payment of license fees for “indirect use” of its software and its license metric is written broadly to capture “calls” from other programs that leverage the processing power of the original software.
4. Will this transaction result in an assignment of any software licenses (including an assignment by operation of law) in violation of the anti-assignment provision in the license agreement or in violation of the anti-assignment provision in the license grant?
Many software license agreements prohibit assignment and require payment of an assignment fee in connection with the assignment of the software from one entity to another. Under many state laws, a merger constitutes an assignment by operation of law and violates the anti-assignment provision in the license agreement or license grant. The determination of whether a merger constitutes an assignment by operation of law is complex and varies by state law and the structure of the merger. For example, under Delaware law and the law of states that follow the model corporate code, a reverse triangular merger is generally not considered an assignment by operation of law, but a forward merger is considered an assignment by operation of law. Therefore, it is important to consider the structure of the transaction, the governing law of the companies involved and of the merger agreement, and the specific anti-assignment provision in the applicable license agreement in assessing this risk.