Guide to Payment M&A
Due diligence to final offer
In the run-up to making a final offer, the due diligence should flush out issues that go to valuation confirmation and deal certainty/execution risk.
Intellectual Property and data considerations
A potential buyer should think about what IP rights are owned and used by the target. The focus in any IP diligence process is establishing that the target company owns the IP which it purports to own. The terms of any contracts under which key IP is developed, the inbound and outbound licenses entered into by the target company must also be reviewed.
OSS. Diligence should be conducted to understand the use of OSS by the target, any restrictions on that use and whether software developed incorporating OSS is impacted. Where OSS is used by the target business, warranties should be sought in relation to its use of OSS in compliance with the relevant open-source licences.
Data privacy/cyber security. It will be necessary to understand whether the target complies with data protection legislation and whether there is any history of data privacy or cyber security incidents. It is important that the warranty coverage for data privacy and cyber security issues is comprehensive because of the risks associated with the large quantities of data that will be held by potential targets.
The due diligence list should include:
- The organisation of the workforce – in particular, whether the transaction perimeter includes all the individuals needed for the business to operate effectively. This will be a particular concern where there are significant numbers of shared services employees or where a complex carve-out is required pre-closing.
- Non-standard working arrangements and risks arising from them - this might include, for example, significant and long-term reliance upon contractors rather than employees. Reclassification of contractors as employees could have both legal and financial consequences.
- Any payments that might be triggered by the acquisition - cash payments under change of control provisions in employment contracts or accelerated vesting of long-term incentive plan awards. Not only might these have financial consequences for the buyer, but a windfall payment to employees in connection with the transaction might present retention issues post-closing.
- The adequacy of notice periods, IP provisions and restrictive covenants in the employment contracts of key employees – how easy will it be for those key employees to leave on short notice, and whether they might be able to compete, poach staff or clients, or claim rights in respect of any IP they have created while employed by the target.
Key compliance risks
AML risks. The due diligence would typically involve, among other things, a risk assessment (including incorporating the target’s own views and analysis as to risks, where appropriate); jurisdictional analysis to determine whether the target has any operations/customers in high-risk jurisdictions; and a review of details of prior breaches, audits and any relevant documentary materials provided by the target.
Governance, risk management and compliance systems. Less established targets will sometimes have immature risk management arrangements and even where a target has a seemingly advanced compliance framework, it can be challenging to test the reality of this. It will therefore be necessary to test with management through the Q&A process how well a compliance programme is working ‘on the ground’ and, in some cases, to request additional documents.
SPACs. Fintechs could be prime targets for special purpose acquisition companies (SPACs). From a risk perspective, careful considerations will be required to revenue and profitability projections used during the de-SPAC process to reduce the risk of future shareholder claims if revenues do not meet projections.
Merger control (antitrust) considerations
A potential buyer should use this phase to conduct a more in-depth substantive analysis. In particular, a buyer should:
(i) Consider potential theories of harm. Horizontal mergers typically attract most scrutiny; however, non-horizontal mergers can also be problematic, and this has been a key focus of many investigations into payments transactions. In particular, authorities will assess foreclosure risks carefully where one or both parties provide key infrastructure or data. In addition, to tackle ‘killer acquisitions’ authorities have begun to focus on the loss of potential and future competition.
(ii) Conduct deal preparation. Formulating a pro-competitive deal rationale is important and internal documents need to be consistent with this rationale. The parties should be prepared for detailed consideration of each party’s entry and expansion plans absent the transaction. To complement this, it is important to develop strong evidence of entry/expansion by other players. It will also be necessary to consider the impact of regulatory or technological developments in the industry: for example, has the adoption of new technology or industry-wide initiatives lowered barriers to entry or is it likely to do so soon?
(iii) Consider remedies early. Once a view has been reached on the merger control it will be necessary to consider whether there are ways to mitigate any risks, for example, making changes to the proposed transaction structure: if a specific jurisdiction is of concern in a global transaction, the buyer should consider strategic options for reducing risk relating to that jurisdiction.
Foreign investment filing considerations
Once a view has been reached on the FDI risk from the previous stage, the buyer may consider mitigation measures such as making changes to the proposed transaction structure by addressing some governance concerns. In addition, risk of FDI authorities requiring remedies should be flushed out at this stage before proceeding to a final offer. Considerations such as conditions precedent (CPs) in the offer documentation for jurisdictions that have mandatory and suspensory FDI filings; risk-allocation mechanisms such as hell-or-high-water clauses, (reverse) break fees; and a long-stop date should also be considered at this stage and included in the final offer documentation.
Financial services regulatory considerations
For UK targets, the main regulations that govern the payments business are the Payment Services Regulations, the Electronic Money Regulations and the UK Revised Wire Transfer Regulation. The nature of the licence held by the target will have implications for the type of activities the target can perform as well as the nature of the regulatory and compliance obligations the target is subject to. During the due diligence process, the buyer should ensure that any issues in respect of licences and authorisation, correspondence with regulators, regulatory investigations or breaches, complaints data and general compliance are flushed out and are materially assessed.
Holly Insley Partner
Ali Kirby-Harris Partner
Rikki Haria Senior Associate
Tom Hingley Senior Associate
Hannah Family Associate
Maija Hall Associate