Corporate development and in-house counsel face a range of challenges when deal negotiations or target data is disclosed to the media, investors, customers, or employees. Whether through an intentional or unintentional disclosure, leaks can significantly impact or scuttle a transaction.    

This discussion considered the unique legal, cultural, and strategic issues associated with leaks and the need for overall improvements in M&A security.

While there is no foolproof way of protecting a deal’s secrecy, the panelists discussed various ways that practitioners can utilize “fire prevention” techniques during deal negotiations to minimize the risk of leaking details to the media, investors, customers, and employees. The panelists also devoted time to discussing the current deal climate and strategic uses of leaks.

Matt Porzio, Senior Vice President of Strategy at Intralinks, lead the discussion and began with a broad understanding that there is no perfect “playbook” for protecting information in M&A transactions. From there, the conversation delved into the current dynamic of the technology M&A market as a particularly "leaky" industry.  It was also suggested that advanced cybersecurity testing of targets will become a more common M&A security practice.

Several panelists commented on the overall size of a deal team as a challenge to maintaining deal secrecy. Didier Vanderbroeck, Director of M&A Security at Salesforce, noted that Salesforce’s diligence group employees between 70-80 people. He added, “It’s hard to keep a secret” with that many people working on a deal.

The location and scope of a deal can also increase the risk of leaks during the early stage of deals. Connie Chen, Head of M&A Legal at Broadcom, commented that deals are more likely to leak if the target acquisition is located outside of the United States since counsel and corporate development are typically operating across jurisdictions with a large project team.

The panel turned to “fire prevention” techniques to proactively protect deal information and prevent leaks during negotiations. Chen pointed out that it is important to remind all personnel involved in the transaction of the confidentiality requirements. “Remind [personnel] of all the things they agreed to when they joined the company and to also remind them that breaches of the agreement could be grounds for termination,” said Chen when asked how to keep deal personnel and employees tight-lipped throughout the deal process. Vanderbroeck added that companies should restrain the number of people involved at various stages of the deal to only those who are required.

Next, the panel discussed unintentional leaks, which have become increasingly common because of social media and the ease of sharing information with a broad audience. Shahzia Rahman, Government and Securities Counsel Lead and Assistant Corporate Secretary at Square, counseled the audience to pay attention to peripheral personnel as potential leak risks. “You really have to think about who needs to get that confidentiality notice… there might be people you’re not thinking about like someone’s secretary,” or others with information access, said Rahman.

Moving on to intentional leaks, the panel discussed how many deal leaks are actually the result of intentional disclosures by the parties or even others that are not directly involved in the transaction. Considering what drives people to leak deals from both the buy- and sell-sides, the participants mentioned that some parties to the transaction might be “trying to create competitive tension” on the buy-side. Such leaks can also occur outside of the negotiating parties, often by competitors looking to “spook” customers of the M&A target.

Concluding the discussion, the participants turned to the shift from “fire prevention” to “firefighting” as the best approach for M&A security.  Disclosures and beaches are a substantial risk consideration for M&A transactions. While Chen mentioned “battening down the hatches” to try to quell rumors, she also conceded that transparency is always a good policy when dealing with news that has already leaked.