By Lilly Teng, Managing Partner of Orchid Law PLLC
Published by The State Bar of Texas, International Law Section
“Know your customer” is a popular punchy phrase in sales and marketing organizations. This is equally true and growing in importance in conducting a thorough risk evaluation in international M&A transactions or litigation involving foreign partners and parties, particularly non-USA corporations with opaque ownership structures. After all, facts are friendly and knowledge leads to attorneys and professionals doing our best job, considering whether the means we have used lead to the correct conclusion regarding risks.
Many experienced international lawyers upon reading the above title are likely thinking either “I know, we do this all the time”…or “so what.” Conduct a thorough and disciplined diligence, find the risks and legal issues, prepare a mitigation matrix or analysis, manage the risks through contracts, insurance, and deal structure, and everything will be fine.
In today’s international law and business arenas, however, certain risks simply cannot be mitigated or structured away with contracts. We have a duty to clients to have knowledge of all relevant and legal risks. Knowledge requires data that is accurate, verifiable, and legally obtained. Our reliance on electronic devices, internet, and love of all things digital in our personal and professional lives means that we are aware there is a great deal of information available to attorneys and advisers in redefining what is the proper scope of due diligence for a particular case so that all quantitative and qualitative issues are discovered timely. Accessing all relevant data requires use of traditional, digital, and cyber approaches, each conducted in a proper manner. Leveraging the data obtained will help attorneys advise their clients in negotiating a better deal in a transaction and/or commercial settlement of a dispute.
This article will compare the traditional conventional approach in due diligence typically practiced in America with a hybrid approach, along with a brief analysis of several real-life cases. Traditionally, risk mitigation strategies focus on commercial, legal, financial, and technical areas and issues (quantitative measures). However, the majority of projects and deals involving American and foreign partners run into problems (e.g., bankruptcy, litigation, non-compliance) that could have been avoided with a good (honest) partner, early active handling of business culture conflicts, and aligned business goals and values. Disagreements and disputes over money, financial rewards, and profit allocation can usually be worked out, if the management team and decision makers share the same business goals and ethical principles. If a deal is not going to work out, rational business people would prefer to have the knowledge required to make a decision not to go forward earlier than later so they can focus on the right deals with the right partners.
What is Hybrid Due Diligence?
Hybrid Due Diligence can be described visually as “360 degree due diligence.” Information is the real commodity (i.e., Data is King!). To think of due diligence as only consisting of gathering files, interviewing clients, taking oral statements, surveillance, and spending many hours in the data room on documents provided by the other side… are things of the past. In a hybrid due diligence, the traditional, digital, and cyber aspects of the case are conducted concurrently. This strategy allows for the attorneys, investigators, and technical team to contemporaneously share the information in real time and results in a much more thorough investigation that is completed faster and at less cost. While this approach seems logical, there are currently only a handful of firms using this strategy in deal making and dispute resolution. In the hybrid model, attorneys work with both traditional investigators who have the in-depth knowledge of digital forensics and macro appreciation for evidentiary rules, and technology experts who possess the knowhow on software and cyber tools. What follows is a comparison of how this would work in Transaction versus Litigation situations and how having this information earlier in the process is better for the client.
The transactional world
The traditional approach to due diligence in cross border transactions typically focuses on the corporate entities and/or assets involved, financing, economics, technology (i.e., is the technology the best available and proven) and the usual geo-political risks (i.e., is there a threat of expropriation, regime or law change that would be detrimental for the client). The traditional approach is, frankly speaking, single dimension and merely one layer of peeling away the onion. There is generally less attention given to the decision makers and significant people working within or for the business partners and counterparties. In the typical corporate approach and final investment decision process, it is common for the client to increase the internal hurdle rate for capital to reflect “local and country” risks that carry higher degrees of risk, also referred to as a risk adjusted rate of return. However, the right query should be – is the valuation correct? Even if the purchase price is ‘indicative’ and subject to adjustments for material flaws found in due diligence, how do we know all flaws are found (and in time) to provide the client with leverage to negotiate a fair purchase price adjustment before financial close? If a full qualitative check has not been performed on the assets, foreign entities, and people with whom we are considering doing business, how can we really know all the facts that will affect our ability to provide sound advice in the best interests of our client?
Logically, in today’s environment, a potential buyer should conduct a forensic investigation on digital and intellectual property assets in the very early stages of the deal chain, before negotiations begin, to obtain an accurate valuation of all deal components and potential exposures (e.g., has the IP already been stolen by employees or hackers, or internal systems compromised?).  In addition, early checks help predict potential pitfalls and stumbling blocks in deal progression, decreasing litigation risks.
Here are two examples of applying our talk to action in contemporary transactions:
- At an international energy conference outside of the USA, Company A presented its multi-million dollar energy infrastructure project, seeking to raise capital and secure long-term contracts for the purchase of energy products. Company B, a multi-national petrochemical trading company, requested its adviser to attend the conference, evaluate Company A’s project and prepare a feasibility study report. Due to inaccurate and misleading statements made by Company A at the conference, the adviser recommended that Company B should first investigate the project, business entity, and ownership chain, prior to beginning negotiations for investment and offtake. Using the hybrid approach to due diligence, the adviser discovered that none of the development or management team had energy experience or a track record of completing projects, contrary to representations. In addition, the site location did not exist, and the main investors originated from countries with a reputation for nefarious sources of funding and troubling political connections. In other words, the data uncovered relating to project development, investors, management team, and Board of Directors, raised serious concerns of compliance with federal and state law issues plus would lead reasonable people to conclude there was a strong likelihood the project would not be completed. The early stage investigation revealed major gaps between what was represented outside of the USA and the truth, and helped Company B “step back from the cliff” and analyze its approach to business goals.
- Company A, a foreign investor and experienced power EPC company, received a solicitation from a well-known international investment bank representing Company B, owner of USA power projects in development. A project summary (a/k/a “teaser”) was prepared by the investment bank and distributed to the bank’s customers, including Company A. Believing the investment bank vetted the opportunity, Company A executed a confidentiality agreement and non-binding letter of intent with Company B, and hired external counsel and commercial adviser to conduct due diligence, review project and company documents, prepare a financial model, and advise on acquisition and hedging strategies. During the traditional due diligence, several inconsistencies and gaps were uncovered between statements from Company B’s management team and documents in the data room. A deeper hybrid investigation revealed that Company B’s officers were sued by its private equity investors and reached a settlement of the civil suit; however, were under indictment by federal district court for embezzlement…and possess a track record of using different business entities to incur debt alleged to be on behalf of the project company. The investment bank’s adviser informed Company A’s advisers that these matters were known to the bank, however, as the transaction involved a sale of project assets only, the bank took the position their client’s pending criminal case did not need to be disclosed. Based on its advisers’ findings, Company A declined to proceed with negotiations as any dealings with Company B’s team would damage their corporate and individual reputations, subject them to investigations from regulators in their home country, and render any asset valuation indefensible.
Our bottom line advice is to encourage clients to conduct comprehensive “360 degree due diligence” deploying traditional, digital, and cyber methods at the same time and as soon as possible in the early stages of considering a transaction – in other words, at the stage of determining initial economic feasibility. This will eliminate unexpected risks, and potential bad news for clients with schedules and budgets that need certainty and predictability of costs. The results hopefully speak for themselves – the client ends up with a good deal with the right partners in a long-term profitable business rather than a bitter experience. 
When litigation becomes a reality
A corporate client becomes aware of a threatened or pending litigation, and the sequence of events set forth below is what we normally see takes place. The company’s executives informs internal counsel (hopefully as a first step) and launch an internal investigation, meaning all paper and electronic files are rounded up and centralized as employees figure out how to make sense of the massive amounts of information. The client and internal counsel hire external counsel. The legal team review results from the internal investigation and discover the investigation was not thorough and/or that the evidence gathered is insufficient for their purposes. External resources are brought in, attorneys with a specialty in the subject matter and traditional investigators, who may or may not have experience in dealing with complex cases requiring digital forensics and cyber tools. External counsel and investigator gather documents, take statements, might conduct surveillance, and prepare a report. Often, there is a comment in the report about potential cyber and digital evidence that needs collecting. The legal team then hires a company that specializes in collecting digital evidence and they submit their report on the data.
When combining these two separate reports – the traditional (analog) investigation and the cyber/digital investigation – the attorney realizes there were missed opportunities to gather evidence due to the fact the investigations were conducted separately and at different periods. Often, they also realize the digital evidence is inadmissible due to accidental (or intentional) mishandling during the client’s internal investigation by IT personnel and lack of coordination between attorneys and tech staff.
Another common problem encountered is to rely upon firms that specialize solely in digital forensics collection, excellent technically, but they lack the knowledge and experience in dealing with attorneys or professionals who work in compliance and law enforcement. As a consequence, their report lacks the thorough explanation needed to render evidence relevant to the case. If conducted concurrently early on (when there is a “whiff” of potential litigation), a hybrid approach is the most effective way to tackle complex issues. When all forms of evidence are synchronized and collated together, relevancy and leverage for the client is increased, naturally, assuming the disciplines are working together as a single cohesive unit.
Prevent against evidence spoliation
One often overlooked negative outcome of relying primarily on an internal or solely traditional investigation is the potential for accidental or intentional evidence spoliation. Accidental spoliation of evidence occurs because corporate executives and counsel task internal IT staff to gather and analyze digital evidence as part of the internal investigation. Not only do internal IT staff rarely have the training, experience, or certifications to properly handle digital evidence, state laws governing who can legally perform a digital forensic investigation vary widely. Traditional investigators may also inadvertently taint the evidence due to their lack of experience or understanding of the issues unique to handling and documenting digital evidence.
There is also the real possibility of intentional destruction of evidence. In cases involving digital wire fraud, breach of computer security, stolen data, or theft of intellectual property, internal IT staff should not be excluded… from those potentially involved in the destruction. The typical corporate executive or officer, watching the bottom line, naturally relies upon the IT department to conduct internal investigations. However, is this wise? Probably not when viewed through conflict of interest lenses; compliance should not be conducted by those with potentially self-serving interests. Attorneys should advise clients to conduct such investigations through external resources to secure an unfiltered and neutral assessment of the situation.
Here is a brief summary of a recent corporate espionage case. Several disgruntled former employees claiming protection under federal whistleblower laws charged Company A, a privately owned remediation and hazardous waste disposal company, with environmental contamination. Attorneys and technical experts were hired to assist in the criminal defense. Under the hybrid model, evidence was gathered using traditional, cyber, and digital means at the same time. During discovery, Company B made an unsolicited offer to purchase all of Company A’s assets and business. The criminal lawsuit against Company A had a direct and substantial impact on their business and assets valuation, yet Company B wanted to purchase Company A. Finding the timing of the offer odd, the attorneys tasked investigators with determining if the disgruntled employees and Company B were working in collusion for the purpose of intentionally degrading Company A’s valuation for the benefit of Company B. Evidence was uncovered that confirmed the high probability of collusion; however, by this time, the financial and psychological pressures were too great for Company A and owners to survive…not a happy ending.
Our firm’s 30 plus years of experience in Asia and America have led us to encourage our clients to perform “360 degree” due diligence at the earliest stage possible. This year, we are seeing a major shift in the winds rising from current events, international trade conflicts, growing geopolitical tensions, cyber security realities, and disruptive forces from technology advancements. The international law business is undergoing a metamorphosis as the unquantifiable risks that impact the client’s investment or business strategy have increased and such risks cannot be uncovered through traditional methods. Not only is it business sensible to move diligence upfront to the beginning of the deal or litigation process, it is also our duty as attorneys to high grade and modernize our approach in order to be better advisers, considering only what is truly in the client’s best interests.
“The longer you can look back, the farther you can look forward.” – Winston Churchill
 During negotiations with Verizon Communications on a $4.8 billion sale of its internet operations, Yahoo (seller) finally disclosed that 1 billion user accounts were compromised some time back. Three months prior to this disclosure, Yahoo stated that just 500 million user accounts were breached. We suggest that the buyer should initiate and advance the investigation, prior to negotiations and setting expectations on valuation with the seller.
 In a case involving wind power development in the USA, a well-known equipment provider introduced the seller to a foreign buyer. The foreign buyer trusted the introduction, agreed to form a joint venture and signed a conditional purchase and sale agreement with diligence provisions. However, the seller then refused to respond to data requests and took money from the working capital account to pay debts not related to the project, and went “dark.” During litigation, evidence collected using digital tools revealed the CEO of the seller as a “serial litigator,” one who uses litigation as a strategy to make money. Eight years later, the parties remain in litigation.