Due Diligence Oopsie

Monday, 22 July 2019 00:00 Nick Sanders

This story broke before we went on vacation and we’ve been meaning to write about it. The story concerns a risk associated with acquiring a smaller company. It’s a risk that most due diligence efforts would not identify.

Say you’re a large, well-established, company. You are acquiring a small company in the same marketspace. Naturally, as part of the due diligence efforts, you obtain a list of recent contract awards. You also obtain a list of what’s in the “pipeline”—i.e., what proposals have been submitted and are awaiting an award decision. You probably also get a list of proposals in process that will be submitted in the near future. You (presumably) have a good picture of what’s been happening, and what is likely to happen, with respect to the near-term future of the company you are acquiring.

If you are good at your job, you looked at the target’s business systems. You evaluated the accounting system and property control system. You looked at the estimating system. You looked at the purchasing system. As part of those efforts, you likely evaluated the risk that the target had material misstatements on its financial statements. You probably evaluated its anti-fraud and anti-corruption controls. You likely reached a conclusion regarding the accuracy of its cost proposal process, and the company’s ability to comply with Truthful Cost or Pricing Data requirements. In short, if you are good at due diligence you should have some idea as to whether or not you are buying contingent liabilities for which reserves need to be established at the time of acquisition.

But would you have evaluated the target company’s ability to tell the truth to potential customers? Would you have assessed its ability to comply with the False Statements Act in its interactions with government personnel?

We don’t think so. At least, we’ve never been part of such a rigorous due diligence process. In order to address those risks, you would have to start from the question: “What if much of the target company’s success wasn’t because of the quality of its product and/or services, or because it was a low-cost provider?” You would have to ask the question, “What if much of the target company’s success stemmed from its sales process, where it misrepresented its qualifications in order to win work?”

It’s possible you might ask those questions. But in our experience, those questions are almost unthinkable. In addition—even if you did ask them, how would you go about testing for them? It’s too out there, too hard. Plus, most due diligence efforts are sprints, and nobody has time for such small probability risks, even if the consequences might be significant.

What happens if the risk materializes after completion of the acquisition? What happens if the risk is materializing on the day of the acquisition?

Let’s ask IBM.

According to the Department of Justice press release (link above), on the exact day that IBM was closing its acquisition of Cúram Software Ltd (Cúram), the company (as a subcontractor) submitted a proposal to the State of Maryland for software and services. Less than a month later, “with IBM’s knowledge,” Cúram participated in a presentation to the source selection evaluators—a presentation that resulted in a contract award.

According to the DOJ, Cúram made “material misrepresentations” to the evaluators “including misrepresentations regarding the development status of the Cúram for Health Care Reform software; the existing functionality of the Cúram software to meet the State’s technical requirements, such as addressing life events and calculating tax credits under the Patient Protection and Affordable Care Act; and the integration of Cúram software with other software needed to provide a properly functioning HIX website.” Allegedly, the misrepresentations led to a contract termination after Cúram was unable to deliver on the promises it had made in its proposal and during its presentation.

Many long-time acquisition practitioners have learned not to fully trust verbiage contained in contractor proposals. We’ve heard contractor proposals called “fantasies” and evaluations termed “creative writing contests.” Maybe that’s true. But we’ve rarely heard those proposed deemed to be material misrepresentations, or violations of the False Statements Act, or of such a serious nature to have led to a situation where each contract invoice was alleged to be a violation of the False Claims Act.

What was the outcome of all this? IBM paid $14.8 million “to settle alleged violations of the False Claims Act arising from material misrepresentations to the State of Maryland during the Maryland Health Benefit Exchange (MHBE) contract award process for the development of Maryland’s Health Insurance Exchange (HIX) website and IT platform.”

Again, this is not something we’ve seen due diligence programs delve into. Accordingly, it’s tough to blame IBM for the situation. On the other hand, during each acquisition there should be a thorough evaluation of the probability that there are hidden contingent liabilities. The acquired company should not get its full payday until sufficient time has passed to reduce the likelihood that the contingent liabilities will materialize.