The acquisition of MDK Getranke brings an unique set of synergies that cannot be obtained by Bricker Beverages alone. Along with synergies, the acquisition of MDK brings additional benefits such as:Increased market shareProduct diversificationCustomer base increaseGeographical expansionCost and overhead reductionQuality staff increaseCompetition reductionHowever, considering that Bricker and MDK may have different practices in place, and the two firms operate in different markets and jurisdictions, there are also some information and data risks accompanying the deal. Early identification of risks, vulnerabilities, and threats prior to the deal will help reduce costs, reduce efforts required to resolve the issues, and ensure maintenance of our industry reputation. Several aspects must be taken into consideration as early as possible to avoid any negative ramifications. Here, we define high level topics and the corresponding risks that need to be mitigated for a smooth integration between Bricker Beverages and MDK Getranke, and we provide an action plan to address them. In doing so, we have considered the following key factors:Bricker Beverages is acquiring a firm that is highly likely to have different practices, data standards, and security measures in place.MDK Getranke is in an entirely different geographical, political, and regulatory location / jurisdiction and will therefore be subject to different standards, governance, and rules within the European Union.In the following paper, we will suggest a due diligence approach for the assessment of the five most important areas of legal concerns:record creation and managementlitigation and preservation obligationsdata privacy and data managementtechnology and intellectual property contractual commitments to third partiesThe paper will conclude with a detailed proposal for an action plan and timeline to perform the due diligence and draw the conclusions for the planned acquisition.Record Creation and Management A stringent and up-to-date record creation and management is important in order to provide a consistent view on data in the company. Several litigation cases like the Morgan Stanley case have shown that outdated or inefficient record management cause a great risk for companies. The due diligence needs to assess the state of record creation and management in MDK to assess the risk of the acquisition in this regards.Due Diligence InquiryThis will include the creation, maintenance, and storage of all data in the company. Data management will also include data clean-up, retention, and recovery alongside the necessary policies and procedures. Questions to be asked are: Access to data: Where is data stored? Is data easily retrievable or is it stored in outdated flat file structures or other proprietary data stores which can’t easily be accessed?Structure and format of data: Is there a full documentation of data structures allowing interpretation of the data? Or is it stored in undocumented structures which don’t allow clear understanding of data. Locations of data: Is there a clear documentation on where data files are stored? How big is the risk of undocumented repositories without awareness within the organization?Ownership of data: Is there a clear ownership of records and are deletion decisions well documented?Retention of data: Are retention periods defined so that data is deleted and not permanently stored?Awareness: Is personnel trained and fully aware of the processes?People involvedClient account management teamsHuman ResourcesPayroll and accountingProduction data management teamsData Security / Chief Information Security OfficerChief Data OfficerActionsReview MDK’s capabilities in terms of a full inventory of data types and sourcesAssess whether there are policies and procedures for data storage and maintenance which are regularly reviewed and updatedVerify regular training on data security and usage for all relevant staffAssess appropriate governance over data and devices that may be used e.g. restrictions on removable data devices such as USB sticksLitigation and Preservation ObligationsIt is very important to understand the history of MDK in terms of litigation and preservation obligations to get transparency on any risks or pending items. The history will also lay out how often MDK has been subject to litigation and how well it has reacted. Due Diligence InquiryA complete review of any litigation (pending, threatened, or settled), arbitration, or regulatory proceedings involving MDK should be undertaken, potentially speaking directly to the company’s outside counsel. This review will include the following:Filed or pending litigations, together with all complaints and other pleadingsLitigations settled and the terms of settlement Claims threatened against the companyConsent decrees, injunctions, judgments, or orders against the companyAttorneys’ letters to auditorsInsurance covering any claims, together with notices to insurance carrierMatters in arbitrationPending or threatened governmental proceedings against the companyLegal holds or subpoenas in courseInternal and external Audits including open audit pointsData preservation policy with retention periods and records destruction PeopleInternal legal counselExternal legal counsel with expertise in German Law and EU regulationsChief Risk Officer Chief Compliance OfficerChief Audit Officer and Principal Auditors (Business / Technology)ActionsAssemble the cross-functional teams in both companies involved in Litigation and Preservation Identify and inventory all obligations following the Due Diligence InquiryReview current policies and processesAssess the information gathered to identify obligations that might impact the subsequent integration planning, improvements required for the merged company, potential risks (future claims) and negative synergies Establish the necessary policies and procedures to manage in-progress litigation processes with necessary governance framework and staff trainingData Privacy and Data ManagementData privacy and management is a key consideration for assessing MDK. Being located in the EU very stringent data privacy rules apply and any violation can generate significant fines. The GDPR regulation of the EU starting in May of 2018 requires additional capabilities. A detailed assessment in this regard is important as we must understand the level of compliance and identify potential investment areas. Due Diligence InquiryTo adequately account for risk related to data privacy and management regional laws and regulations need to be reviewed to gain a firm understanding of all obligations and requirements Briker Beverage will need to meet. A complete review of MDK’s current data privacy and management policies should be completed to find any gaps with regulatory obligations as well as to determine the extent of policy adherence. In addition data management will include data clean-up, retention, and recovery alongside the necessary policies and procedures. Purging unneeded data to reduce risk associated with data breaches and litigation demands.People involvedInternal legal counselExternal legal counsel with knowledge of regional Data Privacy requirementsChief Risk Officer Chief Information Security OfficerInternal or External Compliance AuditorsActionsEngage regional data privacy experts and legal counsel to form a complete understanding of the obligations related to data privacy Review MDKs data privacy and data management policies Engage internal/external compliance auditors to explore how well MKD follows data privacy policiesUnderstand MDKs current state of preparedness related to impending data privacy requirements such as GDPRInvestigate risk avoidance through cyber and data breach insurance Determining data retention requirementsPerform and in depth review of legacy data to asses and purge data not needed for business function or data retention requirementsTechnology / Intellectual PropertyTechnology and IP are key assets of MDK and need to be protected. The due diligence will need to assess the effectiveness of the protection as well as the risk of loss of patents. Additionally, security measures to protect trade secrets will need to be evaluated. Due Diligence InquiryBricker Beverages will be very interested in the extent and quality of MDK’s technology and intellectual property. This due diligence will focus on the following areas of inquiry:What technology in-licenses does the company have and how critical are they to the company’s business?Has the company granted any exclusive technology licenses to third parties?Has the company historically incorporated open source software into its products, and if so, does the company have any open source software issues?What software is critical to the company’s operations, and does the company have appropriate licenses for that software (and does the company’s usage of that software comply with use limitations or other restrictions)?Is the company a party to any source or object code escrow arrangements?What copyrighted products and materials are used, controlled, or owned by the company?What domestic and foreign patents (and patents pending) does the company have?Has the company taken appropriate steps to protect its intellectual property (including confidentiality and invention assignment agreements with current and former employees and consultants)? Are there any material exceptions from such assignments (rights preserved by employees and consultants)?What registered and common law trademarks and service marks does the company have?Does the company’s business depend on the maintenance of any trade secrets, and if so what steps has the company taken to preserve their secrecy? e.g. beverage formulaeIs the company infringing on (or has the company infringed on) the intellectual property rights of any third party, and are any third parties infringing on (or have third parties infringed on) the company’s intellectual property rights?Is the company involved in any intellectual property litigation or other disputes, or received any offers to license or demand letters from third parties?What indemnities has the company provided to (or obtained from) third parties with respect to possible intellectual property disputes or problems?Are there any other liens or encumbrances on the company’s intellectual property?People involvedInternal legal counselExternal legal counsel with expertise of IP topic in the European marketChief Information Officer and teamChief Operations Officer and teamChief Risk OfficerChief Security Officer and team (on demand)Other IT experts (on demand)ActionsAssemble the cross-functional teams in both companies involved in Technology and Intellectual PropertyIdentify and inventory following the Due Diligence InquiryGather and review all third-party software product contracts with especial attention to Intellectual Property Indemnity clausesReview current policies and procedures, including change managementEstablish the proper set of policies, practices and functions to enable ongoing control of IP risks and/or issuesAssess the information gathered to identify factors that might impact the subsequent integration planning, improvements required for the merged company, potential risks (future claims) and negative synergiesContractual Commitments to Third PartiesA company such as MDK Getranke will have contracts and agreements in place with suppliers, customers, and many other third parties at almost every stage of the operation of the company. It is therefore important to conduct a full review of all material contracts and commitments of MDK prior to commencement of the merger. The categories of contracts that are important to review and understand include, but may not be limited to, the following:Guaranties, loans, and credit agreementsCustomer and supplier contractsAgreements of partnership or joint venture; limited liability company or operating agreementsContracts involving payments over a material euro thresholdSettlement agreementsPast acquisition agreementsEquipment leases / purchase agreementsIndemnification agreementsEmployment agreementsExclusivity agreementsAgreements imposing any restriction on the right or ability of the company (or a buyer) to compete in any line of business or in any geographic region with any other personReal estate leases / purchase agreementsLicense agreementsPowers of attorneyFranchise and/or re-seller agreementsEquity finance agreementsDistribution, shipping, dealer, sales agency, or advertising agreementsNon-competition agreementsUnion contracts and collective bargaining agreementsContracts the termination of which would result in a material adverse effect on the companyAny approvals required of other parties to material contracts due to a change in control or assignmentPeople involvedInternal legal counselExternal legal counselVendor and contract management teamsSales and marketing teamsChief Financial Officer and teamChief Information Officer and teamChief Operations OfficerProcurement teamsActionsCompile full inventory of contractual documents for both Bricker and MDK GetrankeRemember that contractual documents may be stored in varying formats – hardcopy, electronic / onlineReview current contractual policies and procedures, including information on authorised signatoriesImplement a standardised documentation creation and storage process – electronic formats including scanning for hardcopy documentsAction PlanAn immediate assessment needs to be started to verify the compliance level of the 5 areas we have identified. We propose the following activities following an Identify- Assess-Protect-Monitor cycle:Key Phases of the Action Plan1) IdentifySet-up due diligence team (1 week)Prepare for due diligence and complete information gathering / catalogue of materials (1 week)Conduct any required interviews with staff across teams identified and perform due diligence reviews (2 weeks)Result: Documented current state of MDK in terms of preparedness for legal issues and presentation to stakeholders at the end of week 42) AssessRisk assess and weight results to derive consolidated risk exposure (1 week)Identify immediate mitigation actions and long-term investment demand (1 week)Propose next steps and obtain sign-off from board of directorsResult: Identified risks and investment needs as well as proposal on next steps. Presentation to key stakeholders to obtain sign-off for next steps at the end of week 63) ProtectImplement steps, procedures and policies to ensure that risks are identified, planned for, and mitigated (timeline tbd)Immediately communicate strategy and requirements to all staff (after 2 weeks) Ensure training programmes are in place for staff to be able to identify and escalate issues as they arise (after 4 weeks)Result: Awareness in the organisation and adequate staff training. Ongoing project to mitigate identified issues which has to be regularly been reported to the steering committee.4) MonitorImplement monitoring tools, processes, and procedures Implement continuous improvement planEnsure continuous training for new staff, and refresher training for all staffResult: Establish legal preparedness as an important subject in the organization which requires frequent review and being part of the overall Management Operating System.SummaryWe currently have limited information on the internal practices at MDK but believe our recommended course of action effectively addresses the key challenges and reduces the overall risk of the acquisition. As we gain a more accurate picture of the landscape within MDK we will refine the plan to fit the new information. The plan our team has outlined takes into account the 5 key areas of legal concern in a pragmatic and methodical fashion.Record creation and management will be addressed by working to alleviate redundant information while preserving necessary business functions. We are cognizant of the requirements to meet regional data privacy requirements and look to architect a cost effective solution with consistent data formats.Removal of risk in the area of litigation and preservation will be accomplished through a complete review of any litigation (pending, threatened, or settled), arbitration, or regulatory proceedings involving MDK is recommended. While the review will incur monetary costs the gains in risk avoidance justify the investment.Data privacy and data management will be approached with a focus of risk reduction through secure storage of necessary data and secure deletion of legacy data. Our team recommends that regional legal counsel be engaged to educate and advise on related laws and regulations. We recognize that technology, intellectual property, and trade secrets are key assets in the acquisition. Evaluating the extent and quality of these assets will allow Bricker Beverage realize gains through competitive advantages and licensing revenue. The investment made to evaluate the assets will be offset by the uncovered value. MDK will have contracts and agreements in place with suppliers, customers, and many other third parties at almost every stage of the operation. It is critical for Bricker Beverage to conduct a full review of all material contracts and commitments prior to finalizing the acquisition. Without a thorough review we will be assuming a significant amount of financial and legal risk. We have consistently approached each area with a focus to understand and address related risks while limiting associated costs. The recommended action plan uses an Identify-Assess-Protect-Monitor cycle allowing for immediate concerns to be addressed and creating a foundation for future initiatives. We believe the plan will lead to a successful acquisition and merge of systems. ReferencesBrickell, J. (2009), Legacy Data Cleanup. A 5-Step Plan, KMWorldHarroch, R., Lipkin David.A (2014) 20 Key Due Diligence Activities in a Merger and Acquisition Transaction, Forbes. Retrieved from: https://www.forbes.com/sites/allbusiness/2014/12/19/20-key-due-diligence-activities-in-a-merger-and-acquisition-transaction/#7e8970e94bfcProtivity Risk & Business Consultancy. Guide to Mergers & Acquisitions. Retrieved from: https://www.protiviti.com/sites/default/files/united_states/insights/guide-to-mergers-acquisitions-faqs-protiviti.pdfTeam ContributionThe team agreed that all team members made good contribution at 25% each.