Non-Harmonious Ends to Congruous Beginnings


As parties enter into mergers, acquisitions, joint ventures or any sort of corporate deal, there is often an overriding sense of harmony that this is a win-win scenario. However, perceived wisdom is that the success of any M&A activity can in fact be a double edged sword, and the sense of joyous congruous is often short-lived. These non-harmonious feelings can drift or surge into legal action that very often ends up in a bitter, long-running and often expensive court battle. We hear from Phil Beckett, partner at Proven Legal Technologies to help us to understand further.

Is there anything that can be done to try and avoid this?
From a forensic technology perspective there are two main exercises that can be performed to tackle these problems, one looks at it from a preventative angle and the other seeks to preserve the position at the time of the deal for all parties involved.

Due-diligence from a different lens
During these sorts of corporate deals, a large amount of effort is focused on due-diligence – trying to provide the parties seeking to acquire, invest or merge with an independent, verified view of the entities in question. Due-diligence, at a minimum, will include a level of accounting activity seeking to confirm valuations, income streams and expense commitments amongst other things. Sometimes it takes on a reputational or compliance angle, especially with legislation such as The Bribery Act potentially having extreme effects.

However, the due-diligence of accounting data can be- viewed through a different lens – looking to identify any unusual patterns or transactions from a potentially fraudulent perspective. Before performing this sort of analysis, it is important to ensure that all data is captured and then normalised to ensure that transactions are consistently and completely analysed.

The analysis can take on simple forms such as checking for payments of round-sums, looking for payments to entities in high risk countries or can be linked to politically exposed people or identifying payments to entities before or around key contractual dates or authorisation limits. Although, it can also take more advanced and complex forms, such as Benford’s Law. This looks for unusual frequencies of transactions with the same leading digits and also statistical clusters and outliers that seek to identify transactions that are statistically deviated from the norm.

Analysing communications
In addition to this more enhanced review of accounting data, there are other sources of data that can be revealing, specifically email data. Although, getting agreement to access this data in a due-diligence guise, before a transaction has been completed can be challenging, the benefits can be profound.

Being able to search and analyse the email communications between key senior executives within an organisation can often be very revealing. Relevant keywords can be searched for along with other more generic warning signs. Sentiment analysis can also be progressed to determine the attitude of the sender of emails, with respect to some topic or the overall context of an email. By reviewing the results of these searches and analyses, a deeper insight can be gained into the information being provided and thus can be used enhance further avenues of discussion or enquiry.

Preserving the position
The second exercise seeks to preserve the digital state of key systems and computers at the time of the transaction. This enables, if necessary, all parties to maintain or have access to a copy of the data from these systems months or years later in a state where they have not been contaminated by subsequent management actions or decisions. This relatively inexpensive exercise is designed to simply preserve key systems by quarantining back-ups of key network-based systems, for example the accounts system, key individual’s e-mail server data and key departmental shares. In addition, the exercise takes forensic images of key local devices used by key individuals, such as their computer and smartphone.

This approach allows for analysis to be performed in the future on a historical dataset. The analysis can be aimed at the accounting data to re-analyse the data from a quantification perspective based on reality rather than assumption, or looking to quantify the effect of specific business practices that subsequently turn out to be suspicious or under scrutiny.

However, the approach can also be used to search local devices for evidence of potential wrong-doing that has subsequently come to light or is alleged. This can include analysing how a machine was used to communicate, for example, searching for remnants of messages read, as well as the details of messages in the in-box from web-based email systems. Analysing chat messages can also be very revealing – including those of corporate chat systems. This analysis can span the use of Skype, Facebook, iChat and Yahoo Messenger.

Relevant documentation reveals wrong-doing
Relevant documentation can also exist related to potential wrong-doing. This can, but may not be, a “live” file on the system, therefore it is equally important to search for deleted material.

This can be achieved through two processes. Firstly, by seeking to recover and carve deleted files so that historic documentation can be searched and viewed. Secondly, by analysing any Windows artefacts in order to identify files that may have been present on the computer, or other devices. This relies upon Windows recording information about documents that the user is generally unaware of. For example, the creation of LNK files when files are opened, irrespective of their location; and MRU (Most Recently Used) lists in the Registry that record the last files that were opened in a certain application (for example Word or Excel).

With corporate activity continuing to show signs of recovery and given the recent economic events since the “credit crunch”, stakeholders are going to be even more focused on the success of their activity. Considering the historic track record, the above can not only help detect potential issues before the transaction completes, but also helps preserve an un-tainted position if the worst does happen.