Found a promising acquisition? Vet the risk. Make sure your due diligence includes evaluating these key areas:
The insurance and risk landscape of the target’s business
An acquisition adds something new to your business — a new geography, a new product, and/or another step in a vertical integration. Any of those introduces questions about insurance coverage. The target’s coverage has to be vetted to determine if it’s adequate or requires more. Your firm’s coverage and that of the target have to be compared to settle on the common policies and eliminate duplication. The common policies have to be extended to cover the operations of the combined entity.
The effect that the target will have on the combined entity’s risk appetite and risk tolerance
The risk management of the target has to be evaluated. You need to know what the target has done to build risk mitigation into its processes and what they pay for insurance coverage. That leaves a certain amount of risk that the entity has retained. It is very important to understand that the loss history of the target will speak to only a portion of the retained risk. There is the possibility that the target has been operating with retained risk that it has just been lucky enough to have not encountered.
You’ll have to set an amount of retained risk that the combined entity can absorb without seriously impairing long-term profitability. That will be the entity’s risk appetite. That appetite has to be turned into tolerances for your operations — the amount of variance that each process can accept. The tolerances have to be set so that, collectively, they would not create an exposure greater than the appetite.
Several categories of risk demand special care. Reputation, data and intellectual property risk are difficult to measure. The target’s measurement and management of these risks must be vetted. Reputation risk may be magnified by additional social media links either created or acquired during the integration of the businesses. Data risk may be magnified by the creation of new IT connections and the transfer of data.
Treatment and transfer
It may sound pat to say that your mitigation and insurance decisions will necessarily have to be made with a view of the combined entity, but the task of quantifying and aggregating disparate risks is daunting and it is easy to fall short. That quantification and aggregation challenge can get in the way of the entity-level imperative of determining how much of your resources you will allocate to mitigation. Your overall mitigation effort will determine how much insurance coverage the combined entity will seek out in the market.
There is one more thing to note when allocating resources to mitigation. During the process of integrating the target, a crucial thing to ask is if your resources can simultaneously handle the acquisition process and the mitigation strategies? Temporary help may be in order.
Access to additional coverage
We mentioned above the notion of extending policies — either yours or the target’s — to cover the risks of the combined entity. What the earlier mention of that notion glossed over is having to contend with multiple jurisdictions or different industries. The target may be introducing you to entirely new insurance markets or coverages. You will need to allocate time to getting up to speed on these items.
The ability to place the additional insurance coverage
Adding coverage may not be as simple as calling your insurance broker. To get a product that is competitive on price and specifications, you may have to float a request for proposal (RFP). Expect to put significant time into writing the specifications and learning the RFP procedure.
Contact us if you need help with the insurance and risk aspects of your due diligence.
