Harsh Challenges To Check if a Target Is Ready for Y2KPart III: A target’s Year 2000 problems could expose the buyer to deal-value erosion, operational failures, or even legal liability.

The first two articles in this three-part series examined the importance of intellectual property and human resources in the due diligence of an information technology (IT) m&a transaction. This article analyzes a third critical concern: the Year 2000 problem, or what is popularly known as the Millennium Bug. In the current merger mania, technology has become the driving force behind much of the recent consolidation activity. Mergers in the banking industry, for example, have been fueled by anticipated efficiency gains from technology integration that are expected to yield significant cost-savings. Similarly, m&a transactions within the telecommunications industry are examples of the current battle for future technology markets and productivity. But while technology is sure to remain an important source for future mergers and acquisitions, technology itself also can be a major hindrance to a successful m&a transaction. In fact, with the dawn of a new century quickly approaching, the current merger frenzy will have to face a unique technological obstacle in the Year 2000 (Y2K) problem. The Y2K problem refers to the inability of most computers to recognize date information beyond Dec. 31, 1999. Because most computers abbreviate date codes, allowing for only the last two digits of the year, the transition from 1999 to the year 2000 is expected to pose serious technological problems, such as system crashes and processing errors. Although those dealing directly with technology continue to debate the scope and scale of the Y2K problem with some authorities intimating apocalyptic chaos and others claiming “fraud” 1 nearly everyone concedes that practically no entity can go unaffected. Even recently released surveys with a more optimistic view of Y2K recognize that many international trading partners, especially those in developing nations, may not be fully compliant by the Year 2000. 2 Indeed, the U.S. Securities and Exchange Commission (SEC) has stated that despite the time remaining to correct the problem, it will not be possible for any entity to credibly claim complete Y2K compliance. 3 With this in mind, all managers and executives currently engaged in, or anticipating, a merger or acquisition need to incorporate the assessment of Y2K issues into their technical, financial, and legal due diligence. All parties to a transaction need to evaluate not only their own stand-alone Y2K preparedness, and that of any target company, but also the ability of a combined entity to cope with the Y2K problem and its ramifications. Neglecting the Y2K problem as merely a marginal issue can adversely impact an m&a transaction in many ways, such as: * Remediation costs related to Y2K may significantly erode potential cost savings from technology integration, and thus obliterate any potential synergies of a transaction. Under the best of circumstances, merging information systems (IS) is an enormous challenge, but with ongoing Y2K remediation it may be exceedingly difficult to layer IS integration on top of sensitive Y2K efforts. This could delay certain projected consolidation cost reductions, which in turn could reduce the value of a transaction. * Unanticipated Y2K problems may affect revenue projections, as the newly combined entity struggles to resolve internal problems. * Reliance on key business partners who are adversely affected by Y2K may cause future operational failures. * Potential legal liability from breached contracts or fiduciary duty may negatively affect the ultimate outcome of a transaction. * A doomed Y2K situation found in due diligence could be grounds to terminate a transaction. Technical Due Diligence of Y2K To counter these negative effects, both buyers and sellers must critically evaluate the impact of Y2K on systems, operations, and legal liability. There is no single, accepted definition of “compliance,” and, more importantly, the SEC has declared that it is unlikely that an entity will truly be compliant. Thus, it is crucial for managers to determine whether the proper steps have been taken to recognize, evaluate, correct, and test Y2K problems. A holistic Y2K due diligence process must, therefore, begin with a technical exploration of a target’s information systems. One place to initiate such a technical examination is the company’s centralized Year 2000 Project Office. An effective Year 2000 Project Office or Task Force should be autonomously established and adequately funded to track and document the company’s handling of the Y2K problem. Without political and economic independence it is unlikely that a centralized Y2K office will be able to carry out its responsibilities comprehensively and efficiently. Indeed, lack of independent funding may not only hinder Y2K assessment but also harm the greater IS organization by delaying development projects, undermining end-user support, and draining resources from other projects. Moreover, to ensure complete independence, a vigorous project office will engage outside financial, technical, and legal advisers to review and assess the structure and operations of the Year 2000 Project Office itself. The mere existence of an independent project office is not, however, sufficient. A comprehensive Y2K due diligence plan also must examine the scale and scope of the office’s activities. Generally, a Year 2000 Project Office should be conducting education, communication, and other awareness programs within the organization. The members of the project office should include a multidisciplinary task force consisting of various lawyers, consultants, technology experts, and, of course, internal managers. The project office should be taking inventory of traditional information systems, distributed networks, embedded systems, and any third-party contacts especially the warranties and disclaimers within these contracts. The office should be responsible for determining the “mission-critical” systems and components, as well as assessing the magnitude of all Y2K issues and what it will take to rectify them. Finally, the office should be in charge of testing Y2K remediation and establishing post-Year 2000 contingency plans. By examining the existence and thoroughness of a target’s Y2K Project Office, an acquirer is better able to determine how a combined entity will cope with the Millennium Bug. Estimating the Costs of Y2K Compliance A Y2K Project Office with such a capacious mandate will require substantial funding. But the precise cost estimates for Y2K compliance are difficult to ascertain for several reasons: Industry Variances The costs of Y2K compliance will vary from industry to industry. Currently, technology experts have estimated that on a worldwide basis companies will spend in the range of $300 billion to $600 billion to cope with the Millennium Bug. 4 Partnerships and Relationships An organization’s responsibility for dealing with the Y2K problem often will be a function of its contractual relationships with other business partners. Therefore, a careful examination of a target company’s contractual relationships is critical. Express and implied warranties and disclaimers in all contracts should be scrutinized to determine the potential responsibility for Y2K compliance, and hence the possible costs. Zeroing in on Compliance The term “compliance” may have a variety of meanings, leading to a wide discrepancy in costs. An organization that has sincerely and earnestly analyzed its Y2K status usually will have a rigorous, unified notion of compliance that comprehensively focuses on the performance and functionality of all elements alone as well as in conjunction with other types of information technology, especially other modes of configuration. Tax and Accounting Consequences In determining the cost estimates of Y2K compliance, it is important for an organization to consider the tax and accounting treatment of Y2K compliance expenditures, particularly when tax and accounting benefits are a major incentive for an m&a transaction. Financial Due Diligence of Y2K Once the technical Y2K compliance issues have been identified, the potential risk exposures should be integrated with the conventional cost of risk and comparative financial analysis performed by accountants and investment bankers. Valuing a traditional m&a transaction is difficult enough, but the amorphous nature of IT assets and the added burden of evaluating Y2K exposure make the task of valuing an IT acquisition even more arduous. Unlike the more mature industries, where the value of an acquisition is often a function of projected sales, market share, and costs per unit, value in the burgeoning IT sector is a highly individualized determination. Among the bases are such things as the essential demand for the target’s technological products and services and the acquirer’s perception of the target company’s customer base. Of course, conventional valuation benchmarks such as rates of growth and earnings or revenue multiples remain key components of valuation models. But with IT-intensive assets that are susceptible to the Millennium Bug, the enormous range of values brings with it alarming uncertainty. To mitigate against such uncertainty, auditors and bankers need to collect and verify the required data, as they allocate risks between the seller and buyer. Ultimately, the price of a transaction will be contingent on Y2K compliance and the accompanying costs. The costs of assessment and remediation, related liabilities, insurance premiums, interest on loans, risk control measures, and the administrative expenses of Year 2000 risk management all should be factored into the cost of risk analysis. Similarly, discounted cash flow models and comparative industry analysis should include a variety of Y2K compliance scenarios. Y2K Disclosure Issues Accountants analyzing and auditing the financial statements of public companies seek to identify possible causes of a loss in shareholder value. As Y2K expenses continue to rise, these auditors will want to limit their exposure to shareholder law suits by highlighting the materiality of Y2K issues. In fact, the SEC has strengthened a call first issued in January 1998 for public companies to disclose Y2K issues that may be “a material event or uncertainty.” 5 The SEC’s formal interpretive release, effective as of Aug. 4, 1998, explicitly states that a public company “must provide Year 2000 disclosure if: (1) its assessment of Year 2000 issues is not complete, or (2) management determines that the consequences of its Year 2000 issues would have a material effect on the company’s business, results of operations, or financial condition without taking into account the company’s efforts to avoid those consequences.” 6 Nearly all companies will fall under one of those two categories, and thus will need to disclose their state of Y2K readiness, the costs of addressing the problem, and their contingency plans. To underscore the significance of the new guidelines, SEC Chairman Arthur Levitt Jr. has written to more than 9,000 public companies to inform them of their new reporting obligations. 7 Those companies currently engaged in a merger or acquisition may not benefit immediately from the SEC’s recent disclosure guidelines, but future m&a transactions will be better informed from the increased flow of Y2K information. Already, the SEC guidelines have spurred many U.S. public corporations to file 1998 quarterly reports highlighting the current costs of Y2K efforts. And although private companies are not subject to SEC regulations, all companies are exposed to investor fraud claims for material nondisclosures. The risk of such an investor suit should be enough to encourage even private companies to be more forthright in revealing their Y2K readiness. Other regulatory and professional organizations also have examined the importance of Y2K issues and issued their own directives on how the costs should be handled. For example, the Financial Accounting Standards Board (FASB) has determined that costs related to Y2K should be disclosed as current expenses rather than capitalized costs 8, thus affecting the earnings of those companies most susceptible to the Millennium Bug but increasing the flow of information regarding Y2K. In similar fashion, the Internal Revenue Service (IRS) has stated that Y2K costs can be expensed or depreciated over a period of no more than five years, depending on the taxpayer’s prior treatment of software development costs. 9 Again, because the costs may adversely impact a company’s financial position if the costs cannot be currently deducted as expenses but must be amortized over a five-year period potential suitors and merging companies can make more informed business decisions with the increased disclosure. Accountants and auditors are not the only players attuned to the increased importance of Y2K. Investment bankers enlisted to provide fairness opinions and value m&a transactions must incorporate the costs of Y2K issues into their own analyses. For instance, bankers concerned with the financing of an acquisition must be cognizant of an acquirer’s ability to tap the capital markets before, during, and after a transaction. Sustaining a favorable credit rating and equity report is essential. These ratings, and the general financial faith in a corporation, are based on detailed research and analysis of the companies themselves and their value chains. A credit downgrade or an adverse equity recommendation because of Y2K uncertainty may have an immediate and measurable impact on the cost of borrowing, which can jeopardize the success of an m&a transaction. Legal Due Diligence of Y2K Incorporating the analysis of Y2K issues with the technical and financial due diligence of an m&a transaction is rather straightforward. Y2K risk exposure is integrated into the ongoing process of kicking the technical and financial tires of a company. Assessing potential future litigation issues, on the other hand, is a more difficult task. Managers must anticipate a variety of potential legal claims and then take the necessary steps to guard against possible Y2K litigation. One obvious way to address these risks is by insuring against them. Indemnification agreements, directors and officers liability insurance, and charter provisions limiting liability for breaches of duty of care are traditional ways to hedge against Y2K exposure. However, with some insurance companies beginning to limit their own willingness to cover Y2K exposures, the most prudent way of limiting the risk of Y2K litigation is to plan in advance against any possible future litigation-related expenses, such as shareholder derivative lawsuits. 10 All parties involved in an m&a transaction should be cognizant of their potential liability to shareholder lawsuits. It is not only the merging corporations and their directors and officers who are at risk. Vendors, technology auditors, accountants, consultants, and investment bankers also could be potential defendants in a shareholder lawsuit. Directors and officers could be charged with negligence under the business judgment rule for not identifying the Y2K problem and taking proper remedial action before the merger. Consultants and advisers could be held liable for not demanding Y2K-compliant products or not recommending that a corporation initiate a Y2K assessment. Similarly, accountants could be faulted for approving the financial results of a company without disclosing, or at least footnoting, the Y2K contingent liabilities. Moreover, investment bankers who negligently overlook Millennium Bug issues in a transaction may be equally culpable when anticipated synergies go unrealized due to Y2K complications. Directors and Officers Liability Legal rules governing derivative suits vary from state to state, but most suits brought under Delaware law against directors and officers focus on fiduciary duties and the business judgment rule. Under Delaware law, directors “owe fiduciary duties of care and loyalty to the corporation and its shareholders.” 11 Essentially, this requires that directors act on an informed basis that they “inform themselves prior to making a business decision of all material information reasonably available to them.” 12 In the context of Y2K claims, plaintiffs are likely to allege that directors either negligently addressed the Y2K concerns of a merger or acquisition or, more likely, that they failed to take account adequately of Y2K issues in their decision to merge with or acquire another company. Regardless of how a derivative suit is fashioned, directors who have carefully integrated Y2K issues with their technical and financial due diligence should be shielded by the business judgment rule. This conventional legal concept protects those informed business decisions that are made with due care, good faith, and in the best interests of the company. 13 Thus, it is not sufficient for shareholders to demonstrate that directors were ignorant of Y2K ramifications; rather, they must prove that directors acted with gross negligence on the order of blatant disloyalty or reckless disregard of the stockholders. 14 Representations, Warranties, Indemnifications In addition to shareholder suits, managers must be wary of a plethora of other legal claims that may accompany an IT merger or acquisition. Because of the enormous prevalence of the Y2K problem along the supply chain, exposure to contract, tort, and strict liability claims abound. An acquisition or merger with a company that uses noncompliant systems, or markets and has marketed noncompliant systems, may bring with it substantial legal liabilities. To guard against the acquisition of these unwanted liabilities, corporate counsel should draft business combination agreements with sufficiently protective representations, warranties, and indemnifications. From the purchaser’s perspective, the price of the transaction will be contingent on the level of Y2K compliance. If both parties believe that the target company is, in fact, Y2K compliant, an asset purchase agreement should contain the appropriate representations and warranties from the seller documenting such compliance. Of course, sellers will be reluctant to give any kind of iron-clad representation or warranty of Y2K compliance, especially considering the pervasive complexity of the Y2K problem. That is why negotiating the precise definition of key terms, such as “compliance, information technology, materiality, and knowledge,” is crucial. The term “materiality” may be a particularly contentious negotiating issue. Generally, buyers in a merger or acquisition are willing to accept a representation or warranty of “material” compliance. But in the IT context, “materially compliant” can be vacuous language, since the interdependence of technology often can cause one noncompliant component to have ripple effects across an entire system. Thus, buyers should be especially cautious of representations and warranties that eviscerate a guarantee of Y2K compliance. As an added precaution, buyers engaged in the purchase of private companies also should receive indemnification from the seller for any Y2K-related costs. From the seller’s perspective, complete and accurate knowledge of compliance or threatened litigation is not usually possible. Thus, parties to a transaction should negotiate indemnity provisions related to Y2K costs with the conventional dollar baskets and caps in mind. Or the parties may agree to place a portion of the purchase price in an escrow account, to be used in the event that the buyer requires Y2K-related indemnification. Representations and warranties are not only for the benefit of buyers; sellers may also require purchasers to stand behind the assets they are exchanging. For example, if, as in most IT m&a transactions, the acquirer is using non-cash consideration such as stock to purchase the assets of the seller, the buyer may be required to provide the same types of Y2K representations, warranties, and indemnifications that it is seeking from the seller. As the sale and purchase of IT-intensive assets continues into the next century, the issue of Y2K compliance takes on greater and greater significance. With the window for Y2K compliance quickly closing, those dealmakers anticipating or currently engaged in a merger or acquisition should be especially sensitive to the implications of the Millennium Bug. By incorporating Y2K assessment into the technical, financial, and legal due diligence of an m&a transaction, all parties involved not only can limit their own liability but ensure the completion of a successful and effective transaction. A target’s Year 2000 problems could expose the buyer to deal-value erosion, operational failures, or even legal liability. The first two articles in this three-part series examined the importance of intellectual property and human resources in the due diligence of an information technology (IT) m&a transaction. This article analyzes a third critical concern: the Year 2000 problem, or what is popularly known as the Millennium Bug. In the current merger mania, technology has become the driving force behind much of the recent consolidation activity. Mergers in the banking industry, for example, have been fueled by anticipated efficiency gains from technology integration that are expected to yield significant cost-savings. Similarly, m&a transactions within the telecommunications industry are examples of the current battle for future technology markets and productivity. But while technology is sure to remain an important source for future mergers and acquisitions, technology itself also can be a major hindrance to a successful m&a transaction. In fact, with the dawn of a new century quickly approaching, the current merger frenzy will have to face a unique technological obstacle in the Year 2000 (Y2K) problem. The Y2K problem refers to the inability of most computers to recognize date information beyond Dec. 31, 1999. Because most computers abbreviate date codes, allowing for only the last two digits of the year, the transition from 1999 to the year 2000 is expected to pose serious technological problems, such as system crashes and processing errors. Although those dealing directly with technology continue to debate the scope and scale of the Y2K problem with some authorities intimating apocalyptic chaos and others claiming “fraud” 1 nearly everyone concedes that practically no entity can go unaffected. Even recently released surveys with a more optimistic view of Y2K recognize that many international trading partners, especially those in developing nations, may not be fully compliant by the Year 2000. 2 Indeed, the U.S. Securities and Exchange Commission (SEC) has stated that despite the time remaining to correct the problem, it will not be possible for any entity to credibly claim complete Y2K compliance. 3 With this in mind, all managers and executives currently engaged in, or anticipating, a merger or acquisition need to incorporate the assessment of Y2K issues into their technical, financial, and legal due diligence. All parties to a transaction need to evaluate not only their own stand-alone Y2K preparedness, and that of any target company, but also the ability of a combined entity to cope with the Y2K problem and its ramifications. Neglecting the Y2K problem as merely a marginal issue can adversely impact an m&a transaction in many ways, such as: * Remediation costs related to Y2K may significantly erode potential cost savings from technology integration, and thus obliterate any potential synergies of a transaction. Under the best of circumstances, merging information systems (IS) is an enormous challenge, but with ongoing Y2K remediation it may be exceedingly difficult to layer IS integration on top of sensitive Y2K efforts. This could delay certain projected consolidation cost reductions, which in turn could reduce the value of a transaction. * Unanticipated Y2K problems may affect revenue projections, as the newly combined entity struggles to resolve internal problems. * Reliance on key business partners who are adversely affected by Y2K may cause future operational failures. * Potential legal liability from breached contracts or fiduciary duty may negatively affect the ultimate outcome of a transaction. * A doomed Y2K situation found in due diligence could be grounds to terminate a transaction. Technical Due Diligence of Y2K To counter these negative effects, both buyers and sellers must critically evaluate the impact of Y2K on systems, operations, and legal liability. There is no single, accepted definition of “compliance,” and, more importantly, the SEC has declared that it is unlikely that an entity will truly be compliant. Thus, it is crucial for managers to determine whether the proper steps have been taken to recognize, evaluate, correct, and test Y2K problems. A holistic Y2K due diligence process must, therefore, begin with a technical exploration of a target’s information systems. One place to initiate such a technical examination is the company’s centralized Year 2000 Project Office. An effective Year 2000 Project Office or Task Force should be autonomously established and adequately funded to track and document the company’s handling of the Y2K problem. Without political and economic independence it is unlikely that a centralized Y2K office will be able to carry out its responsibilities comprehensively and efficiently. Indeed, lack of independent funding may not only hinder Y2K assessment but also harm the greater IS organization by delaying development projects, undermining end-user support, and draining resources from other projects. Moreover, to ensure complete independence, a vigorous project office will engage outside financial, technical, and legal advisers to review and assess the structure and operations of the Year 2000 Project Office itself. The mere existence of an independent project office is not, however, sufficient. A comprehensive Y2K due diligence plan also must examine the scale and scope of the office’s activities. Generally, a Year 2000 Project Office should be conducting education, communication, and other awareness programs within the organization. The members of the project office should include a multidisciplinary task force consisting of various lawyers, consultants, technology experts, and, of course, internal managers. The project office should be taking inventory of traditional information systems, distributed networks, embedded systems, and any third-party contacts especially the warranties and disclaimers within these contracts. The office should be responsible for determining the “mission-critical” systems and components, as well as assessing the magnitude of all Y2K issues and what it will take to rectify them. Finally, the office should be in charge of testing Y2K remediation and establishing post-Year 2000 contingency plans. By examining the existence and thoroughness of a target’s Y2K Project Office, an acquirer is better able to determine how a combined entity will cope with the Millennium Bug. Estimating the Costs of Y2K Compliance A Y2K Project Office with such a capacious mandate will require substantial funding. But the precise cost estimates for Y2K compliance are difficult to ascertain for several reasons: Industry Variances The costs of Y2K compliance will vary from industry to industry. Currently, technology experts have estimated that on a worldwide basis companies will spend in the range of $300 billion to $600 billion to cope with the Millennium Bug. 4 Partnerships and Relationships An organization’s responsibility for dealing with the Y2K problem often will be a function of its contractual relationships with other business partners. Therefore, a careful examination of a target company’s contractual relationships is critical. Express and implied warranties and disclaimers in all contracts should be scrutinized to determine the potential responsibility for Y2K compliance, and hence the possible costs. Zeroing in on Compliance The term “compliance” may have a variety of meanings, leading to a wide discrepancy in costs. An organization that has sincerely and earnestly analyzed its Y2K status usually will have a rigorous, unified notion of compliance that comprehensively focuses on the performance and functionality of all elements alone as well as in conjunction with other types of information technology, especially other modes of configuration. Tax and Accounting Consequences In determining the cost estimates of Y2K compliance, it is important for an organization to consider the tax and accounting treatment of Y2K compliance expenditures, particularly when tax and accounting benefits are a major incentive for an m&a transaction. Financial Due Diligence of Y2K Once the technical Y2K compliance issues have been identified, the potential risk exposures should be integrated with the conventional cost of risk and comparative financial analysis performed by accountants and investment bankers. Valuing a traditional m&a transaction is difficult enough, but the amorphous nature of IT assets and the added burden of evaluating Y2K exposure make the task of valuing an IT acquisition even more arduous. Unlike the more mature industries, where the value of an acquisition is often a function of projected sales, market share, and costs per unit, value in the burgeoning IT sector is a highly individualized determination. Among the bases are such things as the essential demand for the target’s technological products and services and the acquirer’s perception of the target company’s customer base. Of course, conventional valuation benchmarks such as rates of growth and earnings or revenue multiples remain key components of valuation models. But with IT-intensive assets that are susceptible to the Millennium Bug, the enormous range of values brings with it alarming uncertainty. To mitigate against such uncertainty, auditors and bankers need to collect and verify the required data, as they allocate risks between the seller and buyer. Ultimately, the price of a transaction will be contingent on Y2K compliance and the accompanying costs. The costs of assessment and remediation, related liabilities, insurance premiums, interest on loans, risk control measures, and the administrative expenses of Year 2000 risk management all should be factored into the cost of risk analysis. Similarly, discounted cash flow models and comparative industry analysis should include a variety of Y2K compliance scenarios. Y2K Disclosure Issues Accountants analyzing and auditing the financial statements of public companies seek to identify possible causes of a loss in shareholder value. As Y2K expenses continue to rise, these auditors will want to limit their exposure to shareholder law suits by highlighting the materiality of Y2K issues. In fact, the SEC has strengthened a call first issued in January 1998 for public companies to disclose Y2K issues that may be “a material event or uncertainty.” 5 The SEC’s formal interpretive release, effective as of Aug. 4, 1998, explicitly states that a public company “must provide Year 2000 disclosure if: (1) its assessment of Year 2000 issues is not complete, or (2) management determines that the consequences of its Year 2000 issues would have a material effect on the company’s business, results of operations, or financial condition without taking into account the company’s efforts to avoid those consequences.” 6 Nearly all companies will fall under one of those two categories, and thus will need to disclose their state of Y2K readiness, the costs of addressing the problem, and their contingency plans. To underscore the significance of the new guidelines, SEC Chairman Arthur Levitt Jr. has written to more than 9,000 public companies to inform them of their new reporting obligations. 7 Those companies currently engaged in a merger or acquisition may not benefit immediately from the SEC’s recent disclosure guidelines, but future m&a transactions will be better informed from the increased flow of Y2K information. Already, the SEC guidelines have spurred many U.S. public corporations to file 1998 quarterly reports highlighting the current costs of Y2K efforts. And although private companies are not subject to SEC regulations, all companies are exposed to investor fraud claims for material nondisclosures. The risk of such an investor suit should be enough to encourage even private companies to be more forthright in revealing their Y2K readiness. Other regulatory and professional organizations also have examined the importance of Y2K issues and issued their own directives on how the costs should be handled. For example, the Financial Accounting Standards Board (FASB) has determined that costs related to Y2K should be disclosed as current expenses rather than capitalized costs 8, thus affecting the earnings of those companies most susceptible to the Millennium Bug but increasing the flow of information regarding Y2K. In similar fashion, the Internal Revenue Service (IRS) has stated that Y2K costs can be expensed or depreciated over a period of no more than five years, depending on the taxpayer’s prior treatment of software development costs. 9 Again, because the costs may adversely impact a company’s financial position if the costs cannot be currently deducted as expenses but must be amortized over a five-year period potential suitors and merging companies can make more informed business decisions with the increased disclosure. Accountants and auditors are not the only players attuned to the increased importance of Y2K. Investment bankers enlisted to provide fairness opinions and value m&a transactions must incorporate the costs of Y2K issues into their own analyses. For instance, bankers concerned with the financing of an acquisition must be cognizant of an acquirer’s ability to tap the capital markets before, during, and after a transaction. Sustaining a favorable credit rating and equity report is essential. These ratings, and the general financial faith in a corporation, are based on detailed research and analysis of the companies themselves and their value chains. A credit downgrade or an adverse equity recommendation because of Y2K uncertainty may have an immediate and measurable impact on the cost of borrowing, which can jeopardize the success of an m&a transaction. Legal Due Diligence of Y2K Incorporating the analysis of Y2K issues with the technical and financial due diligence of an m&a transaction is rather straightforward. Y2K risk exposure is integrated into the ongoing process of kicking the technical and financial tires of a company. Assessing potential future litigation issues, on the other hand, is a more difficult task. Managers must anticipate a variety of potential legal claims and then take the necessary steps to guard against possible Y2K litigation. One obvious way to address these risks is by insuring against them. Indemnification agreements, directors and officers liability insurance, and charter provisions limiting liability for breaches of duty of care are traditional ways to hedge against Y2K exposure. However, with some insurance companies beginning to limit their own willingness to cover Y2K exposures, the most prudent way of limiting the risk of Y2K litigation is to plan in advance against any possible future litigation-related expenses, such as shareholder derivative lawsuits. 10 All parties involved in an m&a transaction should be cognizant of their potential liability to shareholder lawsuits. It is not only the merging corporations and their directors and officers who are at risk. Vendors, technology auditors, accountants, consultants, and investment bankers also could be potential defendants in a shareholder lawsuit. Directors and officers could be charged with negligence under the business judgment rule for not identifying the Y2K problem and taking proper remedial action before the merger. Consultants and advisers could be held liable for not demanding Y2K-compliant products or not recommending that a corporation initiate a Y2K assessment. Similarly, accountants could be faulted for approving the financial results of a company without disclosing, or at least footnoting, the Y2K contingent liabilities. Moreover, investment bankers who negligently overlook Millennium Bug issues in a transaction may be equally culpable when anticipated synergies go unrealized due to Y2K complications. Directors and Officers Liability Legal rules governing derivative suits vary from state to state, but most suits brought under Delaware law against directors and officers focus on fiduciary duties and the business judgment rule. Under Delaware law, directors “owe fiduciary duties of care and loyalty to the corporation and its shareholders.” 11 Essentially, this requires that directors act on an informed basis that they “inform themselves prior to making a business decision of all material information reasonably available to them.” 12 In the context of Y2K claims, plaintiffs are likely to allege that directors either negligently addressed the Y2K concerns of a merger or acquisition or, more likely, that they failed to take account adequately of Y2K issues in their decision to merge with or acquire another company. Regardless of how a derivative suit is fashioned, directors who have carefully integrated Y2K issues with their technical and financial due diligence should be shielded by the business judgment rule. This conventional legal concept protects those informed business decisions that are made with due care, good faith, and in the best interests of the company. 13 Thus, it is not sufficient for shareholders to demonstrate that directors were ignorant of Y2K ramifications; rather, they must prove that directors acted with gross negligence on the order of blatant disloyalty or reckless disregard of the stockholders. 14 Representations, Warranties, Indemnifications In addition to shareholder suits, managers must be wary of a plethora of other legal claims that may accompany an IT merger or acquisition. Because of the enormous prevalence of the Y2K problem along the supply chain, exposure to contract, tort, and strict liability claims abound. An acquisition or merger with a company that uses noncompliant systems, or markets and has marketed noncompliant systems, may bring with it substantial legal liabilities. To guard against the acquisition of these unwanted liabilities, corporate counsel should draft business combination agreements with sufficiently protective representations, warranties, and indemnifications. From the purchaser’s perspective, the price of the transaction will be contingent on the level of Y2K compliance. If both parties believe that the target company is, in fact, Y2K compliant, an asset purchase agreement should contain the appropriate representations and warranties from the seller documenting such compliance. Of course, sellers will be reluctant to give any kind of iron-clad representation or warranty of Y2K compliance, especially considering the pervasive complexity of the Y2K problem. That is why negotiating the precise definition of key terms, such as “compliance, information technology, materiality, and knowledge,” is crucial. The term “materiality” may be a particularly contentious negotiating issue. Generally, buyers in a merger or acquisition are willing to accept a representation or warranty of “material” compliance. But in the IT context, “materially compliant” can be vacuous language, since the interdependence of technology often can cause one noncompliant component to have ripple effects across an entire system. Thus, buyers should be especially cautious of representations and warranties that eviscerate a guarantee of Y2K compliance. As an added precaution, buyers engaged in the purchase of private companies also should receive indemnification from the seller for any Y2K-related costs. From the seller’s perspective, complete and accurate knowledge of compliance or threatened litigation is not usually possible. Thus, parties to a transaction should negotiate indemnity provisions related to Y2K costs with the conventional dollar baskets and caps in mind. Or the parties may agree to place a portion of the purchase price in an escrow account, to be used in the event that the buyer requires Y2K-related indemnification. Representations and warranties are not only for the benefit of buyers; sellers may also require purchasers to stand behind the assets they are exchanging. For example, if, as in most IT m&a transactions, the acquirer is using non-cash consideration such as stock to purchase the assets of the seller, the buyer may be required to provide the same types of Y2K representations, warranties, and indemnifications that it is seeking from the seller. As the sale and purchase of IT-intensive assets continues into the next century, the issue of Y2K compliance takes on greater and greater significance. With the window for Y2K compliance quickly closing, those dealmakers anticipating or currently engaged in a merger or acquisition should be especially sensitive to the implications of the Millennium Bug. By incorporating Y2K assessment into the technical, financial, and legal due diligence of an m&a transaction, all parties involved not only can limit their own liability but ensure the completion of a successful and effective transaction. Millennium Bug BitesAs the new century approaches, dealmakersplanning or currently involved in a merger oracquisition should add to their diligence checklistthe target’s Year 2000, or Millennium Bug,preparedness. Buyers who dismiss the Y2K problem as merely a marginal issue can adverselyaffect their deal in many ways. For one, the expense of fixing Y2K problemsmay greatly erode any cost savings fromtechnology integration and thus wipe out anypotential synergies of the deal. Even more serious,potential legal liability from breached contracts orfiduciary duty could negatively affect the transaction. By incorporating a Y2K assessment into due diligence, parties to a transaction can take actions to limit their liability and maximizethe benefits of the acquisition. Footnotes: 1 Scheier, Robert L. “IS Chief: Year 2000 a Fraud; Starr Says Most Firms Can Easily Fix Problem,” (David Starr, CIA, The Reader’s Digest Association), Computerworld July 7, 1997, p. 16. 2 Leuning, Eric. “An Optimistic View of Y2K,” CNET NEWS.COM, July 10, 1998. 3 U.S. Securities and Exchange Commission, “Report to Congress on the Readiness of the U.S. Securities Industry and Public Companies to Meet the Information Processing Challenges of the Year 2000,” June 1997, p. 2. 4 Hotle, M. “Year 2000: Updated Failure and Cost Predictions,” Gartner Group Research Note, June 30, 1998. 5 SEC Staff Legal Bulletin No. 5, Revised January 12, 1998. 6 Statement of the SEC regarding Disclosure of Year 2000 Issues and Consequences by Public Companies, Investment Advisers, Investment Companies, and Municipal Securities Issuers. International Series Release No. 1149, 17 CFR 231, 241, 271, 276 (July 29,1998). This interpretive release supercedes Staff Legal Bulletin No. 5. 7 Rosen, Ellen L. “SEC Wants More Details On Year 2000,” National Law Journal, August 17, 1998, p. B1 8 Emerging Issues Task Force of the Financial Accounting Standards Board Issue No. 96-14: Accounting for the Costs Associated With Modifying Computer Software for the Year 2000, July 18, 1996. 9 See IRS Rev. Proc. 97-50 (October 21, 1997). 10 For a larger discussion of Y2K derivative suits see J. Travis Laster’s “The Year 2000 Problem in Delaware: Preparing to Defend Shareholder Derivative Law Suits,” Insights Vol. 12, No. 6, June 1998, pp. 12-18. 11 Mills Acquisition Co. v. Macmillian Inc., 559 A. 2d. 1261, 1280 (Del. 1989). 12 Aronson v. Lewis, 473 A. 2d 805, 812 (Del. 1984). 13 AC Acquisition Corp. v. Anderson, Clayton & Co,. 519 A. 2d 103, 111 (Del. 1986). 14 See Rabkin v. Phillip A. Hunt Chemical Corp., 547 A. 2d 963, 970 (Del. 1986).