On March 20, 2018, the U.S. Federal Trade Commission (“FTC”) issued updated guidance concerning compliance with the antitrust laws while conducting due diligence and planning for integration prior to the closing of an M&A transaction.

The FTC acknowledges that “[c]ompanies considering acquisitions, mergers, or joint ventures typically have a legitimate need to access detailed information about the other party’s business in order to negotiate the deal and implement the merger.” However, the FTC emphasizes that parties may be subject to liability under the Sherman, Clayton and Hart Scott Rodino Acts for improper sharing of information or coordination with a competitor before or during negotiations – “a concern that remains until the merger closes.”

The FTC guidance includes a reminder that “[r]ight up until consummation, the merger parties are still independent businesses and they must continue to operate independently including safeguarding their competitively sensitive information – to insure competitive vigor in the short term and also in the event that the merger does not happen.” The FTC guidance highlights a number of cases where the government has pursued merging parties for unlawful “gun jumping” due to improper sharing of information, premature coordination and similar conduct.

In its guidance, the FTC identifies three main steps for companies to manage risk, as well as a number of specific recommendations concerning due diligence. Most of the FTC’s recommendations appear to be consistent with established risk-management practices.

In summary, the three main steps include:

  1. Implement a plan to monitor and control the flow of information, including procedural safeguards designed to prevent misuse of competitively sensitive information.
  2. Counsel should insure that merging parties follow the protocols that they establish and monitor such adherence with an eye towards identifying problematic information sharing.
  3. In the event improper information sharing or coordination occurs, the parties should halt the activity and self-report to the FTC, to reduce the risk of additional investigation, delay and cost.

The FTC also identifies a number of specific recommendations for the disclosing party and receiving party during due diligence, which may be summarized as follows:

For the disclosing party:

  • Share the least amount of information needed for effective due diligence, narrowly tailored and reasonably related to specific due diligence and pre-merger integration planning needs. Also, information sharing can be tailored to each stage of the pre-merger process.
  • Mask or redact customer identities and aggregate all competitive information, including to ensure that materials made available to bidders do not inadvertently reveal confidential customer information.
  • Prohibit individuals with data room access from downloading or e-mailing confidential information in the data room.
  • Implement and monitor document destruction requirements at the end of the due diligence process, including through use of confidentiality agreements.

For the receiving party:

  • Insure all employees with access to confidential information understand the terms of all confidentiality agreements.
  • Establish “clean teams” and employ third-party consultants for review of competitively sensitive information. The members of the clean team should be vetted by counsel and not include any personnel responsible for competitive planning, pricing or strategy.
  • Check that employees do not save confidential information on accessible share drives within the company.
  • If reports from consultants and the clean team must be provided to other business personnel, those reports should contain blinded, aggregated versions of any competitively sensitive information and should be subject to review by counsel before dissemination.

The FTC’s main message is that companies should (1) consider the gun jumping risks and establish appropriate protocols to avoid the risks, (2) police those protocols to insure they are followed, and (3) when the process is complete, individuals who received confidential information must comply with all document destruction and confidentiality requirements.