Knock Knock: When merger and acquisition due diligence teams come knocking

Kenneth L. Block, president of Ken Block Consulting explains how to cope when merger and acquisition due diligence teams come knocking.

Mergers and acquisition landscape

Software is everywhere in medical devices today with the list growing every year. Examples include additive manufacturing (3D printing) systems which create patient-specific plastic and metal implants, Software as a Medical Device (SaMD) e.g., cloud-hosted Artificial Intelligence (AI) algorithms which analyze medical images, software-driven electro-mechanical systems which provide surgical assistance, and provider-prescribed device-interface tablets which improve post-surgical patient outcomes.

Whilst software helps to create new methods to assist users, new devices to benefit patients and new processes to manufacture devices, some of the medical technology companies employing software simultaneously emerge as excellent merger and acquisition opportunities. After successful product development and growth, many medical device companies with these products begin to position themselves as an acquisition target. On the other hand, some software-based medtech startups embed merger and acquisition opportunity exit plans into their corporate strategy from day one. Other industry players who are focused on their technology may find that they receive unplanned attention from an investment group or large multi-national corporation.

Regulatory due diligence process

Regardless of the path, my company’s recent consulting experience shows that many of these target companies are not ready for the harsh light of the EU/Food and Drug Administration (FDA) regulatory due diligence that usually occurs during the merger and acquisition process. Knowledgeable buyers within the regulated medical device space must inevitably consider what liabilities may have been inherited due to any European/US (and other global market) compliance problems lurking within the target organisation before the deal is finalised. To consider this, buyers will often bring an entire regulatory team to the target company including software specialists, quality system specialists, submission/certification specialists and regulatory attorneys. My personal experience also shows that with deals above $100M, this focused due diligence team includes multiple regulatory attorneys from multiple firms, looking from different perspectives depending on their device experience. The primary job of this due diligence team is to scrub the target company’s established quality system, activities and decisions to find any lurking FDA/global compliance problems. The target company should expect that this due diligence activity will cover all regulated company and product aspects such as established procedures, staff training, design & production histories, device & process validations, technical files, FDA submissions, validity of CE Marks and IFUs, etc.

Case study

Companies unprepared for tough regulatory scrutiny can have unwanted and very costly surprises discovered by that focused due diligence team. In one example, in which my company participated in the regulatory due diligence process, an orthopedic company had their price lowered almost $2M due solely to the numerous EU/FDA compliance problems discovered in the final weeks of the deal.

Unfortunately, this company had neither a strong internal audit system nor well-trained internal auditors. They acquired part of their product line (the portion with software) years before but had never conducted an internal audit of the acquired division (a strong testament to their weak internal audit program). Additionally, the company reduced the quality/regulatory staff as a cost-cutting measure approximately one year before the acquisition happened.

In this example, the relatively new CEO (brought on well after the staff reductions) was surprised at the true regulatory compliance state of the company because the required information submitted to management review had not indicated any type of compliance problem.

Problem discovery

What regulatory compliance problems exist in these target companies? And why do these problems serve as potential liabilities to the purchasing organisation? Firstly, every possible regulatory compliance problem that can exist in a global medical device company exists in these unprepared acquisition targets (e.g. ‘letters to file’ that should have been 510(k) submissions to FDA, product ‘experience’ reports from the field that were neither handled properly as complaints nor analysed for reportability to regulatory authorities, labeling that doesn’t match objective validation evidence, etc.) Secondly, when unsolved at deal closure, each of these compliance problems must eventually be addressed by the acquiring organisation through remediation that can sometimes delay the product/market timelines envisioned at the start of the merger and acquisition process. Fixing these situations and facing these delays can be expensive.

In the regrettable $2M example above, the CEO saw dozens of compliance issues emerge within several days of intense auditing by the talented merger and acquisition regulatory due diligence team. With trust in the company’s system and trust in the team’s capabilities, the CEO was blindsided by dozens of last-minute EU and FDA compliance discoveries. With no remaining time to resolve the issues, the best-faith approach was to negotiate the company value downward, allowing the merger and acquisition process to conclude.

With positive messages given to company executives, what method should have been used to discover possible regulatory compliance problems? From our experience with these unprepared merger and acquisition targets, the methods that clearly don’t work are relying on the existing internal team and any external regulatory resources involved in setting up and/or monitoring the company through the years. Logically, through internal quality audits, analysis of quality data and formal management review, the existing company team has already exhausted their chances to discover compliance problems. Likewise, with the financial and legal stakes so high, the target company’s CEO and board of directors gain no actionable value from a ‘customer-friendly’ regulatory assessment conducted by some long-term outsource partner.

Action plan

Following the method below will increase the likelihood that a device company can be prepared for any merger and acquisition regulatory due diligence examination:

• Search for fresh regulatory assessment teams who can provide brutally honest feedback to the CEO/Board (as the merger and acquisition due diligence team will give to the buyer)
• From that search, select the team with the deepest and most successful hands-on experience in all regulatory aspects encompassing the company and devices including software validation, quality systems, submissions and reporting (as the merger and acquisition due diligence team will be staffed) as well as experience with regulatory attorneys and the merger and acquisition due diligence process
• Hire that tough skilled team at least six months before earnest merger and acquisition discussions begin

The final point above then kicks off your internal merger and acquisition regulatory action plan. Before your company becomes the next potential medical device industry merger and acquisition target, hire the team now that may otherwise be hired by your buyer later. You want that independent team on your side ASAP, so that regulatory compliance issues can be identified and resolved prior to negotiating your company’s (higher) value.