Confidentiality agreements, or non-disclosure agreements (NDAs), are legal contracts designed to protect sensitive information from being disclosed to unauthorised parties. They should also govern how the information can be used and by whom.
In the context of a business sale, NDAs protect the information the disclosing party will need to provide the recipient, the potential buyer. In a situation where the disclosing party plans to sell off a division or part of their business but otherwise continue trading, an NDA can provision other requirements, such as a restriction on soliciting staff for an agreed period of time.
Drawing up suitable non-disclosure agreements for a business sale falls to the expertise and guidance of your legal advisors. While they will oversee the creation of an agreement and provide guidance on inclusions and exclusions, business owners must ensure they thoroughly understand what the NDA will govern and satisfy themselves that it will adequately protect their business interests.
Here are some critical aspects to consider.
Who does the NDA apply to?
Principally, an NDA will apply to the buyer and seller. However, the advisors and representatives of both parties must be considered too. The recipient (buyer or investor) may be asked to take responsibility for the actions of lawyers, financial advisors, investment bankers and accountants who have sight of the confidential information provided. Alternatively, they may be asked to sign an agreement that confirms their adherence to the terms of the NDA itself.
Define what is confidential
An NDA should clearly list the types of information and their derivatives to be treated confidentially. Typically, this covers all business data and trade secrets but should also include the terms of the potential deal and the parties' identity. Should a deal fail to close, both parties will unlikely want information surrounding it and its terms to be made public.
Specify actions required when sharing information
An NDA should specify the permissible process and method when exchanging confidential information. For example, documents may need to be physically labelled as confidential before disclosure. It is also essential to consider how verbal information is treated, as it is harder to ensure its confidentiality in a way that can be proven in a court of law if required.
Of course, a recipient may have access to publicly available information, such as share prices, before data is labelled as confidential. Additionally, there may be situations where a recipient is obliged by regulatory bodies or a court to disclose confidential information.
These are just some of the complexities of protecting confidentiality in M&As, and they require considered input from your legal advisors. These complexities are also why legal advisors use virtual data rooms, which offer advanced levels of data security.
Data rooms encrypt data when it is ‘at rest’ (not being actively accessed or shared) and in transit during a sharing process. Should your data be leaked or stolen at this point, it would be unreadable.Therefore, it is good practice to insist on using a data room for information storage and sharing and to include this as a stipulation of your NDA.
Permitted use of information
Specifying who can access your information and how they may use it is crucial. For example, you may only permit access to the information to evaluate the potential deal and for no other purpose. You may also identify specific people and organisations who are allowed access.
Utilising features in your data room can help you and your advisors manage this aspect. User access control features can be determined when a data room is set up and adjusted to suit at any point after. Login features such as two-factor authentication (2FA) create an additional layer of protection, for example, while you can also specify who has access to what folders and documents. Customising user permissions down to who can print, download or save specific documents gives you complete control over how your data is used. We recommend that this is always included in a non-disclosure agreement for a business sale.
From a recipient’s point of view, they will push for a broad perspective on access and, at minimum, will need to ensure they have what they need to conduct thorough due diligence. Striking a balance between sufficient access rights for due diligence while protecting information is one of the determining factors of a robust and meaningful NDA. Ultimately, since due diligence is so pivotal to the outcome of a deal, investing time and resources in clarifying the permitted use and the role of confidentiality agreements in M&As is vital.
Return or destroy information
Regardless of whether the deal closes successfully or not, an NDA should specify what happens to the confidential information once it is no longer needed for the purpose of deal negotiation.
As the owner of the information, the disclosing party commonly requests the return of the data. However, for convenience, the recipient may prefer to have the option of destroying the information at a given point in time. This may be once negotiations between the parties have concluded, if the deal fails, or at any other point when requested by the disclosing party.
If the destruction of the information is agreed upon, the disclosing party must ensure there is a requirement for the recipient to prove its destruction or deletion. While this may feel somewhat risky, if confidential data is protected by encryption within the secure confines of a data room and further controlled by access permissions that can be adjusted at any time, the seller can withdraw access to the documentation as needed.
Remedies for non-compliance
What are the consequences if the terms of the confidentiality agreement are breached? An NDA should reference indemnification information and who will be responsible for costs relating to any legal disputes or hearings that arise.
So far, we’ve looked at some of the inclusions of a non-disclosure agreement for a business sale. While your legal advisors will undoubtedly ensure these aspects and many more are considered thoroughly, be aware of some of the most common omissions or errors in NDAs.
Vague definitions
One of the most fundamental and potentially costly consequences of a poorly worded or ambiguous NDA is a lack of clarity over what information is covered. While documentation exchanged during the negotiation phase may be the obvious inclusion, often, there are notes, summaries, presentation decks and more that are based on or linked to the original document. Therefore, it is crucial to word the NDA appropriately to eliminate doubt and avoid disputes that can slow down or break a deal entirely.
Inflexibility
While vagueness is to be avoided, being wholly rigid and inflexible is also problematic. An NDA is designed to protect both parties and establish clear ground rules, but it should not stifle meaningful exploration and deal progress. If the provisions of a confidentiality agreement requirement are too rigid, due diligence can become ineffective or incomplete, increasing the likelihood of deal failure. Finding the right balance is a skill in itself, and it’s why working with legal professionals with experience in M&A transactions is a vital ingredient.
Relying on boilerplate agreements
It is not uncommon for a buyer or investor to suggest they have a standard NDA agreement that can be used without additional time and cost involved in creating one from scratch. These are called boilerplate agreements and serve as a standard template with minimal adjustment for individual deals or situations. While these ready-made agreements are helpful as a starting point, over-reliance on standard agreements is among the most common mistakes in confidentiality agreements for sellers.
A boilerplate agreement that has yet to be adjusted to suit your needs can mean agreeing to clauses or fine print that are inappropriate for your situation and may lead to a breach that results in legal proceedings. In addition, this type of agreement will usually be written to benefit one party, in this case, the investor or buyer, meaning the disclosing party is immediately at a disadvantage.
As a result, it’s crucial to ensure that your legal team prepare an NDA that fits your circumstances and needs. Admincontrol provides a boilerplate NDA with our data rooms, for example. Still, we recommend that time and expertise be spent tailoring it to the requirements of both parties and the type of deal or investment in question.
Delayed signing
Leaving the creation and signing of a confidentiality agreement until discussions progress to a point that a deal seems possible or likely is also problematic. Many business owners leave NDAs until, for example, letters of intent are discussed. However, the reality is that any information discussed or shared before this point is now at risk of disclosure.
Ensuring all parties agree upon and sign an NDA at the very beginning of discussions, however casual they may be at that point, is critical to avoiding substantial problems later in the deal.
Here we have looked at some of the essential components of confidentiality agreements in M&As, along with common mistakes in confidentiality agreements for sellers.
Confidentiality agreements ensure smooth M&A transactions for both business sellers and buyers alike. These agreements set clear expectations and guidelines for handling sensitive information and protect the interests of all parties involved.
Buyers and sellers can conduct their due diligence without fear of compromising valuable data or risking their businesses by establishing trust and maintaining confidentiality throughout the process.
A robust and effective NDA should be drafted by a legal advisor, preferably with experience in M&A transactions, and must be tailored to suit your goals and objectives. Expect there to be back and forth with the third party and their advisors, too - it’s part of the process and is vital to ensure all sides fully understand each provision.
Points to remember:
Remember that your data room has advanced features and tools designed to protect confidential data and can help you manage user permissions