Virtual data rooms, or VDRs, are an M&A professional’s stock-in-trade. These specialized solutions help to ease the burden and risk of disclosing confidential documents to third parties during the due diligence phase of an M&A transaction. Newcomers to the world of investment banking and M&A often cut their teeth on the painstaking tasks of document management, disclosure and diligence – more often than not with a managing director breathing down their neck!
The due diligence process is complex and highly structured. If diligence isn’t conducted properly, it can cause an enormous amount of stress for everyone involved. This is where the virtual data room comes in. If you’re new to M&A, think of the VDR as your new best friend. In this article, we provide a quick introduction to virtual data rooms, together with a few handy videos to help you better understand how VDRs work, what functionality to look for if you’re tasked with choosing a solution, and how to make the most of the time you spend in the data room.
What is a VDR and when is it used?
A virtual data room is a secure online environment where large volumes of confidential data can be shared securely beyond the walls of an organization. A VDR differs from a company extranet in that is designed to securely share sensitive documents outside the corporate firewall. Think of due diligence in M&A deals, litigation, bankruptcies, fundraising, audits – anywhere where multiple parties need to review confidential documents.
Online means it’s available from anywhere that has an internet connection. Secure means your sensitive documents are protected by numerous hardened physical, technological and institutional measures. We’re talking encryption, biometrics, multiple firewalls and disaster management plans – the kind of security that would give Tom Cruise and his team a run for their money in Mission Impossible. But secure also means control: You get to decide who gets access to what information, and you can monitor, control, and terminate access to that information at any time. No one sees a document unless you allow them to.
A VDR is different from Google Drive, Dropbox or your company intranet for a few important reasons, most of which have to do with the nature of privilege and confidential documents. For example, the VDR shows you that on this date, User “A” looked at this document, and printed it (you can also configure your document settings so that printing a document isn’t allowed). After two weeks, if you wish, you can remove access to that document to mitigate the risk of its leaking or getting into the wrong hands. You can think of a VDR as “Dropbox of steroids,” a professional-grade solution that’s up to the rigorous challenges of M&A due diligence, compliance and litigation.
Assessing VDR providers
There are a number of VDR providers out there, and investment bankers and advisors have an unfortunate tendency to assume that their offerings are all basically the same. In truth, feature sets and cost structures can vary widely. If you think all data rooms are created equal, think again.
Cost structures of VDR providers are similar to cell phone and internet plans. You pay a base fee, and then there may be extras based on features. Some firms may also offer unlimited plans that allow you to use the VDR for different projects and use cases at a predictable cost. When assessing solutions, you’ll want to understand how you will be charged for the service – e.g. by the page, the number of users, storage size, duration of the project, etc. – to avoid any unexpected costs or overages down the line.
You also need to carefully consider the level of support provided to you as a customer/VDR administrator and to the users/third parties you invite into your data room to review documents. M&A deals aren’t 9-to-5 and if a user can’t access the document he or she needs to review, they need to be able to reach the vendor’s support 24/7/365 without any voicemail runaround or delays. A good way to look at this is, ‘Would you rather the user called the VDR provider’s support team at 2 am or you directly to troubleshoot an issue?’
Preparing a VDR for a transaction
Ok, let’s assume you’ve been given the task of preparing your first project in a VDR. What are the tasks you’ll have to work through to set up the data room and prepare for the transaction?
First, you’ll need to determine group roles and responsibilities. Think of a VDR as a physical room full of filing cabinets. Who will need to enter the room? What’s inside each filing cabinet? And what file folders are inside each of those filing cabinets? As the administrator for the project, you’re the gatekeeper, the person who grants access to the room. Once a specific person is allowed inside the room, you need to decide whether they see all the filing cabinets, or if you need to hide some cabinets from them. You can also hide certain folders inside those cabinets to control access right down to the individual document level.
It’s crucial to get these roles and responsibilities correct. The administrator must be clear on who can enter the project, what they can access, and what they can’t. In the video, you can see how a VDR will help you with these crucial tasks.
Preparing due diligence documents
Collecting, organizing, and reviewing due diligence documents is at the heart of any M&A transaction. Before uploading anything to the VDR, there must be a clear understanding of what documents need to be included in the VDR and which shouldn’t. This may require candid discussions between the buyer and seller involved in the deal.
The person responsible for uploading documents should also be responsible for assessing and vetting the information. If this person is you, you’ll want to ensure that the correct document is being presented, as well as the correct version of the document. In the next video, we look at built-in versioning control tools and other VDR features that aid in collecting, controlling and reviewing documents for diligence.
A VDR offers a variety of document protection options. Think about the barrier to entry versus security. You can make the documents very secure – no printing, no screenshots, no downloading, and a large digital watermark – but the parties reviewing the documents may not be very happy with the user experience and the inconvenience, or the sensitivity of the document may not warrant the restrictive measures you’ve put in place. Or you can make the documents easy to download and share, but at the end of the transaction, you might lose track of those documents, running the risk that local copies are out there ‘in the wild.’ As an administrator, you’ll have to carefully weigh security and usability to find the right balance. The video walks through how you can set up document protection per user group, and then customize security settings per folder or even per document.
How effectively you conduct due diligence can mean the difference between a successful outcome and a failed transaction. When running a project, make sure you cover all your bases:
In addition to a physical NDA, you may ask users to sign a confidentiality agreement before entering a virtual data room.
Before you invite users, use a “View As” tool to make sure your access permissions are correct. It’s like that Facebook feature that lets you see your profile from another user’s perspective. Better to double check as there are no do-overs if you accidentally expose sensitive information to a third party who shouldn’t have seen it.
Retain control of your documents. Set the correct level of document protection for your transaction. For example, you may allow users to download documents, but you retain the ability to retract those documents at any time, even after they’ve been downloaded. Find the right balance between security and ease of use.
Remember that everything you and your invited users do while they’re in the data room is being monitored and recorded, including: When you enter and leave, what documents you and your team have looked at, and which you haven’t, your IP address, and how many times you’ve looked at a document. It’s all there in an audit trail.
A virtual data room is designed specifically to remove the stress, headaches, and hassles involved in sharing sensitive documents for diligence. If there’s one tool you’ll want to master as an M&A professional, it is the VDR. The more you know about how a VDR works and how to properly configure its security settings and make full use of its features, the more quickly and smoothly your M&A transactions will go.
Ronen Segall is Product Education Manager at Firmex. With over five years of client services experience under his belt, he has an on-the-ground knowledge of virtual data room users and their goals.