Software license due diligence in M&A

CxO Governance Home Risk & Audit Uncategorized

by | July 11, 2018

In any Merger and Acquisition (M&A) situation, each party wants to arrive at a position of financial certainty. Although inevitably there is risk – commercial, tax changes, people retention etc. – the due diligence process is there to reduce this.
However, despite exhaustive trawling by lawyers for the acquirers, nominated advisers and financiers, as well as investigations by reporting accountants, there is often one significant area of latent risk: software license costs.

The costs can be high: Diageo was determined by the High Court to have incorrectly licensed its SAP software estate in a £60m claim by SAP. And the same software vendor forced the world’s largest brewer, AB-InBev into arbitration in New York claiming US$600m for under-licensing.  Both Diageo and AB-InBev were insistent that they were fully licensed. The cases were settled – final fees and penalties have not been disclosed.

Few of the major software vendors – IBM, Oracle, SAP and Microsoft – use anything as simple as a single license agreement: instead, they have iteratively developed over decades a stack of contracts, product use rights, policies, core factor tables, addenda and guidelines often compounded by links to large libraries on their websites.

Gaining any certainty as to what are the full and applicable contract terms is extremely difficult for the lawyers and largely incomprehensible to the IT team and the reporting accountants. The result is that few corporates even FTSE 100 can know they are fully compliant.

The software vendors however regularly issue ‘software license reviews’ – usually on a 3-5 year cycle. These reviews or audits are intensive exercises often part-conducted on their behalf by the licensing divisions within Deloitte, EY, KPMG or PwC. Oracle also has its own license management division, based in Bucharest, but sometimes uses Garmendia and other consultancies.

Even quite inadvertent and seemingly trivial discrepancies can throw up demands for 7 and 8 figure sums. Audit notifications can come at any time and the penalties demanded can be wholly unexpected. Enterprise value can be affected.

Because the under-licensing issue will have been latent, it will not have been identified as a risk through the standard DD process let alone quantified. Those involved in an M&A transaction where there is a higher risk of software license fee demands (see 7 key characteristics below) should, it is submitted, look at the issue in similar way to environmental issues.

The key then is who pays?

In a private transaction, there will be seller warranties but always (a) limited in time and (b) subject to fixed or reducing financial caps. The corresponding indemnities may also be subject to notice and knowledge requirements.

One of the characteristics of the outputs of the software license reviews or software audits is the imposition of contractual penalties, payments for ‘back support’ as well as for the present year, audit costs. Critically, the demand which follows the review will inevitably use current list prices or close to them. This is despite the fact that the same products if astutely negotiated at arm’s length can be made available at very high discounts – for some vendors, discounts of 70-80% are not unusual.

Lawyers may point to such claims being (unenforceable) penalties as opposed to recoverable damages but the negotiating position is weak. And corporates are often anxious as to their reputation or indeed that critical systems might be switched off.

There are multiple means of reducing such exposure with technical redeployment, planning and procurement. All these require time and ideally no interposition of the software vendor’s audit divisions and the agitation of resultant demands.

It is evident that only a careful combination of software contracts expertise, technical input and commercial knowledge and negotiation skills can obtain the lowest-cost financial settlement.

Against this backdrop, lawyers and financial advisers in M&A should always consider the following:

For selling shareholders:

Commission an internal software license audit well in advance of sale; remediate any under-licensing at lowest cost and be confident that appropriate warranties and indemnities can be given with confidence.

Advice to acquirers and private equity:

Ensure that warranties and indemnities fully cover under-licensing exposure even where the licenses, support renewals and IT infrastructure have been disclosed in the data room;
In AIM transactions, risk of adverse software license fee demands may need to be factored into the working capital report and accountants’ comfort letter;
Following closing, interrogate the responsible IT staff for any residual concerns over particular software estates;
Initiate an internal software license audit within 3-6 months of closing. If exposure is identified then settle with the software vendor and lay off full cost to the sellers within the warranty period.

7 key characteristics where software license risk will be high:

Each of the following raises the risk level:

Large business with long-standing ‘on-premise’ software usage;
Use of Oracle, SAP, IBM, Adobe or Microsoft software;
Use of any systems as a bureau service eg. for payroll or hosting, or extensive access to systems by customers or suppliers eg. for ordering or fulfilment services;
Recent moves to robot process automation;
Use of VMware or virtualised IT environments;
Number of legacy businesses where specific IT infrastructure knowledge may no longer be in place;
No software vendor audits within last 2 years.


The opacity and complexity of licenses from the main software vendors – IBM, Oracle, SAP, Microsoft etc. – combined with changing IT infrastructures mean that corporates can rarely be sure that they are correctly licensed.

The vendors then have a considerable opportunity to impose substantial demands when their own audits/software license reviews disclose under-licensing. Where these costs then fall is binary: either to the acquirer or to the selling shareholders/warrantors – dependent on when the issues arise.

Each side needs to confront the issue of software license risk as a possibility and ensure that either the cost is minimised or alternatively fully laid-off to the other party.

Whether during the DD process (for the seller), or immediately post-completion (for the buyer), the commissioning of an internal license review, addressing legal + technical + commercial aspects together, is key to protecting enterprise value.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!