For many companies, information governance is like herding cats when the herder doesn’t know where the animals are located, can’t tell cats from dogs, and isn’t sure of the final destination.
Massive, disparate, and geographically distributed information stores, along with rapidly evolving regulations and years, if not decades, of neglect of IG best practices have put many organizations at risk of increasingly costly fines for compliance violations, huge e-discovery costs and penalties, and ever-increasing storage costs.
But if you think IG is tough at a typical enterprise, wait until you go through a corporate restructuring in today’s environment, when the risks are magnified, the challenges are stark, and IG failures frequently blow up both the budget and timeline set for the restructure, undercutting business goals.
Any form of corporate restructuring — change, merger, acquisition, divestiture, or bankruptcy — generates chaotic scenarios that are infinitely more challenging than typical IG.
Consider a sovereignty change. Whether it involves Brexit or China’s nationalization of a company’s local operations, the right response may require dividing and disambiguating commingled data, determining what data goes with which business unit, trying to understand what data may be subject to legal hold, and figuring out how to do this within the guidelines of the new General Data Protection Regulation (GDPR) and other requirements.
In a merger, though the companies must merge their IT infrastructures, their data risk tolerance might be very different. One company may have relied on defensible disposal while the other may have chosen not to delete anything. How can these approaches be harmonized? How much will it cost to do it?
In the case of an acquisition, the acquiring company tends to be immediately responsible for financial, regulatory, and legal consequences related to the tsunami of data it acquires. Those may include fines for non-compliance with evolving preservation and disposition rules for data associated with privacy and security as well as the disposition of legal matters, for instance.
But some of the first employees laid off during an acquisition are likely to be the IT staff of the acquired company. So there’s no one left with institutional knowledge of what, where, and how the acquired company stores, manages, and deletes data.
Typically, a divestiture requires the divesting company to determine which brands need to be sold off. But it also needs to decide what confidential information, including customer lists, needs to go and what cannot go with the divested entity. That creates a complex, high-risk and time-consuming search-and-destroy mission for confidential data on transferred IT systems.
Finally, a bankruptcy often leads to the acquisition of the bankrupted company’s information assets. And those must be preserved for a later investigation by regulators, while still being accessible for business purposes. The likely result? An information management quagmire.
While the IG challenges are many and the risks are high, there’s so much occurring during the lead-up to a restructuring that deal teams typically don’t have IG anywhere on their radar. This usually means IG teams are simply handed an unconsidered post-restructuring environment, with ever-increasing integration and implementation costs. To avoid this, here are the most important strategic steps CFOs can take.
Become an information stakeholder. CFOs need to think of themselves as having as much at stake when it comes to information management as security and compliance, legal, marketing, and IT leaders do. They need to communicate the business strategy behind any restructuring so the IG team can align its efforts.
Is a divestiture a one-off or the beginning of a trend? Is the company looking to get out of a business line, so more divestitures are likely? Is a merger creating redundancy, meaning that layoffs are imminent? Understanding context leads to more effective decisions. For example, if more divestitures are likely, then IG teams can focus on creating a repeatable process for scanning existing repositories and separating data. If layoffs are coming, they can focus first on tasks that take advantage of at-risk personnel.
Ensure a standard IG evaluation. Once the CFO communicates the context of a restructuring, the IG team must determine and communicate back the costs and risks associated with the new environment. In a merger between a U.S. and a German firm, for example, if IT is being directed to merge data into a single SharePoint farm, the risk of violating new European privacy regulations will be high.
Likewise, if a newly merged entity does not take advantage of the tribal knowledge of employees who are eventually let go, then IT won’t know what data can be eliminated, resulting in a very costly save-everything-forever default strategy. Only through this back-and-forth communication can the CFO fully understand and prepare for the long-term financial impact of the data aspect of the restructuring.
Avoid being purely tactical. In order to lower costs, executives typically insist that data projects be completed in completely unrealistic timeframes. Doing such projects fast, however, usually means missing any opportunity to align data policies with business requirements. Getting all the facts and creating an appropriate roadmap doesn’t take very long if the right stakeholders are involved.
It’s time for IG to become a regular part of restructuring team discussions. Having helped to frame the business goals and set the restructuring budget, CFOs are in a unique position to understand the consequences of IG failures and ensure IG teams have the knowledge they need to take a thoughtful, best-practices-approach to establishing the post-restructuring environment.
Jake Frazier is a senior managing director of FTI Consulting. Anthony J. Diana is a partner at Reed Smith.