Strategies for merging recordkeeping systems: the critical role that records play in business operations demands that acquired records be thoroughly assessed and their integrity assured before their conversion and deployment to a new system.

Corporate mergers, acquisitions, and divestitures play an increasingly prominent role in today's business world. Large-scale operational assets change hands as corporations realign their organizational structure and operational scope to better meet the needs of customers and shareholders. In acquiring another company's operations, the purchasing company will also need recorded evidence of the business activities that kept those operations going. These business records may be in either physical (e.g., paper) or electronic format, and their volume can be enormous.

Acquiring records from a major business acquisition is often treated as an afterthought to legal, financial, and other due diligence exercises, focusing on little more than finding space in shelves, cabinets, or file servers. This perspective overlooks the critical role that records play in a company's business operations.

[ILLUSTRATION OMITTED]

As essential business information, records directly participate in the transactions and decisions that make up the company's daily business activities. Meanwhile, records provide evidence of those same activities, giving them a level of risk or liability comparable to that of the activities themselves. Failing to properly care for and respect records, then, can result in significant corporate compliance risks as well as interfere with a company's ability to fully capitalize on an important acquisition investment. It is therefore of the utmost importance to address records management issues before, during, and after the acquisition.

BEFORE: Audit the Records To Be Acquired

A full audit of the selling company's records holdings and practices reveals risks and opportunities for the buyer to better maximize its investment. Such an audit is most effective if performed before I the final decision to proceed, though this is not always feasible given the extreme sensitivity that can surround corporate-level negotiations.

Some companies perform a records management audit after the major decisions have been made, but before the final details of I the acquisition have been worked out. Issues that may be brought to light during a preliminary records audit include:

1. Documentation and Retention Requirements: Any business acquired by another company will be subject to a host of legal requirements, ranging from broad-based business laws to detailed technical regulations. Many of these laws and regulations will state which records must be retained and for how long. Others imply a records retention period by limiting legal liability to a certain period of time--records must be retained in case of legal action, which can occur during that time period. Still other requirements may prescribe which documents must be kept in a given file, or even which specific data dements must be included within the individual document.

With so many diverse requirements affecting records retention, companies should examine whether the records they are acquiring meet those requirements. Look first at overall collections: Do the records of given business activities go back far enough to meet the requirements of laws and regulations affecting those activities? Where records have been destroyed, were they disposed of according to a records retention schedule, with sign-off by designated authorities?

Next, focus on samples from key collections. Are all of the specific documents required by regulators present? If not, can they be recovered with reasonable effort from internal and external sources? What level of risk is associated with not having the missing documents?

2. Privacy Compliance: Depending on where a company operates, it will need to follow one or more sets of rules for what it does with personal information about employees, customers, and other individuals. Canada's Personal Information Protection and Electronic Documents Act, the United States' Health Insurance Portability and Accountability Act, and the European Union's Data Protection Directive are just a few examples of current legislation requiring organizations to protect privacy. Typically, privacy laws set limits on how much personal information a company can collect and how long they can keep it.

A company may have strict controls around privacy, but it cannot control what information other companies collect, particularly if they collected it before the advent of privacy laws. Years ago, it was not unheard of for employers to collect detailed medical history as part of pre-employment screening, often involving past conditions or treatments that had no impact on job eligibility or performance.

Files containing such unnecessary sensitive information persist to this day and may be included in records of the company being acquired, bringing a certain degree of risk to the acquiring organization. Even when the original collection of the information predates legislation and is covered by a grandfather clause, a company is directly liable for any continued retention of that information, to say nothing of the employee or customer-relations nightmares that can result from a privacy breach. The records audit should therefore locate and identify any inappropriate personal information and plan for its secure disposal at the earliest opportunity during the acquisition process.

3. The Cost of Keeping Records: Even when record content and handling practices meet every conceivable requirement, the ongoing maintenance of those records may pose an undue financial burden. A preliminary audit can help protect the company's investment by analyzing such records management costs as equipment and supplies, systems maintenance, storage services, and staffing.

During the preliminary audit, a company may want to

* Look closely at the physical enclosures and other supplies the seller uses for storing records. Are they sufficient to protect the records from loss or damage, optimize storage space, and facilitate easy retrieval? Or would it be more cost-effective over the long run to convert the files to a more secure, efficient format?

* Review any service-level agreements affecting the storage of those records being acquired. Do commercial records centers or other service providers meet the buying company's needs? If that company uses a commercial storage provider or its own, how do regular and incidental costs for the newly acquired records measure up to the rates it normally pays? The buying firm may need to plan for transferring the records to its own service provider. That, too, can bring financial risks, as the service-level agreement may stipulate hefty relocation fees.

What electronic systems does the selling company use to capture and maintain records and data? In a perfect world, all of the seller's hardware and software platforms would be identical to that of the company purchasing it. It is seldom that easy in reality. A company will need to weigh the relative costs of either maintaining two separate systems or migrating data from one system to the other. This decision should take a long-term view and factor in the ongoing costs of keeping information accessible for the duration of its scheduled life cycle.

* Acquiring a business and its records may also mean acquiring the human resources who maintain those records. Is the number and expertise of the seller's records management staff appropriate to the volume of records and associated challenges? If staffing appears excessive or insufficiently qualified, then some tough decisions may have to be made prior to merging the two groups. Conversely, the newly acquired staff may bring new efficiencies and innovations. The audit will identify any opportunities to add value to the company's existing records management program and better contribute to its continued success.

DURING: Minimize Risks

A preliminary audit of the records being acquired should bring to light any significant risk exposures or business inefficiencies. Once the acquisition has formally begun and the records move into the custody of the buyer, it is time to confront those exposures and inefficiencies head on.

In considering records management's place in a corporate acquisition, it is useful to consider acquisition on two levels: as abstract legal event, where a mere pen stroke changes ownership of a company or some portion thereof; and on a more concrete plane, with movable assets changing hands. As just one type of movable asset that is exchanged during a legal acquisition, records must be accounted for on both levels.

Legal Provisions and Records Management

An acquisition and divestiture agreement is the legal instrument by which assets (including records) and their associated liabilities pass from one party to the other. If both parties have done the appropriate due diligence, the agreement should make clear what level of liability the buyer assumes for activities previously performed by the selling firm.

The agreement should also stipulate exactly which records are being transferred to the buyer as evidence of those same activities. This direct provision for records management protects both parties. On one hand, it ensures that the selling company will assist the buyer in meeting its newly acquired responsibilities for recordkeeping.