Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit. For insurers, risk evaluation is fundamental to establishing coverage limitations and pricing uninsurable risks appropriately. It is a safeguard against unforeseen challenges, contributing to a more resilient and well-informed approach in both M&A transactions and insurance practices.
Warranty and indemnity (W&I) insurance, also known as reps and warranties (R&W) insurance, is a valuable resource for managing risk in M&A transactions. By shifting risk to the insurer, it is designed to provide protection for both the buyer and seller against financial losses occurring from breaches of representations and warranties made in the purchase agreement. It provides a level of certainty for both the buyers and sellers that can help streamline negotiations and increase confidence in any given transaction. Buyers are more willing to proceed with the transaction with an understanding that there is M&A insurance in the in case of unforeseen circumstances, and sellers will have the peace of mind that they are not on the hook for potential risks that may arise. It is advantageous to seek W&I insurance early in the deal for a smoother transaction process. Acquirers can factor policy limitations and uninsurable risks into the bid price, when necessary.
In the context of software M&A
W&I insurance is commonly used in software M&As. M&A insurance coverage in such policies typically relates to intellectual property rights and legal compliance, the functionality of the software, and undisclosed liabilities.
For example, startups and scaleups with innovative software solutions can use R&W insurance to reduce perceived risk, particularly when they lack a robust financial record. FinTech companies that are heavily dependent on software use R&W insurance in response to crucial regulatory considerations common to the financial sector. Private equity firms engaging in software transactions routinely make M&A insurance part of their risk management strategy for both buy and sell transactions.
Software audits in M&A transactions allow insurers to offer coverage at the best possible price, as the insights serve to reduce risk in the policy for them. The increased understanding of the risks associated with a target’s codebase leads to a more streamlined underwriting process. Insurers place considerable importance on independent third-party assessments, which provide an objective overview of the risks present in the software. The head of transaction insurance at a major multinational insurance company stated that by enumerating the risk, a software audit can reduce the cost of insurance premiums for such transactions.
Our experience with W&I Insurance in software transactions
The Black Duck® Audit team is actively engaged in hundreds of M&A transactions each year, and we identify risks in virtually every transaction. Not only do our domain experts (armed with world-class tools) assess risks associated with open source and third-party code, but we also dig into security vulnerabilities, architecture flaws, code quality issues, and deficiencies in the software development process.
Learn more about navigating software due diligence with a Black Duck audit.
Audit requests to satisfy W&I requirements
Our audit services are frequently requested by customers to satisfy W&I insurance requirements. We understand that each deal is multifaceted and unique, as are the respective insurance policies and W&I/R&W insurance requirements. We currently offer nine different audit services, covering three key risk areas inherent in software: legal risk, security risk, and issues with software quality.
Typical requests to fulfill W&I insurance requirements include open source audits to verify that there are no copyleft infringements in the codebase. When we audit for IP infringements, sellers typically outline how they can be remediated within certain timeframes. In many instances, our reports also provide the steps to remediate these risks if there is a workable solution associated with the particular open source component. Some insurers request penetration testing to learn of any potential security risks and allowing them to provide optimal coverage.
Globally recognized audit reports
Many leading R&W insurance providers across the globe are familiar with our audit reports and are keen to use them when underwriting their policies. As such, we are often approached by clients at the request of W&I providers, who wish to incorporate our audit results into their process to enable optimal coverage and pricing.
Underwriting calls
Underwriting calls are typically part of the W&I process. The insurance provider will meet with their client and their advisors to review the due diligence findings. This generally takes place shortly before the transaction closes.
Our reports ensure that our customers are well-informed about the findings and equipped to address such questions. On occasion, our experts are requested to attend underwriting calls and we are more than happy to help. Typically, we are asked to explain our reports, add clarification, and shed light on particular areas of concern. These calls are typically smooth and any questions are easily addressed.
Next steps
The Black Duck Audit team is dedicated to delivering timely results with expert insights so customers can feel confident in managing software risks in their investments. To find out more about how we can help with your W&I insurance requirements, request a free consultation with our experts.
Continue Reading
From diligence to integration: How software audits inform post-close M&A strategies
Sep 21, 2023 / 3 min read