Risk Management: Mergers & Acquisitions

Getting the most value out of Mergers or Acquisitions requires proper upfront legwork, risk management and risk assessment.


risk managementIn the business press, discussions of mergers and acquisitions (M&As) invariably include percentages of deals that did not create their expected value. Failure numbers, ranging from 60–80%, are surprisingly high. Many companies seem to pursue mergers or acquisitions without a clear picture of their potential risks. A due-diligence process that’s too high-level or superficial is often to blame.


For example, when a life-science company considers a merger or acquisition, the due-diligence team typically looks for 483s, Warning Letters, notified-body findings, and product recalls to find any signs of potential problems with FDA. But when a deal does not deliver value, the real causes are often strategic, cultural, or technical.


Risk Assessment


Due diligence is not the same as risk management or conducting a quality assurance compliance audit. But in the life-science industry, it’s easy to confuse the two. The executives or the private-equity firm structuring the deal do not necessarily understand the companies’ operations or FDA sanctions.


At the same time, if a CEO or CFO is enamored with M&As as a perceived means to expand into a new business or enter a new market, the due-diligence team typically lacks the business expertise to ask the right questions or the clout to raise objections.


Risk Assessment Example


For example, Company A might want to buy Company B because of its superior sales force. Company A’s marketing department contends that sales would double; the finance department believes that redundancy would allow Company A to reduce payroll by 10%.


Both predictions are correct, but no one calculates the extra manufacturing capacity needed to produce a larger portfolio and volume of products. The expected value of the deal could be canceled out by unanticipated costs in another part of the organization.


Level of Compliance


The fundamental questions asked during due diligence should go beyond FDA compliance and tackle the business reasons for closing the deal. This approach requires having the right people (not necessarily those who happen to be available) on the due-diligence team.


Technical executives might be asked about open citations, but they’re rarely consulted about the likely costs of integrating factories, supply chains, or distribution centers—or whether these integrations can be done at all. But if integration costs more or takes longer than expected, customer relationships and product quality can suffer.


Checklists for Due Diligence


Often in a merger or acquisition, using a checklist to gouge the personalities of the two companies are not considered relevant. But stress and tensions can build when the cultures of two organizations are incompatible. The possible triggers of a poor “culture fit” are limitless: management style, risk tolerance, flexibility, talent, technology, and geography, to name a few.


Some life-science companies are risk-takers; others are conservative. Some are entrepreneurial; others are hierarchical. Some are obsessed with “zero incidents” quality; others have a “find a problem, fix a problem” management style. If the two cultures can’t be blended, the cost of a significant restructuring (including recruiting and hiring new executives) needs to be included in the M&A price tag.


Technology Due Diligence


Post-M&A integration is often the cause of extra, unplanned costs. For instance, a seller often ends up supporting sold-off processes or IT systems long after the deal is done. When this happens, the buyer can end up with a poorly managed function, and the seller can end up with disgruntled clients and extended costs. The deal’s stakeholders, each with different goals and agendas, need to talk to each other. External stakeholders can also be drawn into the due-diligence process to reduce such risks.


Transition services agreements (TSAs) should be drawn up carefully to protect buyers and sellers from value destruction. For the buyer, a TSA might specify that the seller’s employees will be available to talk to regulatory authorities during the integration time period. For the seller, the TSA might detail roles and responsibilities for the sold business or division. A key executive or consultant should ensure that TSAs are followed and that the buyer takes over on schedule.


Commercial Due Diligence


Any life-science company considering a merger or acquisition should consider the following five steps to ensure that its due-diligence process helps manage business risks and prevent value destruction.


FDA Compliance


Put the right people on the team. You have to be compliant with your notified bodies at any moment in time. A life-sciences company typically has multiple locations, some in other countries, as well as complex supply-and-distribution operations. The time available to understand compliance while making the deal value can be short. The due-diligence team therefore should be structured to quickly obtain real-world answers to fundamental questions.


This means including experts who can look at limited data and draw reasonable conclusions about areas such as: manufacturing, product portfolios, supplier relationships, IT capabilities, R&D and engineering, marketing and sales, and environmental compliance. A quality assurance specialist cannot cover all this ground alone. Perhaps most important, the team needs a senior executive who has the power to champion the right answer for the deal, even when that answer is “no.”


Risk Analysis Process


Consider the following example. A US company wanting to acquire a high-growth product line made a play for a successful company headquartered in Australia. The rewards matched the company’s objectives: revenue from sales outside the US would jump from 15 to 40%.


However, the risks would be just as great: registrations and patents would require global management, and the success of the venture depended on keeping the seller’s key people and infrastructure.


Technical Risk Assessment


The-due-diligence team included the COO as well as senior people from manufacturing, finance, legal, quality assurance, business development, and R&D, and an independent consultant to question assumptions. In addition to working with a virtual data room, the team spent two days interviewing seven of the seller’s top executives and one day touring the main production facility.


The team included a senior executive who would be in charge of the postmerger integration crucial to future revenue and earnings. Because the due-diligence team had the right people, the process contributed significantly to the immediate and long-term success of the acquisition.


Risk Evaluation


Ask the right questions. In many ways, due diligence is a detective’s game: the analysts need to look at clues (often from only partial data) and solve the mystery by defining the business case for the merger or acquisition, identifying the ways each facility or function would contribute to (or detract from) the realization of the business benefits, and pinpointing risks to processes, functions, or the enterprise. Even companies that do a lot of deals are wise to treat each one as a new and unique experience.


Find weak spots and define fixes. The due-diligence team needs to address areas of risk management, such as the costs and efforts required to harmonize operations, the timetable for fixing problems, and the investment needed for postmerger integration. For example, upgrading an acquired company’s enterprise resource planning system would be expensive and resource-consuming; its costs should be acknowledged.


Hazards Assessment


Use facts to negotiate. The financial decision makers want to know of any issue large enough to stop the deal. But even problems that are not dealbreakers could be used in negotiations. The due-diligence team needs to be prepared to talk to C-suite executives, bond-rating agencies, investment bankers, and the sellers about issues, potential solutions, a course of action and as its timing and estimated price tag.


Regulatory Compliance


Bring in the regulators early. The postdeal organization should inform FDA or other appropriate regulators of plans to fix recognized problems. Regulators know that M&As can create confusion and inconsistencies, and they look for them during inspections. Even if there are no risk management problems, it is a good idea for the buyer to connect with regulators to help ensure a smooth transition. Due diligence is a strategy for risk management and return on investment. When done right, it helps ensure value creation in a merger or acquisition.


About RCA’s Pharmaceutical Consulting Services 


Regulatory Compliance Associates (RCA) has helped thousands of pharmaceutical companies meet regulatory, compliance, quality assurance, and remediation challenges. With more than 20 years of experience with FDA, Health Canada, EU and global regulatory agencies worldwide, Regulatory Compliance Associates® offers leading pharmaceutical consultants. We’re one of the few pharma consulting companies that can help you navigate the challenges associated with industry regulations.


Our pharmaceutical consulting firm includes over 500 seasoned FDA, Health Canada & EU compliance consultants and regulatory affairs experts who understand industry complexities. It’s a pharma consultancy founded by regulatory compliance executives from the pharmaceutical industry. Every pharmaceutical industry consultant on the Regulatory Compliance Associates team knows the unique inner workings of the regulatory process. 


Client Solutions


Whether you’re in the product planning, development or pharmaceutical lifecycle management stage or need a remediation strategy for a compliance crisis, Regulatory Compliance Associates will guide you through every pharmaceutical consulting step of the regulatory process and create a customized approach depending on your product and your pharma company’s individual needs. Our regulatory compliance clients include:


  • Companies new to FDA, Health Canada or EU regulations and regulatory compliance
  • Start-up organizations with novel submissions to 510(k) submissions from multi-national corporations
  • Investment firms seeking private equity due diligence for pre-acquisition and post-deal research
  • Law firms seeking pharmaceutical consulting firm expertise in the remediation of warning letters, consent decrees, 483’s or import bans


Regulatory Affairs


Regulatory affairs is Regulatory Compliance Associates backbone. We exceed other pharma consulting companies with industry experts experienced in complexities of the pharmaceutical and biopharmaceutical industries. Our pharma consulting expertise spans all facets and levels of Regulatory Affairs, from Regulatory Support for New Products to Life Cycle Management, to other services like Outsourced Regulatory Affairs, Submissions, Training, and more.


As your partner, we can negotiate the potential assessment minefield of regulatory compliance services with insight, hindsight, and the clear advantage of our breadth and depth of knowledge and regulatory compliance consulting. We offer the following pharma consulting regulatory affairs services for pharmaceutical companies.


  • New Product Support
  • Product Lifecycle
  • Other Regulatory Services
  • Combination Products


Compliance Assurance


The regulations process surrounding pharmaceutical companies can be tricky for even the most experienced industry veteran to understand. Just one misstep could mean significant and lasting consequences for your business. At Regulatory Compliance Associates, we offer the pharma consulting experience and pharma consultants necessary to guide you through the quality compliance process.


  • Assessments
  • Audits
  • Regulatory Agency Response
  • Preparation and Training
  • Inspection Readiness
  • Data Integrity


Quality Assurance


Regulatory Compliance Associates Quality consulting includes assessments, strategy, implementations, staff augmentations, and identification of quality metrics to ensure continuous improvement. Our pharma consultants understand the strategic thinking needed to align your business needs and goals. Regulatory Compliance Associates quality assurance services include quality experts with experience spanning major corporations and start-ups. Our pharmaceutical consulting firm knows firsthand how to achieve, maintain, and improve quality, and we excel in transferring pharma consulting knowledge to your organization.


  • 21 CFR Part 11
  • Data Integrity
  • Manufacturing Support
  • Facility Support
  • Quality Metrics




Regulatory Compliance Associates has significant experience and a proven approach to managing FDA Warning Letters, Consent Decrees, Remediation and other serious regulatory situations. Our pharma consultants know how to partner with executive, legal, and communication teams, and will assist management with a response that will be accepted by the regulatory agency and be realistic to execute. Regulatory Compliance Associates pharma regulatory consultants will develop a comprehensive proof book of documented evidence demonstrating the corrective action taken to remediate non-compliant issues.


In addition, each Regulatory Compliance Associates pharma consulting Expert understands compliance enforcement. We’ll prepare a comprehensive pharma consulting strategy to assist in your remediation efforts, drive continuous improvement, and maintain regulatory compliance with the regulations.


  • Regulatory Action
  • Regulatory Compliance
  • Regulatory Enforcement
  • Warning Letter
  • 483 Observation
  • Oversight Services
  • Risk Management Plan


About Regulatory Compliance Associates


pharmaceutical consultantsRegulatory Compliance Associates® (RCA) provides pharmaceutical consulting to the following industries for resolution of life science challenges:



We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.


As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.


  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021


About Sotera Health


The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.


Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.


We are a trusted partner to 5,800+ customers in over 50 countries, including 40 of the top 50 medical device companies and 9 of the top 10 pharmaceutical companies.


Commitment to Quality


Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.


To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 



Our website uses cookies to give you the best possible experience.

By continuing to use this site, you agree to the use of cookies.