Broadcom Inc. (AVGO) Earnings Call Transcript & Summary

Welcome back to the M&A summit. We're excited for an interesting conversation on information and deal security best practices. Before we get underway, I'd like to share with you a brief highlights video with some of the leading dealmakers that are discussing this issue at a couple of recent M&A conferences.

What sort -- of what types of buyer prevention controls do you put in place?

So something that was always done at Cisco and is also done at Broadcom is that once you start to do a deal, there is a template confidentiality acknowledgment that gets sent out to everybody who is involved with the transaction to remind them of all the things that they agreed to when they joined the company and to also remind them that breaches of the agreement could be grounds for termination. And so -- and especially in the context of a public deal, having that acknowledgment come back is really important for record-keeping because you're going to have to respond to FINRA requests and other things like that. And so I think it helps the company do its housekeeping in terms of who's in the know, and it also serves to remind all the employees about their obligations.

Yes, Didier.

So we do similar things. We ask every person that disengage and individuals to sign a specific NDA for each transaction. The other thing that we do is depending on the type of deal. We will go and restrain the amount of people we have engaged. Like if we do a public company, usually, would be a very small number of functions and people engaged. It's a small acquisition, digital acquisition, and that's an insane amount of people. The thing that where we have the most exposure, I would say, is the unintentional leak. People love to use social network those days. So we had many instance of people going on LinkedIn. And so once you get 80 people working in M&A at a company looking at your profile, there is maybe a deal coming down your way. So that's something that people don't think about.

Shahzia, to that point, I mean, is -- the unintentional leak is something we've discussed. I mean is that people just forgetting, as Connie mentioned, you've just signed an extra NDA step and they're just not thinking it through? Or why does it happen?

I think it can happen for a number of reasons. I think there's definitely the [ foot ] faults. But I feel like unintentional really means unintentional, and I think sometimes you'll end up in situations where you have to think about who needs to get that confidentiality notice. And there might be people you're not thinking about, like someone's secretary, who has access to all of their e-mails; someone in the IT group who maybe has access and can get in and out of people's e-mails; the social media piece where people are geotagging their pictures. They, "Oh, I'm on a business trip to XYZ, and putting it on Facebook." Is that enough to leak a deal? No, probably not. But it's enough to kind of put that together with like the LinkedIn viewing profiles, and suddenly, you start to put together a bigger picture. I think people need to be thoughtful about kind of their own behavior. So how many people here work in like a completely open work space? Fair number of us, right? So if you're in an open work space, obviously, the hygiene of going and finding a conference room but then also realizing that if suddenly your M&A team is locked in a conference room together for 3 months, that's also potentially signaling something there. I've worked at companies where you can -- your calendar, right? People can see not only when are you blocked off but who you're meeting with and the name of the meeting. So if you're -- you have project X, and suddenly, there's a bunch of project Xs, and then those show up in your calendar, they show up on the doors of the conference rooms. All of these things that seem small can be sort of spreading unintentionally, the message that there is something that's going on at the company. So I think just being thoughtful about that kind of hygiene; trying to keep the deals team small, at least initially; trying to rely more on advisers; thinking about kind of staging and who really needs to be involved at which stage, I think, can be a helpful thing to do as well.

In this last session that was recorded at the annual M&A conference in New York, we'll look at the use of clean teams as an innovative practice in the information management and deal security.

There's a lot of noise in the system these days and a lot of activity around clean team agreements. We see that a lot. I wonder, do you have any sense of best practices guidance? What you're seeing? How to set up clean team arrangements that are consistent with the sort of overall deal dynamic in terms of trying to get to a process in a timely fashion?

Sure. Just to set the table a little bit, and I apologize for those of you that know this and it maybe all of you, but clean teams are sort of data rooms where you put your most confidential, competitively sensitive information and you limit access to it to groups of people who can't or are less likely to misuse that information. So people who don't have sort of the day-to-day strategy, marketing, pricing responsibilities. The idea is they can't take that information from a competitor and then sort of go ahead and use that in a nefarious way. And just again, I think it's worth emphasizing that this is a real issue that does get attention from the regulators. The regulators care about pre-deal information exchange. And there have -- there's actually been enforcement action about it. The FTC, for example, brought an enforcement action against some aluminum tube welders, I believe it was. And they challenged both the merger and the information exchange. And I want to get this right, so let me look at my notes. But the information that was shared in a non-clean team manner included both nonaggregated, customer-specific information, such as customer price quotes, details about customer negotiations and customer-specific pricing strategy. And so not only did they require some divestitures as part of the deal but they put limits on what the parties could do in terms of information sharing in future deal negotiations that apply to the parties for 20 years. So this is, again, I just want to emphasize, this is a real issue. This is not just antitrust lawyers trying to get in the way of your deal.

And Stacy, just on that, and I'm going to jump in as the deal guy because I do find it is often the case where I say, look, our antitrust folks are telling us we need a clean team, and there's a lot of pressure from the business folks, you say. I don't get it, [ Scott, ] get the stuff in the data room, don't understand it. And what's the real risk? What -- when we say that the regulators look at this and there are enforcements, how does that happen? I mean what [ ad ] is this? How do you get yourself in trouble?

So I think when you have a deal that's before a regulator, you're going to have -- you're going to be giving them documents and information. And so you are giving them the very documents that show you exchanging that information. As anybody who's been through a DOJ or FTC second request process knows, you are providing them with pretty much anything that touches the business that you're selling or buying. So there's an opportunity for them to see all of the conversations we've been having. And that's very likely to lead to a side show investigation and delay your deal even if there's no specific enforcement action coming out of that. So I think that's sort of what I often tell my business people. You're probably right that we aren't going to get taken to court over this, but you're going to extend your time line by 2, 6 more months. Is that really worth it to you? And if we just put some basic information sharing hygiene in place, we'll get it done quicker. And so in terms of how you go about clean teams, I like to -- I think the most important thing is that you have to think about them and plan them before you do them. And I know that sounds obvious, but I often think things get put in the data room and everybody says, "Oh we shared half of it. What do we do now?" So I think at a very early stage, you need to walk through who's going to decide what is clean team information? And how are they going to decide that? How is that information going to be shared with the clean team? What can the people on the clean team do with that information? And then how does that information get dealt with after the clean team has used -- how's it destroyed, especially if the deal doesn't go through? So I think you need to go through those 4 steps and put that process in place before you actually start sharing information. And I'd also say that it's really important that you have dedicated resources for this. I find that if you have a very big deal and you have antitrust council, I like to have 1 antitrust lawyer who just does this because they don't get their attention distracted to go and then negotiate the deal the next day. They really can be an available resource that pivots very quickly to this so that you weren't holding up the deal team. And then in terms of how I like clean teams to operate, I think there are a couple of ways that you can make it more efficient. One is there's a real tendency when you're starting due diligence before signing a deal to say, "Give me everything. I need to look under the hood of the car. I want everything." And I think you can sort of make that a more iterative process. Get me some of the less sensitive stuff first and then save the more -- most sensitive for the end, so that you can do the vast majority of your diligence while you're working through the clean team stuff. So that's one thing that I think we do. And then I think the other thing is think about whether information really needs to be clean team. Can you provide it in a different way? Can you redact it? Can you provide an aggregated fashion? To go back to the example I used the beginning, can you provide it in a non-customer-specific way so that you can get it to somebody quicker without having to go through the clean team process? I think everybody understands clean teams are sort of here to stay. The FTC issued some guidance about a year ago, reminding everybody that they are looking at information sharing. The DOJ is looking at information sharing more broadly. So this is a process that's here to stay, and I think you just have to get out ahead of it before the information sharing starts and then come up with creative ways to, frankly, minimize the information sharing that actually goes through the clean team to prevent hold up. And then the final thing I'd add that I think is really important is snafus happen in the information sharing process. Stuff gets to the wrong person. That's going to happen, And what really matters from a risk management perspective is how you mitigate that, how you deal with it and document it. Agencies understand that. And so it's just a matter of dealing with it in a way that you've left a clean record that you destroyed it, et cetera.

It's clear there are a number of innovative and important steps to be considerate of in terms of managing sensitive and confidential information and deal process, right from the early stages of due diligence all the way through to closing.

Well, we certainly set the stage with an ominous start of the discussion. We -- I think I wrote down in my notes, the first quote of grounds for termination being an important framework for us to consider this -- these issues within. So clearly, there's a seriousness and there's a changing standard that will be interesting for Ken and I to unpack a bit. But before we do that, let's start with an introduction. And then clearly, there's a lot that was suggested in that video that we need to understand and help explain. But Ken, just really pleased to have you with me today. As a starting point, would you introduce yourself to those that are here that haven't had a chance to meet you? And tell us about your charter at Intralinks.

Happy to, William. Thanks for having me. So I'm one of the co-heads of the Intralinks business. I manage the business with Bob Petrocchi. I have been with the Intralinks team for just about 2.5 years now. I come from a background of running software and cloud businesses, largely related to the time when I was at IBM as a strategic acquirer acquiring and integrating companies and had been through many M&A processes myself. I retired from those roles and joined private equity maybe 4, 5 years ago and started doing things on the other side. So instead of running away from bad-looking organizations, we ran to them on the private equity side because there were lots of opportunities there. Actually, I had the opportunity to work with Intralinks there and was dropped into the management team when Siris Capital acquired Intralinks in 2017, and took a role in executing a reformed corporate strategy and building a product and R&D organization that would engage our innovation capacity and start to take the virtual data room space from one about secure cross boundary communication and document sharing into one where we're really understanding and delivering insights and analytics as well as more broadly addressing the entire deal life cycle and the journey through strategic transactions is where we've been focused. So it's been a great opportunity for me. I'm very passionate about the topic and happy to join you.

Well, I'm really pleased to have you here. And I love the word you used, journey, because what was clear in the opening video and inspired us for this conversation is that, that journey is fraught with risk. And that although people can bring great expertise to the deal process, without managing information security properly throughout, there are real risks, risks to the organization and risks to one's career. So let's talk about a couple of those issues in particular. And let's see if we can help the community that's joined us today do this work well. So Didier from Salesforce started off, and he talked about unintentional leaks. As a starting point, project names are classically poorly disguised, but one fun part of sort of kicking off an M&A process. So as a basic starting point, I imagine picking a good project name is a good first step.

Yes. Certainly, everybody uses project names. We see quite a few interesting ones for sure. We even created a project name generator on the Intralinks website that seems to get a lot of traffic, so people like using our project name generator. I think in practice, as you heard even in the earlier video, it's really the human behavior and how we're working together which impacts a lot of information security. We focus a lot on making sure that technology is able to protect information, protect data, make sure that things are highly secured, encrypted, et cetera. In terms of the human behavior, using project names absolutely are a typical and best practice. We often hear people also guide their teams towards talking about, look, we're engaging in a strategic partnership. We avoid talking about the acquisition word or divestiture word and things like that. We also see that. At Intralinks, we've -- we use our access to the industry to also even study this topic. We publish a regular deal leak study, in fact, and we're getting ready to publish a new one. We've actually seen over the last couple of years, reported deal leaks has been on the decline, probably due to increased regulation. Even though there's always some continued pressure, sometimes people think that there's negotiation posturing when deals get leaked. But we've seen that on the decline. The latest one, without sort of spilling the beans on it, we're seeing actually things move the other direction that leaks are coming back a bit. What I would recommend, just in addition to some of the practices we're just talking about, from a technology perspective, one of the popular practices we see is the use of Information Rights Management, which, of course, is built into our products. So that when you're sharing information, you have the ability -- sometimes you're sharing information with multiple prospective buyers, and it's useful to have the ability to shut off access to that. Even if they download the documents later, we have the ability through IRM to be able to control and remove that information. So lots of things to talk about in that topic, but those are a couple of tips.

Well, that's interesting. And think about being able to limit and control access even if an acquisition is abandoned or if the buyer doesn't -- isn't the actual winning bidder in the auction. But clearly, there are steps and methods that are important to take into account. And I think the sophistication level needs to continue to increase. I think that's -- so one of the issues that Shahzia talked about at Square, I think in her comments, there was an interesting view that partitioning out information at different steps and getting different people involved was important, right? So at step 1 in the deal pipeline, opening up everything to everyone creates all sorts of hurdles and problems that can impact the deal. And yet a more balanced and more rigorous process to slowly increase access is really a best practice. Just can you talk about the ways to do that on the platform? This is achievable, I gather.

Sure. Absolutely. I think it's probably one of the more popular usage patterns of our exchanges, our virtual data room. So this idea of using very granular permissions so that I can determine who has access to certain information, it's relatively easy to control that on the sell-side in terms of [ left out ] in information in silos, making sure the right people are included and people have proper NDAs and disclosures, things like that. What we'll often see our clients do is they'll use these permissioning capabilities to control who has access to information and also to selectively start to disclose more and more content as buyers get more and more serious and through vetted processes. It can be a little bit less easy to control on the buy side, especially when you're quickly assembling buy side teams, perhaps, or trying to react to a deal that popped up but you know there's competition for it, so you're kind of quickly pulling teams together. But again, this partitioned access is very valuable. We also see -- you want to make sure that an HR team [indiscernible] use their HR content or things like salary records and salary files are a highly controlled. You don't want people just sort of taking a self-guided tour of the data room and looking for all kinds of information. On buy side teams, we also have a fairly new offering in our portfolio called DealVision, which is built specifically for buy side teams, and that technology allows buy side teams to organize their efforts and their vetting processes and their checklist management. And we also, in that offering, allow buy side teams to have additional control over determining who has access to certain files. Like I've asked you to go handle this checklist side and you're looking at certain information. I can even further restrict your access to information to, again, kind of keep that information siloed and disclose only what we need to selectively.

Well, the comments, certainly from Stacy Frazier at GE, I think, really illustrated the significance and the importance of that in a deal process. Frankly, I think we were taken aback at the significance of the regulatory enforcement regime that if you don't manage information in a deal process properly, the forced divestitures, the prohibitions on behavior, the example she used, is up to 20 years. I mean these are clearly career-ending and career-limiting mistakes in the deal process. And so this new use of clean rooms, I think, is -- again, we're seeing a lot of it in Europe. We're seeing a lot of sensitivity with GDPR and of information management, but surely, this is going to become a global issue and one that deal makers are going to need to navigate in all regimes. And so if you think about how you help organizations set up compliance with the clean team and clean rooms, can you talk us through some of the things that are now possible that even just a few years ago weren't easily managed in terms of setting up a clean team and a clean room?

Yes. I think when it comes to defining clean teams and their roles within clean rooms or virtual data rooms, it's important to define who should be on a team. When you're doing that, naturally, there's things to consider, especially areas like contamination. If I'm going to bring somebody from a product team to be part of a diligence process, I want to make sure that they don't get contaminated from an IP perspective or other things like that. Defining the team is important. Practicing that separation and practicing those clean team practices is also important. We mentioned granular permissions used to silo information. We've also started to see more progressive use of redaction as well. We've built redaction capabilities into Intralinks recently, and we're continuing to get more and more aggressive in using artificial intelligence to help people identify types of information that needs to be or should be or we prefer to have it redacted and cleansed. And then there's an element, of course, of not just defining your team in practicing information control but then also proving that you did it, right? And so using either access control reports or audit logs that we also provide the organizations and help if you ever find yourself in need of proving to a regulator that you practice these processes and you control information access. So that's very important. I'll also mention that we often see, especially in more complex transactions or highly regulated industries, that often our clients will use multiple exchanges on a deal. And they'll use this, and sometimes they're staging content, and they may also use some of the built-in capabilities that we have in terms of document approvals and workflows so that they have some processes that control when a document gets published into a data room. We have sort of this staging area and then we've got our own internal controls over when we chose to publish certain content and how. So lots of different ways that you can go about that and advances we've been making.

Well, appreciate you really drilling into that because I think one of the challenges that Stacy touched on a bit is that different jurisdictions are going to have different rules. Different deals are going to have different process flows. And so this version of permissioning, which may have been simplistic in years past where everything was dumped in from day 1, is clearly going to change. And I think it's a good expectation that will continue to change, that the complexity will continue to get higher and more sensitive and clearly, the enforcement actions, I think, really stunned us that the regulators really care about this. And that not only will they challenge the information exchange, they'll challenge the merger if they think that there's been inappropriate activity. And certainly, to be able to report and prove that information was managed properly is really a breakthrough because it's -- to be able to show a regulator that there's good evidence of good behavior and good activity is just as important as doing it, right? You've got to be able to prove you've done it right. So if people want to see this -- I mean, you've talked about DealVision, but you've also talked about redacting and being able to do some very clever jurisdictional even provisioning. What's the next step? How do we see more? How do we learn more? What's the best way to get engaged?

Yes. Lots of -- there's certainly lots of ways to get engaged. The easiest one would, frankly, just be to go to intralinks.com. We've done a pretty progressive job of making sure that new product capabilities are visibly displayed and demos of some of those technologies are available. There's definitely a call to action there. If you say like, "Hey, I'd like to have a demo. I'd like somebody to call me or talk to me about this, for sure." I know many people who might be watching this webinar already have some relationship with our team. So we'd ask you to contact your Intralinks team. I will mention that while we talk a lot about the technology, when we think about why people do business with Intralinks, like people engage us, it's really a -- it's a full-blown end-to-end experience, right? And so we employ a couple of hundred people that are in the job of just providing white glove service and support and have a lot of experience in helping operate and execute these diligence processes. Our team is available not only to help you with the products and the technologies but also in the context of running diligence operations. That's their job. And our goal is to use our expertise and our experience to help you be successful.

Well, I appreciate that. Adding context too because, as you said, I think we can easily isolate on the technology and we can easily isolate on the rules, and yet it's people that are the glue between helping to use technology to enable a better process and practice and helping them to apply these new standards. And certainly, the emerging standards are always the tough ones because this isn't the process we are used to. And if our game needs to increase its sophistication, it's nice to know there's help to do that. And certainly, I think Intralinks -- this summit has done a nice job of bringing people in the M&A community together virtually to share best practices, to talk about innovation, to talk about the techniques and methods that are used. And so we appreciate your support of the M&A community broadly. We certainly brought a huge audience together to think about these issues together, and I think if we can go away from this summit as -- I think we will be able to, having helped people improve the process and practice and do better deals for the organizations they represent, then I think it's been a very successful pursuit. And so Ken, we really appreciate your contribution to that and to give us some specific insights on how we do that really well in terms of managing information.

My pleasure. Just glad to have people here working together.

Right. Well, and I know you're keeping yourself and your team safe, and appreciate you piping in from your home office there. And we wish you continued good health and continued success. Thanks for being with us today.

Thanks, William.

Thank you. Take care.