A longstanding component of most M&A contracts, material adverse change (MAC) clauses are not a new phenomenon – but they are difficult to implement. The use of MAC clauses to allow the buying party to renegotiate the final sale price however, specifically in regards to cybercrime, is a trend that is set to continue.
MAC clauses, sometimes known as material adverse events or a material adverse effects (MAE) are, in most cases, essentially a closing condition. It operates as buyer protection against a negative event happening unexpectedly in the period between contract-signing and the deal closing.
But according to Heiko Ziehms, managing director at Berkeley Research Group, MAC clauses are difficult to enforce, and in most cases do not derail the transaction entirely.
"Usually the outcome is that the parties renegotiate the price"
“The outcome is usually not that the buyer walks away, or that they agree that it is a material adverse change and the deal does not close,” he said. “Usually the outcome is that the parties renegotiate the price.”
A perfect example of this trend in action is Verizon’s recent acquisition of Yahoo for $4.48 billion. In the eleven months between initially announcing the deal to its eventual close last month, the price that Verizon finally paid for Yahoo was reduced by $350 million.
- Market participants have suggested that MAC clauses, a commonly used closing condition within an M&A contract, are excessively hard to implement;
- As a result, the use of a MAC clause has become a method of allowing the buying party to renegotiate the final sale price;
- These have recently been used in the context of cybercrime;
- A MAC clause was in the sale of Yahoo to Verizon, where the final sale price was reduced by $350 million following two data breaches before the deal closed;
- Despite the breach, the deal remained strategic for both parties who wanted to avoid litigation, so accepted the reduced price.
Following two major data breaches that compromised as many as a billion customer accounts, the New York-based telecoms company took advantage of a MAC clause in the original contract at the expense of Yahoo and its shareholders.
According to Josh Dubofsky, partner in the Silicon Valley office of Latham & Watkins, despite the severity of the cybersecurity breach on the target, in this instance it was never a likely scenario that either party would back away from the deal.
“The seller, rather than getting into a fight and maybe losing it or having themselves viewed as damaged,” he said, “agrees to some reasonable deduction in the purchase price to offset the unexpected and get the deal done rather than having to take a risk on litigation and the deal not closing. If the deal doesn’t close you would have to sell the company again, and after half a year or so and a failed transaction you might get a much lower price.”
In the transition between closing and signing an M&A transaction, it can be difficult to prove that an unexpected event has had a material adverse effect on the company. The definition of an MAE in practice is even tighter, and what it includes is sparse. For instance it does not include a failure to meet projections, changes in the economy that are esoterically the business of competitors, the fallout from announcement, natural disasters, terrorism or war.
This, said Dubofsky, means that a MAE is a hard thing to prove. Plus, the facts surrounding what really happened and how a court might allocate responsibility can differ between jurisdictions and even judges, meaning that litigation is not often worthwhile.
In the case of Yahoo/Verizon, it later came to light that Yahoo may have been aware of one of the data breaches before the deal began, which would have caused further complications in court.
“Given the fact that Yahoo may have known about one of the data breaches before it entered into the merger agreement with Verizon, it probably would have been a pretty ugly litigation in Delaware in terms of discovery and getting access to who knew what about the data breach and when, and why the data breach wasn’t disclosed,” he said. “Yahoo, given the process they'd been through and the public scrutiny of that process, likely had no appetite for litigation playing out publicly and the potential risk to closing the sale transaction."
Despite the data breach, the deal was worthwhile for Verizon, said Ziehms. “They still wanted to acquire Yahoo,” he said. “It wasn't enough to walk away from the transaction altogether, but they wanted a discount, which they got. That is exactly the evolution of events that happens in most MAC clauses.”
The financial cost of the cyberattack was estimated at $350 million, and the MAC clause ensured that this was met by Yahoo rather than Verizon. The figure, around seven percent of the company’s value, was an estimate of the cost of notifying a billion customers and securing the necessary identity protection after an attack of that scale.