As anyone who has been through a corporate sale process can tell you, there is no such thing as a “standard” M&A transaction. Every deal is different and presents a unique set of challenges. This is especially true of transactions involving lead generation companies, which can be very different than businesses in other industries. Amongst other differences, companies in this space utilize a wide variety of customized commercial arrangements and are subject to numerous industry-specific regulatory requirements that buyers need to be aware of before making an investment in this space. In this article, we highlight the top 10 issues that buyer should diligence when considering acquiring a lead generation company. Sellers in this space should focus on eliminating any issues in these areas as well to make them a more attractive acquisition target.
As used in this article, the term “customer” refers to persons and entities who purchase the leads from the target, and the term “consumer” refers to the persons and entities who constitute leads (i.e., people who provide information to the target and consent to the target sharing such information).
- Defining a “Qualified Lead”
Lead generation companies generate revenue by collecting and selling leads to customers, so it is important for buyers to understand exactly what the target has agreed to deliver in order to get paid. A typical lead generation contract pays the target for each impression, click, qualified lead, acquisition (i.e., successful sale), or some combination thereof. While “impression,” “click” and “acquisition” are easy to define and track, the term “qualified lead” is highly customizable and is often negotiated heavily by the target and its customers. Common factors that determine whether a lead is “qualified” include, among others, demographic/firmographic data, scope of information provided by the lead, behavioral data, consent to receive marketing, exclusivity (i.e., no credit for duplicate leads), and other factors that are specific to the customer’s industry. As part of their legal diligence, buyers should review how broadly or narrowly each contract defines a qualified lead. Buyers should also analyze the frequency of customer disputes regarding qualified leads and on what basis such disputes arise.
- Billing, Payment and Audits; Minimum Production and Purchase Commitments
Most lead generation contracts typically include an audit mechanism that allows the customer to verify the target’s deliverables and billings on a regular basis. Such contract could also include a payment holdback or delay mechanism to provide security for the customer in case of payment disputes. While an audit right is typical, buyers need to understand how much this impacts the target’s operations in practice. Accordingly, it is important to review audit frequency, the level of cooperation and access required, applicable penalties and interests on overpayment, and whether an independent auditor is required to participate (and, if so, who pays for such audit). A lead generation contract may also include commitments on quantity, such as a minimum monthly production commitment from the target or a minimum purchase commitment from the customer. Buyers should understand the consequences of breach of such commitment by the target, which could include reduction of fees, termination of contract for cause, indemnification claims and liquidated damages.
- Compliance with False Advertising Laws
By the nature of their business, virtually all lead generation targets are subject to a number of laws and regulations regarding false advertising. Federal Trade Commission Act and the analogous state statutes prohibit dissemination of false advertisement. Similarly, the Consumer Financial Protection Act prohibits abusive acts by companies in the consumer finance space. Buyers should understand that these laws and regulations impose two distinct types of consumer-facing obligations and should confirm that the target is complying with both. First, the target has a primary obligation not to collect information from consumers by engaging in deceptive acts, such as making false or misleading promises about the offered product or service, or misleading the consumers into believing that they are interacting with the producer/service provider and not a lead aggregator. In addition, the target has a secondary obligation to ensure that their customers and other end users (to the extent the customers further transfer the leads to other third parties) do not engage in deceptive practices or dissemination of false advertisement. The scope of this secondary obligation is not well-defined by statute or regulation, but at a minimum, the target is required to properly diligence their customers and other potential end users and have appropriate safeguards and enforcement mechanisms in place.
- Compliance with Data Security Laws
In addition to being subject to advertising laws, lead generation companies must adhere to various regulations governing the protection of private information since they are in the business of collecting sensitive information and transferring them to third parties. These restrictions include, among others, the federal Privacy Act, state security breach notification laws, and other state privacy laws such as the recently enacted California Consumer Privacy Act. Under these laws, lead generation companies are required to protect such information through industry standard data encryption and security and disposal processes, as well as to ensure similar compliance by the customer and other end users. In practice, this means the acquisition target must track the scope of consent provided by the consumers and any promises made by the target regarding their private information, and put in place proper contractual safeguards and monitoring procedures to make sure that the customers and other end users comply with all such data security and privacy requirements. Given applicable penalties for violating these laws, buyers should thoroughly review the target’s compliance program with respect to these obligations.
- Compliance with HIPAA
Lead generation targets operating in the healthcare space are likely subject to HIPAA. Given HIPAA’s prominence in their businesses, targets that deal in healthcare leads typically understand the importance of having compliance programs in place to deal with its requirements. However, HIPAA can catch some buyers of lead generation companies unaware —for example, a target selling insurance leads may not be aware that the transmission of consumer demographic information to health insurance providers (and receiving data back from the health insurance providers) may constitute a HIPAA breach if the parties do not place appropriate safeguards in place. To the extent the target has any touchpoint with protected health information or personally identifiable information, no matter how minor, buyers should evaluate whether HIPAA applies to the target and whether it is in compliance with these requirements.
- Compliance with Telemarketing and SPAM Laws
Even lead generation companies must often engage in lead generation of their own. Once a consumer provides personal information and consents to receive marketing materials, it is common for these companies to periodically send marketing emails and/or reach out by telephone. To the extent the target engages in any email marketing or telemarketing, buyers should confirm that such marketing is done in compliance with the Telephone Consumer Protection Act and CAN-SPAM Act. While the legal requirements under such laws are fairly straight forward, the potential consequences of violation can be quite costly, as fines and damages are measured per incident. Notably, TCPA also provides consumers a private right of action, increasing the likelihood of litigation; class action lawsuits are common in this area.
- Compliance with Other Industry-Specific Laws and Regulations
Depending on the industry they operate in, lead generation targets may also be subject to other industry-specific laws and regulations, including those relating to mortgages, consumer lending, insurance, debt collection, debt relief, and healthcare. For example, companies that generate leads in the consumer lending or debt collection industry may be prohibited by federal and state lending laws from selling consumer lending information to customers that are not qualified to legally make loans. Further complicating things, the scope of these industry-specific regulatory requirements is often in constant flux, as legislatures and licensing authorities can find themselves under political pressure to step up regulation of lead generation or brokering activities in a particular market as a result of public pressure. Accordingly, it is important for buyers to fully understand the industry in which the target operates. Buyers should first identify the industries in which the target’s leads are generated, determine whether any industry-specific laws and regulations apply, and if they apply, confirm that the target conducts its business in compliance with such requirements.
- Ensuring End User Compliance
In addition to regulating the actions of the lead generation target itself, the numerous laws and regulations applicable to these companies also obligate them to ensure compliance by their customers and other end users. While the target cannot (and is not expect to) guarantee absolute compliance by these third parties who operate outside its control, it is generally expected to take reasonable steps to ensure proper treatment of the leads and other consumer information by its customers and other end users (i.e., customers of customers). In practice, this can require thoroughly diligencing its customers, including investigating past violations, imposing contractual obligations on the customers to comply with the applicable laws and regulations, clearly defining the scope of the customers’ ability to further transfer the leads to other customers and end users, monitoring compliance, and taking enforcement actions upon discovering any violation. Buyers should thus carefully review the target’s relevant contract terms and violation monitoring/enforcement practices, as failure to adopt or enforce such safeguards could expose the target to liability for the actions of its customers and eventual end users.
- Contract Terms Related to End User Compliance
A key element of ensuring the end user compliance discussed above is imposing proper contractual obligations on the customer. Most lead generation contracts include a catch-all covenant for the customer to comply with all applicable laws and regulations, but best practices may require more specificity. As buyers review the target’s contracts, they should consider whether the contracts include the following:
- A specific list of applicable laws and regulations and an express commitment from customers to implement and maintain specific data security measures that conform with such requirements;
- A detailed description of the scope of permissible use of the leads, which should match the scope of promises previously made to consumers and the consumer consent previously given. The contract may also need to state whether the customer has the right to transfer any consumer information to third parties, and, if so, the conditions of such transfer and a commitment from the customer to properly diligence and ensure compliance by the transferees; and
- A robust set of representations, warranties and covenants that will allow the target to monitor and enforce the customer’s continued compliance with its contractual obligations, including a requirement to notify the target of any issues that arise during the life of the contract, as well as indemnification provisions with respect to losses arising from the customer’s breach.
- Intellectual Property
Lead generation targets—particularly online companies—often utilize proprietary software and algorithms to collect and analyze customer leads. Such companies often rely on independent contractors to maintain this proprietary software as well as to generate content that attracts users and consumers to their website. Therefore, it is important for buyers to confirm that the target owns or otherwise has a valid license to use the various intellectual property assets that are utilized in its business and thoroughly review any past or currently pending intellectual property disputes. Buyers should also make sure that each of the target’s employees and independent contracts have executed fulsome work for hire and inventions assignment agreement in favor of the target.
Lead generation businesses are different than other businesses. The best-in-class companies in this space must balance ever-changing commercial and regulatory risks with evolving technology and consumer tastes. Buyers of these businesses need to appreciate these differences and thoroughly diligence the issues outlined above to make sure they are making a wise investment. Accordingly, sellers should also conduct their own review in these areas to identify any existing issues before they become problems in their transaction and while there is still time to take steps to mitigate them. Whether you are a buyer or a seller, it would serve you well to engage a deal team experienced with lead generation businesses, including knowledgeable legal counsel, to help you navigate this complex process and give you the best shot at a successful closing.