The demand for more in-depth, detailed knowledge to make more intelligent decisions faster and efficiently has fueled the growth of big data. Data driven insights now flow through almost every organization. And while the big data revolution has had tremendous benefits, it certainly has created corresponding risks. Businesses are increasingly vulnerable when it comes to securing private, sensitive information. The biggest threat could be from the most unexpected sources.
Studies show that insider breaches are fast growing, costly and hard to detect. The majority of insider breaches are created through inadvertent negligence or error vs. criminal behavior. Although organizations are spending considerable time and funds trying to prevent breaches, employees as well as subcontractors are still continually provided with access to confidential information leaving numerous vulnerabilities in place.
One large and looming security risk is the sharing of information about the company’s finances, market opportunities, and sales strategies with ‘friends’ outside of the organization. Typically sharing with an accountant, lender, or other financial advisor comes with the assumption of privacy. But what about when a trusted advisor of the business then shares the information with another outsider?
Recently a lease intermediary approached CapX with a transaction to fund. The broker provided a wealth of confidential information about the company without any reservations. No NDA or confidentiality agreement was required for receipt of this information. Basically, we were free to distribute this information to anyone we chose to…even their competition. As organizations continue to reach out to a range of resources to transact deals, it is important to question how confidentiality is being kept and what security issues could be employed.
You know your customer, shouldn’t you know your lender?
Although the phrase “know your customer” may seem a matter of course in business today, the specific process of “Knowing Your Customer” (KYC), is an exacting set of rules designed to verify a client’s identity either before or during the time that they start doing business with them. KYC guidelines in banks aim to prevent these organizations from being used, intentionally or unintentionally, by criminal elements for money laundering activities, corruption or bribery.
While KYC focuses on the customer as a primary risk, knowing the people and organizations the business is sharing important data with, would seemingly be just as important. “Knowing Your Lender,” or KYL, should also be aligned with a similar KYC-like approach to insure corporate confidentiality and security.
What exactly is confidential?
We often refer to confidential business information as “proprietary information” or “trade secrets.” In general terms, we consider something confidential as information that’s not publicly known or typically not available to others except through either illegal or improper means. Common examples of information that is often considered to include trade secrets but needed in the process of obtaining financing include manufacturing processes and methods, business plans, financial data, budgets and forecasts, client/customer and supplier lists.
But here’s why we should be wary of the “unknown.” We typically don’t treat that information as proprietary when a company voluntarily gives that information to vendors, potential customers, or provides to others that are outside of the company.
To decide what could be targeted as being confidential, it’s important to explore:
- Is the information known outside the business?
- To what extent is the information readily known by employees and others involved in the business
- What is the value of the information to the business and its competitors
- How easy or how difficult can the information could be acquired or duplicated by others
Tips for implementing “KYL”
Much as you would analyze your cyber risks, the process of information disclosures should also be addressed as part of your vulnerability management program.
1. Know who your information will be disclosed to. If you are working with a broker, are they responsibly sharing and tracking your valuable information? An intermediary that “shot guns” sensitive data could damage a company if it gets in the wrong hands. At the outset, be very clear about who can and cannot receive the information and make sure that anyone to whom the recipient discloses your information is also under a legal duty to keep it confidential.
2. Clearly label all confidential information as confidential. This means writing it on all documents and including the word confidential in an email. Keep confidential and non-confidential information separate.
3. Use passwords and encrypted files for electronic documents.
KYL is an opportunity, not a hindrance.
Middle market lending is as much an art as it is a science. In an environment when data discovery and exploration at times does an incomplete job of truly defining the company and its potential, there are intangibles that can make a company worthy of investment. Given the significance of this risk, KYL should be an important consideration when selecting a lending partner.
CapX Partners respects both the need of the organization for privacy, while at the same time, requests significant information disclosure to do effective diligence and employ the corresponding qualitative analysis to become a trusted lending partner. We welcome and encourage a KYL philosophy among our clients. When confidentiality is mutual, trust builds, and your lender will be there when you need them most.