Regulatory consulting, risk management, forensics and cybersecurity throughout the deal lifecycle

Fully securing corporate transactions with forensics, cybersecurity and risk management consulting

Your expert for questions

Arndt Engelmann ist Partner, Risk & Regulatory at PwC Germany

Arndt Engelmann
Partner, Risk & Regulatory at PwC Germany
Tel: +49 151 14806264

Corporate transactions: understand, recognise and mitigate risks, strengthen cyber resilience, understand and comply with new regulations

Geopolitical tensions, an explosion of cyberattacks, increasingly strict and complex regulations in various areas, such as embargos and sanctions, and persistent fraud and other threats to integrity are all exacerbating the challenges of mergers and acquisitions. Companies need to understand, recognise, assess and mitigate these risks across investment periods and for any current transactions or transaction plans.

If this sounds challenging, don’t worry: you can rely on our Risk & Regulatory team to keep your transactions on track. We’ll work with you to spot and manage risks, and take measures to protect goodwill towards your business. Together, we can identify critical issues throughout the transaction process, develop precisely targeted solutions and deploy them immediately.

Our services cover consulting before, during and after your transaction, such as conducting risk assessments and due diligence, implementing corporate governance management systems (CMS, RMS, ICS, ISMS), developing and implementing cyber resilience strategies, and post-deal reviews and special investigations – both in response to an incident and as part of general measures. Our focus for your transactions is on holistic risk management, the best possible cyber resilience and transparency in addressing discrepancies resulting from issues like economic crime. Our experience from transaction projects combined with our knowledge of current and upcoming regulations is applied using tech-based intelligence and analysis to develop resilient strategies that protect value, build trust and create opportunities for stronger transactions.

“In times of shifting geopolitical risks and the associated economic challenges, topics, such as integrity, cyber, governance and regulations, are becoming increasingly important and are key to the success of corporate transactions. Is your company prepared for the disruption that fraud, bribery or corruption can cause? Incidents are at record levels: for example, pandemic-related disruption led to new fraud cases in many companies that have been hit. Our experts are here to help by providing you with clear recommendations for action.”

Arndt Engelmann,Partner, Risk & Regulatory at PwC Germany

Our services for your transactions

Governance, risk and data compliance management

We can guide you when it comes to integrating, separating and developing your corporate governance and management systems.

  • Optimise your transaction management systems: We’ll help you adjust your methods, approaches, processes and systems. The goal is to ensure adequate corporate governance of risk management, compliance management and internal controls in order to optimise your management systems– before, during and after the transaction.
  • IPO readiness: If you plan on floating your company or perform a dual-track transaction, we can help you identify what your corporate governance programme needs to do to meet the demands of the relevant stock exchange(s) and how to comply with these requirements using your management systems (e.g., ensuring a SOX-compliant ICS for an IPO in the USA).
  • Risk-based data segregation and data transfer: We have our own tried-and-tested strategy to precisely segregate and transfer relevant data in divestment projects – in compliance with contracts, the law and transaction timelines. Our focus is on ensuring a frictionless transformation in order to minimise disruption to business for both the seller and the buyer, increase trust in both parties and secure transaction value.

Learn more


Digital security is indispensable for a solid acquisition.

  • Cybersecurity due diligence: Our team performs cybersecurity due diligence to identify risks that could threaten your deal. We also provide you with recommendations and a roadmap to help you mitigate any risks and maximise deal value.
  • Cyberthreat mapping: We analyse publicly available data to identify IT assets and find any weaknesses in your company or company portfolio. Any security risks we identify are ranked by criticality, which we then give precise recommendations on how to combat. This scanning process offers you the essential ‘outside-in’ view of your risks by clearly showing any potential points of attack in your portfolio.
  • Day one assessment: The deal has gone through but security hasn’t been looked at yet? Our day one assessment is what you need – we’ll examine IT infrastructure, evaluate weak points and find solutions to ensure a secure integration.
  • Exit readiness: Need a fact book for an upcoming divestiture? We can compile one for you, providing detailed information on your strengths and potential to buyers. We also offer carve-out playbooks and practical divestiture assessments further down the line to ensure the continuity of operations when the carve-out takes place.

Forensics and investigation

A crisis – perhaps because of undetected economic crime – can severely impact the value of a transaction and shake your whole company to the core. That’s why our forensic experts offer comprehensive support throughout the transaction process. We work quickly to reduce costs and protect your company’s reputation, using forensic technology and analysis to assist complex projects, identify economic crime, overcome crises and resolve transaction disputes.

  • Pre-deal risk assessment and forensic/integrity due diligence: Our forensic experts start work well before the deal goes through, analysing existing documents and transaction data, conducting interviews with key individuals and looking for publicly available information.
  • Post-deal review/investigation: Following the transaction, we carry out a comprehensive review to identify any irregularities and run a quick scan on selected financial data to find any patterns that might indicate malicious activities, compliance risks or actual non-compliance. If there is pre-existing evidence of non-compliance and/or fraud, we can conduct an independent special investigation to help you assert any resulting claims.
  • (Forensic) data analytics: We run both partially and fully automated analyses, including forensic analyses, to ensure data integrity and provide detailed insights into your company. We use the latest technology and apply our wide-ranging experience to analyse heterogeneous company data in a range of contexts, for example, special forensic investigations, disputes in and out of court, annual audits and corporate transactions.
  • (Document) contract analytics: We can help you identify and assess relevant documents; a good example of this service is AI-powered contract analysis. In transactions, it is important to identify the relevant provisions quickly – such as those regarding the transfer of rights and obligations – in order to find synergies and potential for efficiency, or even if the contract needs to be renegotiated. Termination or exclusivity clauses may apply, and these need to be followed during the transaction.
  • (Document) data redaction: Competition and data protection rules for M&A require documents to be redacted, protecting information that is irrelevant or required to be kept out of the transaction. We can help you set up compliant processes to partially or fully automate redaction. Our approach is a combination of AI and a nearshore team of legal experts to ensure high standards.

Mehr erfahren

Any questions?

Contact our experts

One transaction, many questions

If private investment capital is at stake, everyone involved in the transaction needs to be able to give confident answers to risk-related questions and be ready for risk- specific analysis. These questions include the following:

  • What are the strategic goals of the transaction and how much value is it expected to create?
  • What are the key points in the transaction agreement regarding data protection?
  • Whether it’s the C-suite, management board or supervisory board, what information about these parties is publicly available? Are there active investigations (internal or external)? How high are the contractual risks? Are there red flags pointing towards fraud?
  • Are RMSs, CMSs and ICSs already in place? Are they compliant with capital market requirements?
  • How mature are the CMSs? Does the company exhibit any compliance risks or non-compliance?
  • What’s the regulatory position of the transaction? Do any new national or international (EU) laws apply?
  • How can due diligence be done smoothly and thoroughly? What position is the company in when it comes to cybersecurity? Have they been the victim of a cybersecurity incident (e.g., data breach)?
  • Once the transaction has gone through, how can onboarding and integration for processes and data/governance systems be managed? As a client, how can I ensure the necessary degree of homogeneity? Which tools could be useful to achieve homogeneity? 
  • Conversely, which data, processes and systems should remain separate? How can data be segregated in a carve-out? Are there any new cyber risks or specific dangers that I need to know about and mitigate?
  • Did the due diligence process find any evidence that would justify a more detailed analysis in the post-deal review?
  • In this complex and volatile world, how can we anchor and enforce secure, rule-based processes during the transaction lifecycle?
  • And to take things one step further, how ready is your corporate governance system for divestment?

Our interdisciplinary Risk & Regulatory and deals experts are here to help you answer such questions and many more transaction-related issues from a strategic perspective.

“Identifying cyber risks is hugely important in deals. In today’s interconnected world, undetected weaknesses in company IT systems can severely impact the success of an acquisition, merger or takeover. And that’s not the only reason why a proactive approach to cybersecurity is needed: it’s also necessary in order to prevent unexpected cyberattacks or sanctions from threatening the deal.”

Jörg Asma,Partner at PwC Germany
Selected R&R services along the Deals Lifecycle

“Effective corporate governance and management systems are key to any IPO – the markets require them, and they create the transparency and trust that investors need to be sure that they are making resilient, future-proof investments.”

Carsten Hasemeier,Director at PwC Germany
Follow us

Contact us

Arndt Engelmann

Arndt Engelmann

Partner, Risk & Regulatory, PwC Germany

Tel: +49 151 14806264

Jörg Asma

Jörg Asma

Partner, Cyber Security & Privacy, PwC Germany

Tel: +49 221 2084-103

Carsten Hasemeier

Carsten Hasemeier

Director, Risk Consulting, PwC Germany