No deal yet as talks continue at Insignia

Both bidders have been granted an extra four weeks to finalise deal terms.

“Following requests from both bidders, the exclusivity period in the exclusivity deed agreed with each bidder will be extended by an additional four weeks, on the same terms as the original deed,” Insignia said in an ASX filing.

“The extension is to allow the bidders to finalise debt funding and associated due diligence, and finalisation of scheme implementation deed terms”.

Insignia reaffirmed that there is “no certainty” that either proposal will result in any transaction being put to its shareholders for their consideration.

“Insignia Financial shareholders do not need to take any action in relation to either proposal. Insignia Financial will continue to keep the market informed in accordance with its continuous disclosure obligations,” it said.

Last month, the company announced it had received revised, non-binding, and indicative proposals from both Bain Capital and CC Capital Partners, and was entering into an exclusivity deed with both bidders, having deemed it in the best interests of its shareholders.

The company at the time revealed both bidders had separately and independently submitted increased proposals at a price of $5.00 cash per share, above the $4.60 per share they initially offered.

Earlier this month it was revealed Insignia had suffered a cyber attack on its Expand platform, affecting its superannuation members.

It is understood this was a coordinated cyber attack which also impacted superannuation funds AustralianSuper, Australian Retirement Trust, Hostplus and Rest.

Commenting on the incident, financial services M&A expert, Tony Beaven, told ifa's sister brand Money Management, the incident could potentially have a major impact for any purchaser, both from a financial and reputational risk point of view.

“As a minimum, any potential purchaser would want to understand the extent of the attack and if any parties were impacted financially,” he said.

“Any potential cyber attack, depending on the severity, would need to be reported to the regulator who would want full disclosure on events and the processes and procedures that have been put in place to rectify this, which could include writing out to impacted customers, hence the potential reputational and financial risk depending on the severity of any attack.

“The purchaser would be acutely conscious of the fines regarding cyber security breaches.

“As a minimum they would be looking at enhanced IT security due diligence and would embed any findings as an immediate fix in any contract with an indemnity clause for any issues or compensation as a result of any attack if they went ahead.”