The past five years have seen a flurry of mergers and acquisitions (M&As) in the environmental, health and safety (EHS) and risk management space.
However, the consolidation of this industry is still incomplete. We still see thousands of software providers who offer software and data services to EHS professionals and new players emerge every week!
Many of the recently acquired companies were formed in the 90s or early 2000s by EHS professionals. They saw the potential for software to tackle the challenges of managing an EHS management system in medium and large businesses. As a result, they have grown and established strong positions in the market.
Now, the EHS space is both crowded and mature. To continue to grow further, the industry needs capital to optimize operations, leading to the numerous acquisitions.
Large private equity and publicly traded companies are the primary investors in this industry. A recent Verdantix webinar outlined that over a billion dollars were invested into the EHS software space in just the past two years.
Some of the mergers and acquisitions worth mentioning are:
- Intelex was acquired by a private equity Fund
- Intelex acquired Denver based Ecocion
- Enablon’s was bought by Wolters Kluwer,
- eCompliance was sold to a small private equity group (search fund)
- FieldID’s was bought by Masterlock and then sold to eCompliance
- Enviance’s was bought by a private equity firm,
- ENHESA’s was bought by a Dutch private equity firm,
- Nimonik’s acquired Conformance Check and Envitool,
- KMI’s was acquired by MSDSOnline which rebranded as Velocity and then was sold again in 2017
- Medgate acquired a company and rebranded as Cority
- Notisum was acquired by Karnov
- Resolver GRC’s was acquired also by a private equity group a bit more than four years ago
- BLR’s was acquired by a private equity group and rolled up into Simplify Compliance
- STC bought the regulatory data that was previously managed by AECOM, they sell their data via STP out of Vancouver
- Sphera bought out part of IHS that handled EHS regulatory data
- Red-on-Line’s was acquired by InfoPro some 10 years ago
I am sure I must have missed many other acquisitions, Verdantix covers the space fairly well and their updates are worth subscribing to.
As businessmen and investors take over from software and EHS professionals, it will be interesting to see how the industry will change.
The companies mentioned above and others in the EHS space can be split into two main categories:
- primarily offering software (Intelex, Enablon, eCompliance) and
- primarily offering content (ENHESA, BLR, STP).
A few companies, such as:
- Red-on-Line and
- (to a certain extent) Dakota
offer both content and software.
Integrating content and software is a complex task (requiring a collaboration of software developers and regulatory analysts) and so most of the organizations are continuing to offer just one of the two options.
But as EHS companies are consolidating, customers too are expecting consolidated solutions to reduce the systems they need to manage.
Despite a consolidated solution Nimonik too is receiving more and more inquiries about integration with other platforms as well as to the expansion of its software offerings. Clearly, customer expectations are increasing. This was highlighted by a recent talk in Boston, where they demonstrated that certain functionality that was previously considered premium (i.e. Single Sign-On and Multi-Factor Authentication) is expected to be offered in base packages.
An example of the market trend towards integrated solutions is the mergers of Wolters Kluwer buying Enablon and the merger of KMI and MSDSOnline into Velocity (now Cority).
In addition to the expected advantages of integration, another corporate customer requirement that will create more consolidations is information technology/information system security issues.
Companies outside the EHS space are investing in IT security measures as the awareness around hacking and software vulnerabilities continues to increase. The hacks of Equifax and Sony demonstrated that even the largest companies in the world do not have sufficient IT security measures in place. More and more companies are increasing pressure on their vendors in the entire supply-chain to be ISO 27001 certified. The certification is an evidence of good IT management practices and there are often additional requirements such as full at rest encryption solution and multi-factor authentication. These requirements eliminate many small EHS providers who cannot afford these types of IT security investments.
The market is demanding EHS software and content vendors with technical people to implement and adhere to ISO 27001. Nimonik regularly has to submit its system to external penetration tests and complete questionnaires with hundreds of requirements. Smaller and larger firms that are not tech savvy will struggle to keep up as IT security is a cost in both time, resources and knowledge.
Most of the companies mentioned above, such as Enablon and Cority target the high-end of the market, focusing on large Fortune 500 companies. They can easily pass on the IT costs to their customers. The main challenge to servicing mid and small firms with EHS is that the sales cycle and budgets are not well aligned. If you are selling to a large company with an average annual subscription of over $100 000, an EHS vendor can afford to invest in a sales team, information security experts, technical implementation specialists who can personalize the solution and a six to twelve-month procurement process. The main issue with midsize firms looking for EHS solutions is that they often have similar technical requirements and sales cycles to larger firms, but they do not have the budget. It is hard to make the math work for EHS software sales to small and mid-size firms. That may change in the future, but for now, it remains a struggle.
Most software products have a tremendous economy of scale. That is how the technology companies are so profitable. Once you have built a software, reselling it many times is extremely profitable. However, too many players in a space and especially too many well-financed companies can lead to a price war. The main reason why companies such as Microsoft, Google and Facebook are so profitable is their market dominance, they have near monopolies! Despite consolidation, fragmentation continues to be a big problem in the mid-tier of the EHS space. The high end is consolidated, but you do have competition between 3-5 players with deep pockets.
During the Verdantix webinar mentioned above, it was discussed that the average contract size for the EHS vendors (that Verdantix obtained data from) was $ 150 000, including setup costs. This was significantly down from their previous year’s study, where the average contract size was $250 000. Is this data a blip on the radar and will it return to a high rate or will there be downward pressure on pricing due to competition?
The main challenge in most M&A is the creation of value, the integration of the software and teams and ultimately, continued innovation. It is fairly conclusively proven that few mergers actually create shareholder value and the ones that do, require a merger of similar companies with similar cultures. The wider the gap in product offerings between the merged companies, the harder it is to create value.
With private equity or large companies behind most of these acquisitions, the main concern that users of EHS or Quality management software should consider is how the product lines will evolve in the future given the owner’s priority for return. At some of the acquired companies, we have already seen a purging of senior (read costly) staff and replacing them with lower paid junior staff. This is the exception, not the rule, but ruthlessly cutting costs is a hallmark strategy of private equity run companies. Will this affect the quality of service for these EHS vendors?
In contrast to EHS owner-founder run companies (such as Nimonik, Dakota and a few others), private equity owners tend to be excellent at extracting profits and improving operations of organizations, but where they often fail is in the continued innovation and investment into product lines.
EHS professionals, on the other hand, are often not talented at extracting profits from their customers – be they consulting or software businesses but are focused on providing a quality solution!
I am notoriously bad at predictions – be they political, economic or other. I do not know where the EHS Market is headed, but it is clearly ripe for change and likely moving towards further consolidation.
As a purchaser of EHS solutions, it may be a good idea to incorporate an analysis of the owners, mergers and acquisition plan, and the style of management of the vendors in your procurement process.