TheSecurityAnalyst

I am gratified by the encouragement and response from the thousands of unique visitors to the site, TheSecurityAnalyst.com since I started it in May.  We also appreciate being picked up by Seeking Alpha at the end of June, which multiplied the readership.  I would note that since our last blog, two items of interest have popped up for investors who have been reading our missives:  (1) Brinks has announced the it will host its Q2 conference call on Thursday, July 31, at 11:00 a.m. (ET) to review second-quarter results – with keen interest focused on the pending spin-off of Brinks Home Security, and (2) the announcement by L-1 Identity Solutions on July 22 that its combination of Passport Card and U.S. Border Crossing card prime contracts had virtually doubled in value since the original announcement in March — to $239 million over five years—underlies our contention that U.S. driver license and border card programs are going to consolidate more rapidly and grow much larger than observers are expecting.

 

So with all these events developing, it with great anticipation that I announce, that as of tomorrow, I will be coming on as a managing director at Imperial Capital, a leading investment bank in the security industry.  This anticipation comes from joining a firm with such smart people, which has been so highly successful in the niches on which it has focused — one of them being the security industry.  Perhaps the one regret is in announcing that as of now, there will be no further contributions by me to this web site –TheSecurityAnalyst.com.  However, it is the intention that my current blogging can eventually continue at Imperial, as readers of TheSecurityAnalyst.com will be redirected to a special subsection of the Imperial Capital website, which will contain industry information and comments that are reviewed and approved by Imperial’s Compliance Group.  So wait and watch for the date – I will still be out there providing fodder for users of information and those thinking about the security industry.  I also look forward to working with all my new colleagues at Imperial.

 

Imperial’s New York office telephone number is 212-490-0004, and its Los Angeles headquarters number is 310-246-3700.  Their website is www.imperialcapital.com.

 

Thank you all,

Jeff Kessler

 

 

 

 

 

 

 

 

 

I am gratified by the encouragement and response from the several thousand unique visitors to the site TheSecurityAnalyst.com since I started it in May.  Since being picked up by Seeking Alpha at the end of June, I have been swamped with requests for a listing of the earlier blogs on the industry that are not currently on the website.  So here is the complete listing of our blogs in reverse chronological order.

 

07/02 – In An Economic Slowdown, Government Contracts Become Important for the Security Industry.  Four security companies demonstrating good growth in a bad economy, thanks to strong Government contract flow: FLIR, L-1, ICx Technologies, and China Security & Surveillance.  (Note:  ICx announced today yet another contract for its “Cerberus” surveillance towers, this time its first from the Secure Border Initiative).

 

06/29 – Has Single-Sign On Finally Hit “Prime Time” With Security End Users?  We may be at the inflection point of improved technology and enterprise end user demand for single-sign on solutions as part of the convergence of physical and logical security systems.

 

6/26 – China Security & Surveillance: Go-to-Market and Strategic Leadership in Security in China.  The leading domestic security company in China has developed a huge advantage (no channel conflicts between its manufacturing, installation, integration and monitoring businesses), in the world’s fastest growing security market (independent of the Olympics).

 

6/23 – “REAL ID” Controlled by a Foreign Entity?  Safran S.A. Bids Against L-1 for Digimarc’s ID Business.  With all of the hoopla over personal privacy and REAL ID, we just thought it a bit odd that an foreign entity, 30% owned by a foreign government would bid against L-1 for Digimarc’s ID (drivers license) business.  Oh well, at minimum they forced a competitor to pay $50 million more.

 

6/18 – Guest Blog: Risk of Critical Failure in Monitored Alarm Industry.  Guest blogger, and long-time monitoring industry consultant Lee Jones emphatically warns against industry laxness regarding false alarms and the looming threat of non-response without verification.  His point:  “The alarm customer and the police, the two most critical segments of the infrastructure, have been abused. We believe the alarm industry is losing the loyalty of both parties. Without the loyalty of the customer and the police, the entire infrastructure as we know it today, could collapse. “

 

 

6/15-6/16 –  Do Not Ignore L-1 Identity Solutions As the ID Market Grows.  The identification market (along with biometric technologies) is now sprinting in its growth and here is the undisputed market leader – like it or not.

 

6/12 – Stanley-Sonitrol: Strategically Smart, But with Franchisee Relationships to Fix.  Stanley Works is becoming a legitimate security systems integration threat to the likes of Siemens, ADT, and Securitas Systems (recently renamed Niscayah), with its acquisitions of HSM Security and now, Sonitrol Management (the leading brand for verified, quick response by police).  However, Stanley has also acquired some very frayed relationships with Sonitrol’s significant franchisee system, which will have to be fixed.

 

6/10 – ADT’s Growth Strategy Unveils its Underestimated Integration Business.  ADT now comprises the largest single entity of any of Tyco International’s revenues and over half of its EBITDA.  We think Wall Street analysts are missing a key development underlying ADT – its already well-regarded and now growing systems integration business.

 

6/4 – BHS Steady State Cash Flow Still High, per SEC Filings.  As a follow-up to our June 2 blog, with the SEC filing by Brinks Home Security on its proposed spin out from Brinks, several investors asked us to recalculate the 2007 steady state free cash flow of the company (SSCF being the most important metric besides attrition).  Taking on its own corporate overhead, BHS SSCD for 2007 falls to 178.5 million (36.8% margin) from our previous estimate of $191.3 million (39.5%).  However, that is still way above the margin of any other public monitoring company and virtually the highest of any public or private company.

 

6/2 – Sonitrol: Can the Vaunted Franchise System & Brand Hold Together?  With rumors in the industry that the Sonitrol business was close to being sold by its private equity owners, we issued a warning to any buyer of this verified alarm leader:  Fix the relationship with the franchisees.

 

6/2 – Brinks Home Security:  A Brief Look at “The Surprises.”  On May 30, BHS filed a “Form 10” with the SEC, representing its preliminary pro forma financials as well as its ongoing relationship with Brinks Inc.  Along with the financial pro forma’s, there are two “surprise” issues which popped up in the filing (you have to dig to find them):  (a) the loss by BHS of its “Brinks” brand in three years and (b) the royalties that BHS has been paying to Brinks – over $30 million in 2007 — which were formerly not reported (or at least never seen by me).  The ongoing royalty payments fall dramatically, however.

 

5/13 – Somebody Needed to Love Protection One.  Protection One has a great management that has fixed a disaster and stabilized the company, the third largest monitoring business in the U.S.   However, a thinly traded stock, lack of growth and a balance sheet that won’t allow a lot of acquisitions has investors snoozing on this name.  We still think investors may be asleep at the switch on this one.

 

5/13 – Video Standards That May Finally Mean Something.  On May 12, a consortium of Axis Communications, Sony and privately-held Bosch – three of the leading names in video surveillance, formed a group aimed at developing a standard for the interface of network video products. Currently, while there are video compression standards (MPEG-4, and the new H.260), there is no global standard defining how network video products such as cameras, video encoders and video management systems should communicate with each other.  Note: This blog actually generated a lot of comments around why it has even taken this long for open systems to emerge in video, along with skepticism that proprietary video systems (which are maybe good for individual companies, but bad for overall industry growth), can be “overcome” any time soon.

 

5/13 – FLIR Systems and Axis AB:  A Tale of Two Video Technology Companies.  Axis Communications (Axis AB, based in Lund, Sweden) and U.S. based FLIR Systems are the two leading companies in their respective technological niches in the $7 billion video surveillance industry.  Axis is the leading provider of IP network video cameras, while FLIR is the leading provider of infrared cameras for surveillance and thermographic (temperature control) use.  Unfortunately, for Axis, a couple of its key commercial markets are slowing due to the economy – and hurting its stock.  Fortunately for FLIR, its Government business is booming, as is the rapid expansion of infrared in non-military use – helping its stock.  We like both companies; investors will have to talk to their analysts to make their own timing choices.

 

The writer current holds positions in L-1 Identity Solutions, ICx Technologies, and is considering a position in China Security & Surveillance.

It is ironic that we have been writing for years that Government contracts are very important for the security industry, but ultimately most of them –even the largest – should mostly serve as beta-tests and reference sites for what should be a much larger industrial/commercial and institutional market.  Over the long term we believe commercial/industrial contracts are steadier and involve greater recurring revenues.  But, of course, during economic slowdowns it might just be a big help to depend on those Government contracts.  Some of the companies we have written up in our blog are doing just that – accelerating their Government business.  Whether it is the slow, but inexorable movement to improve identity management here, or protect sensitive domestic installations and ports, or to protect troops in the war theater, the companies that are winning these contracts (especially those smaller companies winning subcontracts and branding themselves in the process) are actually doing quite well in a bad economic environment.

 

Below we detail four security companies in the security industry, three on which we have written blogs, and one which we covered in a “past life,” which are likely to at least meet, and possibly beat estimates or management guidance, simply because their Government  contract momentum is so strong.

 

FLIR Systems.  The first, and perhaps most obvious beneficiary to Government contracts in the security industry this year is FLIR (see “FLIR and Axis AB: A Tale of Two Video Technology Companies,” published May 13).  Although our long-term investment case on FLIR is built on lower sensor costs accelerating demand in commercial, security, and civilian markets, it is military orders that have driven the stock up (37% year-to-date), and analysts’ estimates with them.  Indeed, one might speak of an avalanche of military orders, eight since late May, including the largest, a $358 million revision to an IDIQ (indefinite delivery indefinite quantity) order for the U.S. Army.  The orders range from infrared cameras on military vehicles, Coast Guard helicopters, surveillance airplanes in Colombia, medium-range thermal binoculars, and sensors to go on sensor-studded 8-10 story towers that the Army wants to have in Iraq and Afghanistan to protect each company of soldiers.  Those orders are part a two-year, $1.5 billion program called Base Expeditionary Targeting and Surveillance Sensors-Combined (BETSS-C).  FLIR’s current consensus estimates are $1.27 in 2008 and $1.46 in 2009, but that consensus is rising even as we write this blog.  The only questions for FLIR are what is the proper P/E on 2009 estimates, and are those estimates taking into account the tough growth comparisons they will now face for 2008.  For analysts, there is always something to gripe about.

 

ICx Technologies.  Another beneficiary of the BETSS-C program is ICx Technologies (ICXT), a company which we have covered in the past, but only now are writing the first blog, has also just won a series of new contracts.  ICx, though small (consensus estimates are $180 million for 2008), has nevertheless become the leading independent provider of small explosive/radiological/biological detection equipment, radar and infrared surveillance technologies, and “integrated solutions” combining the above.  ICx’ announced on July 1, that it had won a $14 million contract under BETSS-C for its “Cerberus” surveillance towers on which the sensor technologies from other companies (like FLIR) will be mounted.  Given the size of BETSS-C, we doubt this is the last order we will hear regarding ICx and FLIR.  However, ICx is also far more than its towers – indeed most of the attention from the investment community centers around its “Fido” handheld explosives detection devices, including its unique patented ability to detected hydrogen peroxide—based liquid explosive, where in May it won a $5 million contract from the military (Robotics System Joint Program Office). Nevertheless, ICx has just shocked at lot of folks when its Solutions division also won a $15.6 million contract at the end of June to manage an “intelligent transportation system: for Orange County, California.  The ICx contract includes installation of a real-time, bus-arrival passenger information system, preliminary design of a signal priority system and signal system enhancements to improve arterial operations.   Analyst consensus for ICx are for revenues of $180 million in 2008, with a GAAP loss of $0.72 per share and breakeven EBITDA.  Consensus estimates for 2008 are for $238 million in revenues, $0.10 per share in earnings, and EBITDA of $33-$35 million.

 

L-1 Identity Solutions.  We have recently written in-depth about L-1 Identity Solutions (ID), the leading provider of identification solutions (“Do Not Ignore L-1 Identity Solutions as the ID Market Grows,” published June 15).  We strongly believe there will be consolidation among several of the long lineup of  U.S. and international identification programs now being implement and that L-1 (with the Digimarc acquisition in hand) will have a major role in many as a subcontractor or as a prime contractor.  Moreover we refuse to believe that the  highly publicized ID programs — PassCard program at the national level and Real ID at the state level — are going to be limited to their current budgets in the $220-$350 million range.  We are convinced there will be far greater dollars spent in these “regional” and “state-by-state” programs than what is budgeted today…  Finally the consolidation of identification programs should affect nearly all domestic initiatives from HSPD 12/24, to PassCard, to Western Hemisphere Travel Initiative, to US-Visit, to TWIC, Real ID, to Sarbanes-Oxley, to HIPAA, and war theater and defense identification.  We also believe there will be consolidation of Gulf States national identity programs, Latin American voting and ID programs, and even to Indian tax card and ID programs.  To get to the heart of the matter, we believe that both the “updated” drivers license and military identification programs are going to have a positive effect on L-1’s results in 2008.  Indeed, the company announced on June 27, a $5 million contract delivery for its HIIDE (Handheld Interagency Identity Detection Equipment), the company’s well regarded multi-modal biometric (iris-face-finger) handheld ID unit (customer not announced, but we assume it is the U.S. military), which we also assume will have follow-on orders.  Company management has guided to $670 million of revenue in 2008 (all numbers are pro forma, assuming the acquisition of Digimarc on January 1, 2008), EBITDA of $110 million, and a backlog of $1 billion.  Most recent analyst consensus GAAP estimates are for $0.15 in 2008 and $0.35 in 2009.

 

China Security & Surveillance.  Finally, we would again mention China Security & Surveillance (CSR) as a perfect example of a company where Government programs are driving revenues, even within a country that is trying to slow its economy down (“China Security & Surveillance: Go-to-Market and Strategic Leadership in Security in China,” published June 26.)  Although over half of the company’s revenues are in the commercial sector and subject to a planned slowdown in China, the percentage of growth from Government programs is growing rapidly.  While the company has won large contracts in the cities of Yinchaun, Jining and Qungzhou City, our sources believe there will be a series of $10+ million-sized contracts coming over the course of 2008 into 2009 which will be more typical of the types of contracts to be won.  The company just won its first two projects in Beijing, and we believe that government projects, once scaled up and proven out will lead to more commercial projects as well.

 

The author has a position in L-1 Identity Solutions and ICx Technologies, and is considering taking a position in China Security & Surveillance.

We’d like to thank our special “guest” assistant and end user sources for help on this blog.

 

SSO Becoming a Key Security Convergence Component.  With chief security officers at enterprises finding that physical security and IT infrastructure becoming more and more complex and harder for individual departments to manage, so-called “Single-sign On” (SSO) has become a hot topic in the IT world, leaking out to the physical world, as well.  Just like video analytics, SSO is not a new notion, nor has it been immune like video analytics from hype and subsequent end user disappointment.  However, the growth of SSO use among end users who accept what it can and cannot do, (similar to the growth of video analytics),  based on more realistic notions of what it can an cannot do, has created a much more accepting user community for the technology.  This is an important take-away as we begin to look at the market, the companies providing SSO solutions, and the possibility of who might want to team up with, or even acquire the better SSO providers.  We would reiterate, while we don’t ultimately view SSO as a “industry” unto itself, we see it as one of the very key components for end users in the move toward convergence between physical and logical security.

Compliance, Efficiency, Security and Total Cost of Ownership.  Not only can single-sign on help an organization in regulatory compliance (i.e., HIPAA and SOX) but it can also lower the total cost of ownership (TCO) of the security systems infrastructure being considered for upgrade or new installation.  For those that are just getting up to speed on this, SSO is a method of authentication which allows a user at the enterprise to log on to the security infrastructure once (primarily IT today, but becoming increasingly converged with physical systems) and gain access to multiple security systems without being prompted multiple times to “log on.”  By logging into the infrastructure once, the individual systems can take the infrastructure authentication and automatically apply it to their own individual authentication systems.

SSO environment can benefit a CSO along with their IT and physical security departments in many ways.  It can limit the complexity of the user provisioning process, if user information is stored in a single central area.  IT Departments will have more time to focus on pressing and high risk issues – for inst, as having an SSO can limit the number of help desk calls. (User: “Hello, I’ve forgotten my password to XYZ application”). This in turn can reduce IT costs. Additionally, (which is everyone’s favorite benefit) having an SSO will significantly decrease the amount of passwords a user is required to remember.

 

More benefits to SSO include Compliance Reporting – If all user data is in a central place, I can get a single report from the SSO environment rather than having to get one from each individual application.  This, in turn, reduces end-user time as they don’t need to log on every time.

 

Another important aspect of SSO is the “push” it gives to the convergence of logical and physical security environments.  Many SSO software packages allow for physical and logical security to work seamlessly together.  When a user’s access is terminated in the SSO environment, their physical access card can be automatically disabled, as well.

 

The ROI Issue. A recent end-user study by Spire Security LLC, found that SSO generated ROI by (1) substantial reduced costs and improved efficiencies on existing accounts, (2) reduced costs on new and departing employee account management.

The Hurdles that Have Prevented Major SSO installations up until now. 

So why hasn’t an obvious benefit to convergence been implemented en masse up until now?  The biggest and most obvious bugaboo for SSO is security.  Primary among them is authentication.  SSO environments must incorporate some sort of strong authentication mechanism. Without strong authentication mechanisms, risk of a security breach might be increased exponentially. For instance, if strong password settings are not established in the SSO system, a ‘hacker’ who discovers the IT administrator password could possible have a ‘key to the kingdom” and gain high-level access to not just the security system, but theoretically nearly all of IT systems.  This is why from a CSO’s point of view, reference-site based proof of strong authentication is so important. By implementing authentication mechanisms, such as smart cards, RSA key fobs, and biometrics, these risks to giving up the “keys” can be minimized.  The mechanisms for doing this are beyond the scope of this blog, but are certainly available from numerous consultants, ranging from individual practitioners like Steve Hunt to giant consultants, like KPMG.

One of the responses to the “keys to the kingdom” argument has been that SSO providers also provide much stronger password protection protocols, including eliminating common password selections, and various means to permanently prevent users from writing down passwords.  The mere fact that end users can focus on one password, one sign on , can eliminate the common passwords and ID’s that come from user-password overload.

Complexity.  In addition to the risks – and partially because of them, SSO environments are becoming increasingly complex and complicated to set up.  Typically organizations do not have a homogeneous IT infrastructure, and probably and even more piecemeal physical security infrastructure.  My former organization is a true leader in attempting to integrate logical and physical security, and yet that is a task that is far from completed.  An organization may employ multiple applications, on multiple types of environments with multiple security settings and parameters for both physical and logical security.  We have found in talking to end users that too many IT departments still treat each of these environments as silos and may lack the understanding on how to incorporate authentication technology between them – and this is before even tackling the physical/logical convergence issue.

Conclusion:  Despite the continued challenges of complexity and security facing end users implementing single sign-on, we believe we are now at a level of maturity, integration, and end user acceptance that we have not seen before.  We think after hearing about it for a decade, and watching large numbers of venture and private equity investors waiting (…and waiting) for returns on their investment, the time for this segment appears to be arriving.  We would not be surprised to see a wave of joint ventures and industry consolidation.

Here is a short list of companies that offer SSO, along with their leading investors:

 

Private Companies and their Major Investors:

Imprivata: (SAP Ventures, Polaris Venture Partners, Highland Capital Partners

Sentillion: (HealthCare Specific): Merrill Lynch Investors, Dresdner Kleinwort Capital,

            First Consulting Group, Intersouth Partners, Newbury Ventures

Passlogix: Hanseatic Corp., Union Square Ventures

Enterasys: Gores Group LLC, Tennenbaum Capital Partners

Courion: Questmark Partners, Riggs Capital, JMI Equity

Shibboleth: Internet2 Middleware Initiative, under the National Science Foundation

MetaPass: Sunnyvale, CA

Atlassian : Sydney, Australia

 

Public Company:

ActivIdentity (ACTI)

 

Divisions of Larger Public Companies:

Microsoft (Identity and Access Management Series)

CA (Identity & Access Management Solution)

Hitachi ID Systems

Novell

Oracle

SAP

Note:  Our blog below on China Security & Surveillance may appeal to a more limited audience than our previous blogs on monitoring and identification.  For those of you on our new, expanded list, please look at these other blogs as well before indicating that you want to be taken off the distribution list entirely.

On the heels of a follow-up report by the Security Industry Association (which very conservatively projects Chinese security industry spending by 30% to $11 billion in 2008, we have contacted three independent sources just back from viewing Chinese commercial and government security installations to check just which companies appear to lead the Chinese market. Our sources remind us that the government-sponsored China Public Security Guide estimates the 2008 market at over $26 billion – bigger than the SIA study, but to us clearly less independent.  Our sources are convinced that China Security & Surveillance (CSR:NYSE) has major advantages in the mid-sized China security surveillance market and should be a company to watch closely.

We have done background work on a number of Chinese security companies. While we find two of the companies, a leader in fire systems and the other, a leader in geospatial surveillance software, interesting in their own right, they are both much smaller than our focus in this blog – China Surveillance & Security (CSR) – China’s leading domestic security surveillance company, and our Chinese researches reiterate that this is the company to watch.

With management guided revenues of $380 million in 2008, CSR is more than the leading homegrown security company in China – it has go-to-market advantages that are not appreciated by non-security analysts who are looking only at the stock valuation, or only at the financials. The company has won numerous contracts in China’s growing “Safe Cities” program (video surveillance of dome 600-plus cities), and its contracts are growing in size, having moved from the sub-million size to the multi-million size just within the last year. While the company has won huge contracts in the cities of Jining and Qungzhou City, our sources believe there will be a series of $10+ million-sized contracts coming over the course of 2008 into 2009 which will be more typical of the types of contracts to be won.. The company just won its first two projects in Beijing, and we believe that government projects, once scaled up and proven out will lead to more commercial projects as well. We would note that commercial security still constitutes over 50% of revenues.

Finally, just so everyone understands, CSR is already the (a) largest indigenous systems integrator in China – we note another five very small companies as competitors, (b) largest security product manufacturer in China – we note one significant Chinese video technology manufacturer as a competitor, and (c) largest non-government monitoring company in China (even though this last revenue category is barely at the double-digit million level at this point, but with literally no other private competitors). This would be like combining Siemens Building Technologies on the integration front, with Honeywell on the equipment front with ADT on the monitoring front in one company operating exclusively in one country. It could never happen in the U.S. or Europe, because the service and monitoring companies would never buy from Honeywell, and the equipment companies would never sell to Siemens and ADT, because of channel conflicts. However, it can, AND IS, happening right now in China via CSR.

So, what do prospective competitors in China, and public investors in CSR’s stock have to wrestle with?

Pluses:

• CSR has created a unique company in the security industry, no other security company we know of controls its manufacturing, distribution, installation & integration, and finally, its monitoring business. China’s lack of an existing security channel infrastructure has allowed CSR to create such a business.
• The Chinese security industry is not being driven primarily by the Olympics, even though it is a real factor. The industry is being driven by a Five-Year plan that intends to provide video surveillance and monitoring to the 600 largest cities in China (“The Safe Cities” project), and State Ordinance 458 to rid gambling, bar and karaoke establishment of “unsavory” business practices. The Olympics are coincident with the Five-Year plan, not a substitute for any of these security programs. Indeed, even as many businesses in China slow down to accommodate dislocations caused by the Olympics, our sources have come back saying the government-sponsored security projects are showing absolutely no deceleration.
• The company has the potential to become the major integrator, with major long-term monitoring contracts, favored by investors. The equipment brands CSR has bought have generally been the brands most consistently spec’d by its commercial and government customers. As time goes on and the company builds its REAL brand around installation, integration and monitoring, the equipment brands can be almost seen as a separate company one day, or even spun out.
• Our sources tell us that the company is becoming very successful in becoming the security installation and equipment brand of choice in mid-size Chinese cities for both commercial and government end users. CSR is also well ahead of any domestic competitors in forming joint ventures and partnerships with Asian companies outside of China.
• Although companies like Honeywell, IBM and Siemens and General Electric are the primary participants in the Olympics (and for the very largest Safe City installations), we believe that for to maintain share in China, particularly as the middle government and commercial market grows (according the SIA report), they are going to have to increasingly deal with CSR and its widening regional partnerships and advantageous go-to-market position.

Minuses:

• The company is not covered by major investment banks in the U.S. (BNP Paribas just initiated coverage), which has allowed traders to take advantage of volatility in the stock. Some of this volatility emanates from negative reports written by the successor to the old CIFRA organization which did not like the way the company recognized revenues, nor recognized pro forma earnings in place of more conservative reporting. While the company management has slowly learned what investors accept and don’t accept in reporting numbers, we also believe that the company’s position in China in winning new contracts with increasing long-term contractual cash flows will make this negative arguments irrelevant.
• The company’s corporate management needs to beef up. Mr. Guoshan Tu, Chairman and CEO, is a highly successful entrepreneur and was prescient in setting up over 40 distribution points around China for the integration business – before selling any product. He is clearly very market savvy, but lacks a pedigree in security. Terence Yap, who has assumed the role of vice chairman and chief financial officer, appears to be working 28 hours per day, and probably needs more personnel in the financial side so he can concentrate more on operations.
• The company must integrate its brand among the many equipment acquisitions it has made, but do it in a way that evolves the brands into CSR without worker or end user frictions. One of the key elements in doing this is the creation of an major manufacturing campus near Shenzhen, where most of the product company employees will work. This site is key to integrating cultures and personnel and brands. So far, the final papers have not been signed for this site, although our spies from China tell us there is already activity there. Nevertheless, the campus was announced nearly a year ago and the delays in finalizing the moves of the product companies is frustrating.
• The company needs to somehow refinance or rid itself of two convertible debt issues totaling some $110 million, whose conversion features are great for the private equity paper holders, but onerous for the company. These converts were issued when the company was much smaller, seeking growth, and someone stepped up with capital. However, for this size company, it becomes very expensive and dilutive capital – the GAAP accounting for the issues is impossibly harsh — (not to speak of the hedging/shorting that goes along with the issue) and management should find a way to unburden itself of these issues, without blowing up the balance sheet. Free cash flow was positive for the first time in 2007, but at $18 million did not overcome the $82 million used to acquire companies. The company will have to improve its free cash flow in 2008.

Conclusion:

While we cannot comment on the stock and price targets, clearly we believe this is a company security industry and investment industry professionals should be watching. With the above pluses and minus, we would reiterate that China Security & Surveillance is the only security company that we know of that has no legacy channel conflicts and can manufacture, install, integrate, distribute and monitor security equipment and systems on its own to a very large market. That in and of itself is neither good nor bad, however a combination of qualities has convinced us that CSR has enormous advantages over local competition and has a potentially lucrative future. With consensus estimates (we would include the dilution from two convertible debt issues) at about $1.00-$1.05 for 2008 (an estimated P/E of about 14x), and with estimated EBITDA for 2008 at $65-$70 (EV/EBITDA of less than 10x), I believe these are reasonable valuations relative to the balance of pluses and minuses we tote up on this Chinese industry leader.

In one of the more bazaar moves we have seen, Digimarc has announced that it has received an unsolicited offer of $300 million in cash for its ID Systems division from Safran S.A., (the French parent of Sagem).  This tops a bid by L-1 Identity Solutions for $250 million, about half cash, half stock, in a transaction that was expected to close soon.  But, why is Safran S.A. (Paris:SAF) even bothering to make this bid for the ID Systems business of Digimarc (with nearly $100 million of revenues)?  With all of the grumbling about L-1 (or anyone, for that matter) controlling the information on “biometric” drivers licenses, and all of the current political fallout going on regarding the REAL ID program (based on Federal guidelines for information, authentication, and interoperability), it would seem insane to me for a foreign company to try to take over a company that will be involved in identifying U.S. citizens.  

 

Better yet, Safran is 30% owned by the French Government.  Won’t it be interesting for the Digimarc board of directors if someone were to poll the 30 states serviced by Digimarc — asking them how they felt about a foreign entity processing their drivers licenses, especially with the REAL ID program slowly, but inexorably making its way on to the scene?  If REAL ID is controversial now, is it even viable under this scenario?

 

While we can see some strategic reasons Safran might have for acquiring Digimarc’s ID business (diversifying beyond AFIS, building an international ID card business), the relative strategic benefit is far, far greater for L-1, in our opinion.   So is this bid by Safran just to just to make L-1 sweat and pay more, to sap its cash reserves so Safran can go after another target and NOT have L-1 as a competitor?  Is it because Safran believes that “money talks, nobody walks” and that a big cash offer at a premium will convince the Digimarc board to sell to them, take their money and run, and then leave all the inevitable political firestorm to Safran?   Anyone with a computer and the ability to receive “Google Alerts” can see the resistance by a vocal minority of state legislatures to REAL ID (granted, we believe that much of that opposition is related to money and not pure principle over privacy), and by individual groups over any one entity controlling personal privacy information.  If one thinks all of the articles screaming how “terrible” the REAL ID program is to privacy, or about how too much personal information is going to be on a drivers license (i.e., the “de facto National ID card”), think of what happens if under the threat of Safran S.A. manufacturing and servicing those cards.  All of a sudden, L-1 becomes a patriotic symbol and Bob LaPenta a hero, whether intended or not.

 

I don’t know if there are any “U.S.” only rules surrounding states’ drivers licenses and REAL ID, but I have to assume that a foreign entity owning the Digimarc ID business will create huge problems with some in the government, in the press (what happens if Lou Dobbs gets his hands on this?), and with special interest groups — even if Safran promises that all manufacturing and production in the U.s. will be done solely by its U.S. subsidiaries.  While I am not the biggest fan of one company (L-1) controlling 90% of the drivers license production, I certainly don’t see the rationale behind this bid by Safran. 

 

What does this all mean for L-1, which we profiled in a June 16 blog?  Yes, we believe that L-1 can muster the cash resources to fend off this bid.  And yes, we believe that L-1 is by far the best positioned company strategically to understand and integrate Digimarc’s ID Systems business and people, because they play and compete in the same space, and talk the same language when it comes to state drivers licenses.   But unfortunately, we now believe the bigger risk to L-1 is not Safran, but the possibility that another, larger U.S. integrator, noticing this “circus” for the first time, now becomes interested in Digimarc and pays its own “stupid” price (1) simply because it can, and (2) for the sake of its own strategic positioning.

 

Once again, our move to switch our blog “away” from monitoring and back to technology is being delayed by one more article – this time, an article from a distinguished industry guest, Lee Jones.  When I started as an analyst in 1983, I asked who was the most respected consultant in the industry at the time to help me out.  Lee, who still runs Support Services Group, was that person.  He has sent me his new paper on the “Risk of Critical Failure in the Monitored Alarm Industry,” which focuses on his concern around the potential loss of police response and customer loyalty by today’s leading monitoring companies.  These are critical issues facing the industry today and have implications for my blogs on Brinks, ADT and Stanley’s acquisition of Sonitrol.  I know there will be many in the industry and some end users who will disagree with the severity of Lee’s comments (I don’t agree with everything), but the issues he brings up are critical to a wide range of executives, consultants, and investors in the industry.  Below, with permission, we reproduce Lee’s provocative paper in its entirety. 

 

Risk of Critical Failure in Monitored Alarm Industry

For the first time in over 50 years, the participants in monitored alarm security are at risk of “critical failure”. Very similar to the current sub-prime mortgage crises. 

“Critical Failure” occurs when a failure causes other participants to be unable to complete their tasks in the expected manner. 

The weakest link, or the “critical failure” in traditional alarm services, is public police response and customer loyalty. It is going away or already gone. 

The critical failure in monitored alarm security is the customer expectation that “help” will come to the site when the alarm system calls for help (a/k/a burglar alarms or intrusion alarms). Security providers now know that “help” will NOT arrive in a timely manner for most of their paying customers. Millions of alarm users are paying for services not rendered. 

 

The primary participants in an alarm system are:

• alarm user… the customer.
• sales and installation agent.
• monitoring source.
• billing & collection agent.
• contract owner/investor.
• warranty and service provider.
• private response.
• local police. 

All of the listed participants could be coordinated from the same firm that is totally integrated, like ADT, or Brinks, or HMS, or Alarm Detection Systems. Or, because the alarm industry is still highly fragmented, eight or more independent firms could be involved. Some of the participants may not even be aware of each other. All participants are sharing the same $20-40 monthly fee for residential, or $25-100 monthly fee for commercial. Collectively we are an industry of 30 million monitored customers generating over $12 Billion recurring revenue annually… which is now at risk. 

Not unlike the sub-prime mortgage market, alarm customers often cannot identify the participants. For example, (a real customer) had their system installed by Sterling Security, which was sold to Alarm Data, which was sold to Masada Corp, which was sold to Regent Corp, which was sold to InterCap, which was sold to Ameritech, which was sold to Cambridge, which was sold to Tyco/ADT. Most of the buyes had a different monitoring source with different monitoring software, and used a different source for billing and collection. Each of the alarm contract owners had a different set of investors. One of the firms in this chain securitized a big bundle of nameless alarm contracts, just like sub-prime mortgages. Another example is bunch of alarm customers that are within a chain of 10 different owners, ending with ProtectionOne/Quadrangle, which also included securitized

bundles of contracts.  

Here are just three of the risks:

·        A critical part of the basic infrastructure of TPM is the ability to operate seamlessly across hundreds of municipalities. That standardization is going away, or already gone.

·        A critical part of the basic infrastructure of TPM is emergency response to the site when cause of alarm in unknown. That customer expectation is going away, or already gone.

·        A critical part of the basic infrastructure of TPM is that alarm users have absorbed financial responsibility for false alarms. A trend is moving toward the monitoring source, not the alarm user, absorbing that operational and financial responsibility.

 

The customer is paying for a $20-50 service that is outsourced to TPM for $3-8. The noted “risks” have removed most of the operational and financial benefits and resources of TPM. Severe pressure on customer loyalty includes false alarm fees. The $Billions collected by municipalities from alarm users/customers can be translated into a price increase for a reduction of service.

 

The alarm customer and the police, the two most critical segments of the infrastructure, have been brutally abused. We believe the alarm industry is losing the loyalty of both parties. Without the loyalty of the customer and the police, the entire infrastructure as we know it today, could collapse.

 

Without the long term loyalty of our customer, high churn is probable, and the market value of the contract (revenue stream) is at risk.  Without the loyalty of the police (emergency response) high churn is probable and the market value of the contract is at risk. 

 

The consequences to investors includes the specter of a legacy liability for deceptive business practices, or worse, consumer fraud.

 

Perspective of the police. Why they do not like us, nor trust us.  After several decades of street experience and lots of documentation with alarm systems and alarm companies, the public sector has determined that calls from most alarm monitoring sources do not qualify for emergency police response, because nearly 100% are error. Most police departments have already lowered the priority from an “emergency status” to a “courtesy status”, which means the time of arrival could be 20 minutes to several hours, or not at all. Plus, the customer or the monitoring firm could be paying fines or fees for the call. 

 

Many police departments believe traditional monitored alarm systems are already outdated, or obsolete, because site inspections are still necessary to determine IF an emergency exists, not because of an emergency. Nearly all calls from monitoring firms are nuisance calls for site inspections, not emergency calls.

 

We believe the alarm industry is experiencing the Kodak Syndrome. An industry leader, Kodak, spent decades of time and its fortunes defending their core business, rolled film, while outsiders developed the digital photography business. Kodak almost disappeared, however it recovered by adopting change rather than fighting it.

 

Fighting police departments by Alarm Associations has been counter-productive and highly destructive. Thousands of Association Members and their counterparts may have been mislead. For example, fighting against formal verified response simply forced wide scale “de facto verified response”, wherein police priority for calls from alarm companies is lowered to a courtesy site visit, or not at all. Or alternative Zero Tolerance programs are put in motion.  Millions of alarm users are restricted from emergency police response. Alarm Associations have been a major contributor to the deterioration of police loyalty.

 

How does the alarm user get emergency response to their alarm system? 

How does the monitoring source deliver emergency response to their customers? 

How do the police interact with alarm users if alarm systems do not qualify for response?

 

Said differently, how do we restore the loyalty of the police and the customer?

Several suggestions:

• Inform your existing customer of their emergency response status in their community with your service. This disclosure can mitigate deceptive business practices (if no emergency response, or slow response, they need to know it). Seek guidance from your legal counsel.
• compare private response with local public response and offer that alternative to your customer.
• consider updating site and monitoring technologies that will remove the need for site inspections to determine the cause of alarm. The cost of several false alarms could offset the costs of the retrofit.
• consider trading your customer contracts for like contracts in a more favorable jurisdiction.
• reduce the expectations of some customers to a customer “notification” service.
• encourage Alarm Associations to support, not fight, local police departments in their efforts to practice Zero Tolerance for False Alarms, including Verified Response (VR simply provides public disclosure of a silent defacto VR program). Remember, the police do not need us, but we need them.
• develop a business model that will provide end-to-end responsibility for your customer security, without police intervention, unless a 911 type emergency is determined.
• (be creative, do it now) We all know there is a huge long term need for private security all over the globe. If you do not provide it, someone else will, like the Kodak Syndrome.

 

- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -

Lee Jones, founder of Support Services Group, is a 35 year veteran of the alarm security industry. Depth of knowledge evolved from contributing to the problem via operating alarm companies and consulting with industry leaders of all sizes in strategic planning, mergers and acquisitions due diligence, market development. Now committed to the solution, Zero Tolerance For False Alarms. Lee can be reached at 949-361-3300 or leessg@att.net. 

 

 

 

 

Due to technical difficulties, the fifth paragraph of last night’s L-1 blog did not appear in full, missing several sentences (the paragraph immediately after the headline: Consolidation Seems Logical to us Among US Identification Programs).  The blog has now been edited to reflect the additional sentences to the paragraph which explains our views on the consolidation we expect to  see among some of the identification programs now making their way across the American landscape.

Jeff

On June 2, we put out a blog that industry scuttlebutt had the Sonitrol Management Corp. (owned by three private equity firms) being on the block for sale, with Stanley Works having the inside track .  The main point we tried to make was that whoever bought Sonitrol Management would need to deal with a deteriorated franchisor-franchisee relationship – a relationship that has been important to the branding of Sonitrol with responders as THE verification monitoring company (please read our June 2 blog on Sonitrol for full details on the company).  We would reiterate this point to Stanley Works’ Convergent Solutions divisional management — to take note of the generally unhappy franchisee group in Sonitrol.

Transaction Seems Reasonably Priced.

The announced transaction was that Stanley will buy Sonitrol Management for $275 million in cash.  We believe that Stanley could gain yet another highly regarded brand, and complement its installation, and data-intensive HSM monitoring businesses.  $275 million is about 48.2 times the $5.7 million of recurring monthly revenue generated by Sonitrol Management.  But that does not really tell the tale of the tape.  Sonitrol Management receives what we have estimated to be nearly $4.0 million of annual royalties from the franchisees (equaling another $333,000 of very-high margin fees per month), plus over $9 million of products sold by franchisees (which we would value at a much lower multiple).  So let’s just assume for the sake of argument that the products business is worth $25 million and we take it out of the price (maybe we are giving it too much value).  If the above calculation holds, Stanley is paying $250 million for $6.033 of high margin monthly revenue ($5.7 million of RMR, plus $0.33 million of monthly recurring royalties).  That is about 41x RMR and much more reasonable, given that the trading in Sonitrol franchisees has been at 40x or below.

This is Not Your Ordinary Franchise System

So, on the surface, Stanley is getting a premium brand with police (and most end users) for a reasonable price.  However, as we noted in our June 2 blog, anyone who buys Sonitrol must take into account the franchise system, which may be unlike any group we’ve encountered before.   There are Sonitrol franchisees that have only known Sonitrol monitoring and may never sell their businesses.  Given the past difficulty in integrating the Sonitrol audio system with anything else a monitoring did (there are still “special” Sonitrol rooms inside a much broader based monitoring company), many transactions were done solely “within the family” and at multiples that were 10%-30% lower than commensurate RMR valuations – and that was before the more aggressive stance by Sonitrol Management on right of first refusal, as a way for it to grow.  

Most important, no other franchise network that we know of (including businesses outside of security) has developed the near cult-like status that gives Sonitrol franchise meetings as near as a religious camp out.  There are even rifts between those franchisees who are “pure” Sonitrol providers and those who dare to sell other services and products.   

However, since not all is going smoothly in Sonitrol franchisee land these days, a situation which may or may not have been able to be avoided, given the intensity in which some of the franchisees believe in their business.  A lot of the relationship problems began under Sonitrol’s ownership by Tyco and just got worse when three private equity firms bought the business in 2004.  Admittedly, had I been the buyer of the Sonitrol Management Corp., and in private equity, I too would have been focused on cutting costs, trying to build up a national accounts program, and buying up franchisees under right of first refusal.  This would in and of itself create tension, but why am I seeing this level of franchisor-franchisee tension? Again, I don’t know where all the current friction is coming from, but something in the always critical franchisor-franchisee relation is amiss.   Sonitrol cannot become more successful – without a major downward ratchet in size — with franchisees ready to bolt, if the new buyer pushes a centralized policy without repairing these relationships.

Conclusion:  Sonitrol’s new buyer has a great opportunity to build its commercial industrial brand, but first needs to talk to the franchisees, set out a strategic policy that either fully includes them or sets them free.  The current state of affairs is unsustainable.

- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -  – - – - – - – - – - – - – - — – - – - – - – - – - – - – - – - – -

Sonitrol Factoids:  Tyco sold Sonitrol Management Corp. in 2004 for $125.5 million, to a group of private equity investors, including Spire Capital, Carlyle Venture Partners, Wachovia Capital Partners.  At the time of the acquisition, the management company claimed about $85 million in revenues.  Now there is $125 million ($5.7 million in RMR), much of the increase coming from seven acquisitions.  Total system revenues are closer to $225 million and haven’t changed that much over the last five years.  About 45,000 of the 125,000 users are and owned by Sonitrol Management Corp., and the rest by franchisees.   Nevertheless, it is fair to say that Sonitrol Management has become significantly larger and more profitable in the last four years.  There are over 100 direct national sales reps (and increasing number) and over 110 franchise locations (a decreasing number).