Recently-issued Department of Justice (DOJ) guidance on evaluating effective corporate compliance programs reinforced the importance of due diligence throughout the mergers and acquisitions (M&A) process. This guidance, together with the update to the Foreign Corrupt Practices Act’s (FCPA) Corporate Enforcement Policy, makes it clear that the DOJ views M&A activity as a powerful opportunity to promote corporate compliance. For companies operating under the jurisdiction of the FCPA and UK Bribery Act it is a reminder of the risks that must be addressed when driving growth through M&A.
Under the FCPA, an acquiring corporation may become liable for the transgressions of the target company, even when suspected violations occurred prior to acquisition. Therefore, robust due diligence must be conducted in advance of any deal to identify past FCPA violations or instances of poor compliance controls in the target company. This enables potential fines and costs associated with remediation to be factored into the company valuation, adding a measure of protection for the acquiring organization and its shareholders.
The DOJ guidance states that the effectiveness of a compliance program can be determined through establishing “the extent to which a company subjects its acquisition targets to appropriate scrutiny.” Investigators will also look for evidence that due diligence is an integral part of the M&A process and that any issues that come to light are promptly disclosed, actively managed and resolved within a reasonable time frame.
The DOJ views M&A as an opportunity to promote corporate compliance
An organization with a robust compliance program that acquires a weaker organization is expected to improve compliance with the acquired entity, bringing it up to the required standard.
The Corporate Enforcement Policy update issued by the DOJ in March 2019 confirms that it may decline to prosecute acquiring organizations that “uncover misconduct through thorough and timely due diligence … or through post-acquisition audit or compliance integration efforts,” on condition that such discoveries are voluntarily disclosed and effective compliance programs swiftly implemented.
Voluntary disclosure has proved a major determining factor in the outcome of DOJ investigations, as highlighted by the case of Mondelez. Following its hostile takeover of Cadbury in 2010, Mondelez failed to identify a relationship between Cadbury India and an agent employed to liaise with government officials during post-takeover due diligence. On eventually discovering the relationship, Mondelez conducted an internal investigation but did not inform US authorities. Mondelez, as the acquiring corporation, was ultimately prosecuted for FCPA violations related to due diligence failure and issued with a $13 million fine. This contrasts with similar cases where organizations proved that extensive due diligence had taken place and timely voluntary disclosures made, resulting in a declination to prosecute.
Tools and structure underpin M&A due diligence
Comprehensive due diligence requires robust, independent intelligence from a broad range of trusted and accurate data sources that can be analyzed to ensure that the merger or acquisition does not introduce unknown, unmanaged risk into the organization. This risk could lie in reputational, financial, legal or regulatory issues within the M&A target or the third parties with whom the target organization has relationships.
The complex, interconnected nature of modern corporate entities makes identifying these potential risks a challenge that is compounded by the fact that that the due diligence process itself may come under scrutiny. Structure and strong governance are keys to guaranteeing the integrity of M&A due diligence. The facility to audit and report on activity is also essential to provide the transparency needed to show the DOJ that proper scrutiny has been applied.
Due diligence doesn’t stop once the deal is done
As corporations are expected to bring their acquisitions swiftly up to scratch once the merger or acquisition is resolved, due diligence also needs to address the likelihood that the acquired organization will fully adopt the compliance program.
The acquiring company needs to develop and document a plan for integrating the new entity into its corporate culture and compliance program. It must also demonstrate that the issues identified during initial due diligence are being mitigated and monitored continuously to maintain the overall compliance health of the organization.
The DOJ guidance and corporate enforcement policy updates underline the fact that due diligence is not a check-the-box exercise, but an integral element of an effective corporate compliance program that must be applied rigorously before, during and after mergers and acquisitions. Failure to do so exposes the organization to unacceptable regulatory, financial and reputational risk.