Due Diligence, Ethics, and Compliance Considerations for Dealmakers

In recent years, the US Department of Justice (DOJ) and US Securities & Exchange Commission (SEC) have further defined their anti-corruption due diligence and disclosure expectations of acquiring companies pre- and post-acquisition. Notwithstanding the government’s efforts to clarify expectations and promote greater transparency, acquiring companies remain at risk of inheriting liability as successors (or joint venture partners) and may face enforcement actions should they not swiftly discover and stop any misconduct from continuing post-acquisition. In other words, what you don’t know can at times hurt you, but the risk of pain significantly increases when you do know but don’t take steps to fix the inherited problems.

With more preparation and a deeper understanding of how an acquisition target operates, companies can work towards implementing ethics and compliance programs with appropriate risk assessments and comprehensive mitigation plans to address potential risk factors—from anti-corruption and sanctions to privacy and security—before the ink on the deal paperwork dries.

Regulator Expectations Around Anticorruption Due Diligence

Focusing specifically on successor liability in the Foreign Corrupt Practices Act (FCPA) context, the FCPA Resource Guide’s Second Edition, issued by DOJ and SEC in 2020, recognizes the potential benefits of corporate mergers and acquisitions especially where the acquiring company has an existing and robust compliance program and works to implement it at the merged entity as soon as practicable. DOJ and SEC espouse several benefits they view as flowing to companies that conduct preacquisition due diligence and improve compliance programs and internal controls after acquisition, including the following:

• Enabling a more accurate value of the target (i.e., if sales contracts were won through bribes, then assume a decrease in the value)
• Reducing the risk of continued bribes at the target
• Allowing the parties to negotiate who bears the responsibility for any investigation and/or remediation efforts
• Demonstrating a true commitment to discovering and preventing further FCPA violations

However, risks remain where less than comprehensive due diligence takes place whether by design or by virtue of real barriers. The FCPA corporate enforcement policy , which sets forth the benefits of and expectations surrounding voluntary self-disclosure of potential misconduct, also was updated in recent years to make clear that the same benefits apply in the mergers and acquisitions (M&A) context. Specifically, where an acquiring company uncovers misconduct through thorough and timely due diligence or—where appropriate—through post-acquisition efforts and decides to voluntarily self disclose such misconduct to the government, cooperating fully and appropriately remediating, will be afforded a presumption of a declination with disgorgement of any ill-gotten gains resulting from the misconduct.

Key Considerations

• History shows that DOJ and SEC will not overlook post-acquisition violations simply because the practice that led to the violations was established prior to the acquisition.
• For non-US targets, acquisitions do not create FCPA liability for prior violations where the United States previously lacked jurisdiction (DOJ Opinion Procedure Release No. 14-02).
• Post-acquisition violations are typically not covered by DOJ’s Corporate Enforcement Policy Regarding M&A Due Diligence and Remediation.

Practicalities of Due Diligence and Integration

An effective compliance program includes pre-close due diligence and post-close acquisition risk assessment and integration activities to identify any issues and implement controls to detect and prevent similar issues in the future.

To ensure at least some degree of success, a company’s compliance program must be “adequately resourced and empowered to function effectively” (A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition). This includes the program’s ability to:

• Access relevant sources of data in a timely manner, including policies and training practices
• Integrate the acquired operations into its compliance structures and controls
• Leverage hotline reporting and investigative processes as part of follow-up and remediation

Pre-Close Due Diligence

To start, ethics and compliance officers must work with the acquisition target to determine the following key factors:

• Current controls: Are there already ethics and compliance and anticorruption measures in place? For instance, is there a code of conduct, an anti-corruption policy, a gifts and entertainment process, adequate training, a helpline available for reporting, and established investigations processes?
• High-risk touchpoints: Does the target have government clients, use intermediaries in pursuit of public sector business, or maintain operations in risky markets?
• Transaction testing: Has high-level transaction testing identified any significant red flags, such as spending on gifts and entertainment, charitable or political contributions, and sponsorships?
• Third parties: Which third parties does the target use? Have those relationships gone through due diligence? Does the target have contracts with those third parties? Are there adequate contractual provisions in those contracts, especially as they relate to high-risk third parties?

As day one imminently approaches, integration should be a prime focus. To encourage a timely integration process:

• Ensure that senior management sets the tone around ethics and compliance with the newly acquired company’s employees by highlighting the importance of acting ethically as well as the organization’s relevant resources and procedures, from corporate policies to the company’s commitment to nonretaliation.
• Establish and assign training, not just on the code of conduct but on anticorruption, especially for high-risk employees.
• Overcommunicate. While it’s critical to communicate with new employees from the start, communication is equally important throughout and following the integration process.

Important Takeaways

• Ensure the ethics and compliance team has a seat at the table in M&A.
• Have a plan and execute against it in a timely manner.
• Be ready to disclose any violations to DOJ and SEC, if you need to.
• Do not limit your due diligence to anticorruption risks. There are myriad other risks that could create significant legal, reputation or operational risk for the company that similarly ought to be identified and mitigated throughout integration.

If you are interested in Expectations and Practicalities of Anti-Corruption Due Diligence through Ethics & Compliance Integration, as part of our Morgan Lewis Global Public Company Academy, we invite you to subscribe to Morgan Lewis publications to receive updates on trends, legal developments, and other relevant areas.