A policy update to the DOJ’s rules regarding misconduct discovered during the mergers and acquisition process may give companies a bit more peace of mind about whether they’ll qualify for a declination from the department. But as Lauren E. Briggerman of Miller & Chevalier and Sarah N. Flanagan, Intel’s global director of antitrust, explain, the policy doesn’t necessarily simplify the question of whether to voluntarily self-report said misconduct.
In October, the DOJ announced a new department-wide policy to encourage voluntary self-disclosure of misconduct discovered during due diligence in the merger and acquisition (M&A) process. The M&A safe harbor policy rewards acquiring companies with a presumption of declined prosecution if they voluntarily report and remediate criminal conduct uncovered during due diligence within the safe harbor period, cooperate with DOJ’s investigation and agree to disgorgement and restitution.
While the new policy gives acquiring companies increased certainty about when they may qualify for a DOJ declination, it does not necessarily simplify the decision whether to voluntarily self-report. However, conducting robust and timely due diligence on acquisition targets allows acquiring companies to weigh the costs and benefits of availing themselves of the M&A safe harbor policy and, more broadly, comprehend the potential risks of the acquisition. Below are key takeaways for companies and their risk and compliance officers when conducting M&A due diligence in light of the new policy.
Safe harbor policy overview
DOJ’s new M&A safe harbor policy gives companies the benefit of a consistent DOJ-wide presumption of declination if they meet the following criteria:
- Discover the misconduct in a “bona fide, arm’s-length M&A transaction.”
- Disclose misconduct within six months of closing (whether discovered pre- or post-acquisition).
- Remediate misconduct within one year of closing.
- Cooperate with any DOJ investigation.
- Agree to any restitution and disgorgement.
Deputy Attorney General Lisa O. Monaco noted that reporting and remediation periods will be subject to a fact-specific reasonableness analysis and prosecutors may grant extensions. (Specific timeframes for discovery and remediation are a departure from the DOJ’s prior reluctance to define general requirements to make voluntary self-disclosures “promptly” and “immediately” under the Criminal Division’s Corporate Enforcement Policy.) National security issues or other misconduct involving ongoing or imminent harm, however, must be reported immediately.
The policy is designed to encourage companies to disclose misconduct discovered in due diligence and ensure that companies with effective compliance programs are not discouraged from acquiring companies with less effective programs and a history of misconduct. Aggravating factors at the acquired company will not impede declination for the acquirer, and misconduct disclosed under the policy will not be counted against the acquirer in any future recidivist analysis. The acquired company also may qualify for declination if no aggravating factors exist.
Key considerations for acquiring companies during due diligence
Robust & timely
Given the tight turnaround for acquiring companies to disclose misconduct, it is imperative that they conduct effective due diligence on targets before the deal closes. Due diligence should always be tailored to the risk profile of the target company.
In general, due diligence should focus on uncovering misconduct in at least the following areas: Foreign Corrupt Practices Act (FCPA); export controls and sanctions; antitrust; money laundering; and human rights and forced labor laws. If national security is a relevant risk area for the target company (e.g., certain U.S. government contractors), that should be a particular priority given the expectation of immediate reporting under the policy.
Depending on the scale of the acquisition, due diligence may entail risk assessments, analysis of relevant company documents and interviews with employees of the target company. Given the breadth of potential legal risk areas and the criticality of due diligence under the policy, acquiring companies should staff due diligence teams with the right expertise or, at a minimum, ensure that team has immediate access to deep subject matter experts for legal advice.
The due diligence period in the policy may be challenging in practice, particularly for complex transactions or where there are other obstacles to due diligence. For example, the ability to conduct pre-acquisition due diligence may be limited when acquiring a company with a weak compliance program. And, post-acquisition, six months may be a tight timeline to comprehend complex, undisclosed risks and make disclosure determinations that may involve multiple jurisdictions and enforcers. The policy has raised the stakes on due diligence, underscoring the importance of tailoring plans carefully to the acquired company’s profile and being nimble in adapting due diligence priorities as the transaction progresses and more is learned about the target.
Ignoring Geopolitical Risk During & After Cross-Border M&A Can Destroy Your Valuation in Minutes
FCPA declination illustrates value of mitigating compliance risks
Read moreRemediate effectively and efficiently
The M&A safe harbor policy’s requirement that companies remediate misconduct within one year of closing puts the onus on acquiring companies to stop ongoing misconduct immediately and then implement effective compliance programs with urgency going forward. Remediation steps may include terminating or placing on “garden leave” potentially culpable executives and employees, clawing back compensation in accordance with DOJ’s compensation incentives and clawbacks pilot program and implementing new compliance policies and procedures.
The one-year remediation period may be difficult to achieve when discovery of misconduct continues after the deal closes, as well as if the misconduct is widespread or long-standing. Remediation may include full integration of the target into the acquirer’s compliance program and enterprise resource planning system, which is a complex and time-consuming undertaking even in the absence of misconduct at the acquired company. Overall, the policy’s time constraints should incentivize acquirers to have resources and a strategy in place to finish due diligence and integration as soon as possible after closing, even if they ultimately choose not to self-report.
Weigh the costs and benefits of self-disclosure
Aside from the practical difficulties of conducting due diligence and remediation within the safe harbor periods, companies must thoughtfully consider whether the benefits of voluntary self-disclosure outweigh the risks. The M&A safe harbor policy grants a presumption of a declination to companies that meet its requirements but does not guarantee DOJ immunity, nor does it shield companies from any other enforcer.
Furthermore, the policy imposes potentially burdensome obligations on disclosing companies, even if they timely report and remediate. Disclosing companies must cooperate with DOJ’s investigation by turning over documents and making executives and other employees available for interviews, which can be costly and time-consuming. They also must agree to disgorgement and restitution of the acquired company’s ill-gotten gains, which may be significant if that company reaped substantial profits from the misconduct.
Finally, while the policy attempts to double down on clarity and predictability across DOJ, it may raise more questions than it answers. For example, it is unclear whether companies that disclose and remediate criminal antitrust misconduct may still be eligible for immunity under the Antitrust Division’s leniency program if they do not meet the deadlines for reporting and remediation.
Ensure that compliance has a seat at the corporate table
DOJ’s M&A safe harbor policy underscores the strategic role of the compliance function in rooting out misconduct and puts the onus on companies to implement robust compliance programs. As Monaco stated, “[c]ompliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction.”
The policy is the latest in a series of guidance from DOJ that has reinforced the value of corporate compliance programs and given companies increased clarity regarding the department’s expectations. At the same time, certain elements of the guidance have ratcheted up expectations in a way that may be more aspirational than connected with the reality of compliance on the ground.
As DOJ provides more clarity regarding the policy this year, acquiring companies should examine how their compliance programs and due diligence processes work together to ensure that they are best positioned to seek safe harbor if it is in their interest to do so. As Monaco warned, a company [that] does not perform effective due diligence or self-disclose misconduct at an acquired entity … will be subject to full successor liability for that misconduct under the law.” Regardless of whether companies avail themselves of the M&A safe harbor policy, an effective compliance program is the single greatest tool that companies have for efficiently and fulsomely detecting potential misconduct by an acquired company (and more generally) and remediating it to reduce risk to the business and shareholders going forward.