Jay Rosen discusses how to assess ethics and compliance in the context of a merger or acquisition, what to look for in an assessment and why you should consider engaging an independent third party.
Many issues in the M&A context are driven by the target or acquired company and usually arise due to the acquiring entity not paying enough attention during the pre-acquisition phase, thus discovering an issue during post-closing. This issue is one of the reasons the Department of Justice (DOJ) has put such important stock in the pre-acquisition phase so that the company needs to perform compliance due diligence and a risk assessment, which will inform the entire process.
What to Watch For
There are a number of items buyers should look for in the pre-acquisition phase. Begin by asking the target company to provide indicia of a best-practices compliance program. Does the company have a code of conduct, appropriate policies, procedures and controls? If so, what do they look like? Some of the baseline policies you might expect, such as an anti-retaliation policy, anti-harassment policy and, most importantly, an anti-corruption policy. Have each of these been effectively implemented?
Does the target have a Chief Compliance Officer (CCO), and do the compliance professionals have the independence, authority and resources to do their job effectively?
Is there is an anonymous reporting hotline?
Consider also the compliance posture on the board of directors. Does the board have a compliance committee or compliance professional on it? If not, does the audit committee handle compliance issues? Does the CCO have contact with the board? If so, how often is it reflected in the board meeting minutes? Are they briefing the board? Is the board providing leadership?
Next, let’s turn to some less structural and more cultural issues to test the culture of a potential target. Try to determine the culture of the company and whether the company has been committed to creating an ethical and compliant culture. Inquire if the target company has a performance management system, including hiring promotions and bonus determinations that place ethics and compliance factors as part of the calculation in addition to financial factors.
Employee morale should be considered next. Have you found any red flags in the target that might indicate they have tolerated a culture of harassment or bullying? Are employees comfortable with raising concerns and speaking up? Have there been employee surveys in these areas and if so, they should be reviewed too.
Reviewing the target’s sales model is a good proxy for testing anti-corruption posture. Is it internal with their own employees, or is it through third parties such as agents, representatives or distributors?
If it is third parties, then you need to perform as much review of the target’s files on their third parties as possible. This means reviews of the full five-step process around third-party management:
- Business justification,
- Due diligence and its evaluation,
- Contract issues including compliance terms and conditions and compensation rate and
- Management after contract execution.
Key stakeholders in the compliance area, such as the Chief Financial Officer (CFO), head of internal audit and internal controls and business unit vice presidents on issues relating to third parties should be reviewed. This review should include general interview questions about compliance, corporate culture and values.
The favorite mantra of my colleague, Tom Fox, “document, document and document” comes to mind. The acquiring party should run a thoroughly documented process of all the above issues and be sure to document the entire pre-acquisition process as well.
This could be important if you discover any illegal conduct in the pre-acquisition phase, which you should report to the DOJ or if such discovery occurs after closing.
If it happens after closing, you will need to be able to document the reasonable steps you took in pre-closing and how you will remediate the issue(s) going forward.
Steps at Post-Acquisition
Your pre-acquisition investigation and due diligence will determine your post-acquisition steps. Hallmark 10 of the Ten Hallmarks of an Effective Compliance Program mandates that companies will develop and implement policies and procedures for mergers and acquisitions requiring the company to conduct appropriate risk based due diligence on potential new business entities including Foreign Corrupt Practices Act (FCPA) and anti-corruption due diligence.
This should be a documented process. By having an independent third party be responsible for this documented process, it can lower the risk if there is a problem. As problems are identified, the acquiring entity can decide whether to go forward with the M&A transaction. If there is a specific identification of misconduct, the company can make a disclosure to the DOJ. By using this process, the acquirer can create a roadmap that can be followed for remediating the issue as a part of your post-acquisition steps after closing.
Please join me next week when I will consider the impact the M&A process may have on both the target and acquirer.
In case you missed the earlier installments of this ongoing series, please see the links below.