How should you plan your post-acquisition merger strategy? Jay Rosen continues his series on monitoring in an M&A context with this exploration of how to strategize the merger following an acquisition.
To plan your post-acquisition merger strategy, first you should start with the Department of Justice (DOJ) and the information contained in various resolution documents on the DOJ’s website. These documents stress that an acquiring entity apply or ascertain that its code of conduct, policies and procedures regarding corruption are consistent with the acquired company’s policies and processes.
If they are not consistent, the acquiring company should apply its code of conduct and anti-corruption policies and procedures to the newly acquired company within 18 months or “as quickly as is practicable.”
Employees from the newly acquired entity must be trained on their new code of conduct and policies and procedures. There must also be a forensic audit to see if any FCPA issues pop up. This same language was brought forward into the 2012 FCPA Guidance.
All these requirements were clarified in the 2017 Evaluation of Corporate Compliance Programs, which outlined the following manner to think through the issues involved:
Due Diligence Process – Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities, and how was it done? What has been the M&A due diligence process generally?
Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition and integration process?
Process Connecting Due Diligence to Implementation – What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures at new entities?
These issues demonstrate that there is a continuum from pre-acquisition into post-closing and that they build on the prior steps.
From the pre-acquisition phase, you should be in position to develop your post-closing plan.
Moreover, under the recent addendum to the FCPA Corporate Enforcement Policy, the safe harbor advocated by practitioners such as Michael Volkov have now been memorialized in the U.S. Attorney’s Manual. This now-memorialized safe harbor makes your planning – literally from the time you identify a target through pre-acquisition to closing and into integration, investigation and reporting – even more critical. The DOJ is looking for robustness of process and, of course, how you documented that process through the tenure of events.
Here are some examples of what the DOJ expects to see in a such a process: If pre-acquisition due diligence is performed correctly, it will identify risks associated with the target, and a risk assessment of that company should follow as a part of your pre-acquisition due diligence along the line to your post-acquisition to give you a roadmap of what areas of risk need to be addressed immediately.
Some of the things you would specifically look for in an integration plan are around internal controls. So, are you going to use the acquired entities’ internal controls, or are you going to put your company’s internal controls regime in place? If so, how are you going to integrate them? How are you going to address any training and awareness gaps related to the acquired company’s employees’ ethics and compliance responsibilities? Do people understand the acquiring company’s anti-corruption posture and their anti-corruption, bribery and compliance policies and procedures and all that needs to be well-documented into an integration plan?
The documentation component is crucial. If no plan is followed, it’s extremely hard to demonstrate the pre- and post-acquisition due diligence to an external entity like the DOJ.
The real issue has to do with how a company demonstrates to a government regulator that they have done everything possible to identify risk associated with corruption and misconduct.
And if misconduct is identified, has the acquirer undertaken adequate steps to inform the government and make the necessary disclosure?
Finally, let’s consider how and why an independent monitor can be useful in this process. One of the ways we’ve seen it work extremely well is to help allay some of the concerns around an acquisition. If a company utilizes an independent monitor to do an assessment proactively after that acquisition has taken place, such a third party can come in and conduct the same assessment (or a similar kind) as you would do under a government requirement.
This process allows a determination of whether there has in fact been full integration, whether employees understand their responsibilities and are comfortable reporting issues to their new managers under the combined company and the new structure, whether there have been any training gaps, whether those gaps have been completely filled and whether the company has done an adequate risk assessment of where the post-acquisition risks might lie.
This can be used to demonstrate to the DOJ (or anyone else that might be looking) that the company has performed adequate due diligence, which is exactly what they are looking for.
Please join me next week when we will consider the types of things a monitor would review to determine if a company adequately considered ethics and compliance during the M&A process.
In case you missed the earlier installments of this ongoing series, please see the links below.