Managing M&A risks through DOJ voluntary disclosures

According to Boston Consulting Group’s “2019 M&A Report: Downturns Are a Better Time for Deal Hunting,” the expected economic downturn may increase deal activity as cash-rich companies and private equity funds hunt for deals. An increasing number of those deals are likely to be cross sector and involve commercial elements. These include joint ventures and alliances, corporate venture capital investments, and purchases of minority stakes. With this trend, however, will come increased geopolitical, reputational, and legal risk. Although DOJ has stepped into the breach in an attempt to provide more certainty to companies as they seek to expand through mergers and acquisitions (M&A), it has left unaddressed the question of whether policy developments apply beyond standard M&A deals.

In its November 2019 revision to the U.S. Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, DOJ restated its tenet that robust pre-acquisition due diligence and post-acquisition integration are vital to reducing the legal risk to the acquiring company:

M&A Due Diligence and Remediation: The Department recognizes the potential benefits of corporate mergers and acquisitions, particularly when the acquiring entity has a robust compliance program in place and implements that program as quickly as practicable at the merged or acquired entity. Accordingly, where a company undertakes a merger or acquisition, uncovers misconduct by the merged or acquired entity through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this policy (including, among other requirements, the timely implementation of an effective compliance program at the merged or acquired entity), there will be a presumption of a declination in accordance with and subject to the other requirements of this policy.

Encouraging companies to voluntarily disclose

In an important change, the policy on M&A Due Diligence and Remediation was revised to clarify that the “presumption of a declination” applies where (assuming other requirements are met) a company discovers misconduct “by the merged or acquired entity.” This language appears to be aimed at encouraging companies to disclose conduct discovered post-merger and assuring acquirers that in “appropriate circumstances” they will not face successor liability. There’s a caveat from DOJ: it retains discretion to determine which circumstances are appropriate. The presumption applies in favor of the acquiring company even where there are aggravating circumstances. Examples include involvement by executive management of the target in the misconduct, a significant profit to the target from the misconduct, pervasiveness of the misconduct within the target company, and criminal recidivism.

We have worked on deals in which issues were found or disclosed during the due diligence and integration process. The importance of these issues cannot be understated. On occasion, we have seen acquisitions postponed or called off, or protective measures, such as a significant discount in the purchase price or the escrowing of a portion of the sales proceeds, imposed. The reality is protective measures have significant downsides from a business standpoint. They only serve to mitigate risk, without bringing any certainty to the acquiring company. A greater degree of predictability in dealing with these cases is welcomed, together with an approach that is sensitive to whether the acquiring company is itself involved in fighting corruption.

DOJ’s invitation to disclose issues discovered during or after an acquisition, even where there are aggravating circumstances, is a welcome option to managing the considerable regulatory risk of successor liability. One must be realistic, of course. The process, like any voluntary disclosure, entails time, resources, and expense in the short term; that cannot be underestimated. Moreover, a voluntary disclosure post-transaction may stall spin-offs of non-core businesses and other assets that are the source of compliance problems, where in the ordinary course, those spin-offs would be part of the normal process of the transaction.

Other national enforcement authorities

DOJ’s policy also has some well-defined limitations. For public companies, DOJ’s policy does not apply to the U.S. Securities and Exchange Commission, which has its own parallel enforcement authority under the FCPA. Also, for companies with multi-jurisdictional operations, DOJ’s policy stops at the borders of the United States. An acquiring company must consider which other national enforcement authorities might have jurisdiction. And for companies considering joint ventures and alliances, corporate venture capital investments, and other transactions that are not standard M&A transactions, DOJ’s policy may apply only by analogy. The successor liability analysis may revert to traditional considerations of operational control.

Even where a company does not voluntarily disclose, compliance integration of the new asset is critical. Where we have seen companies fail most often is when they bolt on a new subsidiary or business unit once a transaction has closed. Companies that avoid problems most often do so by laying out careful integration plans that include extending their compliance programs to the new assets and ensuring that internal financial controls are harmonized with the existing systems. Companies also succeed when they pay attention to the soft aspects of compliance, such as communications. If employees at the target company still define themselves as part of their old company a year after the transaction, that may be a measure of failure of integration.

DOJ’s role in M&A

DOJ’s hope is that, in a corporate transaction, it “should be viewed as a partner, not just an adversary.” That view, although decidedly optimistic, continues to shape the prism through which DOJ sees its potential role in M&A. In the right situation – a high-value transaction with clear FCPA jurisdiction over a target’s misconduct – it may be the only way to manage the enforcement risk with certainty.