Due Diligence, Ethics and Compliance Considerations for Traders | Morgana Lewis
In recent years, the United States Department of Justice (DOJ) and the United States Securities & Exchange Commission (SEC) have clarified their anti-corruption due diligence and disclosure expectations vis-à-vis acquiring companies before and after the acquisition. Despite government efforts to clarify expectations and promote greater transparency, acquiring companies risk inheriting liability as successors (or joint venture partners) and may be subject to enforcement action if they do not not quickly discover and prevent wrongdoing from continuing after acquisition. In other words, what you don’t know can sometimes hurt you, but the risk of pain increases dramatically when you know but don’t take steps to address inherited issues.
With more preparation and a better understanding of how an acquisition target works, companies can work to implement ethics and compliance programs with appropriate risk assessments and comprehensive mitigation plans to make deal with potential risk factors – from anti-corruption and sanctions to privacy and security – before the ink on the paperwork dries.
ANTI-CORRUPTION DILIGENCE EXPECTATIONS OF REGULATORS
Focusing specifically on successor liability in the context of the Foreign Corrupt Practices Act (FCPA), the second edition of the FCPA Resource Guide, published by the DOJ and SEC in 2020, recognizes the potential benefits of corporate mergers and acquisitions, especially when the acquiring company has an existing and solid network. compliance program and endeavors to implement it in the merged entity as soon as possible. The DOJ and SEC endorse several benefits that they consider to be granted to companies that perform pre-acquisition due diligence and improve post-acquisition compliance programs and internal controls, including the following:
- Allow for a more accurate target value (e.g. if sales contracts were won through bribes, then assume a decrease in value)
- Reduce the risk of continuous bribes to the target
- Allow parties to negotiate who bears responsibility for any investigation and/or remediation effort
- Demonstrate a genuine commitment to uncovering and preventing further FCPA violations
However, risks remain where less than comprehensive due diligence takes place, whether by design or due to actual impediments. The FCPA’s Enforcement Policy, which outlines the benefits and expectations surrounding voluntary self-disclosure of potential misconduct, has also been updated in recent years to clarify that the same benefits apply in the context of mergers and acquisitions (M&A). Specifically, where an acquiring company discovers wrongdoing through thorough and timely due diligence or, where appropriate, post-acquisition efforts and decides to voluntarily disclose that wrongdoing to the government itself, cooperating fully and appropriate to remedy, will be granted a deemed refusal with disgorgement of any ill-gotten gains resulting from the misconduct.
- History shows that the DOJ and SEC will not overlook post-acquisition violations simply because the practice that led to the violations was established before the acquisition.
- For non-U.S. targets, the acquisitions do not create FCPA liability for prior violations where the United States previously did not have jurisdiction (DOJ Opinion Procedure Release No. 14-02).
- Post-acquisition violations are generally not covered by the DOJ’s enforcement policy on M&A due diligence and remediation.
PRACTICAL ARRANGEMENTS FOR DUE DILIGENCE AND INTEGRATION
An effective compliance program includes pre-closing due diligence and post-acquisition risk assessment and integration activities to identify any issues and implement controls to detect and prevent similar issues in the future.
To ensure at least some degree of success, a company’s compliance program must be “adequately resourced and empowered to operate effectively” (A Resource Guide to the US Foreign Corrupt Practices Act, second edition). This includes the program’s ability to:
- Access relevant data sources in a timely manner, including training policies and practices
- Integrate acquired operations into its compliance structures and controls
- Leverage hotline reports and inquiry processes for follow-up and remediation
Pre-Closing Due Diligence
To begin, ethics and compliance managers should work with the acquisition target to determine the following key factors:
- Current controls: Are ethics, compliance and anti-corruption measures already in place? For example, is there a code of conduct, an anti-corruption policy, a gift and entertainment process, adequate training, a hotline available for reporting, and established investigation processes?
- High-Risk Touchpoints: Does the target have government clients, does it use intermediaries to pursue activities in the public sector or does it maintain operations in risky markets?
- Transaction testing: Did high-level transaction testing identify important red flags, such as spending on gifts and entertainment, charitable or political contributions, and sponsorships?
- Third: Which third parties does the target use? Have these relationships been subject to due diligence? Does the target have contracts with these third parties? Are there adequate contractual provisions in these contracts, especially with regard to high-risk third parties?
As day one approaches, onboarding should be a priority. To encourage a timely onboarding process:
- Ensure that senior management sets the tone for ethics and compliance for employees of the newly acquired company by emphasizing the importance of acting ethically and the relevant resources and procedures of the organization, corporate policies to the company’s commitment to non-retaliation.
- Establish and assign training, not only on the code of conduct, but on anti-corruption, especially for high-risk employees.
- Overcommunicate. While communicating with new hires early on is essential, communication is just as important throughout and after the onboarding process.
- Make sure the ethics and compliance team has a seat at the M&A table.
- Have a plan and execute it in a timely manner.
- Be prepared to disclose any violations to the DOJ and the SEC, if necessary.
- Don’t limit your due diligence to anti-corruption risks. There are a myriad of other risks that could create significant legal, reputational or operational risk to the business that should also be identified and mitigated throughout the integration.
For more on this topic, check out the Global Public Academy program from partners Amy Schuh and Sandra Moser, “Mergers and Acquisitions: Expectations and Practical Aspects of Anti-Corruption Due Diligence through Integrating Ethics and Compliance.”