Acquisitions of companies, especially target companies with international operations, require buyers to carefully scrutinize the target’s compliance programs, including the target’s compliance with the U.S. Foreign Corrupt Practices Act and other anti-bribery and anti-corruption laws. Doing so enables the buyer to more accurately assess the target’s value and risk profile, negotiate for the costs of any misconduct to be borne by the sellers and evaluate whether remedial steps are needed.

When designing and executing a pre-M&A due diligence process on compliance-related matters and evaluating how to mitigate potential post-closing liabilities, buyers should consider the U.S. Department of Justice’s updated guidance on the evaluation of corporate compliance programs, which was released in April 2019. The DOJ guidance document is aimed at prosecutors making decisions as to whether, and to what extent, a corporation’s compliance program is adequate and effective. Under the DOJ’s principles for the prosecution of business organizations, the adequacy and effectiveness of a corporation’s compliance program is one of the factors that prosecutors should consider when conducting a corporate investigation, making charging decisions and determining the appropriate form of any monetary penalties or other enforcement action.

The guidance clearly indicates that the DOJ expects a buyer to conduct comprehensive due diligence of any acquisition targets. It provides, “flawed or incomplete due diligence can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.” Among the questions prosecutors will consider when evaluating whether a buyer subjected an acquired business to appropriate scrutiny are the following:

  • “Due Diligence Process – Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities and how was it done? What is the M&A due diligence process generally?
  • Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
  • Process Connecting Due Diligence to Implementation – What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures at new entities?”

The DOJ’s guidance provides a reminder of the importance of assembling the right team of subject matter experts and prioritizing the analysis of compliance risks when planning and conducting pre-M&A due diligence. Buyers should also consider whether, based on the target’s business and the regulatory environment in which it operates, enhanced due diligence is appropriate in certain jurisdictions or regarding particular compliance risks. Prospective sellers should anticipate greater scrutiny and earlier buyer inquiries in these areas, and ensure that remedial actions are taken to address any deficiencies.