At our inaugural Foreign Corrupt Practices Act (FCPA) and Kleptocracy Conference a few months ago we touched very briefly on one important issue — that of successor liability, or the potential FCPA trouble companies can acquire through mergers and acquisitions (M&A). The issue is top of mind both for global organizations and U.S. companies considering international expansion through acquisition, and as such I want to shed some light on it here.
When a company merges with or acquires another company, the successor company risks assuming the predecessor company’s liabilities, including for any FCPA violations that occurred prior to the merger having been finalized.
In November 2012, the Criminal Division of the U.S. Department of Justice (DOJ) and the Enforcement Division of the U.S. Securities and Exchange Commission (SEC) jointly released A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the Guide”). Since the Guide’s publication, companies and their counsel have been utilizing the Guide and the Hallmarks of an Effective Compliance Program delineated in it. One of the hallmarks is entitled “Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration” and states in part:
“Inadequate due diligence can allow a course of bribery to continue – with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target.”
What exactly constitutes due diligence in this context? In the traditional sense, M&A due diligence is an analysis of the finances and legal implications of the acquisition. The term, however, has expanded, and now often includes background investigations of the acquisition target, as well as its key executives/control persons and critical business intermediaries, including sales agents and distributors, to the extent they are an important part of the business model.
Another important, and sometimes overlooked, aspect of acquisition due diligence is the performance of an anti-corruption risk assessment. In a perfect world, all acquisition targets have robust anti-corruption programs. In actuality, many small-to-midsize companies operating overseas do not have any type of anti-corruption program. This makes the performance of a high-level anti-corruption risk assessment that much more important. Gaining an understanding of the company’s ownership group, executive team, customer base, distribution channels, products and services, sales and marketing activities, and overall nexus to foreign officials will better position the acquiring entity in evaluating the true purchase price, inclusive of any compliance remediation work that may be necessary to properly integrate the acquired company post-acquisition. Not only does an anti-corruption risk assessment on the front end lower the acquiring company’s risk of a future bribery violation, it could also provide it additional leverage in negotiating a more favorable purchase price that reflects the FCPA exposure.
How much diligence is required?
The FCPA Guide recognizes that even the most robust acquisition due diligence is based upon limited information, and so allows for a grace period (although no time period is defined) to integrate the acquired company into the acquirer’s ethics and compliance program and overall control environment. Indeed, the post-integration actions a company takes factor heavily into whether it will be held liable for the actions of the acquired company. According to the Guide:
“DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program.”
The clear implication of this statement is that simply performing robust due diligence on the front end of an acquisition is not enough. There needs to be an urgency with which the newly acquired entity is brought into alignment with all of the hallmarks and associated controls of the acquirer’s anti-corruption program. Failing to do so can lead to the same types of fines, penalties and market capitalization impact that could result if improper acts of the acquired company were committed by the acquiring company itself.
I want to emphasize something that the FCPA Guide is mute on. This is the fairly common scenario in which a U.S.-based company makes an acquisition that causes it to become global overnight. Bringing the newly acquired entity into alignment with an existing anti-corruption program is a bigger challenge in this case, either because the acquiring company does not have a program to begin with, or because the one it has is not risk appropriate given the newly expanded business. This exact scenario isn’t contemplated in the FCPA Guide but it should be considered by companies faced with that situation.
Whether the acquirer has a robust anti-corruption program into which to integrate a newly acquired entity or the program needs to be built and implemented while integrating, what’s most important is being able to demonstrate a strong command of the potential corruption risks associated with the acquired company’s operations and showing that the acquiring company has taken meaningful steps to identify those risks and implement controls to mitigate them.
I’m going to address specific steps for successful integration into a company’s existing anti-corruption program in a subsequent blog post – stay tuned.