Pre-acquisition due diligence

March 13, 2017

While it may sound counter-intuitive, the United States Department of Justice (DOJ) and Securities and Exchange Commission (SEC) indirectly welcomes companies with strong compliance programmes to buy companies engaged in improper conduct in order to help implement strong compliance in those companies. Of course, the key element is to identify any areas of concern in the pre-acquisition phase and then remediate after acquisition. This means that a company that does not perform adequate Foreign Corrupt Practices Act (FCPA) due diligence before a merger or acquisition may face both legal and business risks. From the legal side, this means a potential FCPA violation if the conduct continues. From the business side, it means the true value of a company may be over-inflated if the business model was based on bribery and corruption.

A Resource Guide to the US Foreign Corrupt Practices Act, released by the DOJ and SEC in November 2012, was the first time that many compliance practitioners considered conducting pre-acquisition due diligence as part of their compliance regimes.

The FCPA Guide provided some hypothetical steps a company could take in the pre-acquisition phase. These steps included:

  • Reviewing the target company’s sales and financial data, customer contracts and third-party and distributor agreements
  • Performing a risk-based analysis of the target company’s customer base
  • Performing an audit of some of the target company’s transactions
  • Discussing the target company’s corruption risks, compliance efforts and other recent corruption-related issues with the target company’s general counsel and sales and internal audit team leaders

These points were all based on a previously-unpublished declination to prosecute that the DOJ had issued to a company.

If a company follows the above suggestions and then moves forward with a robust post-acquisition integration it will be in a good position to demonstrate compliance with the FCPA.

Opinion Release 14-02

Following the FCPA Guide, the DOJ’s Criminal Division issued Opinion Release 14-02 in November 2014, directly explaining in even more detail the steps a company should take to avoid FCPA liability in merger and acquisition activity. Moreover, the Opinion Release suggested that an acquiring company would not face FCPA liability for bribery within the target company if it committed to remediation in the post-acquisition phase.

In Opinion Release 14-02, the DOJ stated:

‘To be sure, the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process ... Adherence to these elements … may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.’

The Opinion Release also communicated that there is no legal concept of passing on liability to an acquiring company in the FCPA context. For a FCPA violation to arise there must be continuing conduct.

Risk factors to consider in the pre-acquisition phase

After there is a structure in place for accomplishing pre-acquisition due diligence, what are some of the risks companies should look out for?

Chief Compliance Officer at Baker Hughes Jay Martin suggests an approach that reviews key risk factors. Martin has laid out 15 key risks that he believes should prompt an acquiring company to conduct extra careful and heightened due diligence – or, in extreme circumstances, even consider not moving forward with the acquisition. These risk factors are:

  • A presence in a BRIC country (i.e. Brazil, Russia, India or China) or in another country whose corruption risk is high
  • Participation in an industry that has been the subject of recent anti-bribery or FCPA investigations (e.g. oil and energy, telecommunications or pharmaceuticals)
  • Significant use of third-party agents such as sales representatives, consultants, distributors, subcontractors or logistics personnel (customs, visas, freight forwarders etc.)
  • Any significant contracts with a foreign government or instrumentality, including state-owned or state-controlled entities
  • Substantial revenue from a foreign government or instrumentality, including a state-owned or state-controlled entity
  • Substantial projected revenue growth in a foreign country
  • High amount or frequency of claimed discounts, rebates or refunds in a foreign country
  • A substantial system of regulatory approval (e.g. for licenses and permits) in the country
  • A history of government anti-bribery or FCPA investigations or prosecutions
  • Poor or no anti-bribery or FCPA training
  • A weak corporate compliance programme and culture, in particular from legal, sales and finance perspectives at the parent level or in foreign-country operations
  • Significant issues in past FCPA audits (e.g. excessive undocumented entertainment of government officials)
  • High degree of competition in the foreign country
  • Weak internal controls at the parent company or in foreign-country operations
  • In-country managers who appear indifferent or uncommitted to United States laws, particularly the FCPA, and/or other anti-bribery laws

It is also important that after due diligence is completed, if the transaction moves forward, the acquiring company should attempt to protect itself through the most robust contract provisions that it can obtain. These would include indemnification against possible FCPA violations, including payment of all investigative costs and any assessed penalties.

An acquiring company should also include representations and warranties in the final sales agreement that:

  • There is an absence of government owners in the company
  • The target company has made no corrupt payments to foreign officials
  • Transactions are participated in only as permitted under local law
  • The books and records presented to the acquiring company for review were complete and accurate

Conclusion

The FCPA enforcement landscape is littered with companies that have acquired other companies yet did little or no pre-acquisition due diligence. This has led to FCPA violations occurring after the transactions closed so acquiring entities are then responsible for bribery and corruption. (In fact, the FCPA enforcement action involving Johnson Controls, Inc. faced this exact scenario).

The DOJ and SEC have clearly communicated what companies need to do in any merger or acquisition. While many compliance practitioners had previously only focused on post-acquisition integration and remediation, Opinion Release 14-02 reemphasises the importance of beginning due diligence in the pre-acquisition phase.

Moreover, the DOJ has made clear that they want companies that participate in mergers and acquisitions to have robust compliance programmes. It recognises that one of the best ways to further the goal of more compliance-based corporate behaviour is for companies that take doing compliance seriously to acquire companies that don’t. The GE acquisition of Alstom is a prime example of a company with a well-recognised commitment to compliance acquiring a company with a lessor focus. Indeed, it is doubtful that Alstom would have been able to settle its FCPA enforcement action for only US$772 million if GE had not agreed to purchase the company.

Previous Article
Webinar: Third-party due diligence and remediation | How to effectively deal with red flags
Webinar: Third-party due diligence and remediation | How to effectively deal with red flags

If your due diligence assessment indicates issues that require further attention, it is important to consid...

Next Article
Which resources are required for a third party compliance programme?
Which resources are required for a third party compliance programme?

When The Red Flag Group is assisting companies to roll out third party compliance programmes, the firm is o...