Enhanced enforcement of antitrust or competition law, bribery and corruption, export controls and trade sanctions, data privacy and the like, all render it mandatory that risk management and compliance are firmly on the radar of companies and their boards. A prompt, detailed and well-thought-out compliance audit subsequent to a transaction is a critical step in ensuring requisite risk mitigation measures are in place. Following on from this, there are a number of considerations that must be given close attention to ensure that the prospective benefit of the transaction is not undermined.
Communication at a senior level is integral for a successful post transaction compliance programme. The fundamental driver behind any programme is leadership and top level buy-in to commit to mitigating risk.
From the outset, there needs to be a mutual understanding of the risks that are faced in the new environment in which the entity (or entities) are operating. For example, if a major European oil and gas company acquired a smaller local extraction company in an emerging market, the acquiring company would all of a sudden face a whole new set of challenges in terms of the risks it would have to manage in a potentially hostile region. Further, the European oil and gas company might have a specific approach and set of values to conducting business, with which the acquired company would need to subscribe. This is easier said than done, but, legal obligations aside, aligning a stance on compliance issues such as bribery and corruption needs to take high priority.
Facilitating open and frank discussion (preferably before the deal is even finalised) is the catalyst for commitment of the right order. It is at this point that any compliance issues identified in advance of a deal must be addressed. The business leaders must be involved in this process – after all, they have an intrinsic interest in eradicating such concerns. Once buy-in has been obtained, it must then be sustained.
Suitable application of compliance measures to all companies or businesses that have joined the corporate group, as well as to other parties who act on behalf of any such companies or businesses, requires substantial planning and consideration. In most instances, a parent company can be accountable for the actions of subsidiary companies as well as agents, distributors, suppliers and other third parties that act on their behalf.
When considering the scope of the compliance programme required, it is important to again consider which legislative frameworks may be applicable to the acquired business, or the enlarged group as a whole, as a result of the acquisition. On the bribery and corruption front, for example, it is important to bear in mind that laws in some jurisdictions prohibit bribery in a commercial or private sector context, as well as bribery of public officials.
Companies adopting a phased approach to integrating programmes will tend have more success in ultimately addressing all areas of the programme through prioritisation of the more ‘urgent’ or ‘serious’ potential risks. Continuing on the oil and gas company scenario from above, if an acquisition results in the new conglomerate operating in a number of different jurisdictions, the compliance programme should be integrated to the extent that some of the ‘hot zones’ are addressed first, before moving onto other areas.
Tracking and development
As important, the preceding phases, resources and attention should be very much focused on reviewing the compliance programme post integration. Measurement and analysis techniques are essential to complementing any integration that has occurred.
How receptive have employees been to communication initiatives? Have there been incidents of breaching new policies or applicable laws? Has there been any whistleblower activity? Have people understood the new compliance initiatives that have been rolled out? These are just a few questions that need to be answered in the early stages after the integration of a compliance programme. Obviously without asking these questions, gaps in the programme will not be identified nor will there be further development of a comprehensive and efficient programme.
One of the most straightforward (but rarely used) methods of obtaining answers to these questions is conducting feedback sessions. Simply sitting down with the personnel to whom the new programme has been rolled out should not be underestimated as a means of extracting information. Ask those personnel about their thoughts on, and understanding of, the information that has been provided to them. One-on-one sessions with a range of individuals from different sectors of the organisation can be an extremely beneficial way of eliciting issues or concerns about elements of a programme. Without doing so, the lifespan of the newly conceived and integrated programme will be limited.
Any merger, acquisition or major venture that changes the landscape of a company’s operations will always pose significant challenges. Adapting a compliance programme for the new environment is no different. Preliminary analysis of the potential risks that might be present as a result of the transaction is always the first difficult step in aligning strategies on preserving the new conglomerate’s interests going forward.
The key message here is that sustained effort is essential throughout the programme’s integration and beyond that into the development phases. Too often, after the hard work has been performed to get the initial, newly modified programme up and running, the attention is not sustained beyond this. Just as the success of a transaction for the business is contingent on sustained effort after the deal is signed, so too is the success of the compliance programme that needs to go with it.