Gone are the days when the potential bribery and corruption risk of an acquisition can afford to be something assessed at the 11th hour or not at all. Successor liability stemming from undiscovered bribery activity can give rise to devasting financial consequences. On a recent episode of Fraud Eats Strategy, I discussed anti-corruption due diligence with Skadden Arps partner and FCPA luminary Gary DiBianco.
Recently, the DOJ updated two important guidance documents, the FCPA Resource Guide and the Evaluation of Corporate Compliance Programs, both of which include information about mergers & acquisitions and post-merger integration. Gary explained some of the key takeaways from those two documents as they relate to FCPA acquisition due diligence.
It’s important to carefully consider the risks of successor liability. The guidance says that the DOJ will only impose successor liability where it’s legally appropriate to do – where there was liability for the predecessor business, acquisition of a non-US company where there was no jurisdiction previously does not create jurisdiction. If you have a non US entity that was not subject to DOJ jurisdiction, conduct that may have occurred before the acquisition is not going to be brought into the remit of the Justice Department solely because that company was acquired by a company over which the DOJ has jurisdiction. The guidance also acknowledges that when the acquirer takes careful steps to perform due diligence, examines FCPA risks and remediates anything necessary upon acquisition and integrates the two compliance programs, in most instances, they will not take enforcement action against the acquiring entity.
More often, the DOJ and SEC have pursued enforcement actions against the predecessor company. This fact has a helpful side and an unknown. The helpful side is that the acquiring company can have some guarantees. On the other hand, it shouldn’t be taken as an indication that any problem at the predecessor company will just go away – the DOJ and the SEC will continue to pursue action against the predecessor entity.
The guidance also says that if the predecessor entity is a wholly-owned unit of the acquirer, they may take post-acquisition action against that entity. That means there may still be a liability for pre-acquisition conduct. While it may not be technically imposed on the acquirer as a reputational matter, the costs of it will be imposed on the business that was acquired.
There are some examples of these scenarios cited in the guidance. One of them is GE’s acquisition of Alstom’s Power Division. The French company began negotiating in 2014 at a time when the Alstom Power was subject to an FCPA investigation. The matter ended up being settled by all Alstom for three quarters of a billion dollars in December of 2014 with the GE acquisition closing in early 2015. In this case, GE was happily not the subject of that enforcement action but certainly the cost of that FCPA investigation was borne by that Alstom business. Consequently, it must have factored heavily in the discussions around the transaction. Similarly, several years ago, the DOJ had taken action against predecessor entities that were still wholly-owned subsidiaries after they were purchased. That was the case in both the York International settlement and the Latin Node settlement.
The takeaway of these examples is that it’s extremely important for the acquiring company to have a realistic understanding of what the potential costs of an enforcement action may be irrespective of whether they are insulated from successor liability since it is still going to be costly as to the entity that is being acquired.
The DOJ isn’t going to retroactively apply jurisdiction if it wasn’t an FCPA violation, pre-transaction. The second the deal closes though brings the acquired entity into the jurisdiction of the FCPA. And if the bribery of foreign officials continues post-close and the acquiring entity is not vigilant in rooting out the behavior, it now is a violation of the FCPA.
This is a key point because, while there may be pragmatic and prudential reasons that the DOJ and SEC might give an acquirer a grace period following the closing date, that is not a legal defense to any conduct that happened after closing. Undefined and unofficial grace period aside, it’s very important in the diligence process to understand the FCPA risks of a newly acquired entity so that on day one, there can be assurances that the proper controls are in place going forward.
The guidance documents each acknowledge that pre-acquisition due diligence may not always be possible or may not provide enough access to data, business records or personnel. This very common scenario should be factored into how the acquiring entity goes about post-merger integration. This has been a reality of the marketplace for several years now, given that auction type transactions have become increasingly popular. The framework companies should look to is the guidance DOJ Opinion Procedure release 08-02, commonly known as the Halliburton Release.
In 2008, Halliburton was bidding on assets of a company called Expro International and there was not going to be an opportunity to do pre-acquisition due diligence. Halliburton sought the government’s advice under the DOJ’s Opinion Procedure Release process. In its communication with the DOJ, Halliburton described the potential transaction and detailed what it intended to do post-closing and asked: “If we do this, can you give us assurance that you won’t take enforcement action against us?” Notably, Halliburton was subject to an active FCPA investigation at the time of their request. The DOJ then issued a formal written response to Halliburton’s inquiry that set out the conditions under which the DOJ would refrain from prosecuting Halliburton for actions of Expro that preceded the acquisition. While the transaction itself did not go forward, Opinion Procedure Release 08-02 was widely adopted in the diligence and compliance community. It has been reaffirmed to varying degrees in deferred prosecution agreements and in subsequent guidance in which the DOJ has set out its expectations for what companies should do as part of their compliance program and when they’re performing M&A due diligence.
Broadly, there must be a commitment by the acquirer to do post-closing diligence as quickly as is practicable. The acquirer’s anticorruption compliance programs must be implemented at the newly acquired company along with whatever other compliance programs and internal controls would be appropriate to ensure continued compliance with laws. And any issues that are discovered during that post-close diligence should be disclosed within a reasonable time period for the acquirer to reasonably expect the avoidance of successor liability. While OPR 08-02 gave Halliburton 180 days to disclose any post-close issues discovered, subsequent guidance has been somewhat more open-ended as to the time imperatives governing self-disclosure. If you disclose within the first six months, you are almost certainly within the government’s grace period. If it takes 12 months, you’re probably still within that grace period but you should certainly not exceed 18 months.
Post-close due diligence is an opportunity to examine the business, accounting, banking, audit and legal files that were not made available as part of due diligence. The expectations of post-close diligence are that they will go a level deeper than what could be done pre-close. Pre-acquisition, you may get access to general ledger information, account, supporting documentation but almost certainly, you’re not going to get access to employee emails, management interviews, internal investigation reports, confrontational interviews of employees and other information of a highly sensitive nature.
Many non us companies, particularly those that fall below a certain revenue size, don’t have much in the way of anti-corruption compliance programs. Under that scenario, anti-corruption due diligence starts to look a lot more like an anti-corruption risk assessment. When a company has not put into place an anti-corruption policy or they haven’t talked about anti-corruption controls historically, approaching due diligence as though it was a risk assessment can yield meaningful information about risks and compliance. As a practical matter, for a bribe to be paid, a company must transfer money or something of value company and those transactions are accounted for in some way in the accounting and banking system records.
Examining historical entertainment, marketing or sales expenses, fees associated with permitting or licensing practices and disbursements to sales agents and consultants can potentially open a window into any corrupt activity involving the target or provide some degree of negative assurance if no problematic transactions are noted. It is equally important to identify the universe of government touchpoints which the target has across its customer base, intermediaries empowered to act on their behalf, employees, permitting, licensing and regulatory agencies. Delving deeply into these relationships, particularly those that are frequent or high value, can provide an in-depth picture of the potential corruption risk of your target.
Cross border transactions require careful attention to the potential for successor liability under the FCPA. Even if an acquirer successfully avoids successor liability, it is important to carefully consider and quantify the compliance and legal costs that the target company may need to incur to resolve FCPA issues identified in the course of due diligence and factor that into the purchase price. If the target doesn’t have a meaningful anti-corruption compliance program, that doesn’t relieve you of your obligation to assess the potential for corruption risk and integrate them into your anti-bribery and corruption compliance program with a sense of urgency.
To hear the full Fraud Eats Strategy podcast episode with Gary DiBianco, click here. Note: The Note: The postings on this site are my own and do not necessarily represent FTI Consulting’s positions, strategies or opinions