Buying an FCPA Violation: Successor Liability is Alive and Well
FCPA commentators enjoy spending their time picking through the bodies of FCPA enforcement actions for trends and patterns. Sometimes trends are evident and sometimes they are not.
One clear picture from FCPA enforcement in 2011 is that successor liability continues to flourish. FCPA practitioners use the shorthand for this enforcement risk – “buying an FCPA violation.”
The Justice Department and the SEC have held acquiring companies liable for FCPA violations committed by a target company prior to the acquisition, and after the acquisition where the acquiring company fails to integrate the target company into the acquired company’s corporate compliance program. To prevent successor liability, the Justice Department and the SEC have emphasized that acquiring parties need to conduct due diligence to discover past bribery conduct, and take affirmative steps to integrate the new company into the acquiring company’s training and compliance program.
In 2011, there were six separate FCPA enforcement settlements involving liability based on successor liability, and a company’s failure to integrate an acquired company into training and compliance programs. Three of the cases are listed below.
In Ball Corporation, the SEC cited the company’s failure to act when acquiring an Argentine company after it learned of past violations and address the continuing risk of bribery by the Argentine company.
In Diageo, the SEC cited the company’s failure to address the acquired company’s bribery, and the weakness of internal controls for such payments.
In Watts Water Technologies, the SEC alleged that Watts engaged in an aggressive program of acquisitions but failed to train or integrate the acquired companies into existing compliance programs.
The pace of merger activity in 2012 is expected to increase. In the face of the Justice Department and SEC policies on successor liability, companies need to pay close attention to corruption risks. A due diligence inquiry is the beginning of a continuous process culminating with the integration of the new company into the acquiring company’s corporate culture. To avoid FCPA risks, companies must recognize that compliance does not end with pre-closing due diligence – compliance must be a priority after a closing.
There are several steps which companies need to take:
1. A pre-closing risk assessment needs to be updated for post-closing risks.
2. Compliance triage teams need to be assembled and tasks prioritized. If more resources are needed, this needs to be arranged at or near the time of closing. Compliance triage teams must have authority and resources to bring an acquired company into the fold.
3. Compliance triage teams need to work post-acquisition to ensure proper controls and compliance programs are adequately implemented in those high-risk areas and businesses.
4. Compliance training of new employees and agents has to be a high priority. It is surprising how many companies fail to even conduct basic training, updating of codes of conduct and basic steps to integrate new employees and agents.