FCPA Acquisition Risks
With the improving economy, companies are expanding their efforts to look for strategic acquisitions in emerging economies. The potential benefits from such deals are real and it is hard for companies to turn down such opportunities.
The success of such a strategy may depend on proactive compliance and realistic risk assessments. Due diligence procedures are even more critical when engaging in an aggressive acquisition strategy.
In the Middle East, Africa, Latin America and Asia, the possibility of real economic opportunities exist, especially in energy, health care and related markets.
But the risks are real. With weak regulatory infrastructure comes the risk of uneven or unfair enforcement. Accounting and compliance standards may be low and institutionalized in acquisition targets. The integration of corporate cultures may be near impossible and compliance efforts may fall flat. FCPA violations remain the biggest risk. It is no wonder that nearly half of all FCPA enforcement actions arise in the merger and acquisition context.
To address these concerns, due diligence procedures are a valuable protection against FCPA violations. Some companies are taking proactive steps to improve their due diligence procedures. In the end, the acquiring company is responsible for compliance even if it occurred prior to the acquisition.
Acquiring companies should conduct an FCPA compliance assessment as a first step in considering deals – before initiating due diligence. Acquisition targets should be assessed for compliance before any actions are taken. Targeted acquisitions in high-risk countries demand a detailed, robust FCPA due diligence approach. Issues which may undermine an entire deal need to be identified and assessed as quickly as possible in order to determine whether it is worth going forward with a deal.
FCPA due diligence should focus on assessing the risk of past violations, and the existence of inappropriate business practices.
As always, the first step in FCPA due diligence should be a risk assessment, which will help to identify areas of potential exposure, areas requiring specific FCPA due diligence procedures and potential red flags. The specific areas which need to be examined include the risks in the industry, geographic considerations, the level of sales and regulatory interactions with government entities, internal audit findings, and the use of third-party agents. Public information should be gathered and reviewed.
After the initial review is completed, a more detailed forensic analysis is needed, using resources on the ground to conduct interviews and review relevant documents.
Based on information obtained in the FCPA risk assessment phase,in-country interviews of key personnel and analysis of payments should be performed, focusing on high risk activities, such as commission payments, success fees, finders fees, payments to subcontractors’ agents or intermediaries, professional fees, consulting fees, customs brokerage fees, travel entertainment and gifts, charities and sports clubs, and petty cash.
In addition, a due diligence review must assess how the target business obtained new customers and government business.
Investigative due diligence procedures should include extensive interviews, assessment of the target’s processes and controls over high-risk areas, forensic accounting analysis, data analytics and forensic analysis of email and other electronic records.