Several years ago (or in the recent past as some would say), pre-acquisition due diligence was a major compliance focus for global companies that grew through aggressive merger and acquisition strategies.  In some respects, and perhaps in reaction to relaxation of some of DOJ’s strict requirements that applied ten years ago (i.e. Halliburton Opinion Letter 08-02), companies appear to be adjusting their compliance priorities and changing the balance between pre-acquisition due diligence and post-acquisition integration to emphasize post-acquisition audits, integration and remediation strategies.

I am not so sure that is a good idea because a robust pre-acquisition due diligence program is a critical step in the entire process, especially in planning for an efficient and effective post-acquisition integration of the acquired company.  Some compliance officers have confided and complained that they are often brought into the acquisition process too late to conduct meaningful due diligence of the target, and they acknowledged that they rarely have the influence to slow down a transaction even if they find various red flags.

Compliance officers have to take a different tack.  If they are not getting adequate pre-acquisition notification and access to planning, compliance officers have to change that dynamic.  This is too important an issue to relegate it to the “don’t rock the boat” pile.

Compliance officers have to design and implement a robust pre-acquisition due diligence program through the company’s policy committee.  Frankly, it is just as important as a company’s third-party risk management strategy.  In both cases, the FCPA risks are significant and have to be mitigated.

A robust pre-acquisition due diligence policy is vital to uncover potential FCPA violations, but is just as important in establishing the proper tone and culture for the target’s company’s integration into the acquiring company’s internal controls and compliance program.  The goals of a company’s pre-acquisition due diligence policy should be to:

• Identify potential corruption risks created by the proposed acquisition;
• Design appropriate anti-corruption contractual representations;
• Determine the scope and issues that need to be addressed in post-acquisition integration;
• Evaluate potential changes to personnel, contracts, markets and relationships;
• Communicate the company’s commitment to ethics and compliance to the target company; and
• Document the due diligence review and process.

The pre-acquisition due diligence process is particularly important in acquisitions of target companies with significant operations in “ high-risk” countries or industries.   For example, if the target company is involved in the construction, defense contracting, energy, health care, mining, telecommunications and transportation sectors, it is important to conduct a robust pre-acquisition due diligence process.

Aside from countries and industries of operation, pre-acquisition due diligence, like a comprehensive anti-corruption risk and compliance program assessment, has to focus on:

• Past violations or internal investigations involving potential FCPA corruption issues and red flags such as large-scale fraud, shadow vendors, third-party representatives, and internal accounting control weaknesses;
• Past violations or allegations involving business integrity or other violations of local laws, including tax, customs, health and safety, environmental, regulatory and permitting compliance;
• Use of third-party representatives who interact with foreign officials and: (i) require high fees, billing rates, commissions for securing business from foreign officials or influencing foreign representatives on political and business-related issues; or (ii) demand unusual payment terms or arrangements, such as payments to accounts in foreign jurisdictions.
• Use of third-party representatives who appear to lack required qualifications to perform duties required by the engagement or who rely on political contacts as opposed to expertise;
• Employment of any person or entity based on personal, familial or professional relationships with a government officials (or was suggested by a government official);
• Contract management system and consistent use of contracts and compliance-related provisions;
• Charitable donations and/or political contributions that are not subject to due diligence review and approval;
• Financial transactions with companies and persons who reside or operate outside the jurisdiction in which the goods or services are to be provided;
• Existence of a code of business ethics and compliance, anti-corruption policies and procedures, and related controls, including gifts, meals, entertainment and travel expenditures; facilitation payments; extortion or threats of harm; due diligence and mergers and acquisitions.
• Internal accounting controls and examination of adequacy of controls, identified deficiencies and potential corruption-related issues (e.g. invoice-to-payment process) identified in prior assessments;
• Existing training programs for directors, officers, managers, employees and third-parties;
• Hotline reports and internal reporting avenues for communication of employee concerns and procedures for responding to and investigating such concerns;
• Internal investigation procedures and reports, including time-to-close data, nature of allegations, reporting of substantiated violations, resolution of internal investigations, and remediation procedures for such findings;
• Internal risk assessment, culture assessments and other employee culture assessments conducted by target company;
• External assessments, reviews and analyses of target company’s compliance program, culture and internal accounting controls.

This is not an exhaustive list but it is a good one to get started.

Once all red flags are identified, a careful crafting of the target company’s risk profile should be prepared.  To avoid any potential liability, the due diligence process has to be documented and all red flags must be thoroughly investigated and resolved.