DOJ’s Revised Compliance Guidance: The Refocus of Mergers and Acquisitions Risks and Mitigation (Part I of II)
The Justice Department’s recent revisions to the Evaluation of Corporate Compliance Programs highlights an important trend and evolution of prosecution focus. DOJ’s Revised Corporate Compliance Guidance recognized and reinforced the continuing focus on post-acquisition integration versus pre-acquisition due diligence. For years, DOJ and compliance professionals placed significant emphasis on pre-acquisition due diligence. This balance has been adjusted over the last ten years to raise the importance of post-acquisition integration planning and implementation.
At the outset of the section entitled “Mergers & Acquisitions,” DOJ revised the first sentence to add the italicized part of the sentence:
A well-designed compliance program should include comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the of the acquired entity into existing compliance program structures and internal controls.
Companies that rely on acquisitions to grow have to develop comprehensive policies, procedures and controls to ensure proper pre-acquisition due diligence and post-acquisition integration of the acquired entity. Companies that ignore this requirement will suffer significant risks from independent operation of acquired companies. The integration process involves several important steps and has to include risk-based, post-acquisition audits to follow up on risks identified prior to the closing and immediately thereafter.
DOJ’s path to its current policy began in 2008, in the Halliburton Opinion Letter, No. 08-02 (Here), when Halliburton sought DOJ because of legal bars against pre-acquisition due diligence information of a target company. DOJ adopted a strict policy regarding post-acquisition liability for target company misconduct with timelines for completion of due diligence requirements. This strict policy eventually became unworkable and created significant risks for post-acquisition prosecutions for target company misconduct.
In the FCPA Guidance adopted in November 2012 (Here), and in additional enforcement actions, DOJ started to refocus its enforcement priorities. The FCPA Guidance instructed companies (i) to conduct robust pre-acquisition due diligence; (ii) to apply the acquiring company’s code of conduct and compliance policies as soon as possible; (iii) to train the directors, officers and employees of newly-acquired companies, as well as agents and business partners, where feasible; (iv) conduct an FCPA audit of the acquired entity as quickly as possible; and (v) disclosure any potential violations discovered during the due diligence and post-acquisition audit. In subsequent enforcement actions, DOJ and the SEC included specific provisions requiring post-acquisition tasks to be completed within 12 months (training and application of compliance policies) and 18 months for completing a post-acquisition FCPA audit.
In 2018, DOJ announced application of its FCPA Corporate Enforcement Policy to mergers and acquisition to earn a presumption of a declination to encourage strong compliance companies to take over problematic companies to implement strong compliance programs. An acquiring company has to cooperate fully with the government’s investigation, remediate the conditions that gave rise to the misconduct, and disgorge any ill-gotten profits.