Beyond the FCPA: M&A Due Diligence Under the Expanded DOJ Corporate Enforcement Policy

More significantly, the Resource Guide indicated that a successor company's voluntary disclosure, appropriate due diligence and implementation of an effective compliance program would decrease the likelihood of any enforcement action. DOJ and the SEC specifically encouraged companies to: 1) conduct a thorough risk-based pre-acquisition FCPA due diligence on potential acquisitions; 2) ensure that the acquiring company's FCPA-related code of conduct and compliance policies and procedures are applied as quickly as is practicable to newly acquired businesses; 3) conduct FCPA training for directors, officers, and employees of newly acquired businesses; 4) conduct an FCPA audit of all newly acquired or merged businesses as quickly as practicable; and 5) disclose any corrupt payments discovered as part of its due diligence of newly acquired entities. DOJ and the SEC stated in the Resource Guide that they would "give meaningful credit to companies who undertake these actions, and, in appropriate circumstances, … may consequently decline to bring enforcement actions." (Resource Guide at 29).

As DAAG Miner has acknowledged, however, the Resource Guide did not provide sufficient clarity as to how DOJ would exercise its discretion to decline prosecution of successor entities: the guidance that DOJ "'may' decline [prosecution] is a significant sticking point for corporate management when deciding whether and how to proceed with a potential merger or acquisition." Therefore, in a speech on July 25, 2018, at the American Conference Institute's 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, DAAG Miner clarified that DOJ would apply the principles contained in the FCPA Corporate Enforcement Policy to acquiring companies that uncover potential FCPA violations in the context of mergers and acquisitions.

The FCPA Corporate Enforcement Policy contains two main components. First, the FCPA Corporate Enforcement Policy establishes a presumption that DOJ will decline prosecution if a company voluntarily and promptly self-discloses misconduct, fully cooperates, and timely adopts appropriate remediation programs. Nevertheless, this presumption may be rebutted in cases where prosecutors determine that "aggravating circumstances" exist related to the nature and seriousness of the offense. Aggravating circumstances include instances where the company's executive management was involved in the misconduct, the company significantly profited from the misconduct, the misconduct was pervasive within the company, or the company is a repeat offender.

Second, the FCPA Corporate Enforcement Policy provides an incentive for a company to cooperate even if the company fails to voluntarily and promptly self-report its misconduct.  Although DOJ may pursue a criminal disposition under those circumstances, DOJ will recommend to the sentencing court a credit of, "up to a 25% reduction off of the low end of the U.S.S.G. fine range," if the company otherwise meets the policy's guidelines.

In his July 2018 speech, DAAG Miner emphasized that DOJ will be applying the principles contained in the FCPA Corporate Enforcement Policy to successor companies that discover potential violations subsequent to an acquisition, as well as to acquirers who detect potential corrupt activities during the due diligence process. With regard to the latter, DAAG Miner encouraged acquiring companies to seek guidance through the FCPA Opinion Procedures. DAAG Miner acknowledged that the Opinion Procedures have not been utilized since 2014 and that time is often of the essence in M&A transactions, but he suggested that DOJ can expedite the process to some extent, if necessary. That said, DAAG Miner encouraged companies to be thorough when conducting diligence, quoting William Congreve: "Married in haste, we can repent at leisure."

DOJ Utilizes the FCPA Corporate Enforcement Policy to Encourage Disclosure of non-FCPA Violations by Acquiring Companies

In September 2018, DAAG Miner made another announcement concerning DOJ's application of its FCPA Corporate Enforcement Policy. He advised that prosecutors will "look to these principles in the context of mergers and acquisitions that uncover other types of potential wrongdoing, not just FCPA violations." As he explained: "If an acquiring company unearths wrongdoing subsequent to the acquisition, we want to encourage its leadership to take the steps outlined in the FCPA Corporate Enforcement Policy, and when they do, we want to reward them for stepping up, being transparent, and reporting and remediating the problems they inherited."

Overall, DOJ's expansion and clarification of the principles contained in the FCPA Corporate Enforcement Policy promotes fairness and predictability so that companies involved in mergers and acquisitions can take appropriate steps to mitigate enforcement risks when they uncover potential FCPA or other violations at target entities. However, DOJ's intention to apply these principles to successor liability for non-FCPA violations creates some new uncertainties.

First, it is not yet clear which specific types of potential criminal conduct, or industries, DOJ intends to cover by the expanded FCPA Corporate Enforcement Policy or how DOJ will, in practice, apply those principles. Instead of announcing its expansion in connection with a settlement or a declination, DAAG Miner only offered the following hypothetical to guide companies going forward:

A large pharmaceutical company is expanding by purchasing smaller and independent pharmacies. If the acquirer uncovers evidence of improper conduct related to illegal opioid distribution during due diligence, either pre- or post-acquisition, DOJ wants to encourage the acquiring company to voluntarily report the misconduct. Although DOJ would look to hold relevant individuals responsible for the criminal misconduct, the company may be rewarded with a declination under the FCPA Corporate Enforcement Policy, regardless of the fact that the wrongdoings were not FCPA-related.

DAAG Miner Remarks, Sept. 27, 2018.

DAAG Miner's hypothetical is limited to one highly regulated industry and to one form of criminal conduct, but it does offer a glimpse into how willing DOJ is to expand the FCPA Corporate Enforcement Policy beyond the FCPA. Both the FCPA Corporate Enforcement Policy's expansion and DAAG Miner's comments clearly demonstrate that DOJ recognizes that a company's voluntary disclosure and full cooperation in connection with any criminal conduct will allow prosecutors to gather evidence in a more timely and efficient manner, allowing them to take investigative steps otherwise not easily taken. However, DAAG Miner left unsaid specifically how the FCPA Corporate Enforcement Policy would be applied. DOJ previously announced that the Criminal Division would consider the FCPA Corporate Enforcement Policy as "non-binding guidance" in contexts outside the FCPA. Thus, DOJ's new "non-binding" policy may cause the same "significant sticking point for corporate management" as the old Resource Guide.

Second, it is unclear how DOJ expects companies to act if they uncover potential non-FCPA violations during pre-acquisition due diligence. DAAG Miner encouraged companies to seek guidance from DOJ through the FCPA Opinion Procedures if they encounter potential FCPA violations pre-acquisition. However, that procedure is not available for acquiring companies to seek guidance concerning non-FCPA related issues. Nor is it clear how DOJ will assess the promptness of a company's disclosure if an acquiring company comes across potential non-FCPA criminal violations prior to closing — i.e., does DOJ expect the company to immediately self-report? Such uncertainties may result in slowing or even scuttling acquisitions by responsible actors in the market, a result contrary to some of the DOJ's stated goals.

While the business community should welcome DOJ's steps to promote clarity and transparency through the expansion of the FCPA Corporate Enforcement Policy, acquiring companies should proceed with caution. In order to minimize their exposure to successor liability, acquiring companies must ensure that they have a robust pre-acquisition due diligence and post-acquisition review process based on an understanding of the risk profile of the target entity. Further, it is now even more important that acquiring companies implement their code of conduct and appropriate compliance policies and procedures as quickly as is practicable to their newly acquired businesses. Finally, corporate counsel should familiarize themselves with the FCPA Corporate Enforcement Policy, monitor DOJ announcements and resolutions to assess how it is being applied in practice, and consult with knowledgeable outside counsel promptly if any related concerns or issues arise in connection with a merger or acquisition.

*****

Jonathan B. New is a partner in the White Collar, Investigations, and Securities Enforcement and Litigation Group in the New York office of BakerHostetler and a member of the Board of Editors of this newsletter. Elias D. Trahanas is an associate in BakerHostetler's New York office. The views expressed in this article are those of the authors and not necessarily those of BakerHostetler or its clients.