Lisa Beth Lentini Walker (lisabeth@lumen-we.com) is the CEO of Lumen Worldwide Endeavors, a compliance, ethics, and corporate governance advisory firm in Minneapolis, Minnesota, USA. Maria Lancri (mlancri@squairlaw.com) is a Partner at Squair law firm in Paris, France.
Mergers and acquisitions (M&A) transactions have always been considered a form of the Holy Grail. These deals allow the lawyers involved to share with their clients the details of their business and financial strategy and help share the future of a company.
M&As may take different forms: sale of a whole company, a specific amount of shares, or a minority/majority interest; a merger; a creation of a joint venture; or sale of some assets. But at the end of the day, they all share one common hope: that the M&A is a positive transaction that leads to new possibilities. But the hope and promise of M&A can be shattered without proper precautions—particularly in the form of adequate due diligence.
M&A due diligence
M&A transactions are regularly preceded by preacquisition due diligence, either financial or legal. The rationale for due diligence is to help determine the appropriate structure of the deal, the price and guarantees that should be requested from the seller, and whether the deal is appropriate given the sellers’ wants, needs, and objectives.
Through the years, compliance due diligence has increasingly been added to the mix of information sought during the preclosing process as the risks associated with compliance issues increase in frequency and gravity. Oftentimes, the extent and thoroughness of due diligence varies based on whether the compliance officer is involved in M&A processes. If the people in charge of the development of a company are acting independently, this type of due diligence may remain limited—often much to the detriment of the company.
The most common compliance due diligence issues relate to antitrust, data protection, corruption, money laundering, or international sanctions and export controls, but depending on the types of industries and key compliance risk factors, other areas such as product compliance, health and safety, intellectual property, and other areas may be reviewed.
Similarly, some activities are traditionally riskier than others, depending on various factors:
-
The industry: Highly regulated industries such as healthcare and financial services often have quite a few more regulations associated with activities and industries. Construction and mining are also viewed as more risky.
-
The product: The type of product certainly affects the level of risk.
-
The customer: Transactions should be scrutinized more seriously when dealing with public agents or representatives of governments or state-owned entities, especially in less developed countries. Commercial counterparties, so long as they are a company with a strong reputation, tend to carry less risk than government contracts.
-
The country: It is advisable to refer to international indexes such as the Transparency International Corruption Perceptions Index to determine the level of risk and trade sanction and embargo lists to ensure that there isn’t carryover liability.
The level of materiality
It is very common to say that when you are building a house, you can (1) have it well built, (2) do it cost effectively, or (3) be finished quickly. Rarely can you get two of the three, and almost never will you get all three things.
The same holds true for compliance due diligence; you can: (1) be exhaustively thorough, (2) conduct it without much expense, or (3) be fast. This speaks to the balancing act of making risk-based decisions. Depending on how the risk is perceived beforehand, the due diligence must make key decisions to limit scope, such as focusing on contracts over a certain amount at stake and for certain activities or subsidiaries only.
It may be that, in view of the first audits and where the risks seem the highest, the decision is to review contracts of a lower amount or regarding a certain activity.
The timeline
The findings from due diligence often have a direct impact on the transaction and may affect structure and/or price negotiations. The acquirer may also ask to add certain guarantees in the agreement.
Generally, the process of acquisition is in multiple steps (Figure 1), which can include an initial letter of intent, an exclusivity or lock-up period for negotiation, developing the terms of the deal, and finally ending with signing and closing the transaction. (Please note it is increasingly common to have a simultaneous sign and close for agreements.)
It is also common to introduce in the agreement a material adverse change clause. Traditionally, these provisions were designed to deal with a financial loss in between initial letter of intent and the final closing. Today, they may aim at allowing an indemnification of the acquirer in case of the occurrence of a certain event that would reveal how “noncompliant” the target company is.
What do the authorities say?
In general, regulators have become increasingly vocal about the need for due diligence as part of the M&A process. Most jurisdictions encourage preacquisition due diligence. Authorities also encourage robust post-acquisition compliance program improvements and internal controls. While due diligence ideally uncovers the significant issues prior to closing, sometimes thorough due diligence is not possible without revealing sensitive information; therefore, companies make the decision to move forward with the uncertainty that exists. In such cases, regulators acknowledge the importance of voluntary disclosure and remediation. On this last point, it is worth noting that Lisa Monaco, deputy attorney general of the United States, recently confirmed this approach but added that, when a company makes a voluntary disclosure when considering corporate resolutions, prior misconduct should be taken into account.[1]
Examples of different regulatory approaches are illustrated by the key similarities and differences between the French and US approach. The French authorities advise corporations to:
-
Understand the target’s history and activities;
-
Understand the target’s ownership structure, key management personnel, and beneficial owners;
-
Determine its possible links with politically exposed persons and the degree of its interactions with public officials;
-
Have an understanding of the main elements of its anti-corruption system;
-
Identify corruption cases in which it may be involved; and
-
Verify the existence of pending sanctions against the target.[2]
The US Foreign Corrupt Practices Act guidelines recommend corporations to conduct comprehensive, risk-based Foreign Corrupt Practices Act and anti-corruption due diligence that include “use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits.”[3]
These guidelines also ask key questions, including:
-
Is the corporation’s compliance program well designed?
-
Is the program being applied earnestly and in good faith?
-
Is compliance adequately resourced?
-
Is compliance empowered to function effectively?
-
Does the corporation’s compliance program work in practice?
Successor’s liability
Even when an acquirer has conducted thorough due diligence and obtained guarantees in the share purchase agreement, the reputation of the acquirer may be affected by the purchase of a company that was entangled in a criminal prosecution. Many domestic laws provide for the transfer of criminal liability onto the acquirer. In the European Union and in some member states, this transfer also applies in cases where the target of the transaction was absorbed by the acquirer, as this is seen as a continuation of the same business even though the corporate structure has disappeared.
Action plan
For the reasons discussed here, acquirers should put in place a plan when they decide to acquire a target (Figure 2).
Due diligence is critical to the success of the transaction, particularly when it comes to compliance concerns. If the company to be acquired had a significant violation of the law, it is of the utmost importance to uncover it before the acquisition and report it to the authorities in order to allow the acquirer to enter into a company free of any criminal risk or with eyes wide open to the reality. If the violation continues after the acquisition and is not uncovered immediately after, the authorities may consider the acquirer to be criminally liable along with the former owner.
Takeaways
-
The promise and hope for merger and acquisition activity can be affected by failure to conduct adequate due diligence.
-
Compliance issues have continued to increase in importance and prevalence for due diligence prior to deal closing.
-
A variety of factors affect due diligence in terms of risk, including industry, product, customer, and country factors.
-
Regulatory authorities are asking more questions related to merger and acquisition activities, including about due diligence and integration.
-
Remediation of findings is just as critical as the due diligence in supporting the compliance function.