Compliance due diligence tips for mergers and acquisitions

Lisa Beth Lentini Walker

Lisa Beth Lentini Walker

Maria Lancri

Maria Lancri

By Lisa Beth Lentini Walker and Maria Lancri

Lisa Beth Lentini Walker (lisabeth@lumen-we.com) is the CEO of Lumen Worldwide Endeavors, a compliance, ethics, and corporate governance advisory firm in Minneapolis, Minnesota, USA. Maria Lancri (mlancri@squairlaw.com) is a Partner at Squair law firm in Paris, France.

Mergers and acquisitions (M&A) transactions have always been considered a form of the Holy Grail. These deals allow the lawyers involved to share with their clients the details of their business and financial strategy and help share the future of a company.

M&As may take different forms: sale of a whole company, a specific amount of shares, or a minority/majority interest; a merger; a creation of a joint venture; or sale of some assets. But at the end of the day, they all share one common hope: that the M&A is a positive transaction that leads to new possibilities. But the hope and promise of M&A can be shattered without proper precautions—particularly in the form of adequate due diligence.

M&A due diligence

M&A transactions are regularly preceded by preacquisition due diligence, either financial or legal. The rationale for due diligence is to help determine the appropriate structure of the deal, the price and guarantees that should be requested from the seller, and whether the deal is appropriate given the sellers’ wants, needs, and objectives.

Through the years, compliance due diligence has increasingly been added to the mix of information sought during the preclosing process as the risks associated with compliance issues increase in frequency and gravity. Oftentimes, the extent and thoroughness of due diligence varies based on whether the compliance officer is involved in M&A processes. If the people in charge of the development of a company are acting independently, this type of due diligence may remain limited—often much to the detriment of the company.

The most common compliance due diligence issues relate to antitrust, data protection, corruption, money laundering, or international sanctions and export controls, but depending on the types of industries and key compliance risk factors, other areas such as product compliance, health and safety, intellectual property, and other areas may be reviewed.

Similarly, some activities are traditionally riskier than others, depending on various factors:

  • The industry: Highly regulated industries such as healthcare and financial services often have quite a few more regulations associated with activities and industries. Construction and mining are also viewed as more risky.

  • The product: The type of product certainly affects the level of risk.

  • The customer: Transactions should be scrutinized more seriously when dealing with public agents or representatives of governments or state-owned entities, especially in less developed countries. Commercial counterparties, so long as they are a company with a strong reputation, tend to carry less risk than government contracts.

  • The country: It is advisable to refer to international indexes such as the Transparency International Corruption Perceptions Index to determine the level of risk and trade sanction and embargo lists to ensure that there isn’t carryover liability.

The level of materiality

It is very common to say that when you are building a house, you can (1) have it well built, (2) do it cost effectively, or (3) be finished quickly. Rarely can you get two of the three, and almost never will you get all three things.

The same holds true for compliance due diligence; you can: (1) be exhaustively thorough, (2) conduct it without much expense, or (3) be fast. This speaks to the balancing act of making risk-based decisions. Depending on how the risk is perceived beforehand, the due diligence must make key decisions to limit scope, such as focusing on contracts over a certain amount at stake and for certain activities or subsidiaries only.

It may be that, in view of the first audits and where the risks seem the highest, the decision is to review contracts of a lower amount or regarding a certain activity.

The timeline

Figure 1. The acquisition process

The findings from due diligence often have a direct impact on the transaction and may affect structure and/or price negotiations. The acquirer may also ask to add certain guarantees in the agreement.

Generally, the process of acquisition is in multiple steps (Figure 1), which can include an initial letter of intent, an exclusivity or lock-up period for negotiation, developing the terms of the deal, and finally ending with signing and closing the transaction. (Please note it is increasingly common to have a simultaneous sign and close for agreements.)

It is also common to introduce in the agreement a material adverse change clause. Traditionally, these provisions were designed to deal with a financial loss in between initial letter of intent and the final closing. Today, they may aim at allowing an indemnification of the acquirer in case of the occurrence of a certain event that would reveal how “noncompliant” the target company is.

What do the authorities say?

In general, regulators have become increasingly vocal about the need for due diligence as part of the M&A process. Most jurisdictions encourage preacquisition due diligence. Authorities also encourage robust post-acquisition compliance program improvements and internal controls. While due diligence ideally uncovers the significant issues prior to closing, sometimes thorough due diligence is not possible without revealing sensitive information; therefore, companies make the decision to move forward with the uncertainty that exists. In such cases, regulators acknowledge the importance of voluntary disclosure and remediation. On this last point, it is worth noting that Lisa Monaco, deputy attorney general of the United States, recently confirmed this approach but added that, when a company makes a voluntary disclosure when considering corporate resolutions, prior misconduct should be taken into account.[1]

Examples of different regulatory approaches are illustrated by the key similarities and differences between the French and US approach. The French authorities advise corporations to:

  • Understand the target’s history and activities;

  • Understand the target’s ownership structure, key management personnel, and beneficial owners;

  • Determine its possible links with politically exposed persons and the degree of its interactions with public officials;

  • Have an understanding of the main elements of its anti-corruption system;

  • Identify corruption cases in which it may be involved; and

  • Verify the existence of pending sanctions against the target.[2]

The US Foreign Corrupt Practices Act guidelines recommend corporations to conduct comprehensive, risk-based Foreign Corrupt Practices Act and anti-corruption due diligence that include “use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits.”[3]

These guidelines also ask key questions, including:

  • Is the corporation’s compliance program well designed?

  • Is the program being applied earnestly and in good faith?

  • Is compliance adequately resourced?

  • Is compliance empowered to function effectively?

  • Does the corporation’s compliance program work in practice?

Successor’s liability

Even when an acquirer has conducted thorough due diligence and obtained guarantees in the share purchase agreement, the reputation of the acquirer may be affected by the purchase of a company that was entangled in a criminal prosecution. Many domestic laws provide for the transfer of criminal liability onto the acquirer. In the European Union and in some member states, this transfer also applies in cases where the target of the transaction was absorbed by the acquirer, as this is seen as a continuation of the same business even though the corporate structure has disappeared.

Action plan

For the reasons discussed here, acquirers should put in place a plan when they decide to acquire a target (Figure 2).

Figure 2. M&A due diligence action plan

Due diligence is critical to the success of the transaction, particularly when it comes to compliance concerns. If the company to be acquired had a significant violation of the law, it is of the utmost importance to uncover it before the acquisition and report it to the authorities in order to allow the acquirer to enter into a company free of any criminal risk or with eyes wide open to the reality. If the violation continues after the acquisition and is not uncovered immediately after, the authorities may consider the acquirer to be criminally liable along with the former owner.

Takeaways

  • The promise and hope for merger and acquisition activity can be affected by failure to conduct adequate due diligence.

  • Compliance issues have continued to increase in importance and prevalence for due diligence prior to deal closing.

  • A variety of factors affect due diligence in terms of risk, including industry, product, customer, and country factors.

  • Regulatory authorities are asking more questions related to merger and acquisition activities, including about due diligence and integration.

  • Remediation of findings is just as critical as the due diligence in supporting the compliance function.

 
2 French Anti-Corruption Agency, Anti-Corruption Due Diligence for Mergers and Acquisitions: Practical Guide 2021, accessed December 12, 2021, https://www.agence-francaise-anticorruption.gouv.fr/files/files/Practical%20Guide%202021%20FUSACQ.pdf
3 Department of Justice, Criminal Division, A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition, July 2020, https://www.justice.gov/criminal-fraud/file/1292051/download.
1 Department of Justice, “Deputy Attorney General Lisa O. Monaco Gives Keynote Address at ABA’s 36th National Institute on White Collar Crime,” remarks, October 28, 2021, https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings