DOJ Safe Harbor Policy for Mergers & Acquisitions Encourages Voluntary Disclosure

5 minute read | October.26.2023

The Department of Justice (DOJ) recently unveiled a policy for voluntary disclosure of misconduct in mergers and acquisitions (M&A).  This is another in a series of recent initiatives relating to corporate compliance, including updates to relevant guidance and corporate voluntary self-disclosure.

Deputy Attorney General Lisa O. Monaco outlined a new department-wide M&A Safe Harbor Policy in remarks on October 4. The policy is designed to encourage an acquiring company to disclose misconduct identified during the M&A process. Under the policy, acquirors will receive a presumption of declination—a decision not to prosecute—if they:

  • “Promptly and voluntarily” disclose misconduct within a designated safe harbor period (generally six months from closing).
  • Cooperate with any DOJ investigation.
  • Engage in appropriate remediation.

DOJ aims for predictability and transparency while remaining flexible when appropriate, Monaco stressed.

Key Takeaways

  • The safe harbor may apply to an acquired company’s misconduct discovered before or after the acquisition closes.
    The acquiror must disclose misconduct within six months of closing. Misconduct threatening national security or involving ongoing or imminent harm should be disclosed promptly—these can’t wait.
  • The acquiror will generally have one year from closing to remediate the misconduct.
    DOJ recognizes that transactions are not uniform and may extend the deadline if circumstances justify it.
  • Aggravating factors counting against the acquired company “will not impact in any way the acquiring company’s ability to receive a declination.”
    Examples could include the involvement of executive management in misconduct, a significant profit from misconduct or pervasive misconduct.
  • Misconduct disclosed under the safe harbor will not factor in DOJ’s future recidivist analysis for the acquiror.
  • The safe harbor does not apply to misconduct that was otherwise required to be disclosed, already public, or known to DOJ.
  • The safe harbor does not affect civil merger enforcement.

These policies are designed so companies that invest in robust compliance programs—and disclose misconduct discovered during diligence—do not face penalties for the acts of companies they acquire, Monaco explained. She also stressed the increasing intersection between corporate malfeasance and national security, whether it’s export control or sanctions violations, IP theft involving disruptive technology, cybersecurity, or disruption to global supply chains.

DOJ Has Shown Interest in a Variety of Issues

Recent enforcement actions give a view into some issues an acquiror may identify during diligence that may interest DOJ. Some of the conduct that has featured in recent enforcement actions involving acquired entities includes:

  • Improper distributor discounts – providing significant discounts to distributors knowing they would be used to make improper payments to foreign officials.
  • Inadequate diligence on partnersengaging a distributor without adequately investigating then-known allegations of improper payments.
  • Creating a dummy corporation – directing employees to create a third-party entity that never carried out its corporate purpose but was used to make improper payments.
  • Sham consulting arrangementsusing consulting arrangements with a dummy corporation to make improper payments to foreign government officials.
  • Payments to government officials for lower pricesmaking improper payments to government officials in exchange for reducing the costs of services the company paid to a government entity under existing contract.
  • Lack of written contracts/oral modificationsorally agreeing to contract modifications to avoid detection, as the modified (lower) rates (per above) were secured by payments to foreign officials.
  • Revenue sharing with a local partner – using a revenue-sharing agreement with a local partner to generate funds for corrupt payments.
  • Payments without supporting documentation – making regular payments to consultants without adequate proof of services.

These issues could impact whether a deal goes through (including whether issues can be reasonably remediated during integration), the appropriate valuation/price (accounting for the cost of addressing significant issues) and the risk of DOJ scrutiny and the potential need for disclosure.

Five Things an Acquiring Company Should Consider

This announcement stresses the importance of effective diligence, particularly for acquirors. Effective diligence includes meaningful efforts to understand the risks of the target company, looking for, identifying and investigating potential misconduct and assessing the target company’s compliance program.

Compliance-oriented diligence is not a nice-to-have, it is a must have. Acquirors must allocate sufficient time to identify, evaluate and remediate any issues. In practice, this means acquirors should:

  1. Have a diligence plan. It should be written, appropriately scoped and factor in the acquiror’s understanding of the industry, business model, region, and other relevant background.
  2. Get input from key stakeholders. Do this early and, as needed, regularly. Ask compliance, finance, and other gatekeepers for input.
  3. Develop findings and identify areas for remediation and improvement. The diligence process should also include issue spotting and risk assessment.
  4. Prepare and execute an integration plan. Take a risk-based approach to strengthening compliance after acquisition and map this out. Tailor the integration plan and ultimate compliance program to the business; avoid a cookie-cutter approach.
  5. Document. Develop a clear record of all the above: diligence, risks identified, how these were analyzed and addressed, any issues investigated, and new controls implemented.

If an acquiror uncovers potential misconduct, it should consider voluntary self-disclosure, particularly given DOJ’s recent emphasis. But it should weigh the pros and cons of revealing possible misconduct to the government.

While the impact of this new announcement remains to be seen, DOJ already has self-disclosure programs, and it is debatable whether the record shows a benefit to disclosing.And despite growth in DOJ’s criminal fraud and compliance teams, the announcement takes place during a lull in corporate anticorruption enforcement.