Applying the FCPA Corporate Enforcement Policy
There are many ways a merger or acquisition can go sideways, including the discovery of less-than-legal business practices. However, a recent speech from the Department of Justice should help compliance officers involved in the M&A process rest a little easier in terms of FCPA enforcement. Valerie Charles, Chief Strategy Officer at GAN Integrity, explores the M&A-related compliance issues we should be aware of.
Easing the Inherited Liability Burden
Essentially, the Department of Justice doesn’t want compliance concerns to shut down M&A activity. In a speech he delivered several weeks ago, Deputy Assistant Attorney General Matthew S. Miner said the DOJ’s FCPA Corporate Enforcement Policy — which prefers to decline to prosecute if a company voluntarily discloses FCPA trouble and cooperates with regulators to resolve the issue — also applies to inherited FCPA liability a company picks up through mergers and acquisitions.
This public statement is not exactly a stunning revelation concerning FCPA enforcement policy. The DOJ has worked for several years to give companies more enticement to confess their FCPA sins and work with prosecutors to hold individual wrongdoers accountable. The FCPA Corporate Enforcement Policy cemented that position. Since then, enforcement cases have come up that show what happens when companies follow those principles.
It would not make sense, then, for the DOJ to make all those changes, but not apply them to inherited liability. Miner’s message just spoke aloud a conclusion many compliance professionals already expected. Still, the FCPA Corporate Enforcement Policy touches on some deeper trends in business today that very much affect compliance programs and the compliance officers who run them. Let’s consider them.
The DOJ’s Real Goal
The danger inherent in Miner’s comments is that they may lead some to a place of complacency or laxity when it comes to pre-acquisition due diligence, so long as they still disclose any trouble that surfaces post-acquisition. That is, they might still view compliance as a “bolt-on” process performance at the end of a business transaction (the M&A deal), rather than something embedded into the process from the start.
This line of thinking is not beneficial to the organization in the long term. Regulators already have standards and expectations on pre-acquisition due diligence, so compliance officers should be invited into M&A reviews from the start on those grounds alone. It also misconstrues the message Miner was trying to convey: that fear of FCPA enforcement shouldn’t scare companies away from closing a lucrative deal. On the contrary, the Justice Department is happy to see companies with strong ethical cultures expand internationally, because “the acquiring company is in a position to right the ship by applying strong compliance practices to the acquired company,” as Miner said.
The goal of the DOJ is to lower regulatory enforcement risk to such a level that companies feel comfortable pursuing M&A deals even in high-risk organizations. Their vehicle to do that is the FCPA Corporate Enforcement Policy — essentially, the idea is that the enforcement risk goes away, so long as your company makes a good-faith effort toward ethics and compliance. So, you still need to make the effort.
Do Not Fear
This means the background checks on key personnel, the adverse media reports, the assessment questionnaires, the audits or transactional testing and more – all those pre-acquisition due diligence efforts – are always going to be vital to M&A deals. They demonstrate the company’s effort to find misconduct and lay the groundwork to remediate trouble. Without those parts of the program, the company can’t meet the three pillars of the FCPA Corporate Enforcement Policy and win a chance at an easier resolution of trouble.
As a quick recap, those three pillars are:
- Voluntarily disclosing the violation
- Cooperating fully with the Justice Department in ensuing investigations
- Remediating the policy or internal control weaknesses that led to the violation in the first place.
In addition, there is a people issue that compliance officers need to consider here: After the deal closes, what will the combined ethics and compliance structure look like? How will executives at the target company be brought under the compliance program’s auspices, especially if they’re used to more autonomy? How will policies be expanded, amended or even canceled?
Such hurdles are well-known to compliance professionals, but they do bring up the other principle of the FCPA Corporate Enforcement Policy: a willingness to disclose trouble voluntarily. That is what Miner’s speech wanted to call out: disclosure of FCPA trouble is nothing to be feared. FCPA trouble is still trouble, and it will need to be addressed — hence the need for strong ethics and compliance programs.
However, the DOJ wants to make it clear that its goal is not to wait on the sidelines to gleefully punish wayward companies, but to prompt them to build ethical business practices into every aspect of the business. This includes before, during and after M&A activity.
