Compliance risks in M&A transactions

Planning a merger or acquisition? Don’t leave out the compliance department.

According to research by financial software company Dealogic, global merger and acquisition activity reached a record-breaking $5 trillion in 2015. Separate analysis conducted by EY reveals that M&A activity will continue to grow. As several blockbuster deals continue to surface—for example, Pfizer’s planned merger with Allergan for $191 billion, Belgian brewer Anheuser-Busch InBev’s planned merger with rival SABMiller for $120 billion, and Royal Dutch Shell merger with British energy supplier BG for $81 billion—even smaller M&A deals are also increasingly routine.

Involving the compliance function at the earliest stages of an M&A transaction—big or small—can significantly aid the acquiring company in reducing unforeseen liabilities, or preventing them altogether. Unfortunately, compliance personnel aren’t always at the table from the start and are sometimes brought in during the late stages of a deal, if at all.

“Why would you want to have a function as important as compliance come in toward the end of the transaction? Have them come in at the beginning,” says Tim Mohr, national financial services advisory leader at BDO. “Pre-transaction, you want to conduct all of your due diligence.”

The role of compliance in an M&A transaction is to assess the target company’s compliance risk profile and uncover any red flags, including any past or present violations of anti-bribery laws, sanctions violations, antitrust regulations, data privacy rules, health and safety violations, and more.

Compliance officers also want to get a clear sense of what rules and regulations the target company must comply with. “This is particularly important to know if you’re entering into a new industry sector,” says Brian Boufarah, a partner and national M&A transaction services leader for power and utilities at Deloitte.

“The goal is to have as much information as possible so that you can move forward in an informed way,” says Mohr. “The more people you have sitting at the table, the more you’re going to know and the more you’re going to be prepared.”

The level of due diligence a company needs to perform will depend on the risk level of the company or industry being targeted by the acquiring company. The merger of two large companies with primarily domestic operations, for example, may pose fewer regulatory risks than smaller acquisitions, overseas acquisitions, or acquisitions with significant amount of overseas activities.

“You don’t want to bring compliance in at the end, or after-the-fact. That’s a disaster waiting to happen.”
Tim Mohr, leader, investigative due diligence practice, BDO

Furthermore, the larger the targeted company, the more sophisticated the compliance program tends to be, whereas smaller companies, typically with less mature compliance programs, often require a greater level of due diligence. “If it’s a small company that they’re not really doing anything, or you might find, if it’s a large company, that their policies and procedure are just as robust as yours,” says Boufarah.

Compliance program assessments are all the more important, given that successor liability under the FCPA is a focus of the Department of Justice and the Securities and Exchange Commission. When one company buys another, it’s also buying all the liability that comes with it.

Another factor driving greater compliance involvement in M&A transactions is the “heightened level of attention” regulators are placing on compliance officers in their role as gatekeepers, says Mitchell Eitel, managing partner of the financial services group at law firm Sullivan & Cromwell.

Red flags

In the event that the acquiring company does uncover any red flags during due diligence, the follow-up measures legal and compliance may want to consider are an internal investigation, self-disclosure, renegotiations of the deal, and enhanced compliance monitoring. These measures should be jointly conducted by compliance, in-house counsel, outside counsel, and possibly even an outside accounting firm to figure out the nature of issue, who is involved, who knew about, and what the potential implications are for the acquiring company.

“That needs to be done early, because these are very fact-intensive inquiries, and they require a fair bit of work,” says Eitel. “You don’t want to be dealing with them the day before you’re going to sign an agreement.”

Reducing FCPA risk in mergers and acquisitions

The following excerpt is from a Resource Guide to the Foreign Corrupt Practices Act published by the Department of Justice and Securities and Exchange Commission.
Companies pursuing mergers or acquisitions can take certain steps to identify and potentially reduce FCPA risks:
M&A Opinion Procedure Release Requests: One option is to seek an opinion from DOJ in anticipation of a potential acquisition, such as occurred with Opinion Release 08-02 That case involved special circumstances, namely, severely limited pre-acquisition due diligence available to the potential acquiring company, and, because it was an opinion release (i e , providing certain assurances by DOJ concerning prospective conduct), it necessarily imposed demanding standards and prescriptive timeframes in return for specific assurances from DOJ, which SEC, as a matter of discretion, also honors Thus, obtaining an opinion from DOJ can be a good way to address specific due diligence challenges, but, because of the nature of such an opinion, it will likely contain more stringent requirements than may be necessary in all circumstances.
M&A Risk-Based FCPA Due Diligence and Disclosure: As a practical matter, most acquisitions will typically not require the type of prospective assurances contained in an opinion from DOJ DOJ and SEC encourage companies engaging in mergers and acquisitions to: (1) Conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions; (2) Ensure that the acquiring company’s code of conduct and compliance policies and procedures regarding the FCPA and other anti-corruption laws apply as quickly as is practicable to newly acquired businesses or merged entities; (3) Train the directors, officers, and employees of newly acquired businesses or merged entities, and when appropriate, train agents and business partners, on the FCPA and other relevant anti-corruption laws and the company’s code of conduct and compliance policies and procedures; (4) Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable; and (5) Disclose any corrupt payments discovered as part of its due diligence of newly acquired entities or merged entities DOJ and SEC will give meaningful credit to companies who undertake these actions, and, in appropriate circumstances, DOJ and SEC may consequently decline to bring enforcement actions.
Source: Justice Department.

To cite one recent example, chemical-products company Platform Specialty Products on March 11 disclosed in a regulatory filing that it’s conducting an internal investigation to determine whether certain payments made by a recently acquired subsidiary to third-party agents in West Africa violated the Foreign Corrupt Practices Act. In connection with the implementation of internal controls at crop protection and life science company Arysta LifeScience, which Platform Specialty Products acquired last year, “we discovered certain payments made to third-party agents in connection with Arysta’s government tender business in West Africa, which may be illegal,” the company said. 

Platform Specialty Products said it has engaged outside legal counsel and an outside accounting firm to conduct the investigation “to review the legality of these and other payments made in Arysta’s West Africa tender business, including Arysta’s compliance with the FCPA.” The company also said it has voluntarily notified the SEC and the Justice Department and is fully cooperating in their investigations.

What’s considered a non-issue for one company could be a deal breaker for another. “The driver is the risk tolerance of the entity that’s doing the acquiring,” says Mohr.

Post-transaction

Once a deal is closed, the compliance officer’s responsibilities should then turn to how to seamlessly integrate both companies’ corporate policies and procedures. “Between signing, announcement, and closing you’re going to want to start to build a bridge from the target’s current polices to the buyer’s current policies,” says Boufarah.

That process begins by training and educating all employees about the company’s Code of Conduct, as well as its policies and procedures on anti-retaliation, gifts and hospitality, and anti-corruption, just to name a few. Part and parcel with that process is integrating the companies’ corporate cultures.

According to a report, “People Risks in M&A Transactions,” conducted by Mercer, 55 percent of buyers out of 323 total survey respondents said that talent challenges will remain a significant HR issue in future M&A transactions, with employee retention cited as the number one perceived risk, followed by cultural fit and leadership team concerns.

“People risks in M&A transactions are manifested by individuals’ inability to manage uncertainty and embrace change, which, in turn, results in declining business performance and the potential loss of transaction value,” Mercer said in its report. “Poorly executed integrations, failure to consider culture and organizational fit, and lack of clarity in employee communications are prime examples of people risks that can severely undermine deals and destroy value.’

“These risks have profound implications for organizations: If they’re not effectively addressed, they can lead to low morale, reduced productivity, the flight of key talent, diminished performance, inconsistent customer service and, ultimately, revenue and profit loss,” the report stated. “Our findings show that organizations that bring the same discipline and rigor to addressing the human capital investment and people issues as they do to managing balance sheet risk and the other key operational aspects of a deal realize the most value from the transaction.”

In any M&A transaction, the earlier compliance gets involved, the better a chance the company has in mitigating present and future compliance-related liabilities. “You don’t want to bring compliance in at the end, or after-the-fact,” says Mohr. “That’s a disaster waiting to happen.”