I have always found one of the most fascinating figures of the Florentine Renaissance to be Girolamo Savonarola, who effectively ruled Florence from 1494-1498. While not the first person to try and create a ‘City on the Hill’, he was able to bring his heavenly vision as the spiritual and temporal leader in Florence for a short time after Medici rule. It was Savonarola who inspired the original ‘bonfire of the vanities” where his supporters burned luxury clothes, musical instruments and artwork on the day that Carnival was formerly celebrated on. Savonarola fell from power when his foreign policy of allying with the French did not bring the promised economic benefits to the city. He was burned at the stake for his troubles.
I thought about Savonarola’s downfall, ordained by his lack of economic foresight, in the context of the compliance function in mergers and acquisitions (M&A). Most companies understand the need for post-acquisition integration of their compliance regime into an acquired entity. Such integration is also coupled with focused training for high risk employees and a detailed forensic audit to see if there are any problems under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption laws. This post action conduct has been discussed by the Department of Justice (DOJ) extensively through both the Opinion Release procedure (Opinion Release 08-02) and several Deferred Prosecution Agreements (DPAs) including those involving Johnson & Johnson, Data Systems & Solutions and Pfizer.
However, many companies have not put the same effort into the pre-acquisition due diligence around compliance. This may have started to change with the release of the FCPA Guidance last November. In this document, there was a substantive discussion of what should go into pre-acquisition due diligence from the compliance perspective and a nod towards the tangible benefits of such work through the example in the FCPA Guidance of a company which received a declination to prosecute.
The subject of M&A made it to the list of ‘Ten Hallmarks of an Effective Compliance Program’ articulated in the FCPA Guidance. Under the final listed Hallmark, entitled “Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration”, the Guidance states that “A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability.”
The Guidance goes on to detail a quite specific example of pre-acquisition due diligence in the compliance context. It provided a hypothetical situation where a US company was purchasing a company which was not subject to FCPA jurisdiction. Prior to acquiring this entity, the US company had engaged in extensive due diligence of the foreign entity, including: (1) review by the US company’s legal, accounting, and compliance departments of the foreign entity’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of foreign entity’s customer base; (3) performing an audit of selected transactions engaged in by the foreign entity; and (4) engaging in discussions with foreign entity’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other corruption-related issues that have surfaced at foreign company over the past ten years. All of this was done with an goal towards determining if there were any payments which might violate the FCPA, whether the foreign company had appropriate anti-corruption and compliance policies in place, whether target’s employees had been adequately trained regarding those policies, how the foreign entity ensures that those policies are followed, and what remedial actions are taken if the policies are violated.
While the FCPA Guidance focused on the legal risks for failing to perform pre-acquisition due diligence on a target, there is also the business risk. Therefore, the steps suggested in the Guidance can be of great benefit to allow a company to understand the culture of the company it is targeting. This message was driven home by Connie Barnaba in a recent article in the Houston Business Journal (JHBJ), entitled “One of the costliest risks is acquiring an unknown culture”. One of the reason to engage in such extensive pre-acquisition due diligence is because “culture clashes may contribute in a significant way to the poor performance of businesses” after post-acquisition integration. Straight-forwardly, any business valuation will depend on variables taken into account at the time of the valuation. But Barnaba argues that “Since the valuation of the target company is usually conducted prior to the deal close, it does not take into account operational changes that are required to merge the two operations. It’s at this intersection that risk is created.”
Barnaba posits two scenarios which are interesting from the compliance perspective. Consider that an acquiring company is considering two targets. Both companies are in heavily regulated corporate environments and both take compliance with those regulations quite seriously. However Target A has chosen to treat each employee as a stakeholder with personal responsibility for compliance. It communicated this tenet beginning with the hiring process and then continuing throughout an employee’s tenure with the company, through training, promotion and compensation. These compliance values were so embedded in Target A that it was largely the employee base that prevented and then detected any compliance violations.
She contrasted this with Target B, which is also dedicated to regulatory compliance. However this entity believed that no matter how much you train on policies and procedures, “human errors and negligence” will always create compliance risk. To that end, Target B robustly engaged in monitoring and auditing of its financial systems and employees to ensure compliance and to try and prevent/detect non-compliance. Target B relied less on the human elements of training and communication and more on the technology dedicated to stay in compliance.
In Barnaba’s piece, the acquiring company is more similar to Target B in its approach to compliance but decides, for financial reasons, to acquire Target A. She believes that only after the post-acquisition process begins will the strategic error be apparent. She opines that the cultural differences in the approach to compliance could well lead to high turnover among the newly acquired employees, difficulty in creating high-performance work teams and lower morale, all leading to the destruction of the value of the acquired entity.
In today’s legal climate, the results for the failure to access a company’s compliance culture are not as severe as the fate which befell Savonarola. However, just as he tried to change the cultural norms of Florence through robust austerity, a company which does not assess how an acquired company’s culture will be successfully integrated can also lead to disaster. Barnaba ends her article with the observation “The marriage that was made in heaven becomes just another statistic of a marriage that ended up on the rocks.” Just as the FCPA Guidance notes, compliance related due diligence in the M&A context makes more than good legal sense, it makes good business intellect.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2013