During this series, I am visiting with Eric Feldman, Senior Vice President, Don Stern, Managing Director of Corporate Monitoring & Consulting Services, and Rod Grandon, Managing Director of Government Services, from Affiliated Monitors, Inc., (AMI) who is the sponsor of this series. In it, we explore how to go about assessing ethics and compliance in the mergers and acquisition (M&A) context. In this third episode I visit with Feldman about planning out your post-acquisition merger strategy.
Feldman starts with the Department of Justice (DOJ) and the information contained in various resolution documents for the past eight years or so. These documents stressed that an acquiring entity apply or ascertain that its Code of Conduct, policies and procedures regarding corruption are consistent with the acquired company’s policies and processes. If they are not consistent, the acquiring company should apply it’s Code of Conduct and anti-corruption policies and procedures to the newly acquired company within 18 months or “as quickly as is practicable”. Employees from the newly acquired entity must be trained on their new Code of Conduct and policy and procedure. There must also be a forensic audit to see if any FCPA issues pop up. This same language was brought forward into the 2012 FCPA Guidance.
All of these requirements were made more clear in the 2017 Evaluation of Corporate Compliance Programs (Evaluation), which laid out the following manner to think through the issues involved:
- Due Diligence Process –Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities and how was it done? What has been the M&A due diligence process generally?
- Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
- Process Connecting Due Diligence to Implementation –What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures at new entities?
The clear import is that there is a continuum from pre-acquisition into post-closing and that they build on the prior steps. From the pre-acquisition phase, you should be in position to develop your post-closing plan. Moreover, under the recent addendum to the FCPA Corporate Enforcement Policy, the safe harbor advocated by practitioners such as Michael Volkov have now been memorialized in the US Attorney’s Manual. This now memorialized safe harbor makes your planning literally from the time you identify a target, through pre-acquisition to closing and into integration, investigation and reporting even more critical. The DOJ is looking for robustness of process and, of course, how you documented that process through the tenure of events.
I asked Feldman for some examples of what the DOJ expects to see in a such a process. He explained that if pre-acquisition due diligence is done correctly, it will identify risks associated with the target and a risk assessment of that company should follow as a part of your pre-acquisition due diligence along the line to your post-acquisition, to give you a roadmap of what areas of risk need to be addressed immediately. Some of the things you would specifically look for in an integration plan are around internal controls. So, “Are you going to use the acquired entities internal controls or are you going to put your company’s internal controls regime in place? If so, how are you going to integrate them? How are you going to address any training and awareness gaps as it relates to ethics and compliance responsibilities of the employees, of the new company that are coming into your company? Do people understand the acquiring company’s anti-corruption posture and their ABC policies and procedures and all of that needs to be well documented into an integration plan.”
I asked Feldman why the documentation component is so important. He replied if no plan is followed, “it’s very hard to be able to demonstrate the pre and post-acquisition due diligence to an external entity like the Department of Justice. Then necessarily the outcome, but the real issue has to do with how can you demonstrate to a government regulator that you have done everything that you can do as a company to identify risk associated with corruption and misconduct. And then if you do identify the misconduct, that you have taken the right steps to inform the government and make that disclosure.”
I concluded by asking Feldman why an independent monitor can be useful in this process. He said, “One of the ways that AMI has seen work it extremely well to help allay some of the concerns around an acquisition, is if a company utilizes an independent monitor to do an assessment proactively after that acquisition has taken place.” Such a third party can come in and conduct the same or similar kind of an assessment as you would do under a government requirement. “It allows a determination of whether there has in fact been full integration, whether employees understand their responsibilities and are comfortable reporting issues to their new managers under the new company and the new structure, whether there have been any training gaps and whether those gaps have been completely filled, whether the company has done an adequate risk assessment of where the post-acquisition risks might lie.” This can be used to demonstrate to the “DOJ or anyone else that might be looking, that the company has done adequate due diligence, which is exactly what they are looking for.”
Tomorrow, we consider the some of the issues for merged companies and how oversight can assist.