This week I am running a five-part podcast series on assessing ethics and compliance in the mergers and acquisition (M&A) context on the FCPA Compliance Report. For this series, I interviewed Eric Feldman, Senior Vice President, Don Stern, Managing Director of Corporate Monitoring & Consulting Services, and Rod Grandon, Managing Director of Government Services, from Affiliated Monitors, Inc., (AMI) who is the sponsor of this podcast series. It turned into a master class on how to do M&A work to bring your company into the new Department of Justice (DOJ) safe harbor under the FCPA Corporate Enforcement Policy.
A key risk which is not is not often considered in the pre-acquisition phase is the culture perspective of each party. It is a mistake to fail to do so. Companies spend huge amounts of resources to hire lawyers, investment bankers, accountants for the pre-acquisition phase. They scrub the financials, look at income and look at revenues and expenses. Yet they often spend almost no time in looking at issues like the ethical culture of the company to be acquired. Don Stern stated, “I’ve never quite understood that everyone understands the risk of any acquisition. That the company picture may not work out quite as rosy as was expected. They may be some synergies that were expected from an expense point of view that don’t quite work out.”
Stern made clear that in the pre-acquisition phase, a company is not required to reinvent the wheel to perform ethics, cultural and compliance due diligence. He stated, “for example, accountants and other people looking over the books and records of the company to be acquired. The question is, are they looking at it through the right lens? Are they looking at it not just in terms of how robust are the revenues and what’s the revenue stream looks like? And is there a way to trim expenses and to look for some synergies of expenses?” Also what do the payments look like? How are they made to? If they are to third-parties in high risk jurisdictions, what is the target’s level of due diligence and training for third-party agents? Stern concluded, “it is not always a question of a brand new set of considerations. It’s sometimes a question of integrating those considerations and educating the acquiring company as to what they should be looking for.”
Stern believes one of the biggest risks is around ethical culture and cultural fit. One of the reasons is the asymmetrical incentives in place. Most usually the senior management of the target company has a very strong financial incentive to push the envelope when it comes to finances and financial projections. Stern believes this requires the acquirer to assess the human capital of an organization. This is more than just the senior executives but talk to employees out in the field, in the sales organization, in finance and accounts payable to get a much broader and well-rounded sense of the culture of the organization.
Eric Feldman started with the Department of Justice (DOJ) and the information contained in various resolution documents for the past eight years or so. These documents stressed that an acquiring entity apply or ascertain that its Code of Conduct, policies and procedures regarding corruption are consistent with the acquired company’s policies and processes. If they are not consistent, the acquiring company should apply it’s Code of Conduct and anti-corruption policies and procedures to the newly acquired company within 18 months or “as quickly as is practicable”. Employees from the newly acquired entity must be trained on their new Code of Conduct and policy and procedure. There must also be a forensic audit to see if any FCPA issues pop up. This same language was brought forward into the 2012 FCPA Guidance.
All of these requirements were made more clear in the 2017 Evaluation of Corporate Compliance Programs (Evaluation), which laid out the following manner to think through the issues involved:
- Due Diligence Process –Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities and how was it done? What has been the M&A due diligence process generally?
- Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
- Process Connecting Due Diligence to Implementation –What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures at new entities?
The clear import is that there is a continuum from pre-acquisition into post-closing and that they build on the prior steps. From the pre-acquisition phase, you should be in position to develop your post-closing plan. Moreover, under the recent addendum to the FCPA Corporate Enforcement Policy, the safe harbor provision has now been memorialized in the US Attorney’s Manual. This now memorialized safe harbor makes your planning literally from the time you identify a target, through pre-acquisition to closing and into integration, investigation and reporting even more critical. The DOJ is looking for robustness of process and, of course, how you documented that process through the tenure of events.
Feldman explained that if pre-acquisition due diligence is done correctly, it will identify risks associated with the target and a risk assessment of that company should follow as a part of your pre-acquisition due diligence along the line to your post-acquisition, to give you a roadmap of what areas of risk need to be addressed immediately. Some of the things you would specifically look for in an integration plan are around internal controls. So, “Are you going to use the acquired entities internal controls or are you going to put your company’s internal controls regime in place? If so, how are you going to integrate them? How are you going to address any training and awareness gaps as it relates to ethics and compliance responsibilities of the employees, of the new company that are coming into your company? Do people understand the acquiring company’s anti-corruption posture and their ABC policies and procedures and all of that needs to be well documented into an integration plan.”
Why is the documentation component so important? Feldman responded that if no plan is followed, “it’s very hard to be able to demonstrate the pre and post-acquisition due diligence to an external entity like the Department of Justice. Then necessarily the outcome, but the real issue has to do with how can you demonstrate to a government regulator that you have done everything that you can do as a company to identify risk associated with corruption and misconduct. And then if you do identify the misconduct, that you have taken the right steps to inform the government and make that disclosure.”
What you need to be able to demonstrate to the government is that there has been full integration in the post-acquisition phase and that whether employees understand their responsibilities and are comfortable reporting issues to their new managers under the new company and the new structure. Any training gaps that were identified have been completely filled and whether the company has done an adequate risk assessment of where the post-acquisition risks might lie. This can be used to demonstrate to the DOJ or anyone else that might be looking, that the company has done adequate due diligence, which is exactly what the government is looking for in a compliance program.
Today is the 17th anniversary of 9/11. Please take a moment today to think of all those who died, those who lost loved ones and how that day changed the world.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2018