Mergers and acquisitions (M&A) are a strategic avenue for businesses looking for diversification, growth, and competitive advantage in today’s ever-changing markets. However, M&A deals typically pose higher risk for organizations, making it important for acquiring companies to exercise caution and perform proper due diligence throughout the M&A lifecycle. This importance is further emphasized by the Department of Justice’s (DOJ) Corporate Enforcement Policy and, more recently, the Safe Harbor Policy announced on October 4, 2023. These policies not only reflect the DOJ’s commitment to corporate accountability, prompt detection, and transparency, but also emphasize its willingness to grant leniency and declination to compliant organizations who self-report violations.
Organizations can achieve compliance through the prompt identification of issues in target or acquired companies by conducting pre- and/or post-acquisition transactional and investigative due diligence. Deputy Attorney General Lisa Monaco stated in October 2023, “We are placing an enhanced premium on timely compliance-related due diligence and integration” and that compliance-related due diligence should have “a prominent seat at the table if an acquiring company wishes to effectively de-risk a transaction.”[1] The Safe Harbor Policy outlines the requirements for companies to disclose misconduct identified at an acquired company within six months from the transaction closing and remediate any identified violations or misconduct within a year to qualify for a declination, [2] with certain exceptions.[3] Recently, Lifecore Biomedical avoided a charge by the DOJ relating to bribes allegedly paid to Mexican government officials by a then newly acquired subsidiary. By cooperating with authorities and reporting the misconduct within hours after confirming that wrongdoing had occurred, they avoided charges from the DOJ.[4]
With the passage of the Safe Harbor Policy, the DOJ intends to incentivize and reward companies who timely detect and mitigate risks potentially inherent in M&A transactions, particularly those with an international component, including fraud, bribery and corruption. Central to the detection and remediation of such risks or violations lies the critical process of conducting due diligence. Transactional due diligence provides a financial assessment and insight into financial, fraud, or corruption risks, while investigative due diligence can help reveal, in part, any lurking reputational or outstanding legal risks for acquiring organizations. This process aids in informed decision making and, if necessary, voluntary self-disclosure of misconduct in the newly acquired company. Both transactional and investigative due diligence are not new concepts; however, the technology and use of data analytics in which to carry out these processes is continuously evolving to enhance, as well as expedite, the due diligence and integration processes.