A company that does not perform adequate due diligence before a merger or acquisition may face legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue – with all the attendant harms to a business’s profitability and reputation and potential civil and criminal liability. While most compliance practitioners have been long aware of the requirement in the post-acquisition context, the FCPA Resource Guide, 2nd edition, focused many compliance practitioners on the need to engage in robust pre-acquisition due diligence.
The 2020 Update made the need for a robust compliance presence in the pre-acquisition phase even more apparent. It stated, “A well-designed compliance program should include comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls. Pre-M&A due diligence, where possible, enables the acquiring company to evaluate each target’s value and negotiate for the costs of any corruption or misconduct to be borne by the target. Flawed or incomplete pre- or post-acquisition due diligence and integration can allow misconduct to continue at the target company, causing harm to a business’s profitability and reputation and risking civil and criminal liability.”
Multiple red flags could be raised in this process, which might warrant further investigation. They include if the target has ineffective compliance program elements in their compliance program or if there were frequent breaches of policies and procedures. A target that is in financial difficulty would bear closer scrutiny. Structurally, this could present issues if the company did not have a formal ethics and compliance committee at the senior management or Board of Directors’ level. From the CCO perspective, if the position did not have Board or CEO access or had no regular reports, it could present an issue for compliance. Conversely, if there were frequent requests to waive policies, management override of compliance controls, or no consistent consequence management for violations, it could present clear red flags for further investigation.
Three key takeaways:
- Your pre-acquisition due diligence results will inform your post-acquisition integration and remediation going forward.
- Periodically review your M&A due diligence protocol.
- If red flags appear in pre-acquisition due diligence, they should be cleared.
