What you should do with the information that you obtain in your pre-acquisition compliance due diligence. Your approach should review key risk factors which should prompt a purchaser to conduct extra careful, heightened due diligence or even reconsider moving forward with an acquisition under extreme circumstances.
In the 2020 Update to the Evaluation of Corporate Compliance Programs, the DOJ stated “the extent to which a company subjects its acquisition targets to appropriate scrutiny is indicative of whether its compliance program is, as implemented, able to effectively enforce its internal controls and remediate misconduct at all levels of the organization. The following question was posed, Who conducted the risk review for the acquired/merged entities and how was it done? The bottom line is that you must use the information you have obtain in the due diligence process and have an auditable trail if the regulators come knocking.
Three key takeaways:

1. Create a list of key risk factors in your protocol.
2. Create a forced risk ranking, but remember it is simply that, a forced risk ranking.
3. Your pre-acquisition team should include a suitable combination of legal, accounting, and compliance personnel.