The compliance component of your M&A regime should begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk exposure, such as best/worst case scenarios. A pre-acquisition risk assessment could also be used as a “lens through which to view the feasibility of the business strategy” and help to value the potential target.
I suggest a four-step process to plan and execute a strategy to perform pre-acquisition due diligence in the M&A context.
- Establish a point of contact.
- Collect relevant documents.
- Review the compliance and ethics mission and goals.
- Review the elements of an effective compliance program.
There are multiple red flags which could be raised in this process, which might well warrant further investigation. They include if the target has ineffective compliance program elements in their compliance program or if there were frequent breach of policies and procedures. Obviously, a target which is in financial difficulty would bear closer scrutiny. Structurally, if the company did not have a formal ethics and compliance committee at the senior management or Board of Directors’ level, this could present issues. From the CCO perspective, if the position did not have Board or CEO access or if there were not regular reports to the Board, it could present an issue for compliance. Conversely, if there were frequent requests to waive policies, management over-ride of compliance controls or no consistent consequence management for violations; it could present clear red flags for further investigation.
Three key takeaways:
- The results of your pre-acquisition due diligence will inform your post-acquisition integration and remediation going forward.
- Periodically review your M&A due diligence protocol.
- If red flags appear in pre-acquisition due diligence, they should be cleared.