Tag: M&A

Categories
All Things Investigations

All Things Investigations: Episode 15 – The Power of Pre-acquisition Due Diligence with Mike Huneke

 

Welcome to the Hughes Hubbard Anti-Corruption and Internal Investigations Practice Group’s Podcast, All Things Investigations. In this podcast, host Tom Fox and returning guest Mike Huneke of the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group highlights some of the key legal issues in white-collar investigations, locally and internationally.

 

 

Mike Huneke is a partner in the firm’s Washington office. Among other things, Mike advises clients on navigating and resolving multi-jurisdictional criminal or Multilateral Development Bank (MDB) anti-corruption investigations. He assists companies subject to post-resolution monitorships or other commitments and designs and executes risk-based strategies for due diligence on third parties.

Key areas we discuss in this podcast:

  • The commentary on mergers in the FCPA space is largely around post-acquisition.
  • The reason for pre-acquisition due diligence.
  • Questions a potential acquirer should ask before buying a business.
  • Even if they don’t have a program for some voluntary due diligence, sellers with nothing to hide shouldn’t be scared of buyers asking questions.
  • In advance of a sale, ensure you have clear records of tax considerations and that they are ready to be shared.
  • The basic mandates from the DOJ around post-closing.

 

Resources

Hughes Hubbard & Reed website 

Mike Huneke

Anti-Corruption Due Diligence Can Help Buyers, Sellers, and Their Advisers to Facilitate Acquisitions

 

Categories
Blog

Lafarge Part 3: Final Thoughts

We conclude our exploration of one of the most public cases of corporate moral bankruptcy where Lafarge SA and its Syria unit Lafarge Cement Syria, or LCS, each pled guilty to a count of conspiring to provide material support to foreign terrorist organizations and will pay a total of $777.78 million.  According to the Plea Agreement, this amount consisted of a total criminal fine of approximately $91 million and forfeiture of $687 million. As previously noted, this is not a Foreign Corrupt Practices Act (FCPA) enforcement action, but an enforcement action based on USC §2339B for one count of conspiracy to provide material support to one or more foreign terrorist organizations. While this is not a FCPA enforcement action, the mechanisms by which Lafarge paid bribes or otherwise funded the terrorist organizations ISIS and ANF are instructive for the anti-corruption compliance professional. These strategies were laid out in the Statement of Facts and considered in Part 2 of this series.

The Costs of Corruption

One clear message from this matter is the cost of moral bankruptcy and corruption. As noted in the Statement of Facts, “From August 2013 through October 2014, Lafarge and LCS paid ISIS and ANF, through intermediaries, the equivalent of approximately $5.92 million.” For that amount of corruption, through the funding of terrorist and terrorism, Lafarge will pay a total fine of $777.78 million. About the only FCPA matter which comes close to this disparity in the amount of the bribe and penalty was the Avon FCPA enforcement action where bribes totaling $8 million led to led to a reported total penalty of $135 million. By the time of the resolution, Avon also had reported over $300 million in investigative costs.

At the times of the incidents in questions, 2012 to 2014, Lafarge had annual sales in the range of $2 billion plus and annual revenues in the range of $400 to $435 million. Very clearly the bribes paid by Lafarge were not material in the financial accounting sense. That may have been why no one seemed to be looking at the company. However, it drives home the point that a relatively small amount of corporate outgo can generate huge costs in the form of a $777.78 million fine. We have not begun to discuss the pre-resolution costs but in FCPA cases they are in the range of two to six times the final fine. Even if the pre-resolution costs were 1X the fine, that would still drive the all-in cost over $1.5 billion.

Monitoring Non-Standard Communications

One of the areas that bears consideration by the compliance professional is that of internal communications, as, “Many of the Lafarge and LCS executives involved in the scheme used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.” In September, the Securities and Exchange Commission (SEC) announced “charges against 15 broker-dealers and one affiliated investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders, acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, agreed to pay combined penalties of more than $1.1 billion, and have begun implementing improvements to their compliance policies and procedures to settle these matters.”

In a recent speech (Miller speech), Principal Associate Deputy Attorney General Marshall Miller said, after the announcement of the Monaco Doctrine, in a section entitled “Meeting the Compliance Challenges of Communications Technology”, “Now let me turn to an area that we recognize is a big challenge for all organizations — employees’ use of personal devices and third-party messaging platforms for work-related communications… particularly as to detecting their use for misconduct. However a company chooses to address their use for business communications, the end result must be the same: companies need to prevent circumvention of compliance protocols through off-system activity, preserve all key data and communications and have the capability to promptly produce that information for government investigations.”

Now consider that whopping fine and enforcement action in the context of the fraud of Lafarge executives. The Miller speech focused on both messaging apps and other forms of corporate communications. In the Lafarge matter, the communications were very basic, on company computers using non-company emails through channels like AOL or Gmail. The Lafarge executives were using these outside of standard communication channels to facilitate their crimes with ISIS and ANF. This part of the enforcement action has not received much scrutiny but is something every compliance professional needs to consider – are your employees (or execs) using non-company emails or other forms of communication tools outside of standard company communication methods? The compliance function needs to work with their corporate IT folks to make sure no executives or employees are using such channels for communications and to monitor them if they are.

Failures in M&A Due Diligence

The final area for consideration is that of Mergers and Acquisitions (M&A). The Statement of Facts noted, “LAFARGE and certain of its executives, in fact, failed to disclose LCS’s dealings with ISIS and ANF to Holcim throughout discussions of the transaction and after completion of the deal. LCS had ceased producing cement in Syria by the time the transaction with Holcim was completed, and in the approximately seven months between the completion of the acquisition and the emergence of public allegations regarding the misconduct in Syria, Holcim did not conduct post-acquisition due diligence about LCS’s operations in Syria.”

Not only did the Lafarge executives not disclose this corruption to Holcim, but they also actively discussed continuing the corruption payment so as not to derail the transaction. Moreover, Holcim apparently did not conduct due diligence into LCS or any of these matters. Perhaps the non-material nature of the payments was a factor. Whatever the excuse for this pre-acquisition due diligence failure, it cost Holcim dearly. Even if Holcim was not assessed the fine, they were the entity which bore the administrative and emotional costs of the investigation leading up to the resolution. Dan Chapman once told me that in an all-encompassing investigation, it could take up to 25% of senior executives time. Given the number of investigations across the globe on this matter, that figure might be lower. All of these factors bear witness to the extraordinary costs for the failure of an acquiring company to perform compliance due diligence prior to closing.

We are now at the end of this short blog series. The Lafarge case is perhaps the first corporate matter since the oil-for-food cases where complete corporate moral bankruptcy has played such a factor. We can only hope that it will be that long until we see the next such example.

Categories
Everything Compliance

Episode 104 – the Back to School Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Jonathan Armstrong, Jay Rosen and Matt Kelly on a variety of topics. We conclude with our fan Shout Outs and Rants section.

1. Jay Rosen looks at a recent report about the number and quality of SEC whistleblower awards.  Rosen shouts out to scientists who are trying to create Oxygen from CO2 so that life can exist on Mars.

2. Matt Kelly discusses the Mudge whistleblower allegations regarding Twitter.  Kelly shouts out to NASA engineers who scrubbed the space shuttle launch due to safety concerns.

3. Jonathan Marks considers the role of internal audit in M&A work specifically and how the Board should utilize internal audit more generally. Marks shouts out the 30the anniversary of the US Sentencing Guidelines.

4. Tom Fox shouts out the American League leading Houston Astros.

5. Jonathan Armstrong looks at the newly released Lloyd’s regulations around denial of coverage for cyber-attacks made by foreign governments and state actors. He shouts out to the British television show “Have I Got News” for skewering Boris Johnson with his own words.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

June 28, 2022 the Trump SPAC Under Investigation Edition


In today’s edition of Daily Compliance News:

  • OCC says banks are facing new and additional risks. (WSJ)
  • Trump SPAC is under investigation. (NYT)
  • Nigeria’s top judge resigns amid corruption allegations. (KXAN)
  • Corp expansion on hold? (Reuters)
Categories
Compliance Into the Weeds

Stericycle FCPA Enforcement Action


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recently released Stericycle FCPA enforcement action. Highlights include:

  • What is a business strategy based upon corruption?
  • Over-expansion and under due diligence in M&A.
  • Document Document Document
  • The Monaco Doctrine at work.
  • Lessons learned going forward.

Resources
DPA
SEC Order
Matt in Radical Compliance
Tom in FCPA Compliance and Ethics Blog

Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part IV

Last week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. Today we consider the lessons learned.
Rapid Expansion
Similar to what we saw in the WPP enforcement action, Stericycle engaged in rapid expansion in a series of foreign jurisdiction. In this case it was Latin America. Stericycle does not seem to have made the same mistakes as WPP in holding back part of the overall acquisition payout to the owners in the locales where they purchased entities and thereby incentivizing corruption to meet sales goals. Under Stericycle, there was nothing about this same type of incentive plan used by WPP. However, Stericycle did appear to keep the former owners on as the executives in these new foreign subsidiaries without taking into account how those former owners may have done business or the risk model it entailed.
Which brings us to pre-acquisition due diligence, which is not simply looking at the financial issues involved but also considering the potential purchase from the compliance perspective. How did the companies which were purchased to form the foreign subsidiaries in Latin America do business before they were purchased? Did Stericycle review those companies from the compliance standpoint?
Moreover, and as Candice Tal, founder of Infortal, continually reminds us, due diligence is more than simply a site investigation or a couple of interviews. It should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other lawsuits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publicly.” Clearly, Stericycle did not engage in this level of due diligence in either the acquisitions of the entities which became Stericycle subsidiaries in Latin America, nor in their key personnel. Employees up and down the chain of an organization do not simply wake up one day and decide to engage in bribery and corruption and create a full set of records so the effectiveness of your bribery-based business process can be evaluated. 
Impact of the FCPA Corporate Enforcement Policy
The Stericycle enforcement action once again demonstrates how the FCPA Corporate Enforcement Policy can benefit even the most corrupt organization and allow a significant reduction of the overall fine and penalty under the US Sentencing Guidelines. According to the DPA, Stericycle received a 25% discount off the bottom of the applicable Sentencing Guidelines fine range for its cooperation during the pendency of the investigation and the extensive remediation.
I have previously estimated Stericycle saved between $25 million to $30 million from their final criminal fine. That is certainly a significant amount and one every Chief Compliance Officer (CCO) needs to have ready to submit to your CEO to demonstrate the power of committing time and resources to both internal investigations and remediation during the pendency of the investigation.
Impact from the Lisa Monaco Doctrine
a. The Monitor
The is first FCPA enforcement action to show the full impact of the change in DOJ enforcement priorities after the Lisa Monaco speech of October 2021, in a variety of ways. The first is the imposition of a monitor. It was required under both the DPA and the Order. Interestingly, even though the company was long aware of its compliance and ethical failures and even though it had been investigating this matter since at least 2016; the company could not seem to get its collective act together enough to fully implement and test the new compliance regime set out in the DPA. The DPA stated, “despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years, as described more fully below and in Attachment D, is necessary to prevent the recurrence of misconduct.” [Emphasis supplied] Clearly the DOJ (and SEC) did not trust that the company would follow through with its resolution documents obligations and was “necessary to prevent the recurrence of misconduct.”
b. Culture
One part of the Monaco speech which drew much criticism from the White-Collar defense bar and others were her remarks around culture and that the DOJ would start assessing corporate culture in the context of other fines, penalties and regulatory enforcement actions from outside the FCPA context. Many articulated fears that conduct completely unrelated to a FCPA enforcement action could form the basis of a FCPA enforcement action. Those fears were alleviated in the Stericycle DPA which stated, “the Company has some history of prior civil and regulatory settlements, but no prior criminal history”. At least at this point, no unrelated civil or regulatory actions were assessed in the context of a FCPA enforcement action.
There was and continues to be much to consider and learn from the Stericycle FCPA enforcement action. I am sure we will be revisiting it in the future.

Categories
Daily Compliance News

April 5, 2022 the Is Corp Diversity Unconstitutional? Edition


In today’s edition of Daily Compliance News:

  • Companies putting M&A on hold due to war. (WSJ)
  • CA corp diversity law ruled unconstitutional. (Reuters)
  • Is ESG contradictory? (FT)
  • Closing arguments begin in Roger Ng trial. (Reuters)
Categories
Compliance Kitchen

DOJ & FTC Public Comment on Illegal Mergers


Department of Justice and Federal Trade Commission open public comment window – enforcement against illegal mergers.

Categories
Blog

Due Diligence Lessons from Elizabeth Holmes and Theranos

Elizabeth Holmes was found guilty this week on 4 of 11 charges against her. The jury was unable to reach agreement on the remaining seven charges against her. Multiple media outlets have reported on the verdict. They include the Verdict itself in the Wall Street Journal (WSJ); what the verdict means for Silicon Valley, in the New York Times (NYT); questions on the victims of the Theranos fraud in Bloomberg and, of course, the lingering questions or how or even will Holmes serve any time, as reported in Fortune. Others have questioned whether the guilty verdict is an indictment of the entire Silicon Valley “fake it ‘til you make it” culture, as reported in The Verge.
I had two recent podcasts on the trial, Holmes and Theranos. The first, with white collar defense lawyer Kevin O’Brien, looked at the trial itself, the prosecution and defense cases as well as whether Holmes testimony hurt or helped her defense. The second, with Exiger President Brandon Daniels, considered the types of due diligence which you should engage in when considering a major investment. Both episodes were well received, pointing to the ongoing fascination with this major fraudster and how to parse out some lessons learned for the compliance professional.
From the testimony it was clear that Holmes knew exactly what she was doing all along. As reported by The Verge, “When it came to the investors, prosecutors had Holmes dead to rights. Unlike with the patients, she was in the room. There were emails and recordings. Holmes’ ties were clearer, and what she knew was clearer, too. The easiest part of this case to prove was about money, and that was where the prosecution spent the bulk of its time. Did Holmes lie to investors? The jury thought so on three counts”. In other words, the Theranos blood testing scam never did work.
But what are the lessons for the compliance professional? Daniels made clear in his podcast there were several lessons not only for companies looking to invest but in multiple business relationships such as potential joint venture partners, funded development partners and other types of business partnerships and ventures. He pointed out one thing to look at is your potential partner’s supply chain purchases; check it and challenge it. With Theranos, if someone saw the supply chain relationships with traditional blood testing equipment, it would lead him/her to ask, “Why is that occurring?” So why would Theranos be purchasing a competitor’s equipment?
If the answer came back the equipment is for testing and development comparison, why were those purchases at scale? Why did Theranos need so much of its competitor’s testing equipment. We now know it was because Theranos was testing blood samples on the Siemens blood testing equipment and claiming it was done on Theranos equipment.  If it was for comparison purposes, you would not have expected Siemens’s equipment to have been purchased in such large numbers.
Another area for due diligence is whether the potential partner has the production capacity to build the units that they intend to achieve. This is critical when you are moving from protype to a commercial enterprise, as Theranos did with Walgreens. Of course, Walgreens not only failed to do the basic due diligence required on the Theranos blood testing machine but actually removed experts from its pre-acquisition due diligence team who raised such questions.
Another difficult area in investment due diligence is how to evaluate the founder(s) of a startup as potential post-acquisition or post-merger leadership candidates. Many startups have a leader who has a vision. Holmes did have a vision. I am firmly convinced that Holmes had a vision of a bloodless draw for testing. But often visionaries are not really execution people. They may not even be operational people, but they are visionaries.
Daniels noted, “maverick leaders, who have a unique vision, a unique idea, and then tap into a fundamental, almost primal need in a market are always going to get a lot of attention. Especially ones that are cult to personality which Elizabeth Holmes rightly has in place.” But even here, you need to ask some direct questions. Does the company really have the expertise at the very top to understand that what they are attempting to do is possible? Moreover, do they have the capacity, the expertise, the fundamental understanding of the component of the device, or the innovation that would be necessary to know if full scale production is even possible
A key step in the production process is a prototype. Is there a minimum viable product (MVP) that can be built and tested? This would help inform if key management personnel have “a fundamental understanding of how the core parts of the process work? Do they have an understanding how they lived the market need? Finally, have they prototyped the product to the point where you could actually demonstrate that it will work, even if you’re eons away from it being productized and scaling?” From there you should move on the to having a “seasoned medical professional, a seasoned medical device expert either in-house or as a company partner and the right management team to assess whether or not what they were doing is viable is so important.”
Theranos also serves as an excellent example of the mandates from the Department of Justice (DOJ) in Mergers and Acquisitions (M&A) in a best practices compliance program. You must start with pre-acquisition due diligence but that is only the starting point. The data you glean in pre-acquisition due diligence should serve as your baseline for ongoing monitoring of any company you acquire in the post-acquisition phase. It is this coupling of pre-acquisition due diligence with the post-acquisition phase in a best practices compliance program which is another key lesson from Theranos.
In investment due diligence, due diligence tends to be a point-in-time which looks at the dynamics of the business, but you need to couple due diligence on an ongoing basis because the risks you assess today may well change tomorrow. Daniels noted, “you have to continuously monitor the issues to make sure that your investments decisions in terms of production, your decisions in terms of your capabilities are sound and there is continuous monitoring.”
The Holmes verdict will be studied as a part of the overall story of Theranos. There are many lessons to be learned from Theranos for the compliance professional. But perhaps we should start with one of the most basic forms of due diligence. If it sounds too good to be true, it probably isn’t true. Or if you want to channel your inner Ronnie Reagan, “Trust but verify” even in due diligence.

Categories
Daily Compliance News

December 31, 2021 the Fog Ahead Edition


In today’s edition of Daily Compliance News:

  • Legislation to take on Amazon productivity algorithms. (Bloomberg)
  • Delaware court rulings that will shape M&A in 2022. (Reuters)
  • Deutsche Bank fined by German regulators for poor internal controls. (WSJ)
  • Foggy regulations challenge crypto. (WSJ)