In this episode, I visit with Eric Feldman about planning out your post-acquisition merger strategy. Recent FCPA enforcement actions have stressed that an acquiring entity apply or ascertain that its Code of Conduct, policies and procedures regarding corruption are consistent with the acquired company’s policies and processes. If they are not consistent, the acquiring company should apply it’s Code of Conduct and anti-corruption policies and procedures to the newly acquired company within 18 months or “as quickly as is practicable”. Employees from the newly acquired entity must be trained on their new Code of Conduct and policy and procedure. There must also be a forensic audit to see if any FCPA issues pop up. This same language was brought forward into the 2020 FCPA Resource Guidance, 2^nd edition.
If pre-acquisition due diligence is done correctly, it will identify risks associated with the target and a risk assessment of that company should follow as a part of your pre-acquisition due diligence along the line to your post-acquisition, to give you a roadmap of what areas of risk need to be addressed immediately. Some of the things you would specifically look for in an integration plan are around internal controls. Feldman noted, “Are you going to use the acquired entities internal controls or are you going to put your company’s internal controls regime in place? If so, how are you going to integrate them? How are you going to address any training and awareness gaps as it relates to ethics and compliance responsibilities of the employees, of the new company that are coming into your company? Do people understand the acquiring company’s anti-corruption posture and their ABC policies and procedures and all of that needs to be well documented into an integration plan.”
Near and dear to my heart is Document Document Document as it is very hard to demonstrate the pre and post-acquisition due diligence to an external entity like the DOJ without documentation. The real issue has to do with how you can demonstrate to a government regulator that you have done everything that you can do as a company to identify risk associated with corruption and misconduct. Moreover, if you do identify the misconduct, that you have taken the right steps to inform the government and make that disclosure.