Tackling compliance risks in cross-border M&A
The second half of 2020 saw a 79 percent increase in cross-border M&A compared with the first half of the year – the biggest half-year jump on record – and we expect deal activity to continue apace. In that context, it is worth bearing in mind the potential legal and regulatory dangers that can arise when conducting such transactions, and how in-house teams can help address them.
The US Department of Justice (DoJ) and other global authorities have long emphasized that cross-border M&A presents compliance-related risks for acquirers. Anti-bribery and anti-corruption, anti-money-laundering, sanctions and fraud risks, among others, require careful assessment and mitigation, ideally as part of both pre-signing deal diligence – when possible – and post-closing integration efforts.
These risks can arise when a company acquires an entity with historic misconduct, such as improper payments made to obtain contracts or concessions, or a weak culture of compliance in which employees have absorbed the message that following the law is not a priority. In the worst cases, historic misconduct can lead to significant costs that overwhelm the benefit of an investment and undermine the company’s ability to focus its energies on its strategic objectives.
For some industries and sectors, a continued release of pent-up demand and high valuations may lead to a sellers’ market, with curtailed deal schedules and less time to conduct diligence. Other combinations may turn on strategic factors and might not be subject to the same time pressure. In either situation, companies are well-advised to consider practical and effective ways to assess and address compliance risks, which may look different from how they looked before the Covid-19 pandemic.
The DoJ’s and SEC’s resource guide to the FCPA calls for pre-signing due diligence, where feasible, and post-closing efforts to identify and remediate compliance risks. The DoJ’s enforcement approach is consistent with this and, similarly, the US Department of the Treasury’s Office of Foreign Assets Control has assessed several multi-million-dollar penalties against companies it has accused of failing to detect or prevent dealings with sanctioned jurisdictions arising from acquired entities.
Developing international standards are aligning with the US government’s view. The Criminal Division of the French Supreme Court recently ruled that acquirers may be held criminally responsible for a subsidiary’s pre-acquisition conduct. German authorities are considering their country’s first-ever corporate criminal liability regime. In addition, guidance issued by the UK’s Serious Fraud Office in January 2020 affirmed that M&A transactions warrant ‘robust due diligence’. These developments further demonstrate the importance of compliance diligence in cross-border M&A.
HOW TO HELP
We recommend that general counsel and chief compliance officers (CCOs) advise their corporate clients to conduct a combination of reasonably scoped pre-signing diligence – whenever reasonably possible – and post-closing risk assessments, and deputize their teams to undertake these reviews.
Even though transaction documents often provide purchasers with remedies if misconduct by a target exposes the buyer to investigations or regulatory penalties, these contractual protections may be insufficient to address regulatory expectations for the successor entity and may be difficult to enforce.
In order to best serve the needs of the company, pre-signing diligence will often go beyond a strict ‘red flags’ review and include an evaluation of key risks and potential mitigants. The diligence process usually includes requesting and reviewing relevant documents and information and noting any gaps. It also often includes interviewing management on relevant topics, including the acquiree’s compliance and training programs, regulatory enforcement history, internal complaints and involvement in high-risk business lines and transactions.
Post-closing risk assessments will usually involve a deeper review of key risks, given that the acquirer typically has better access to documents, people and information after a deal closes. These risk assessments are commonly led by outside counsel, who may work with forensic accountants.
General counsel and CCOs should encourage their teams to involve other internal stakeholders, including personnel from HR, IT, corporate security and those responsible for financial controls. As a result of the insights gleaned from this work, the company may decide to change certain business practices, implement additional controls and conduct additional training.
Planning for integration can begin pre-signing or between signing and closing, and for acquisitive corporations it can eventually become a familiar process, in the same way that the pre-signing flow of diligence requests, management interviews and document negotiations are well known to the employees who handle M&A.
As integration proceeds, teams can engage in regular updates, often via videoconference or teleconference, to keep everyone involved abreast of all relevant developments and give the general counsel, CCO or their deputies an opportunity to keep the process focused, seek additional resources when needed, direct lines of inquiry and maintain open communication so the legal function can report to the board or executive management.
In sum, general counsel and CCOs play a key role in helping their institutions address deal-related compliance risks through a combination of due diligence and post-closing risk assessment. These processes will enable acquirers to make informed decisions when entering into a deal and manage deal-related compliance risks on a continuing basis.
Olivia Radin is a partner in the New York office of Freshfields. Andrew Bulovsky and Mark Goldberg are associates in the firm’s Washington, DC office