Anti-Corruption Due Diligence in Mergers and Acquisitions: Are Enforcement Authorities Moving Toward a More Flexible Approach?

Bloomberg Law®, an integrated legal research and business intelligence solution, combines trusted news and analysis with cutting-edge technology to provide legal professionals tools to be...

By Joan Meyer, Baker & McKenzie  

With increasing enforcement scrutiny on mergers and acquisitions in the past decade, companies that are planning on expansion continue to be baffled about what is required for pre-and post-acquisition anti-corruption M&A due diligence. The FCPA Unit of the Department of Justice's most significant advisory opinion on this issue, DOJ Opinion Procedure Release 08-02 (“the Halliburton opinion”), issued in 2008, seemed to set very high standards for integrating an acquisition target into the acquirer's anti-corruption program. Five years later, with FCPA enforcement at an all-time high and no indications that it is likely to recede, global companies planning expansion must view corruption risk as a significant vulnerability when considering business opportunities in emerging markets. Until recently, it seemed logical to assume that the Halliburton opinion formed the base from which all companies had to start to satisfy themselves that their M&A due diligence would pass muster with law enforcement authorities should they inadvertently acquire a corruption problem.

A Seemingly High Burden

But if the Halliburton opinion is the standard, due diligence in the acquisition context imposes a very costly, and some would say unrealistic, burden on growth-oriented companies. The Halliburton opinion created a tight six-month timeframe in which anti-corruption due diligence had to be completed. Under this framework, Halliburton was given 10 days of closing in which to create a work plan and risk matrices to study, among other things, the use of third parties, dealings with state-owned customers, joint ventures, teaming or consortium arrangements, customs, immigration, tax, and licensing and permits. Halliburton was required to report the results of its review to the government in 30-day increments. The review would be accomplished with the use of external counsel, forensic accountants, and a review of records, including email, at all appropriate locations, as well as a review of financial and accounting records, and interviews of relevant employees and other individuals. With respect to integration, the opinion required immediate imposition of an ethical code and anti-corruption policies and procedures on all the acquired company's employees. Within 60 days of closing, Halliburton was to provide training to all officers and employees who warranted expedited training, including all employees in management, sales, accounting, and financial control positions. Even though Halliburton had been prevented by UK law from doing a complete diligence review pre-closing, the opinion left little doubt that the DOJ expected a meticulous anti-corruption due diligence and integration plan completed at an accelerated pace.

As we now know, Halliburton was in the running to acquire Expro, a UK multinational oil and gas well company that was ultimately acquired by Umbrellastream in July 2008. Because of its limited access to Expro's data pre-closing, Halliburton, in an abundance of caution, sought the government's opinion as to how it could shield itself against any liability for potential FCPA violations of the target. The DOJ endorsed the very restrictive and detailed review described above, which, as any company that has done an internal investigation knows, would have required an extraordinary amount of Halliburton's resources, including oversight of external consultants, and funding. Reviewing the email of relevant personnel in all high-risk locations in multiple jurisdictions alone would have been cost prohibitive. The additional requirements of conducting a thorough integration of policies and procedures and implementing a comprehensive training program in 60 days set a daunting standard of M&A due diligence for companies that found themselves in a position similar to Halliburton's.

The Halliburton opinion landed with a thud in 2008. Global companies thinking about a merger or acquisition were not only discouraged about the scope of the review apparently required for good anti-corruption due diligence, they were also apprehensive about the excessive work and unrealistic timelines that the Halliburton opinion seemed to require.

More Flexible Standards?

The recently issued DOJ/SEC FCPA Resource Guide (“the Guide”) now gives some comfort to those companies looking to expand. The Guide appears to retreat from the extreme requirements set forth in the Halliburton opinion and to allow companies more flexibility in scaling their due diligence and integration to achieve a reasonable balance between resources and results. Indeed, the Guide expressly acknowledges the limitations of the Halliburton opinion. It reassures companies that the opinion was not meant to provide strict guidelines for due diligence and integration to be applied in all cases, stating that the Halliburton case involved “special circumstances” because due diligence was severely limited pre-acquisition and, therefore, greater efforts had to be made to successfully complete it after closing.1 The Guide further characterizes the opinion as imposing “demanding standards” and “prescriptive timeframes” in return for a specific assurance from the government not to pursue an enforcement action against the acquiring company if corruption was found in the target during the prescribed due diligence period.2 The government concluded that because of the nature of this type of opinion, “it will likely contain more stringent requirements than may be necessary in all circumstances.”3

Recent settlements also support the conclusion that the government will not employ strict deadlines by which companies must complete acquisition diligence and integration. The government's requirements for FCPA compliance programs in recent years, typically presented as an attachment to a deferred prosecution or non-prosecution agreement, do not adopt the burdensome 30-day phased timeframes of the Halliburton opinion. Instead, they show a much greater flexibility by the government in allowing a company to set a reasonable schedule for its own due diligence work plan.

A trio of recent health care settlements reflects this more flexible approach.

  • In 2012, Pfizer's subsidiary, Pfizer HCP, entered into a deferred prosecution agreement under which Pfizer agreed to institute enhanced compliance obligations on new acquisitions, to include risk-based anti-corruption due diligence conducted by suitable legal, accounting, and compliance personnel. However, no specific time frame expectations for due diligence were provided in the agreement. Pfizer was also tasked with integrating its anti-corruption policies and procedures to any newly-acquired business “as quickly as is practicable, but in any event no more than one year post-closing.”4

  • Similarly, in a 2011 deferred prosecution agreement, Johnson & Johnson agreed to apply anti-corruption policies and procedures “as quickly as is practicable but no less than one year post-closing,” “promptly” train employees, agents, and business partners, and conduct “an FCPA-specific audit of all newly-acquired businesses within 18 months of acquisition.”5

  • In its 2012 deferred prosecution agreement with the DOJ, Orthofix promised to apply its policies, train employees and business partners, and conduct anti-corruption specific audits of all newly-acquired businesses “as quickly as is practicable” but without any specific timelines.6


While these agreements clearly indicate that M&A anti-corruption due diligence is an important part of what the DOJ considers a first-in-class compliance program, they also signal a greater willingness by enforcement authorities to acknowledge the inevitable delays that occur in what is often the cumbersome, frustrating process of diligence and integration as an acquiring company moves to incorporate the target's personnel, policies, and computer networks into its own corporate network.

Additional Clarity on Expectations

Moreover, the Guide also provides greater clarity about what is substantively expected from a company in the M&A due diligence process. While the government concedes in the Guide that most acquisitions would not “require the type of prospective assurances in an opinion from DOJ,” the government encourages companies to take the following steps: (1) conduct risk based anti-corruption due diligence; (2) apply the acquiring company's policies and procedures on the newly acquired entity as quickly as practicable; (3) train officers, directors, and employees of the new business, and where appropriate, train agents and business partners; (4) conduct FCPA specific audits as quickly as practicable; and (5) disclose any corrupt payments discovered during due diligence.

Interestingly, the DOJ and the SEC again do not suggest or impose deadlines for implementation, presumably recognizing that the timelines for completing these tasks will vary based on the size and structure of the organization. The government also appears to give the acquiring company more freedom to determine whether it is appropriate to train agents and business partners on the company's anti-corruption policies as part of its integration plan. Practically, this allows the company to decide which third parties to train, as not all the company's representatives may present the kind of corruption risk that would merit inclusion in a company's own compliance protocols. The government's flexibility on this point is encouraging given that almost all of the FCPA settlements in recent years involve bribery by third parties for the company's benefit.

What the Guide clearly indicates is that the government expects to see a number of key elements in an anti-corruption due diligence plan. Even though the text of the Guide concentrates more on why anti-corruption due diligence is needed in the M&A context, the DOJ and SEC give some particulars about what is needed more indirectly through the use of hypotheticals. The hypotheticals demonstrate that the DOJ and the SEC are very sensitive to the conflicting tensions between a company's legal, accounting, and compliance departments and require further coordination between them.

The government's “best practice” M&A due diligence is divided into three parts. First, it is expected that the acquiring company's legal, accounting, and compliance departments should work together to review the target company's sales and financial data, its customer contracts, and its third party and distributor agreements. The government especially emphasizes that the target's customer base must be analyzed (i.e., to determine how much of that base is comprised of state-owned or controlled entities—both government agencies, departments and ministries, and the less obviously identified state commercial enterprises—and what protocols have been, or will be, put in place to identify and manage that risk). The second part of the equation is the participation of the audit function in the process. The government expects to see evidence of selected transaction testing for specific corruption-related issues as part of any audit plan. Third, the government anticipates that the acquiring company will interview key personnel, such as the target's general counsel and the department heads of sales and internal audit, to better understand the target's corruption risks and its compliance efforts, and to identify corruption-related issues that have arisen in the past. The government suggests that the target be required to disclose to its acquirer all corruption-related issues that have surfaced over the last ten years before the proposed acquisition.

Greater Restraint?

The question remains whether the government's increased flexibility with respect to diligence timeframes, as well as the further clarification as to what is expected as part of an M&A due diligence plan, signal a greater restraint in charging FCPA cases? It certainly seems so. The government has taken great pains to assure acquiring companies in the Guide that “the DOJ and the SEC have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.”7 Where the acquiring company can demonstrate that it performed good anti-corruption due diligence, uncovered potential violations, and promptly disclosed to the government, the government has pursued actions against the predecessor or target company rather than the acquirer. This has occurred in some cases even when the conduct continues post-acquisition. In York International, Johnson Controls was not charged by the SEC even though the conduct at its acquired subsidiary, a former issuer, occurred “through 2006”—after the December 2005 acquisition.8 In Wyeth, the SEC described corrupt payments made by Wyeth subsidiaries until 2010 when they were stopped by Pfizer, but Wyeth was acquired by Pfizer and delisted in October 2009.9 These cases suggest that where the misconduct may have continued for a short period of time after the acquisition, a year or less, the government may give the successor company some leeway before liability attaches.

But the cases also demonstrate that the government has to be convinced that a successor company has not been tainted before it agrees to refrain from pursuing a direct enforcement action against the successor. In cases where the successor company, after a merger, knew about corrupt payments and still affirmatively moved forward and continued the tainted business relationships of its predecessor, the government has charged the successor even if the misconduct continued for only a short time after acquisition. In El Paso, for example, the successor company continued the predecessor's kickback scheme to Iraqi oil officials. Although the payments continued for only a year and a half after the acquisition of Coastal Corporation, they were made with the direct knowledge and participation of El Paso employees, even in the face of widely publicized criticisms of the corrupt nature of Iraqi oil surcharges.10 Given these facts, the successor did not evade liability. Moreover, where two companies, both with a history of making corrupt payments in certain markets, have merged, the creation of the new entity has not precluded DOJ and SEC enforcement actions against the successor entity.11 A corporate reorganization will not nullify liability if the successor just repackages the misconduct under a new name.

Finally, the government's greater flexibility in M&A has been reinforced in other ways. It has been willing to try a tailored approach to preclude tagging a successor with the sins of the former company. In a well-known series of cases involving corrupt payments made to Nigerian officials by a joint venture, one of the companies, Snamprogetti, which was wholly-owned by a company called ENI at the time the violations occurred, entered into a deferred prosecution agreement with the DOJ and was fined $240 million. Saipem, the acquiring company, obtained what the government characterized as “the certainty of conditional release from criminal liability” in exchange for, among other things, signing onto the company's compliance commitments.12 Although Saipem bought the company in the midst of the FCPA investigation and was 43 percent owned by ENI, the DOJ did not pursue ENI, and the DOJ and SEC both chose not to take action against Saipem, despite its established corporate affiliations with the joint venture partner and its owner.13

Similarly, GE acquired Invision in 2004 after it disclosed evidence of FCPA violations to the government and settled its case. At the same time, GE formally entered into an agreement with the government to honor the predecessor company's compliance obligations. The government viewed this as a benefit to GE because it provided “certainty to the successor concerning its FCPA liability.”14 Where the acquirer is implicated, however, the government does not hold back. The same company, GE, was charged in 2010, along with two recently-acquired subsidiaries, for bribery in the Oil-For-Food Program. The treatment of GE differed the second time around because other long-standing GE subsidiaries were involved in the kickback scheme.15

Although law enforcement authorities have been subjected to criticism, even threatened recently with potential federal legislation amending the FCPA because of perceived inflexibility on the issue of successor liability, the Guide and recent settlements give the business community some comfort. It is significant that the DOJ and SEC have spoken with one voice in the Guide because of the perception that they have taken different approaches on this issue in the past. The government has now signaled a move towards more flexibility in setting deadlines for due diligence and integration, longer grace periods in which to discover a target company's misconduct following acquisition, and a greater willingness to allow companies to define the parameters of their own due diligence work plans. By providing additional context to the 2008 Halliburton opinion with the issuance of the Guide and the M&A case analysis it contains, the DOJ and the SEC have also given practitioners more information about “best practice” due diligence and a higher level of assurance as to what comes from a disclosure of violations at a newly acquired entity. It's a welcome development for global companies struggling with familiar resource limitations while looking to expand in emerging markets.

Joan E. Meyer is a partner in Baker & McKenzie's Corporate Compliance Practice. Prior to joining the firm, she was a senior counsel to the Deputy Attorney General at the US Department of Justice. At the DOJ, Ms. Meyer also managed the operation of the President's Corporate Fraud Task Force.  

©2014 The Bureau of National Affairs, Inc. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of The Bureau of National Affairs, Inc.  


This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. The Bureau of National Affairs, Inc. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.  

Request Bloomberg Law®