Previously many compliance practitioners had based decisions in the M&A context on DOJ Opinion Release 08-02 (08-02), which related to Halliburton's proposed acquisition of the UK entity, Expro. In the spring of 2011, the Johnson & Johnson (J&J) DPA changed the perception of compliance practitioners regarding what is required of a company in the M&A setting related to FCPA due diligence, both pre and post-acquisition. On June 18 2012, the DOJ released the Data Systems & Solutions LLC (DS&S) DPA which brought additional information to the compliance practitioner on what a company can do to protect itself in the context of M&A activity.
08-02 began as a request from Halliburton to the DOJ from issues that arose in the pre-acquisition due diligence of the target company Expro. Halliburton had submitted a request to the DOJ specifically posing these three questions: (1) whether the proposed acquisition transaction itself would violate the FCPA; (2) whether, through the proposed acquisition of Target, Halliburton would "inherit" any FCPA liabilities of Target for pre-acquisition unlawful conduct; and (3) whether Halliburton would be held criminally liable for any post-acquisition unlawful conduct by Target prior to Halliburton's completion of its FCPA and anti-corruption due diligence, where such conduct is identified and disclosed to the Department within 180 days of closing.
Halliburton committed to the following conditions in 08-02, if it was the successful bidder in the acquisition:
- Within ten business days of the closing. Halliburton would present to the DOJ a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The Halliburton work plan committed to organizing the due diligence effort into high risk, medium risk, and lowest risk elements.
a) Within 90 days of Closing. Halliburton would report to the DOJ the results of its high risk due diligence.
b) Within 120 days of Closing. Halliburton would report to the DOJ the results to date of its medium risk due diligence.
c) Within 180 days of Closing. Halliburton would report to the DOJ the results to date of its lowest risk due diligence.
d) Within One Year of Closing. Halliburton committed full remediation of any issues which it discovered within one year of the closing of the transaction.
Many lawyers were heard to exclaim, "What an order, we cannot go through with it." However, we advised our clients not to be discouraged because 08-02 laid out a clear road map for dealing with some of the difficulties inherent in conducting sufficient pre-acquisition due diligence in the FCPA context. Indeed the DOJ concluded 08-02 by noting, "Assuming that Halliburton, in the judgment of the Department, satisfactorily implements the post-closing plan and remediation detailed above. the Department does not presently intend to take any enforcement action against Halliburton."
II.Johnson & Johnson (J&J)
In Attachment D of the J&J DPA, entitled "Enhanced Compliance Obligations", there is a list of compliance obligations in which J&J agreed to undertake certain enhanced compliance obligations for at least the duration of its DPA beyond the minimum best practices also set out in the J&J DPA. With regard to the M&A context, J&J agreed to the following:
- J&J will ensure that new business entities are only acquired after thorough FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. Where such anti-corruption due diligence is not practicable prior to acquisition of a new business for reasons beyond J&J's control, or due to any applicable law, rule, or regulation, J&J will conduct FCPA and anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments, falsified books and records, or inadequate internal controls as required by . the Deferred Prosecution Agreement.
- J&J will ensure that J&J's policies and procedures regarding the anti-corruption laws and regulations apply as quickly as is practicable, but in any event no less than one year post-closing, to newly-acquired businesses, and will promptly, for those operating companies that are determined not to pose corruption risk, J&J will conduct periodic FCPA Audits, or will incorporate FCPA components into financial audits.
- Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to J&J, on the anticorruption laws and regulations and J&J's related policies and procedures; and
- Conduct an FCPA-specific audit of all newly acquired businesses within 18 months of acquisition.
These enhanced obligations agreed to by J&J in the M&A context were less time sensitive than those agreed to by Halliburton in 08-02. In the J&J DPA, the company agreed to the following time frames:
- 18 Month - conduct a full FCPA audit of the acquired company.
- 12 Month - introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives which "present corruption risk to J&J."
III. Data Systems & Solutions LLC (DS&S)
In the DS&S DPA there were two new items listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:
- DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.
- DS&S will ensure that DS&S's policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:
- Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S's policies and procedures regarding anticorruption laws.
- Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.
This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton's request for guidance and the J&J "Enhanced Compliance Obligations" incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S's FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during M&A activities.
FCPA M&A Box Score Summary
Time FramesHalliburton 08-02J&JDS&SFCPA Audit
- High Risk Agents - 90 days
- Medium Risk Agents - 120 Days
- Low Risk Agents - 180 days
18 months to conduct full FCPA audit As soon "as practicable" Implement FCPA Compliance Program Immediately upon closing 12 months As soon "as practicable" Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon "as practicable"
The Guidance, coupled with the 08-02 and the two enforcement actions, speak to the importance that the DOJ puts on M&A in the FCPA context. The time frames for post-acquisition integration are quite tight. This means that you should do as much work as you can in the pre-acquisition stage. The DOJ makes clear that rigor is needed throughout your entire compliance program, including M&A. This rigor should be viewed as something more than just complying with the FCPA; it should be viewed as just making good business sense.
Nat Edmonds, in an interview in the Wall Street Journal (WSJ) entitled, "Former Justice Official: How to Buy Corrupt Companies", emphasized that if a company does not have the opportunity to make these types of inquiries in the pre-acquisition stage the "DOJ and SEC generally recognize that sometimes it's not possible to do complete due diligence beforehand. However, if there are good faith efforts to conduct due diligence, integrate compliance programs and take remedial actions by removing those wrongdoers - if all of that is done on a quick basis [authorities] give very strong credit. The best example of this is the 2009 purchase by Pfizer of Wyeth. I was prosecutor on the Pfizer Wyeth [bribery] case. Pfizer was able to do some due diligence before the acquisition but because both are massive organizations it was not possible to do complete due diligence prior to acquisition. But after the acquisition within 180 days they had identified much of the wrongdoing at Wyeth and ensured it was halted. As a result of that we gave them credit. On the criminal side Pfizer was not held criminally liable for any of the conduct at Wyeth. Most of what Pfizer was held responsible for was as a result of a previous acquisition of Pharmacia, which they acquired in 2002 and 2003. At the time of the Pharmacia acquisition, acquirers did not typically conduct anti-corruption due diligence on targets. And during the investigation most of the violations of FCPA [Pfizer] was held criminally liable for began prior to the acquisition of Pharmacia -some was afterwards. Pfizer was held responsible for the misconduct at Pharmacia both before and afterwards. The Pfizer case is interesting because it shows both the good and bad."
I believe that he information is out there for the steps to take in a merger or acquisition to avoid FCPA liability. You should place emphasis on both the pre and post acquisition phases; equally because as with most FCPA compliance program components, they just make good business sense.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2014