Avoiding Successor Liability Under DOJ Safe Harbor
Successor liability under the Foreign Corrupt Practices Act has been a risk for companies since the statute was first enacted. Until recently, the DOJ and SEC have been somewhat vague in terms of their expectations about FCPA due diligence and the time imperatives surrounding post-merger integration and combining compliance programs. That all changed in October, 2023 when Deputy Attorney General Lisa O. Monaco announced the implementation of DOJs Safe Harbor Policy for voluntary self-disclosure made in connection with mergers and acquisition.
DAG Monaco said that the DOJ wants to incentivize acquiring companies to timely disclose misconduct uncovered during the M&A process. She further announced that acquiring companies who promptly and voluntarily disclose criminal misconduct within the safe harbor period, cooperate with the ensuing investigation and engage in requisite, timely and appropriate remediation, restitution, and disgorgement will receive the presumption of a declination.
In order to qualify for the safe harbor, companies must disclose misconduct discovered at the acquired entity within six months from the date of closing. That applies whether the misconduct was discovered pre or post-acquisition.
To better understand what Safe Harbor will mean to acquisitive companies going forward, I interviewed someone who’s very familiar with FCPA enforcement, FCPA compliance and M&A due diligence – Morrison Foerster’s Chuck Duross. Chuck serves as global co-chair of Morrison Foerster’s Investigations and White Collar Defense Practice Group and is co-leader of its FCPA and global anti-corruption practice. Chuck has more than 27 years of experience principally focused on white collar cases and was previously deputy chief in the fraud section of the criminal division of the US Department of Justice, where he led the FCPA unit and was in charge of all DOJs FCPA investigations, prosecutions and resolutions in the United States.
I asked Chuck to explain what’s different about the M&A Safe Harbor policy. He explained that companies will have a baseline of one year from the date of closing to fully remediate the misconduct. The remediation will be subject to a reasonableness analysis and recognition on the part of DOJ that all deals are different and depending on the specific facts, circumstances and complexity of a particular transaction, those deadlines could be extended. While Safe Harbor does make some of the department’s expectations more transparent, the term “fully remediate” the misconduct certainly may be subject to interpretation.
Chuck elaborated that there were a number of steps organizations should take when it comes to the identification of issues requiring remediation and making sure that the remediation meets the government’s definition of fully remediated.
The M&A Safe Harbor Policy is in some ways a public pronouncement of an existing practice of both DOJ and the SEC. That preexisting practice was to encourage good companies to buy troubled companies and to fix them. M&A Safe Harbor is a part of a continuing effort to encourage that phenomenon. Indeed, acquiring companies should take some comfort that if they’re acquiring a troubled company, they will not end up having criminal liability or even civil liability for the past bad acts of an acquired company through successor liability.
But they’re not going to get a free pass in avoiding successor liability. Instead, there are a couple of different constraints that this policy reflects.
You have to disclose any problematic behavior within six months and fix it within a year. The announcement came with the usual caveats that not all transactions are created equal. One could be a relatively minor acquisition, and another could be a multi-jurisdictional, multi-billion dollar acquisition involving a company operating in dozens of different countries. There’s a balance in terms of how quickly you can remediate.
Regarding fully remediating misconduct, Chuck expressed the view that some have too narrowly apprehended what full remediation actually means. In his view, disciplining a few people and then announcing to the government that they fixed the problem is unlikely to meet what the government means by fully remediating the problem.
The Safe Harbor Policy suggests you can buy a company that you knew through due diligence had corruptly acquired an oil or a mining concession. While making this disclosure and firing the people that were involved is a good start, the problem has not been solved. That’s why the policy talks about things like restitution and disgorgement. Fully remediating misconduct in a circumstance like this hypothetical probably means unwinding the underlying concession that could amount to the entire value of the deal.
When you think about fully remediating, the first thing that needs to be done is figure out how big the problem is, ringfence it, identify who was involved, and then identify how you are going to fix it. That fix is both in terms of the immediate situation, meaning whether something was acquired through corruption or some benefit that was realized through corruption, and then considering what disgorgement or unwinding the acquisition is going to entail.
On a go forward basis, the Department wants companies to undertake root cause analysis. That of course includes disciplining individuals and fixing the problem of what took place in the past. But it also includes identifying how those problems tend to occur and what the organization has done to have assurances that they won’t happen in the future. Root cause analysis must then be followed by remediation such as putting into effect new policies and procedures, additional enterprise internal controls, segregation of duties, additional and upgraded training, certifications, and other actions which in the aggregate give the acquiring organization and the Department comfort going forward. That’s the full remediation referred to in the Safe Harbor Policy.
I can’t have a conversation with Chuck without us laughing about something. This time, it had to do with the term “safe harbor” and how it may be a source of some confusion. “Safe” isn’t the word that first comes to mind when presiding over a cross border acquisition that could be rife with potential FCPA liability. We decided a better name for DOJ’s new stance on M&A should instead be called “Less Perilous Harbor”. We haven’t heard back from Lisa Monaco on our suggested rebranding.
To listen to the full conversation with Chuck Duross on the Fraud Eats Strategy podcast, click here.
