FCPA Compliance in M&A | What you don't know CAN hurt you

The Foreign Corrupt Practices Act (FCPA), enacted in 1977, generally prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business. The FCPA can apply to prohibited conduct anywhere in the world and extends to publicly traded companies and their officers, directors, employees, stockholders, and agents. Agents can include third-party agents, consultants, distributors, joint-venture partners, and others.

The FCPA also requires issuers to maintain accurate books and records and have a system of internal controls sufficient to, among other things, provide reasonable assurances that transactions are executed and assets are accessed and accounted for in accordance with management's authorization.

The sanctions for FCPA violations can be significant. The SEC may bring civil enforcement actions against issuers and their officers, directors, employees, stockholders, and agents for violations of the anti-bribery or accounting provisions of the FCPA. Companies and individuals that have committed violations of the FCPA may have to disgorge their ill-gotten gains plus pay prejudgment interest and substantial civil penalties. Companies may also be subject to oversight by an independent consultant.

The SEC and the Department of Justice are jointly responsible for enforcing the FCPA. The SEC's Enforcement Division has created a specialized unit to further enhance its enforcement of the FCPA.^[1]

Part One of a Four-Part Series

When considering an opportunity to merge with or acquire another company, it’s not always the price tag that matters most. With so much focus on corruption and bribery today, a purchaser must consider any factors that could be determined to be in violation of the Foreign Corrupt Practices Act (FCPA).

So, what does this mean exactly? To avoid the possibility of fines or penalties, an acquiring company must perform anti-corruption due diligence as they are at risk of inheriting any liability (as successors or partners) and could face enforcement actions if they are unable to quickly identify and stop any misconduct.

The US Department of Justice (DOJ) and US Securities & Exchange Commission (SEC) provide acquiring companies with detailed guidance on anti-corruption due diligence and disclosure expectations for both pre- and post-acquisition. With a deeper understanding of how a target company operates, the acquiring firm can take the necessary steps to implement ethics and compliance programs through comprehensive risk assessments and mitigation plans to address potential risk factors.

Because all of this should occur before a merger and acquisition deal is final, it is necessary to construct a formal FCPA diligence plan. Through our four-part FCPA Blog Series we will walk through the reasons why (FCPA) due diligence is important, the diligence needed in each phase of a merger or acquisition, case studies, and the value of implementing an automated compliance risk mitigation software to ensure continued FCPA compliance.

The Importance of FCPA Diligence 

FCPA compliance can be a relentless task. Risk teams must document and cross-reference large quantities of information from internal data analysis and interviews performed by human representatives. This can result in lack of enforcements and missed opportunities

The DOJ and the SEC state in their FCPA compliance guidance: “[C]ompanies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. In addition, such actions demonstrate to DOJ and SEC a company’s commitment to compliance and are taken into account when evaluating any potential enforcement action.”

In the context of mergers and acquisitions, there are certain implications for corporate liability for the parent-subsidiary with regards to FCPA. There are also ways to conduct effective and efficient compliance diligence, as well as ways to mitigate and remediate any issues that may be identified during diligence. This ensures the transaction is defensible before authorities and stakeholders.

Understand inherited liability

Any company considering an acquisition of another company must understand that they could be liable for the deeds and acts of their newly acquired entity. Anyone who acts on behalf of a company, under their control or direction, including officers, directors, agents, employees, or shareholders are prohibited from making corrupt payments to foreign officials to obtain or retain business according to FCPA. It is imperative that books are properly maintained, all records and accounts are accurate and fairly represent the transactions of the company, and that there are sufficient internal accounting controls to ensure the accuracy of all financial statements.

When considering parent subsidiary liability, U.S. authorities will look to “the practical realities of how the parent and subsidiary actually interact.” A parent company may be liable for a subsidiary’s misconduct if they actively participated in or detected the misconduct or when the parent is deemed to control the subsidiary. To distinguish the level of ownership, the following considerations are made:

1. Size of ownership interest
2. Right to increase ownership to gain majority or effective control
3. Special voting or veto rights
4. Ability to direct, implement or control strategy or operations
5. Right to appoint board members or senior management
6. Reporting lines and channels back to the owner
7. Consolidated books and records

Furthermore, where an issuer owns less than 50 percent of the voting equity of another company, it must “proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause [compliance with the FCPA’s books and records provisions].” 

“Successor liability applies to all kinds of civil and criminal liabilities, and FCPA violations are no exception.” Indeed, U.S. authorities frequently bring enforcement actions against acquirers for the target’s misdeeds.

As part of their analysis process to identify material risks and growth opportunities, investors may expect acquirers to consider environmental, social and governance (ESG) risks. Given the similarities of skillsets and source networks involved in collecting and analyzing relevant information, ESG diligence should be combined with integrity diligence focusing on financial crime issues.​ This approach often results not only in cost savings but also in a reassessment of ESG risks because many existing commercially available ESG ratings are overly reliant on self-reported policies and disclosures rather than facts on the ground.^[1]

Living in an era of increasingly aggressive anti-corruption enforcement, it has become necessary for acquirers to identify, evaluate, and mitigate compliance-related risks at a target company in any potential merger, acquisition, or similar investment.

Any company that does not conduct appropriate compliance due diligence and address any related issues may overpay for an asset. It also can be challenging to eliminate wrongful practices post-transaction, and the cost of implementing or upgrading compliance programs may be substantial.

Corporate transactions in high-risk markets can present attractive opportunities, but investments in assets where corruption and improper conduct reside often find themselves on fragile bases, unless they are able to identify and remedy the issues appropriately.^[2]