As discussed in “Corporate Buyers Beware: FCPA Successor Liability – A Growing Threat” (Inside M&A, Fall 2012 edition), the threat of Foreign Corrupt Practices Act (FCPA) successor liability is a growing concern for U.S. buyers in cross-border deals. In this heightened FCPA enforcement environment, the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) are holding corporate buyers liable for prior FCPA violations, whether or not they were known at the time of sale. Therefore, it is critical for U.S. companies contemplating a cross-border transaction to conduct adequate FCPA-specific due diligence and to address and remediate any issues before entering into the deal.
How To Spot FCPA Red Flags
Knowing how to spot Foreign Corrupt Practices Act (FCPA) “red flags” is an important part of the due diligence process. The level of FCPA due diligence that needs to be undertaken will vary depending on the level of FCPA risks involved. For example, if the deal involves a high-risk country or industry, substantial required interaction with government officials, or reliance on third parties, more due diligence will be needed. While by no means is the following an exhaustive list, here are just a few examples of some FCPA “red flags” that signal that further review is warranted:
- Target company has been subject of prior FCPA or corruption related investigation
- Target company has prior allegations relating to business integrity, ethics or other violations of local law
- Business performed in a high risk industry or high risk country (e.g., countries with a ranking of 3.0 or lower on Transparency International’s Corruption Perception Index)
- Excessive or unusually high compensation without sufficient supporting detail
- Payments to third parties not well-known in the industry
- Payments made to third parties outside of the country where the goods/services are to be provided
- Use of shell companies or cash transactions
- Lack of anti-bribery policies, trainings or code of conduct at target company
- Lack of written agreements with consultants, agents or business partners
- Close relationships to government officials or significant interaction with government regulators
- Misrepresentation or failure of the target company to cooperate in due diligence process
Avoiding FCPA Successor Liability
In order to avoid costly enforcement actions, FCPA due diligence should become a routine part of the overall due diligence process in any cross-border deal involving U.S. persons or issuers. For example, in a 2011 FCPA case involving a U.S. issuer who acquired a Chinese subsidiary with a sales policy that explicitly allowed its sales personnel to kickback up to 3 percent of a contract's value to employees of state-owned customers, the U.S. issuer ended up paying the SEC over $3.77 million to resolve FCPA allegations of improper payments by employees of this Chinese subsidiary and divested itself of the subsidiary during the course of the investigation. Had the U.S. issuer identified these problematic payments pre-closing or provided sufficient anti-corruption training to the employees at the newly acquired Chinese subsidiary, it may have been able to avoid or minimize its ultimate liability and, at the very least, would have been able to reassess the true value of the acquisition and determine whether it made sense to move forward in light of the anti-bribery risks involved.
Taking the following steps will prevent or at least minimize FCPA successor liability in cross-border deals:
- Determine the FCPA risk level involved in the deal. The first step in any FCPA due diligence review should be to assess whether the FCPA risks presented by the deal are low, medium or high. Categorizing the risk level will dictate the amount of time, energy and resources that need to be spent on the FCPA due diligence process. Depending on the level of risk presented, build in enough time to do a sufficient FCPA risk review before the deal closes – no matter how attractive the returns or anticipated profits! While there are certainly time pressures involved in many cross-border deals, FCPA due diligence is not an area to be glossed over or overlooked. Involve FCPA experts to advise on how to properly handle any FCPA red flags that may be present.
- Conduct a reasonable risk-based FCPA due diligence review pre-acquisition. In order to know what FCPA risks are involved, it is important to ask the right questions. Look for any FCPA “red flags” and thoroughly investigate and resolve any FCPA violations that are uncovered. Utilize the DOJ’s advisory opinion process, if appropriate. The FCPA due diligence team should keep detailed documentation of all due diligence efforts when evaluating potential FCPA violations. FCPA diligence review documentation should be timely, accurate and thorough. Remember, it is not enough to rely on information provided solely by the seller – independent verification of critical information (e.g., consultant contracts, ownership structure/interests of key business partners or customers, and third party payment detail) is required.
- Take appropriate action for all FCPA issues identified. Establish all relevant facts relating to any apparent, actionable FCPA violation. Determine whether a voluntary disclosure is advisable. If a voluntary disclosure is pursued, be thorough and involve the relevant law enforcement authorities, including foreign authorities, in any remediation plans or internal investigations contemplated. Early disclosure can mitigate or eliminate successor liability for any violations uncovered pre-acquisition or those that occur shortly after closing. To the extent practicable, all FCPA investigations should be concluded and any violations resolved prior to closing. When faced with existence of possible FCPA violations, a buyer must decide whether to delay, renegotiate or even cancel the deal. Depending on the nature and extent of the violations uncovered, they may have a significant impact on the purchase price and the buyer’s willingness to acquire the assets being purchased. Other remedial steps may include requiring the target company to make specific undertakings by set deadlines, broadening the investigation to other markets, individuals or time periods, and/or for the target company to pay the costs associated with investigating and remedying the violation(s).
- Preserve relevant documents and do not create collateral damage. All relevant documents should be preserved and immediate action taken (e.g., litigation hold protocols) to ensure that employees do not destroy documents. Create an internal investigation plan to detail the document collection process (be aware of data protection and privacy laws in the relevant jurisdictions) and determine the order and priority of interviews to be undertaken. Deal counsel should also be mindful of any disclosure requirements that may be needed once an FCPA violation has been discovered. For example, if the seller or prospective joint venture (JV) partner is a publicly traded company, there may be disclosure requirements under the Securities and Exchange Act. Do not create collateral damage when addressing an FCPA violation – involve counsel knowledgeable of local law in the jurisdiction(s) involved, and if disciplinary action is contemplated, include employment counsel in that decision. Failure to make the necessary disclosures or making hasty decisions in response to an FCPA violation can further complicate the deal and invite unintended liability.
- Ask for FCPA related representations and warranties from the target company. The target company should be able to provide assurances that it does not have any employees who are foreign officials as defined under the FCPA and that no foreign official has any legal or beneficiary interest in the target company. Requiring employees and/or business partners to sign FCPA compliance statements is advisable. If there is foreign official involvement in the target company, additional representations or certifications may be required.
- Retain audit and termination rights. If any FCPA violations are uncovered in the pre-acquisition due diligence process, the acquiring company should retain audit rights to inspect the books and records of the target company as well as the right to terminate the deal or to be reimbursed for expenses relating to the resolution of any FCPA violation uncovered between signing the purchase agreement and closing. While these contractual protections are all negotiable, the buyer should also consider having the seller indemnify it for any FCPA violations it uncovers.
- Tighten up internal controls post-closing. In order to ensure no FCPA problems crop up post-closing, assess whether the internal controls at the new entity are adequate to prevent, detect and address potential FCPA violations. Adopting an effective compliance program that meets the requirements set forth in Chapter 8, Section B.2.1 of the United States Sentencing Guidelines is highly recommended. Reviewing existing anti-corruption policies, trainings and contractual provisions to ensure FCPA compliance is also highly recommended. Again, depending on the investment, obtaining re-certifications of FCPA compliance from employees, key business partners and other third parties may also be recommended.
- Utilize DOJ’s advisory opinion process, if appropriate. FCPA successor liability may also be minimized by utilizing the DOJ’s advisory opinion process. For example, in FCPA Opinion Procedure Release 08-02, the DOJ provided a six month post-acquisition “grace period,” agreeing not to prosecute the company at issue for any post-acquisition FCPA violations occurring within the first six months of closing. The DOJ conditioned the grace period on the company providing DOJ with a comprehensive post-acquisition due diligence work-plan within 10 days of the closing and agreeing to retain outside counsel and forensic accountants to perform a detailed compliance review of FCPA risk areas throughout the business and to report back to DOJ by a certain date. The company also had to agree to initiate a stringent compliance program and to disclose any pre-acquisition conduct it discovered. This procedure is not always appropriate depending on the deal timing and complexity. While it can provide assurance that the DOJ will not initiate an enforcement action, it also alerts the DOJ of potential issues with a pending transaction.