On October 4, Deputy Attorney General (DAG) Lisa O. Monaco delivered a speech at the Society of Corporate Compliance and Ethics 22nd Annual Compliance & Ethics Institute announcing a new Mergers & Acquisitions (M&A) Safe Harbor policy (Safe Harbor Policy) to promote voluntary self-disclosure (VSD) of misconduct discovered in the course of pre- and post-acquisition due diligence to the Department of Justice (DOJ). Additionally, DAG Monaco's speech also addressed the DOJ's expansion of corporate enforcement efforts for national security offenses, new DOJ corporate enforcement considerations (such as the pilot program to encourage compliance-promoting criteria in compensation systems), and a preview of upcoming areas of focus for DOJ corporate enforcement.
Safe Harbor Policy
DAG Monaco stated that the DOJ does not want to discourage companies with strong compliance programs from acquiring companies with weaker programs and history of misconduct. Rather, DOJ seeks to incentivize acquiring companies to disclose misconduct that they find in M&A transactions. DAG Monaco noted while some units of the DOJ have policies addressing disclosure in the M&A context, the new Safe Harbor Policy would provide a consistent DOJ-wide approach to promote VSDs by providing disclosing companies with the presumption of a declination.
To qualify for the presumption of a declination, the new Safe Harbor Policy requires companies to disclose misconduct discovered at the acquired entity within six months of closing, regardless of whether the misconduct was discovered pre- or post-acquisition. Companies will have one year from the date of closing to remediate the misconduct. Companies must also cooperate with any ensuing DOJ investigation and, where appropriate, agree to restitution and disgorgement of ill-gotten gains. DAG Monaco, noted, however, that the six-month and one-year time frames are subject to a reasonableness analysis, and DOJ prosecutors will take into account "facts, circumstances, and complexity of a particular transaction," which could result in the extension of the timeframe. Conversely, national security issues or misconduct involving ongoing or imminent harm need to be reported immediately. The bottom line, according to DAG Monaco, is that "[c]ompliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction."
Under the Safe Harbor Policy, aggravating factors at the acquired company will not impede declination for the acquiring company. The acquired company may also qualify for VSD benefits, including declination, if no aggravating factors exist at the acquired company. Lastly, DAG Monaco noted that misconduct disclosed pursuant to the Safe Harbor Policy will not be considered in any recidivism analysis should the acquiring company engage in future misconduct that comes to the attention of the DOJ.
Analysis
Although it makes an effort at providing clear and consistent benefits for VSDs in the M&A context, the Safe Harbor policy raises new questions and concerns:
- Starting the Disclosure and Remediation Countdown Clock. DOJ's decision to set a specific, six-months timeline for disclosure, and a one-year timeline for remediation, both from date of closing, is an interesting development given the DOJ's longstanding reluctance to define "promptly" and more recently "immediately" in its general VSD requirements under the Criminal Division's Corporate Enforcement Policy, despite repeated requests from companies to provide more specific guidance. Beyond the practical implications in the M&A context, an obvious question is whether these timelines will affect or inform how DOJ credits different disclosure and remediation timelines under the CEP.
- Timing for Due Diligence. The timeframes for disclosure and completing remediation provided by the new Safe Harbor Policy do not reflect the reality of many acquisitions. Pre-acquisition due diligence may be limited, or may not be possible, for legitimate commercial and legal reasons. Six months after closing may not be adequate time to determine whether a newly acquired global company with operations in multiple high-risk countries, thousands of third parties, or multiple government touch points has an undisclosed Foreign Corrupt Practices Act (FCPA) problem, for example. Smaller acquisitions, particularly of privately held companies, often present the challenge of unsophisticated compliance systems and more manual controls, which can impede the visibility needed to spot misconduct in a timely way. This emphasis on a more aggressive timeline will create pressure on acquiring companies to conduct as much pre-acquisition due diligence as possible, and secure sufficient resources to carry out that due diligence, as well as post-completion integration, in a short period of time.
- Timing for Remediation. Similarly, remediation of misconduct, particularly where misconduct is complex or pervasive, can often take longer than a year. Moreover, if the DOJ views remediation as including full integration of the acquired entity into the acquiring company's compliance program, the timeline may easily exceed a year. The challenge of Enterprise Resource Planning (ERP) systems illustrates this point. As discussed in our recent alert, Guidance from Attachment C, the DOJ recently amended the M&A section of Attachment C (where the DOJ specifies the defendant company's obligations to establish and maintain an effective corporate compliance program in FCPA corporate resolutions) to require that the defendant company "integrate the acquired businesses or entities into the Company's enterprise resource planning [ERP] systems as quickly as practicable." This addition notionally aligns with the Safe Harbor policy, but the reality that inspired it – ERP complexity impeding the implementation of consistent controls and visibility necessary to enable effective compliance and monitoring and taking significant resources to resolve – shows the timeline challenges companies face under these policies.
- Extensions are at the Discretion of DOJ. The DOJ's approach to extensions will play a significant part in determining how well the new policy works in practice. Although the Safe Harbor provisions mention a "reasonableness analysis," what is considered reasonable to the government and to a corporation or its counsel can vary greatly. The onus is on the acquiring company to convince prosecutors to grant an extension. Compliance departments will be second-guessed by the DOJ if they detect issues after six months have elapsed, which further highlights the importance of developing a due diligence and integration plan based on risk-prioritization and of regularly adjusting the plan as additional data points are gathered.
- Even the "Safe" Harbor Includes Disgorgement. Another point of deviation between companies and DOJ is the concept of "safe." The Safe Harbor Policy promises declination with disgorgement after companies timely disclose, fully cooperate with DOJ's (and, often, other agencies' and sometimes other countries') investigations, and quickly remediate. The cumulative burden of these obligations, even before disgorgement, will be enough for some companies to question the benefits of disclosure. The addition of disgorgement, which may be significant depending on the profits generated by misconduct, may further contribute to acquiring companies walking away from transactions or taking their chances and not disclosing, thus undermining the DOJ's stated goal of encouraging compliant companies to buy and clean up non-compliant companies.
- Limited Application. The Safe Harbor Policy only applies to the DOJ and therefore does not ensure that an acquiring company will not face liability for actions brought by other enforcement authorities, such as the Securities and Exchange Commission (SEC) or foreign government agencies.
Expansion of Corporate Enforcement Efforts
DAG Monaco stated that corporate crime influences every area of national security, ranging from sanctions evasion to cryptocurrency crime. She noted that although some companies are responding to these threats, other companies have not kept up with the changing pace. In light of this, DAG Monaco announced that the DOJ is adding more than 25 corporate crime prosecutors in its National Security Division, and, significantly, its first Chief Counsel for Corporate enforcement. Furthermore, the number of prosecutors in the Criminal Division's Bank Integrity Unit will increase by 40 percent in order to bring more cases against financial institutions that violate U.S. economic sanctions and the Bank Secrecy Act (BSA). A concerted effort to build out a robust Committee on Foreign Investment in the United States (CFIUS) enforcement regime is also underway at the Department of the Treasury.
New DOJ Corporate Enforcement Considerations
According to DAG Monaco, beyond its expansion of enforcement efforts, the DOJ is also developing new punishment and deterrence tools. She noted that this year, for the first time, the DOJ included divestiture of business lines, specific performance as part of restitution and remediation, and compensation requirements in its corporate resolutions.
With respect to compensation requirements, DAG Monaco noted that the DOJ Criminal Division's Pilot Program Regarding Compensation Incentives and Clawbacks launched in March 2023 is "already bearing fruit." She cited the Program's use in in recent resolutions, such as Albemarle and Corficolombiana, and noted that Albemarle received clawback credit for withholding bonuses of employees who engaged in misconduct.
Opportunities for Growth and Innovation
DAG Monaco concluded by noting the DOJ is working to promote consistency and transparency in the application of corporate enforcement policies across the entire Department, "especially in areas implicating cybersecurity, tech, and national security." The DOJ expects that these policies will expand beyond the criminal context to other enforcement resolutions, such as civil settlements and violations of CFIUS mitigation agreements or orders.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.