When a company buys another with past, but unsettled, bribery and corruption problems, does the liability flow through to the purchaser? Is there any way to limit the exposure?
The ongoing news about a possible GE merger or purchase of all or certain businesses of the French power and engineering company Alstom SA has raised such questions about an acquiring company's potential liability under the Foreign Corrupt Practices Act.
Alstom had previously announced that it was under investigation for potential FCPA violations. Indeed, four Alstom executives have already been indicted for alleged FCPA violations associated with a power plant project in Indonesia. The U.K. Serious Fraud Office is also investigating Alstom for violations of the U.K. Bribery Act.
While the final liability of Alstom is still an open question, I thought the potential acquisition by GE of some or all of Alstom would provide an opportunity to consider what FCPA liabilities could result after a company purchases another where past bribery and corruption problems may be lurking.
For starters, there is the guidance, which provides a framework for companies in acquisition mode to help avoid FCPA liability from an acquired entity. The guidance, issued jointly by the U.S. Department of Justice and the Securities and Exchange Commission, states: “In a significant number of instances, [the] DoJ and SEC have declined to take action against companies that voluntarily disclosed and remediated conduct and cooperated with [the] DoJ and SEC in the merger and acquisition context. And [the] DoJ and SEC have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.”
Pre-Acquisition Due Diligence
The FCPA guidance was the first time that many compliance practitioners focused on the pre-acquisition phase of a transaction as part of a compliance regime. The Justice Department and the SEC emphasized the importance of this step. In addition to the above language, they cited another example where the Justice Department and the SEC declined to take action against a consumer products company that had purchased an undisclosed foreign company with potential incidences of corruption. The reasoning, which can be found in the Declinations section of the guidance, stated: “The company identified the potential improper payments to local government officials as part of its pre-acquisition due diligence, and the company promptly developed a comprehensive plan to investigate, correct, and remediate any FCPA issues after acquisition.”
In a hypothetical, the FCPA guidance provided some specific steps a company had taken in the pre-acquisition phase, including: “(1) having its legal, accounting, and compliance departments review the foreign company's sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of foreign company's customer base; (3) performing an audit of selected transactions engaged in by the foreign company; and (4) engaging in discussions with the foreign company's general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other corruption-related issues that have surfaced at the foreign company over the past ten years.”
Post-Acquisition Measures
There has also been a wealth of information about the steps a company can take in the post acquisition phase to help lessen its chances of finding itself in FCPA hot water. Beginning with Opinion Release 08-02, the Justice Department has provided insight into what steps a company can take if it has limited access to perform due diligence in the pre-acquisition phase. In the example provided in 08-02, there was very limited due diligence that could be performed on the foreign target company pre-acquisition, due to its country's laws. Therefore, the company proposed, and the Justice Department accepted, a very tight set of time frames to perform due diligence on third-party representatives in the post-acquisition phase.
With most things FCPA-related the business reasons for following the law are equally as strong as the legal reasons.
Within ten business days of the closing of the transaction, the company would present to the Justice Department a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming, or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The company work plan committed to organizing the due diligence effort into high-risk, medium-risk, and lowest-risk elements.
The example company agreed to another set of stipulations, too:
(A) Within 90 days of closing, the company would report to the Justice Department the results of its high-risk due diligence.
(B) Within 120 days of closing, the company would report the results to date of its medium-risk due diligence.
(C)Within 180 days of closing, the company would report the results of its lowest-risk due diligence.
(D) Within one year of closing, the company committed full remediation of any issues, which it discovered within one year of the closing of the transaction.
In several subsequent FCPA enforcement actions, these tight time frames were expanded. Initially, in the 2011 Johnson & Johnson deferred-prosecution agreement the following time frames were set out:
(A) 18 months to conduct a full FCPA audit of the acquired company.
(B) 12 months to introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives who “present corruption risk to J&J.”
J&J was further required to report any findings of FCPA violation to the Justice Department. In the 2012, in an enforcement action against Data Systems & Solutions, these time frames were made even more reasonable. The agreement stated that the company would train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S's policies and procedures regarding anti-corruption laws. It would also conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable. And of course, the company would report any FCPA violations it found to the Justice Department.
The FCPA guidance summarizes all of these steps to help lessen the chances of FCPA charges based on the actions of an acquired company. It says if a company engages in the following: “(1) conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions; (2) ensure that the acquiring company's code of conduct and compliance policies and procedures regarding the FCPA and other anti-corruption laws apply as quickly as is practicable to newly acquired businesses or merged entities; (3) train the directors, officers, and employees of newly acquired businesses or merged entities, and when appropriate, train agents and business partners, on the FCPA and other relevant anti-corruption laws and the company's code of conduct and compliance policies and procedures; (4) conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable; and (5) disclose any corrupt payments discovered as part of its due diligence of newly acquired entities or merged entities,” then the Justice Department and the SEC will give meaningful credit. In appropriate circumstances, the Department of Justice and SEC may consequently decline to bring enforcement actions, the guidance adds.
I recognize that there is no safe harbor in the FCPA. Certainly all prosecutors and regulators continually remind us that each case will be reviewed on its own set of facts and circumstances. Nonetheless I submit that companies can engage in acquisitions without fear of buying a FCPA violation.
If an acquired company did engage in such violations, they need to identify, report and remediate. However, with proper due diligence, these costs can be reasonably estimated and factored into a sale/purchase price and remediation cost. The business reality is that if a company's profit structure is based on bribery and corruption, it cannot and will not be sustained as a profitable enterprise. So with most things FCPA-related the business reasons for following the law are equally as strong as the legal reasons.
No comments yet