2023 has been a very active year in terms of Department of Justice (“DOJ”) guidance. One clear theme across this guidance is DOJ’s focus on incentivizing voluntary self-disclosure of misconduct and the agency’s ongoing efforts to enhance and emphasize the benefits to those who self-disclose. Potential benefits of voluntary self-disclosure have been discussed in the Criminal Division’s revised Corporate Enforcement Policy (the “CEP”) and the new Voluntary Self-Disclosure Policy (the “VSD Policy”). Our analysis of the revised CEP can be reviewed here and our analysis of the VSD Policy can be reviewed here.

Most recently, on October 4, 2023, Deputy Attorney General (“DAG”) Lisa Monaco announced a new safe harbor for voluntary self-disclosure made in connection with mergers and acquisitions (the “M&A Safe Harbor Policy” or the “Policy”). The M&A Safe Harbor Policy is thematically consistent with other recent DOJ guidance and it reinforces the message that strong compliance programs are essential in the modern corporate era.

In her speech announcing the Policy, DAG Monaco explained that DOJ does not want to discourage companies with effective compliance programs from lawfully acquiring companies that have ineffective compliance programs and a history of misconduct. Rather, DOJ encourages acquiring companies to timely disclose any misconduct that they discover during the transaction process.

You can access DAG Monaco’s full comments about the M&A Safe Harbor Policy here, but below is a high-level summary of the Policy’s components:

Policy Summary: Acquiring companies that (i) promptly and voluntarily disclose within the safe harbor period criminal misconduct; (ii) cooperate with the ensuing investigation; and (iii) engage in timely and appropriate remediation, including paying restitution and disgorgement—will receive the presumption of a declination (i.e., the government will exercise its discretion to not prosecute the company).

Relevant Deadlines: To qualify for the safe harbor, acquiring companies must disclose misconduct discovered at the acquired entity within six months from the date of closing (regardless of whether the misconduct was discovered pre- or post-acquisition). Then, companies will have one year from the date of closing to fully remediate the misconduct. DAG Monaco explained that these timing requirements are baselines that will be subject to a “reasonableness” analysis. In other words, the safe harbor period for disclosure or remediation may be extended based on the specific circumstances and complexity posed by the transaction at issue. However, companies that detect misconduct which threatens national security or involves ongoing imminent harm cannot wait for a self-disclosure deadline and are expected to disclose immediately.

Additional Benefits: The presence of aggravating factors at the acquired company (such as misconduct that is deeply pervasive throughout the company or that involved executive management) will not impact the acquiring company’s ability to receive a declination. Relatedly, the acquired company may also qualify for declination, unless aggravating factors exist at the acquired company. In addition, DOJ will not factor into any future recidivist analysis related to the acquiring company the misconduct disclosed under the M&A Safe Harbor Policy.

Penalties for Non-Compliance: Companies that do not perform effective due diligence or self-disclose misconduct unveiled at an acquired entity will be subject to full successor liability for that misconduct.

Limitations: The M&A Safe Harbor Policy applies only to criminal misconduct discovered in the context of M&A transactions and it has no bearing on civil merger enforcement.[1] Companies will not be permitted to reap the Policy’s benefits if the misconduct was otherwise required to be disclosed or DOJ was already aware that it occurred.

Key Takeaways:

  • DOJ guidance continues to encourage voluntary self-disclosure by offering tangible benefits for those willing to come forward swiftly.
  • DOJ is placing an increased focus on compliance-related due diligence and integration efforts. Effective compliance systems at acquiring companies are crucial and must extend to the deal table in order to properly minimize risk.
  • Future guidance and case studies should be expected as corporate enforcement principles are applied across DOJ, particularly in focus areas including cybersecurity, technology, and national security.