Foreign Corrupt Practices Act (FCPA) risks in cross-border deals should never be taken lightly. Although international acquisitions often involve many complexities, time pressures and significant business interests, U.S. companies and issuers should always include an FCPA due diligence checklist as part of their overall pre-acquisition due diligence. Failing to do proper FCPA due diligence in the pre-acquisition phase can result in big headaches, ranging from delays or possible cancellation of the deal to the unwitting buyer being exposed to successor civil and criminal liability for prior FCPA violations, whether or not they were known at the time of the sale.


The FCPA, 15 U.S.C. §§ 78dd-1, et seq., was first enacted in 1977 to ban U.S. persons and issuers from bribing foreign officials to obtain or retain business abroad. The statute has a broad reach and covers all U.S. companies and citizens doing business abroad as well as some foreign companies with sufficient contacts in the United States (e.g., those companies trading on U.S. exchanges or that use U.S. banks to transact business). The statute also contains books and records provisions requiring companies to keep appropriate records and have adequate internal controls to prevent and detect possible FCPA violations.

The FCPA prohibits corrupt payments, gifts or giving anything of value to foreign officials in order to get or keep business (whether or not the bribe resulted in any actual business). It also outlaws improper payments or gifts through agents, consultants or other third parties that are made for the benefit of or done at the behest of foreign officials (note that this may include charitable, social or political contributions solicited by foreign officials). The definition of foreign official is also quite broad and covers not only those holding public office but also local citizens affiliated with state-run or owned organizations (e.g., doctors at a state-run hospital or employees at a state-owned oil company). Depending on the geographic market and industry involved, the FCPA risks can be high and should be addressed, and any violations resolved in the pre-acquisition phase.

Big Penalties for FCPA Violations

In recent years, U.S. law enforcement authorities have given heightened priority to FCPA investigations and prosecutions, which have resulted in record-breaking fines, penalties and untold damage to the business reputations of the violating companies and individuals. Law enforcement authorities have also assessed large penalties in civil and criminal fines for FCPA violations occurring in the M&A context. For example, in February 2009, the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) assessed $579 million in civil and criminal fines and penalties relating to an FCPA investigation stemming from a reorganization of a corporate subsidiary through an initial public offering. These stiff fines were levied even though there was no evidence that the new board or management of the reorganized subsidiary had actual knowledge of any FCPA violations found to have been committed by the old subsidiary. The clear lesson is that companies should understand that FCPA successor liability is very real and cannot be avoided by a corporate reorganization or other M&A activity, even when there is no actual knowledge of the FCPA violations.

FCPA successor liability can also be minimized by utilizing the DOJ’s advisory opinion process. For example, in FCPA Opinion Procedure Release 08-02, the DOJ provided a six month post-acquisition “grace period,” agreeing not to prosecute the company at issue for any post-acquisition FCPA violations occurring within the first six months of closing. The DOJ conditioned the grace period on the company providing DOJ with a comprehensive post-acquisition due diligence workplan within ten days of the closing, and agreeing to retain outside counsel and forensic accountants to perform a detailed compliance review of FCPA risk areas throughout the business and to report back to DOJ by a certain date. The company also had to agree to initiate a stringent compliance program and to disclose any pre-acquisition conduct it discovered.

In order to avoid costly enforcement actions, FCPA due diligence should become a routine part of the overall due diligence process in any cross-border deal involving U.S. persons or issuers.

What’s at Stake?

FCPA successor liability in the M&A context is not solely an issue for those investors acquiring a majority equity stake in a deal. FCPA enforcement risks exist even for investors who acquire less than a 50 percent ownership interest, depending on the level of control acquired in a deal (e.g., board seats or involvement in managing the investment). FCPA violations can result in high fines and penalties, criminal sanctions, disbarment, collateral civil or shareholder lawsuits, and long-standing damage to a company’s business reputation. In the M&A context, failure to detect, isolate and resolve FCPA violations at the pre-acquisition stage can also result in expensive and lengthy investigations, intrusive compliance monitors, involvement of U.S. and/or foreign law enforcement authorities, negative tax treatment and a host of other unpleasant consequences such as a dramatic downward swing in the market value or stock price of the asset(s) recently purchased. In order to prevent this parade of horribles, it is important for FCPA due diligence to be an integral component of the overall pre-acquisition due diligence plan.

What Are FCPA “Red Flags”?

Knowing what FCPA “red flags” to look for can help streamline the due diligence process. The level of FCPA due diligence that needs to be undertaken will vary depending on the level of FCPA risks involved. For example, if the deal involves business dealings in a high-risk country or in an industry that the U.S. government has already signaled poses FCPA concerns, then more due diligence should be performed. However, in preparing a basic FCPA due diligence checklist, the following are examples of FCPA “red flags” that should signal that further review is needed:

  • Target company has been subject of a prior FCPA or corruption-related investigation
  • Target company has prior allegations relating to business integrity, ethics or other violations of local law
  • Business performed in a high-risk industry or high-risk country (as reflected on the Transparency International Corporation Perception Index)
  • Excessive or unusually high compensation without sufficient supporting detail Payments to third parties not well known in the industry
  • Payments made to third parties outside of the country where the goods/services are to be provided
  • Use of shell companies or cash transactions
  • Lack of anti-bribery policies, trainings or code of conduct at target company
  • Lack of written agreements with consultants, agents or business partners
  • Close relationships to government officials or significant interaction with government regulators
  • Misrepresentation or failure of the target company to cooperate in due diligence process.

Tips on How to Avoid FCPA Successor Liability

If any of the above FCPA red flags are noted, the FCPA due diligence team needs to do further review to be satisfied that there are no lurking FCPA issues. Having an FCPA trained professional who has the background to know what to look for and, more importantly, what kinds of questions to ask is invaluable. While corporate counsel may be able to oversee the overall M&A due diligence process, FCPA due diligence is an area in which it is advisable to retain counsel experienced in FCPA matters, and who are knowledgeable about international regulatory compliance, securities law, and criminal law and procedure.

The following steps will prevent or at least minimize FCPA successor liability in cross-border deals:

Determine the FCPA risk level involved in the deal.

The first step in any FCPA due diligence review should be to assess whether the FCPA risks presented by the deal are low, medium or high. Categorizing the risk level will dictate the amount of time, energy and resources that need to be spent on the FCPA due diligence process. Depending on the level of risk presented, build in enough time to do a sufficient FCPA risk review before the deal closes—no matter how attractive the returns or anticipated profits! While there are certainly time pressures involved in many cross-border deals, FCPA due diligence is not an area to be glossed over or overlooked. Involve knowledgeable counsel to advise on how to properly handle any FCPA red flags that may be present.

Conduct a reasonable risk-based FCPA due diligence review pre-acquisition.

In order to know what FCPA risks are involved, it is important to ask the right questions. Look for any FCPA red flags and thoroughly investigate and resolve any FCPA violations that are uncovered. Utilize the DOJ advisory opinion process, if appropriate. The FCPA due diligence team should keep detailed documentation of all due diligence efforts when evaluating potential FCPA violations. FCPA due diligence review documentation should be timely, accurate and thorough. Remember, it is not enough to rely on information provided solely by the seller—independent verification of critical information (e.g., consultant contracts, ownership structure/interests of key business partners or customers, and third-party payment detail) is required.

Take appropriate action for all FCPA violations uncovered.

Establish all relevant facts relating to any apparent, actionable FCPA violation. Determine whether a voluntary disclosure is advisable. If a voluntary disclosure is pursued, be thorough and involve the relevant law enforcement authorities, including local authorities, in any remediation plans or internal investigations contemplated. Early disclosure can mitigate or eliminate successor liability for any violations uncovered pre-acquisition or those that occur shortly after closing. To the extent practicable, all FCPA investigations should be concluded and any violations resolved prior to closing. When faced with the existence of possible FCPA violations, a buyer must decide whether to delay, renegotiate or even cancel the deal. Depending on the nature and extent of the violations uncovered, they may have a significant impact on the purchase price and the buyer’s willingness to acquire the assets being purchased. Other remedial steps may include requiring the target company to make specific undertakings by set deadlines, broadening the investigation to other markets, individuals or time periods, and/or for the target company to pay the costs associated with investigating and remedying the violation(s).

Preserve relevant documents and do not create collateral damage.

All relevant documents should be preserved and immediate action taken (e.g., litigation hold protocols) to ensure that employees do not destroy documents. Create an internal investigation plan to detail the document collection process (be aware of data protection and privacy laws in the relevant jurisdictions) and determine the order and priority of interviews to be undertaken. Deal counsel should also be mindful of any disclosure requirements that may be needed once an FCPA violation has been discovered. For example, if the seller or prospective joint venture partner is a publicly traded company, there may be disclosure requirements under the Securities and Exchange Act. Do not create collateral damage when addressing an FCPA violation—involve counsel knowledgeable of the local laws in the jurisdiction(s) involved, and if disciplinary action is contemplated, include employment counsel in that decision. Failure to make the necessary disclosures or making hasty decisions in response to an FCPA violation can further complicate the deal and invite unintended liability.

Ask for FCPA-related representations and warranties from the target company.

The target company should be able to provide assurances that it does not have any employees who are foreign officials as defined under the FCPA and that no foreign official has any legal or beneficiary interest in the target company. Requiring employees and/or business partners to sign FCPA compliance statements is advisable. If there is foreign-official involvement in the target company, additional representations or certifications may be required.

Retain audit and termination rights. If any FCPA violations are uncovered in the pre-acquisition due diligence process, the acquiring company should retain audit rights to inspect the books and records of the target company as well as the right to terminate the deal or to be reimbursed for expenses relating to the resolution of any FCPA violation uncovered between signing the purchase agreement and closing. While these contractual protections are all negotiable, the buyer should also consider having the seller indemnify it for any FCPA violations it uncovers.

Tighten up internal controls post-closing. In order to ensure no FCPA problems crop up post-closing, assess whether the internal controls at the new entity are adequate to prevent, detect and address potential FCPA violations. Adopting an effective compliance program that meets the requirements set forth in Chapter 8, Section B.2.1 of the United States Sentencing Guidelines is highly recommended. Reviewing existing anti-corruption policies, trainings and contractual provisions to ensure FCPA compliance is also highly recommended. Again, depending on the investment, obtaining re-certifications of FCPA compliance from employees, key business partners and other third parties may also be recommended.

FCPA Implications for M&A Cross-Border Deals As the credit markets begin to thaw and cross-border M&A activity heats back up, U.S. companies and issuers in search of that perfect opportunity to buy, merge or establish a joint venture with any company that has operations outside the United States should always be cognizant of the requirements of the FCPA when evaluating the deal. Doing proper FCPA due diligence in the pre-acquisition phase can save your company from big problems down the road. Following the tips mentioned above will also help mitigate against FCPA successor liability, particularly in this heightened FCPA enforcement environment.