Overtaking records set pre-economic crisis in 2007, 2015 was a banner year for corporate acquisitions with more than $3.8 trillion in global deal activity conducted.[1] That record-level of activity was particularly pronounced in the life sciences and technology sectors, among others. Motivated by the need to generate creative growth opportunities in the face of a lackluster global economy, this upward trend in transactional activity is set to continue in 2016. In a recent survey of corporate executives, 60% noted they expected to carry out acquisitions in the next 12 months, up from 40% a year earlier.[2] Yet, with this strategic growth—often in high-risk / high-growth markets such as Brazil, China, India, Russia and others—comes significant FCPA risk.

In March, Abbott Laboratories’ (“Abbott”) $5.8 billion acquisition of Alere Inc. (“Alere”)—announced in February 2016—appeared to hit a roadblock when Alere disclosed in a public filing that it had received a subpoena from the DOJ requiring the production of documents relating to its “sales, sales practices and dealings with third-parties (including distributors and foreign governmental officials) in Africa, Asia, and Latin America, and other matters related to the FCPA.”[3] As a result, Alere said it would not meet its extension deadline for filing its annual report because it was still in the process of analyzing to “determine whether a material weakness existed.”[4] Weeks later, Abbott’s Chief Executive Officer ducked questions as to his continued commitment to the transaction, noting it was not appropriate for him to comment while Alere was “working through its issues.”[5] And just last Thursday, Alere disclosed that Abbott had expressed “serious concerns” about the accuracy of financial information provided by Alere as part of their merger agreement, so much so that it had offered to pay $30 million to $50 million to cancel the acquisition agreement. While Alere said it had “promptly rejected that request,” and still expected the merger to take place, it is clear that there is now significant uncertainty around the deal’s completion. Regardless of the outcome, this case serves as another useful reminder that the current appetite for deal-making should not come at the expense of robust acquisition diligence. Indeed, as made clear by both regulatory guidance and continued—and recent—enforcement activity, the failure to conduct real and thorough due diligence and ensure an integrated and meaningful control framework for the going-forward entity can result in significant consequences.

Continued Global Transactional Activity Across Sectors

The pharmaceutical & biotech industry led the 2015 transactions charge. So-called mega-mergers were front and center, with 30 transactions exceeding $1 billion, up from 26 in 2014 and 20 in 2013. The life sciences sector saw 166 M&A transactions with a total announced value of approximately $300 billion, up from 137 deals with $250 billion in value in 2014.[6] Though certainly not the only sector looking for better tax treatment, much of the pharma activity appeared driven at least in part by “tax inversion” transactions, as companies sought to take advantage of lower corporate tax rates in countries such as Ireland, and looked to expand product portfolios in view of expiring patents on blockbuster drugs, and declining R&D productivity.

But pharma was not alone. The technology industry also experienced significant deal activity in 2015. Indeed this sector saw its largest year on record measured by both volume with 9,537 deals, and value at more than $718 billion. Critically, this activity involved a very large number of cross-border transactions—with cross-border M&A volume reaching $18.3 billion in March 2016 YTD—the highest level on record.[7] Even sectors, such as energy, that saw a decrease in transactional activity last year in the face of a sluggish global economy and depressed commodities pricing experienced significant activity. There companies with liquidity sought opportunities to “buy low,” and others looked to unload troubled assets landing total global reported deal value in the oil and gas sector alone at just under $380 billion in 2015.[8]

Perhaps not coincidentally, many of these same industries have found themselves the targets of corruption enforcement scrutiny in both the U.S. and beyond. For example, since October of last year, U.S. regulators have entered resolutions of corruption allegations with numerous entities across the pharma industry ranging from Bristol Myers Squibb Co. in October, 2015,[9] and SciClone Pharmaceuticals in February 2016,[10] to Olympus Corp. of the Americas and Novartis AG in March 2016.[11] In the midst of this activity, SEC FCPA Unit Chief Kara Brockmeyer warned that the SEC is “going back to the pharma industry after a break for a period of years”[12]—a warning echoing that of the U.K.’s Serious Fraud Office in its 2015 Annual Report, which noted it was concentrating its enforcement activity on industries of “focus,” specifically highlighting its ongoing investigations in both finance and life sciences.[13]

Given this convergence of continued—or increased—transactional activity and enforcement scrutiny, companies should take heed to ensure their deals include meaningful and tailored corruption diligence and integration. All too often companies with sophisticated programs and risk awareness—particularly in emerging markets, fail to apply that same level of rigor and creativity when facing the same or similar risks arising from growth through deal-making, whether global, regional or local. And while perhaps lacking in detail and specifics on operational implementation, this juxtaposition exists despite the fact that there is plenty of government insight—whether via guidance, at least at high levels, and enforcement actions—about the diligence and integration companies should be doing when doing deals.

Government Guidance Regarding Acquisition Due Diligence and Integration

It has long been the view of U.S. regulators that an acquiring company inherits the FCPA liability of the acquired entity—both as to historic and continuing liabilities, and regardless of the form of the transaction. This point was reiterated in the FCPA Guide where the DOJ and SEC again highlighted that “[s]uccessor liability applies to all kinds of civil and criminal liabilities, and FCPA violations are no exception.”[14] This liability is compounded where non-compliant acts are undertaken or continue post-acquisition via the acquired entity.

As part of their carrot-and-stick system of incentives and punishment, while repeatedly threatening enforcement scrutiny around acquisitions, the DOJ and SEC have similarly outlined a path to risk mitigation. With the June 13, 2008 Halliburton Opinion Release, U.S. regulators made clear their expectations around pre- and post-acquisition due diligence and integration—expectations that, where met, can minimize (or eliminate) successor FCPA liability. There Halliburton Co. (“Halliburton”), considering an acquisition of U.K.-based Expro International Group PLC—noted its inability to gain full transparency of the target prior to close, and posed a detailed action plan for pre-acquisition efforts and post-close diligence and integration. In its well-known opinion, the DOJ agreed that, should Halliburton complete its proposed action plan, the DOJ would not take enforcement action against Halliburton for pre-close acts of the proposed target.[15] Notably, the DOJ made no corresponding assurances for the target company, which can often face enforcement for its misdeeds, no matter the diligence, although, as a practical matter, that would usually simply mean that the acquirer will be left to take care of the bill.[16]

In providing the much-anticipated FCPA Resource Guide, the DOJ and SEC—echoing guidance provided in the prior opinion release and resolutions—again underscored the importance of appropriate, risk-based due diligence in mitigating successor liability and ensuring appropriate risk mitigation in the post-close enterprise. Specifically, the Guide provides the following “practical tips” to reducing the FCPA risk affiliated with transactions:

(1) conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions; (2) ensure that the acquiring company’s code of conduct and compliance policies and procedures regarding the FCPA and other anti-corruption laws apply as quickly as is practicable to the newly acquired businesses or merged entities; (3) train the directors, officers, and employees of newly acquired businesses or merged entities, and where appropriate, train agents and business partners, on the FCPA and other relevant anti-corruption laws and the company’s code of conduct and compliance policies and procedures; (4) conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable; and (5) disclose any corrupt payments discovered as part of [the] due diligence of newly acquired or merged entities.[17]

And then there is the carrot—the “DOJ and SEC will give meaningful credit to companies who undertake these actions, and, in appropriate circumstances, DOJ and SEC may consequently decline to bring enforcement actions.”[18] What precisely constitutes meaningful credit in the context of deal diligence, as with any other type of disclosure and cooperation credit, is not always clear. The diligence and integration needed is relatively clear, but what you might do with what you find during the course of it can involve educated guesswork for companies.

Resolutions with both private and public companies throughout the past decade highlight the often severe consequences (and meaningful rewards) at issue with FCPA acquisition diligence and integration. For instance, underscoring the costs of failing to identify and resolve compliance issues in an acquired entity during the diligence process, Latin Node Inc. (“Latin Node”), a privately held company providing wholesale telecommunications services around the world, pleaded guilty in 2009 and entered a $2 million resolution related to more than $1 million in improper payments in Yemen and Honduras identified five months after its acquisition by eLandia International Inc. (“eLandia”).[19] For its part, in addition to having to fund the $2 million resolution, eLandia had to write off its entire investment in Latin Node (over $25 million), and pay all investigative and remedial costs—no doubt hardly the deal eLandia envisioned.

Amsterdam-based telecom giant VimpelCom Limited (“VimpelCom”) and its wholly-owned Uzbek subsidiary, Unitel LLC recently entered a $397.6 million resolution[20] with the DOJ and the SEC to resolve allegations that they violated the FCPA by making more than $114 million payments to a government official in Uzbekistan to enter and continue operating in the Uzbek telecommunications market. VimpelCom agreed to pay an additional $397.5 million to the Dutch authorities. According to the DOJ, which received assistance from several foreign authorities,[21] VimpelCom, the world’s sixth-largest telecommunications company, paid bribes to the Uzbek official by several means, including in connection with the acquisition of an Uzbek company in which the official purportedly held an indirect interest via a shell company. This resolution, which stands as number 6 among the largest FCPA resolutions to date, again underscores the importance of conducting thorough diligence and integration going forward.

On the other hand, effective diligence can shed light on concerns that may inform the valuation of the target and thus the decision on whether to consummate the transaction itself. For example, in September 2003, Lockheed Martin Corporation (“Lockheed”) and The Titan Corporation (“Titan”) announced an agreement to pursue a merger with a value set at $1.83 billion. During pre-acquisition diligence, Lockheed identified that Titan had paid over $2 million in “social fees” to a presidential election campaign in return for receiving a higher management fee for its contract in Benin. In June 2004, with the Titan FCPA issues still ongoing, Lockheed announced the termination of the merger deal. Then, in March 2005, Titan pleaded guilty to violating the books and records provisions of the FCPA, and agreed to pay a $13 criminal million fine as well as a $15.4 million disgorgement penalty to the SEC.[22] Lockheed had already moved on.

In some cases, the acquiring company might still decide to proceed with a transaction, despite concerns, but be better positioned by the diligence to mitigate its exposures. For example, during pre-acquisition due diligence relating to its $900 million purchase of InVision Technologies, Inc. (“InVision”), General Electric Co. (“GE”) identified improper payments by InVision through foreign sales agents related to deals in China, Thailand, and the Philippines. After a voluntary disclosure of the issue, InVision paid an $800,000 penalty to the DOJ and over $1 million in profit disgorgement and civil penalty to the SEC. Additionally—and highlighting the protections that can come through effective diligence and integrations strategies—GE entered into a separate agreement with the DOJ that exempted it from liability from any improper payments that were voluntarily disclosed pre-close, and required it to take steps to integrate InVision into GE’s FCPA compliance program.[23] This case is often cited as the right way to handle diligence.

Similarly, Pfizer Inc. (“Pfizer”), then in the context of its own voluntary disclosure, conducted a due diligence and investigative review of the Wyeth LLC (“Wyeth”) business operations, and integrated the former Wyeth entities into Pfizer’s internal controls system as part of its acquisition of the company (which had been valued at approximately $68 billion). These “extensive efforts” were noted in the August 7, 2012 Pfizer resolution as a reason the DOJ “d[id] not [] pursue a criminal resolution for the pre-acquisition improper conduct of Wyeth subsidiaries.”[24] This case is also being cited, in the FCPA Resource Guide no less, as the right way to conduct diligence.

Four Suggestions for Conducting Effective Diligence

Past enforcement actions combine with enforcement guidance to provide a cautionary tale: effective and meaningful diligence is not only critical to detecting and mitigating risk, the failure to conduct such efforts may result in serious enforcement scrutiny and severe penalties—at times outstripping the value of the transaction itself. To ensure appropriate efforts, companies contemplating an acquisition—particularly in a high-risk industry or market—should consider the following, non-exhaustive list of efforts to mitigate acquisition risks:

  1. Strategically scope and resource the diligence and integration efforts in view of the particular transaction. Buyer beware—all transactions are not equal, and diligence and integration efforts based on off-the-shelf offerings or one-size-fits-all templates are unlikely to meaningfully mitigate risk or satisfy regulator expectations. Rather, pre-close an acquiring entity should carefully assess the risk profile of the target, comparing that to itself and analyzing the likely risk profile of the resulting, post-close enterprise. Armed with that analysis, efforts—from scope (substantive and procedural), to timelines and scheduling (what gets done when and in what order), to resources (internal? external? both?)—should be tailored to the risks, value, and timelines of the transaction at hand. The better the planning, the more effective and efficient the diligence and integration.
  2. Conduct an appropriate gap analysis and ensure the post-close compliance program and controls are effective for the combined enterprise. Too often companies myopically focus on getting the target integrated into the acquiring entity’s program. Yet this vigor misses a key step. Before implementing the program, stop to ensure the program is appropriate—do changes or enhancements need to be made in view of the risks of the combined, going forward entity? Are there program elements, systems, or controls from the acquired entity that should be folded into the post-close program? The failure to consider these issues, conduct a meaningful gap analysis, and appropriately tailor the post-close program can result in a program ineffective at detecting and deterring risk and drawing embarrassing and costly enforcement scrutiny.
  3. Ensure thorough and timely follow up on issues identified in the diligence process, including historical FCPA violations. These efforts should ensure that the conduct has in fact stopped post-close, and that offending employees and third parties that continue with the post-close enterprise have been appropriately remediated (or terminated). Likewise, ensure a holistic consideration of the lessons learned. Investigations are important, but they are not the end-all, be-all. Beyond the specific transactions or actors, have diligence efforts revealed additional risks, control weakness, or program gaps? If so, ensure those findings are addressed in the enhancement and implementation of the post-close compliance program. This step, in effect an opportunity for program enhancement, is too often neglected or missed entirely, as the combined organization rushes forward.
  4. Don’t forget about the culture. With all of the deal activity that organizations have undergone in recent years, maintaining a consistent and appropriate compliance culture and ethics tone throughout the organization is a tremendous challenge—and certainly not an issue to be left to chance. Rather, carefully identify the appropriate culture for the enterprise and develop creative strategies such as communications, messages from leadership, training, signage, and compliance-based key performance indicators and incentives, to drive that culture throughout the entirety of the post-close enterprise. There is no reason to sit back and assume that the culture of the one going-forward organization, which itself may be comprised of several organizations following a series of large and small deals over the years, will be what you want it to be. Rather, the different cultures need to be recognized, and a plan for the future developed.

While certainly not an exhaustive list of diligence and integration considerations, these key items drive a core message: craft diligence and integration efforts that are thoughtful, tailored, and calibrated to the particular transaction. Companies that adopt a robust due diligence program based on these principles should be ideally positioned to take full advantage of the booming opportunities for cross-border transactions while avoiding unwanted regulatory scrutiny.