Skip to content


Compliance Considerations in Mergers and Acquisitions

By Matt Kelly (Updated )

Corporate mergers can go wrong for all sorts of reasons, but compliance officers can take heart with one bit of news this summer: the Justice Department doesn’t want FCPA fears to be one of them. These are the compliance considerations in mergers and acquisitions you need to know. 

Considerations in Mergers and Acquisitions

That welcome message came from Matthew Miner, deputy assistant attorney general, in a speech he delivered several weeks ago. Miner said the Justice Department’s FCPA Corporate Enforcement Policy — which favors a declination to prosecute if a company voluntarily discloses FCPA trouble and cooperates with regulators to resolve the issue — also applies to inherited FCPA liability a company picks up through mergers and acquisitions.

Miner’s words aren’t any breathtaking new leap in FCPA enforcement policy. The Justice Department has worked for several years to give companies more enticement to confess their FCPA sins and work with prosecutors to hold individual wrongdoers accountable. The FCPA Corporate Enforcement Policy cemented that position. We’ve seen enforcement cases since then that show what happens when companies follow those principles.

That the Justice Department would make all those changes, but not apply them to inherited liability — that would make no sense. Miner’s message just spoke aloud a conclusion I suspect many compliance professionals already expected.

Still, the FCPA Corporate Enforcement Policy touches on some deeper trends in business today that very much affect compliance programs and the compliance officers who run them. Let’s consider them.

Understand the Real Message

First, some cynics might interpret Miner’s message to mean that they could dwell less on pre-acquisition due diligence, so long as they still disclose any trouble that surfaces post-acquisition. That is, they might still view compliance as a “bolt-on” process performance at the end of a business transaction (the M&A deal), rather than something embedded into the process from the start.

That’s short-sighted. Regulators do already have standards and expectations on pre-acquisition due diligence, so compliance officers should be invited into M&A reviews from the start on those grounds alone.

It also misconstrues the message Miner was trying to convey: that fear of FCPA enforcement shouldn’t scare companies away from closing a lucrative deal. On the contrary, the Justice Department is happy to see companies with strong ethical cultures expand internationally, because “the acquiring company is in a position to right the ship by applying strong compliance practices to the acquired company,” as Miner said.

What the Justice Department wants to do is reduce regulatory enforcement risk to such a level that companies feel comfortable pursuing M&A deals even in high-risk organizations. Their vehicle to do that is the FCPA Corporate Enforcement Policy — that the enforcement risk goes away, so long as your company makes a good-faith effort toward ethics and compliance.

Keeping the Good Faith

So all those pre-acquisition due diligence efforts — the background checks on key personnel, the adverse media reports, the assessment questionnaires, the audits or transactional testing, and more — are always going to be vital to M&A deals. They demonstrate the company’s effort to find misconduct and lay the groundwork to remediate trouble. Without those parts of the program, the company can’t meet the three pillars of the FCPA Corporate Enforcement Policy and win a chance at an easier resolution of trouble.

Compliance officers also have a “people issue” to consider here, too. After the deal closes, what will the combined ethics and compliance structure look like? How will executives at the target company be brought under the compliance program’s auspices, especially if they’re used to more autonomy? How will policies be expanded, or amended, or even canceled?

Those challenges are nothing new to compliance officers, but they do touch on the other principle of the FCPA Corporate Enforcement Policy: a willingness to disclose trouble voluntarily.

That last part is what Miner’s speech wanted to call out: that disclosure of FCPA trouble is nothing to be feared. FCPA trouble is still trouble, and it will need to be addressed — hence the need for strong ethics and compliance programs. But the Justice Department is sending a message that it doesn’t want to clobber companies over the head, as much as prod them to instill ethical business practices.

The C-suite needs to hear that message all the time, including before, during, and after a juicy M&A deal.

compliance software solutions

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.

We respect your privacy. Your data will be kept confidential and will not be sold or shared with third parties. For more information, please see our Privacy Notice.