Avoiding Misconceptions About the DOJ’s New M&A Safe Harbor Policy: What You Need to Understand

On October 4, 2023, the U.S. Department of Justice (DOJ) announced a new six-month “safe harbor” period (the “Policy”) for merger and acquisition (M&A) transactions.[1] During the six-month period, an acquirer can disclose non-compliant activity at the acquired entity to the DOJ in an effort to obtain a declination related to potential successor liability.

While the new Policy provides “safe harbor” to a successor entity, acquirers should not misconstrue that safe harbor as being a “free pass” regarding successor liability nor assume that the road to obtaining a declination from the DOJ will be a smooth one.

Quite the contrary. To qualify for safe harbor and potentially obtain a declination from the DOJ, not only does an acquirer have to meet the requirements of existing DOJ guidance – particularly the requirements to conduct thorough pre- or post-acquisition compliance due diligence and to ensure an acquirer’s compliance function has a “prominent seat at the table” during the deal process – but the Policy also requires the following of an acquirer (and of the acquired entity via the successor entity):

• • Disclosure to the DOJ of non-compliant activity at an acquired entity within six months of closing;
  • Remediation of non-compliant activity within one year of closing;
  • Cooperation with any subsequent DOJ investigation; and
  • Compliance with any restitution and disgorgement levied by the DOJ.

The first two requirements require a successor entity to stick to a strict timetable, while the last two requirements may subject a successor entity to additional time and monetary commitments for an extended period of time.

The time constraints regarding disclosure and remediation – particularly when combined with existing DOJ guidance to conduct thorough compliance due diligence – may result in acquirers pushing to conduct compliance due diligence prior to signing, as opposed to waiting until the post-signing, pre-closing phase. Often, target entities are hesitant to provide potential acquirers with sufficient access prior to signing, which typically results in a significant amount of compliance due diligence completed post signing. Thus, potential buyers and sellers may need to compromise to achieve their respective goals.

The requirements regarding cooperation and compliance will impact the successor entity and potentially erode deal value. To protect themselves, acquirers may seek additional representations and warranties and potentially clawback provisions in merger agreements.

In summary, prior to signing a transaction, acquirers must carefully (and thoughtfully) evaluate whether there will be sufficient time and resources to meet the requirements to receive a declination and balance those considerations against “rolling the dice” in hopes that non-compliant activity is not identified.

However, the DOJ has not been kind to acquirers that choose to “roll the dice.”

• • In a notable case, a telecommunications corporation paid $20 million to acquire another entity specializing in providing wholesale telecommunication services to developing countries in Latin America. It was discovered two months post-acquisition that the acquired company had disbursed approximately $2.25 million in bribes to government officials in Honduras and Yemen. Following disclosure of these payments to the DOJ, the acquirer incurred a $2 million penalty. This unfortunate turn of events ultimately led to the subsidiary’s insolvency, resulting in the complete forfeiture of the initial investment.
  • In another case, a pharmaceutical company based in California faced allegations of misconduct after the acquisition of a nuclear-medicine business corporation. The acquired company’s Taiwanese subsidiary made improper commission payments to physicians employed by state-owned hospitals to influence the doctors to purchase the company’s products and services. Additionally, corrupt payments were made through the acquired company’s foreign subsidiaries in various countries, all of which were authorized by the acquired company’s founder and chairman. The subsidiary involved pleaded guilty to substantive violations of the FCPA and the acquirer was subjected to significant penalties. This included supervised probation, a substantial fine of $2 million, and a $500,000 civil penalty. The acquirer was also mandated to cease future violations, and it had to engage an independent consultant to review and make recommendations regarding its compliance policies and procedures.

Inevitably, acquirers must ask themselves which is more important: (1) understanding risks to potentially earn safe harbor (if non-compliant activity is identified) or (2) minimizing deal cost by “rolling the dice”? While surprising given the low cost of an initial risk assessment, the answer differs amongst acquirers and hinges on prioritizing between maximizing deal value and minimizing cost or preserving deal value and minimizing risk.

Either way, it is imperative that acquiring companies prioritize the involvement of compliance departments as early as possible to conduct an initial risk assessment and determine the nature and extent of due diligence necessary to demonstrate that the acquiring company understands and addresses potential successor liability risk.

[1] This “new” policy is a modification to existing guidance on successor liability.

Written by: