The U.S. Department of Justice Criminal Division has issued guidance to assist prosecutors in assessing corporate compliance programs during criminal investigations. Saying “each company’s risk profile and solutions to reduce its risks warrant particularized evaluation,” the DOJ says it does not apply a “rigid formula” when assessing program effectiveness. However, the DOJ says prosecutors tasked with pressing charges must answer whether a program was “well designed” and “applied earnestly and in good faith.” Ultimately they must answer whether the program was working at the time of the alleged offense.
Addressing mergers and acquisitions, the DOJ says a well-designed compliance program should include comprehensive due diligence of acquisition targets. “Pre-M&A due diligence enables the acquiring company to evaluate more accurately each target’s value and negotiate for the costs of any corruption or misconduct to be borne by the target,” the DOJ says. “Flawed or incomplete due diligence can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.”
The extent of this scrutiny by a buying company is a factor in determining a compliance program’s efficacy in enforcing internal controls and remediating misconduct “at all levels of the organization,” according to the DOJ guidance.
Some specific questions that prosecutors must ask in the context of M&A and compliance programs include:
- Was the misconduct or the risk of misconduct identified during due diligence?
- Who conducted the risk review for the acquired/merged entities and how was it done?,/li>
- What is the M&A due diligence process generally?
- How has the compliance function been integrated into the merger, acquisition, and integration process?
- What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process?
- What has been the company’s process for implementing compliance policies and procedures at new entities?
To help ensure M&A due diligence is comprehensive, companies should consider the qualifications of their acquisition team. The involvement of specialized counsel in M&A due diligence is absolutely crucial. We have witnessed firsthand how a company’s failure to engage such expertise has come back to bite them.
Even highly skilled transactional attorneys may not have training in complex antitrust or privacy issues. Recognizing potential competition issues, for example flagging non-compete or non-solicitation clauses for further review by antitrust counsel, is key. The same goes for privacy. Any company that collects customer or employee information may be subject to a number of privacy regimes and diligence should include a thorough privacy program review by a certified privacy professional. The DOJ’s latest guidance only emphasizes the importance of a well-documented and carefully conducted diligence process.
The DOJ also says prosecutors should evaluate whether a company has a sound whistleblower program where employees can “anonymously or confidently” report misconduct. “Prosecutors should assess whether the company’s complaint-handling process includes pro-active measures to create a workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistleblowers,” the guidance reads.
If an employee feels they must go outside their organization to report misconduct such as anticompetitive behavior or fraud on the government, they should contact attorneys with specific expertise in handling qui tam cases.
Read the complete Evaluation of Corporate Compliance Programs from the U.S. Department of Justice Criminal Division here.