Achieving Compliance in the Post-Acquisition Context

Thursday, May 17, 2012

Thomas Fox


In a recent article in the Houston Business Journal (HBJ), entitled “Building strong relationships critical to building strong companies”, HBJ Mergers and Acquisitions Columnist Connie Barnaba focused on the nature of trust within a company to posit that “strong businesses are built on strong relationships between the business, its leaders, employees, customers, suppliers, lenders and advisors.”

Trust cascades down each level of a company; beginning from the Board of Directors down to employees and then out the door to customers. She believes that this issue of trust is equally important in the Mergers and Acquisition (M&A) context.

I believe her ideas are very useful for the compliance practitioner when integrating a new acquisition into an existing compliance culture.

Barnaba writes that “trusting relationships are developed person to person as individuals in a company gradually develop a network of contacts, associates and advisors inside and outside the company.” But more than this it is “the by-product of responsiveness, reliability and candor or those we reach out to.”

Successful companies work to focus on “sustaining and developing new relationships” as a key to the continued growth and successful performance of a business.

I. Trust in the M&A Context

In the M&A context, this trust relationship begins with the Letter of Intent (LOI), which should include warranties, representations, covenants and any penalties which might occur if one side pulls out of the transaction.

The pre-acquisition due diligence process is designed to “confirm the accuracy of the representations and viability of commitments.” This should lead to a successful merger agreement between the parties and now the work to continue to build trust really begins.

Barnaba notes that the biggest roadblock initially is the element of surprise. Most merger deals are done with some amount of confidentiality. However, one of the hardest issues to manage is the lack of time. There is never enough time to perform all the due diligence that you desire.

This is always true in the compliance arena as well. Further Securities and Exchange Commission (SEC) regulations prohibit certain unauthorized disclosures about such transactions and there is usually great sensitivity to timing around any public disclosure regarding the transaction.

This not only impedes the ability to fully vet during the due diligence process but it may impeded company leaders from announcing to their own stakeholders that the company is in such negotiations.

This can certainly negatively affect an employee base as top leaders may be confronted with “managing the impact of the (M&A) surprise on stakeholders.” This can also damage the efforts going forward as it can appear as a “top-down imposition of change.”

II. Compliance in the Post-Acquisition Context

Given the two Department of Justice (DOJ) pronouncements on Foreign Corrupt Practices Act (FCPA) compliance in the M&A context, Opinion 08-02 (the Halliburton Opinion Release) and the Johnson and Johnson (J&J) Deferred Prosecution Agreement (DPA), all of the factors that Barnaba listed may be significantly acerbated and accelerated.

A. The Halliburton Opinion Release

In this Opinion Release, the DOJ approved Halliburton’s commitment to the following post acquisition conditions to a proposed transaction:

1)      Within ten business days of the closing. Halliburton would present to the DOJ a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The Halliburton work plan committed to organizing the due diligence effort into high risk, medium risk, and lowest risk elements.

a)      Within 90 days of Closing. Halliburton would report to the DOJ the results of its high risk due diligence.

b)      Within 120 days of Closing. Halliburton would report to the DOJ the results to date of its medium risk due diligence.

c)      Within 180 days of Closing. Halliburton would report to the DOJ the results to date of its lowest risk due diligence.

d)     Within One Year of Closing. Halliburton committed to full remediation of any issues which it discovered within one year of the closing of the transaction.

B. Johnson & Johnson Deferred Prosecution Agreement and Enhanced Compliance Obligations

In the April 2011 released J&J DPA there is a list of compliance obligations J&J agreed to take on in the acquisition context:

7.        J&J will ensure that new business entities are only acquired after thorough FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. Where such anti-corruption due diligence is not practicable prior to acquisition of a new business for reasons beyond J&J’s control, or due to any applicable law, rule, or regulation, J&J will conduct FCPA and anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments, falsified books and records, or inadequate internal controls as required by … the Deferred Prosecution Agreement.

8.        J&J will ensure that J&J’s policies and procedures regarding the anti-corruption laws and regulations apply as quickly as is practicable, but in any event no less than one year post-closing, to newly-acquired businesses, and will promptly: For those operating companies that are determined not to pose corruption risk, J&J will conduct periodic FCPA Audits, or will incorporate FCPA components into financial audits.

  1. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to J&J, on the anti-corruption laws and regulations and J&J’s related policies and procedures; and
  2. Conduct an FCPA-specific audit of all newly-acquired businesses within 18 months of acquisition.

In the J&J DPA, the company agreed to following time frames:

  1. 18 Month – conduct a full FCPA audit of the acquired company.
  2. 12 Month – introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives which “present corruption risk to J&J.”

These very tight time frames, even with the expanded one in the J&J DPA, may well test trust issues in any newly acquired organization. Similarly, the acquiring organization may be under great pressure to uncover and report anything which may even whiff of a FCPA violation.

Barnaba concludes her article by warning that if the short term disruption in trust will undermine the long-term changes to the organization; it may not be in either party’s interest to go forward with the merger. Business mergers require linkages at all levels within an organization and this is particularly true with compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

Cross-posted from Tom Fox Law

Possibly Related Articles:
General Legal
Legal Compliance Enterprise Security Trust Leadership DOJ Mergers and Acquisitions SEC Board of Directors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.