On October 4, 2023, the United States Department of Justice (DOJ) announced a “safe harbor” policy for companies that voluntary self-disclose violations identified during the M&A process.
US Deputy Attorney General Lisa Monaco, announcing the policy in a speech before the Society of Corporate Compliance and Ethics, said the safe harbor will apply to companies that self-report potential violations of an acquisition’s target business when disclosed within six months of the deal’s closing. The six-month safe harbor will apply to misconduct discovered pre- or post-acquisition. Reporting companies will have one year from the date of the closing of the deal to “fully remediate the misconduct,” according to Monaco, who also said that both the six-month and one-year deadlines could be “extended” by DOJ prosecutors, depending on the specific “facts, circumstances, and complexity of a specific transaction.”
The policy will allow acquiring companies that voluntarily self-disclose misconduct to avoid potential federal charges or regulatory scrutiny. “Going forward, acquiring companies that promptly and voluntarily disclose criminal misconduct within the safe harbor period; cooperate with the ensuing investigation; and engage in requisite, timely, and appropriate remediation, restitution, and disgorgement … will receive the presumption of a declination,” Monaco said.
The safe harbor policy will be applied across the DOJ, Monaco said, and each part of the DOJ — including individual US Attorney’s offices and DOJ components such as the Criminal Division and National Security Division (NSD) — “will tailor its application of this policy to fit their specific enforcement regime and will consider how this policy will be implemented in practice.” Monaco reiterated the DOJ’s goal of incentivizing compliance and deterring and penalizing repeat bad actors, with a special focus on recent corporate enforcement actions, particularly in the convergence of corporate crime and national security. To meet these goals, Monaco announced 25 new corporate crime prosecutors in the NSD, including NSD’s first chief counsel for corporate enforcement, Ian Richardson.
The safe harbor policy was previewed by Principal Associate Deputy Attorney General Marshall Miller during a talk at the Global Investigations Review annual meeting on September 21, 2023. In those remarks, Miller said the safe harbor is consistent with the DOJ’s continued emphasis on voluntary self-disclosure. “Acquiring companies should not be penalized when they engage in careful pre-acquisition diligence and timely post-acquisition integration to detect and remediate misconduct at the acquired company’s business,” he said.
The safe harbor policy will apply only to criminal conduct discovered in arm’s-length M&A transactions and will not apply to misconduct that was otherwise required to be disclosed or was already known to the department. As a further incentive to self-disclose misconduct identified in due diligence, the DOJ announced that the presence of aggravating factors at the target company will not affect the acquiring company’s ability to receive a declination. While treatment of the target entity may hinge on whether aggravating factors exist, Monaco indicated that in the absence of aggravating factors, the acquired target entity may also qualify for a potential declination. In addition, misconduct disclosed under the new policy will not be factored into future recidivist analysis for the acquiring company.
The DOJ’s focus on M&A, and its efforts to reward acquiring companies that self-disclose, is not new. For example, in 2012, the DOJ released A Resource Guide to the U.S. Foreign Corrupt Practices Act, in which it encouraged acquiring companies to, among other things: conduct thorough risk-based Foreign Corrupt Practices Act (FCPA) and anti-corruption due diligence on potential new business acquisitions; conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable; and disclose any corrupt payments discovered as part of due diligence of newly acquired entities or merged entities.
The FCPA resource guide provided that the DOJ and US Securities and Exchange Commission (SEC) would give meaningful credit to companies that undertake these actions; as a result, in appropriate circumstances, the DOJ and SEC may decline to bring enforcement actions.
The DOJ Criminal Division’s Evaluation of Corporate Compliance Programs guidance, published in 2017 and revised most recently in March 2023, has also always emphasized the importance of pre-M&A due diligence. And likewise, in the context of civil healthcare fraud matters, the Department of Health and Human Services Office of Inspector General has long considered successor ownership, and the mitigation of a predecessor’s misconduct, in determining whether to require integrity obligations.
While not a seismic shift in DOJ focus or practice, much like other recent updated DOJ guidance, the safe harbor policy reflects an expansion and standardization of preexisting policies and underscores the DOJ’s focus on rewarding voluntary self-disclosure of potential violations. Acquiring companies across industries should take note of the DOJ’s continued focus on M&A due diligence and, in particular, the more refined timing principles that the DOJ has set out by establishing the safe harbor period for identification, disclosure, and remediation of misconduct. Acquiring companies should ensure that their diligence processes are robust and designed to uncover misconduct. Recognizing that criminal misconduct is often well-concealed, it is imperative that acquiring companies undertake immediate post-acquisition integration so that should issues be detected through the integration process, acquiring companies have the opportunity to evaluate them and consider disclosure and remediation during the safe harbor period.
[View source.]