FCPA Compliance and Ethics Blog

January 24, 2014

Getting Your Company Ready for M&A Compliance Due Diligence

John Bell HoodWho was the absolute worst general during the Civil War? While there are many worthy candidates for this dubious honor, on the Southern side my vote goes to General John Bell Hood. One of the prime proponents of the Southern attack and die strategy, Hood’s leadership led to the destruction of 90% of his Texas Brigade at Antietam. But Hood is most famous for his utter destruction of the Army of Tennessee. In five months, from July to November of 1864 Hood unsuccessfully attacked Union General William T. Sherman’s army three times near Atlanta, relinquished the city after a month-long siege, then took his army back to Tennessee in the fall to draw Sherman away from the Deep South. Sherman dispatched part of his army to Tennessee, and Hood lost two battles at Franklin and Nashville in November and December 1864. There were about 65,000 soldiers in the Army of Tennessee when Hood assumed command in July. By January 1, there were only 18,000 men in the army. To top it off, it was not Sherman who burned Atlanta but Hood.

My thoughts turned to General Hood when I listened to a very interesting panel on Day 2 of the ACI FCPA Boot Camp about getting your target company ready to be scrutinized from the compliance context in mergers and acquisition (M&A) due diligence. On the panel were Alberto Orozco from PricewaterhouseCoopers (PwC), Joseph Burke, from Dell Inc., and Christina Lunders from the law firm of Norton Rose Fulbright.

Building on a fundamental theme from day one of the conference, Burke said that relationship building is also important in the M&A context, from the perspective as a buyer. Representing an acquirer, the key questions from his perspective were two-fold: whether or not we trust the company we are looking at and how will they integrate into our company? He believed that trust is what gets the deal done or does not. He begins by sitting down with his counter-part, senior management and key legal department personnel in the target company and talking to them. If they can talk with authority about their compliance function he can determine how much he will dig into the documents and records.

Orozco agreed with this perception but came at it from his accounting angle. He said that if your books and records are in order, you really do not need to do anything more. The next step he looks at is if you have a compliance program and do the targets employees know about it. This is critical so that the buyer will have an understanding of what is needed from the compliance perspective from day one of the acquisition closing.

They then turned to the perspective of a target and what you should have in place for such an analysis. It all begins with a compliance focused risk assessment and this should be done first as this is a key starting point to determine not only if the target has an effective compliance program but also if the target is actually ‘doing compliance’. Of course it is important for a target to know about its relationships with foreign governments, whether as customers or representatives on the sales side or in the supply chain.

They posited that a target should make sure that it has a compliance program, which is consistent with an international standard for an anti-bribery or anti-corruption program, whether it is the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other recognized international standard. The target should gather and verify the completeness of the following anti-corruption policies and procedures:

  • Anti-corruption/anti-bribery;
  • Petty cash;
  • Travel, meals, and entertainment;
  • Gifts, donations, sponsorships, political contributions, lobbying;
  • Retention, use and compensation of intermediaries/third parties;
  • Disbursements;
  • Recording of intercompany transactions; and
  • Authorization for expenditure/levels of authority.

They believe that it is important for a target to gather and verify the completeness of relevant books and records. They specifically listed the following:

  • Monthly trial balances;
  • Customer lists;
  • Vendor lists;
  • General ledger accounts for the following:
  • Gifts, entertainment and hospitality;
  • Travel;
  • Donations, sponsorships, and political contributions;
  • Marketing and commissions expenses;
  • Consulting fees;
  • Petty cash; and
  • Miscellaneous expenses.

They next suggested the documents and records be readied for review from the compliance perspective, on the following topics:

  • Facilitation payments;
  • Advertising and marketing;
  • Government tenders and bidding packages;
  • Employee expense reports;
  • Procurement;
  • Licenses and permits;
  • Records management;
  • Transfer pricing; and
  • Information on how policies/procedures are distributed and compliance acknowledged within the target organization.

Lastly, they provided a list of topics for which documents should be gathered and the target should be prepared to discuss early on with the compliance representative of the acquirer on the subject of any past corruption issues which may have arisen or been identified, together with their resolution. The target should be prepared to deliver factual details, relevant documents, and information on findings and how the matters were resolved. This group of documents should include internal or external reviews, audits or investigations over the past ten years, including any outstanding compliance issues, such as whistleblower and hotline complaints.

In the area of corporate governance they suggested that the target gather Board of Directors and any management meeting minutes from the past five years and have them available for review. A target should also be prepared to make available for interview key personnel including the General Counsel (GC), Chief Financial Officer (CFO), Chief Executive Officer (CEO) and the heads of Internal Audit, International Sales and Compliance.

From the perspective of the acquiring entity, they suggested that you take a close look at the files of as many of the target’s third parties as is reasonable for the size of the acquisition and the time frame you have. These include gathering and verifying the completeness of the following third party files: due diligence; contracts/agreements; records of compensation payment for past 5 years to determine whether compensation is reasonable, especially if in a high-risk area or for business involving foreign officials and, finally, make a determination of how to address any potential red flags.

They also discussed some of the potential red flags, which might be present in these documents. Some of these red flags could include a history of corruption in country where business occurs; numerous or frequent interactions with foreign officials; unusual payment patterns or arrangements with third parties or third parties which refuse to certify compliance, demand payment in cash, provide incomplete or inaccurate information, request payment made to someone else; a bank outside of country of domicile or is close with foreign government officials.

I thought Burke’s perspective was akin to trust but verify. He reiterated several times that it is reasonably straightforward to determine if a target company takes ‘doing compliance’ seriously. From there, you can use analytics to review the numbers and try and make a determination about obvious red flags and high-risk areas. This allows him to help to make a more accurate remediation plan to begin at closing. It also allows him to advise the business unit involved on what the cost for such integration would be, how long the business would be disrupted by such integration and the complexities of acquiring company’s compliance program implementation.

As to the cost for failing to do so, just think of the loss of the Army of Tennessee from the leadership of John Bell Hood.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Blog at WordPress.com.