M&A activity in emerging markets presents both opportunity and risk. One risk is the potential to acquire FCPA liability. In this context, risk-based due diligence is essential.
The November 14, 2012, DOJ and SEC Resource Guide to the U.S. Foreign Corrupt Practices Act warns against “pro-forma,” check-the-box diligence. Instead, the due diligence plan must be tailored to the target’s FCPA risk. The acquirer’s plan should incorporate the following inquiries:
- Determine whether the target operates in high risk locations. The acquirer’s assessment should include a review of the target’s locations of operations, followed by an assessment of those location’s corruption risk based on, for example, the Transparency International’s Corruption Perception Index.
- Analyze the target’s business model and the aspects of its operations that present FCPA risks. The acquirer should ascertain whether the target operates in an industry that presents a high risk of corruption. Further, the acquirer should identify the target’s direct and indirect points of contact with the government, including any third-parties in the target’s supply or distribution chain. For example, does the target have contracts with a foreign government? Does the target’s business involve substantial interaction with foreign governments, including, but not limited to, licenses or permits? Does the target utilize third-party contractors, consultants or agents? Do the target’s owners, directors, employees or third-parties used by the target have relationships with foreign officials?
- Investigate the target’s compliance policies and training programs. The acquirer should also determine whether the target has an existing compliance policy and more importantly, whether that policy has been effectively enforced. In addition, the acquirer should determine whether the target has implemented training programs for its employees and the third-parties involved in its business, and the extent to which those training programs address the identified risks. The acquirer should also look at whether the target conducts periodic compliance audits. Significant gaps in the target’s written procedures, training or audit function should be flagged for immediate remediation efforts.
- Review the company’s books and records. The acquirer should review the target’s books and records focusing on areas that are common trouble spots in FCPA cases. For example, does the target pay commissions and fees to third-parties? If so, are the commissions and fees reasonable and customary? Do the target’s books and records fairly, accurately, and with sufficient detail, reflect all transactions and expenditures by the target?
In some instances, pre-acquisition due diligence is not possible or is subject to significant constraints. In such circumstances, DOJ Opinion Procedure Release No. 08-02 — which detailed post-acquisition procedures proposed by Halliburton in connection with its acquisition of U.K.-based Expro International Group PLC — provides guidance. In the Halliburton-Expro transaction, U.K. law placed significant restrictions on Halliburton’s ability to conduct due diligence pre-acquisition. Thus, Halliburton sought guidance from the DOJ. In its request, Halliburton committed to a detailed action post-acquisition plan, and the DOJ agreed in its opinion that it would not take enforcement action against Halliburton, provided Halliburton complied with its post-acquisition plan. Thus, DOJ’s response can be viewed as a baseline for other acquirers’ post-transaction diligence. Based on Release No. 08-02, an acquiring company should, at a minimum, take the following steps:
- Immediately implement the acquiring company’s code of conduct and FCPA compliance policies and procedures within the newly acquired target
- Conduct anti-corruption training for the acquired company’s personnel, along with training for third-party agents and business partners where necessary to ensure FCPA compliance
- Immediately conduct an FCPA-specific audit of the newly acquired businesses
- Disclose any potential FCPA violations discovered as part of its pre-acquisition or post-acquisition audit.
Taking these steps not only addresses FCPA risk, but it also permits an acquirer to determine whether the acquisition is worth the risk and whether the target is appropriately valued given the risk. The Titan Corporation case provides a good example. In 2003, Lockheed Martin and Titan entered into a merger agreement. During pre-transaction due diligence, Lockheed discovered potential FCPA violations at Titan. Based on this discovery, the parties revised the merger agreement, reducing the purchase price and requiring Titan to resolve its potential FCPA exposure by either obtaining written confirmation from the DOJ that it did not intend to pursue an enforcement action, or a written plea agreement resolving Titan’s FCPA exposure. Titan failed to satisfy these requirements and Lockheed terminated. Ultimately, Titan pleaded guilty to FCPA violations relating to activities in Africa and agreed to pay $28.5 million. Based on its due diligence, Lockheed was able to withdraw from the transaction and avoid that liability, along with the related investigation and reputational costs.
The Latin Node case provides a cautionary counter example. In 2007, eLandia International acquired Latin Node, a telecommunications services company doing business in, among other places, Honduras and Yemen. Two months after the transaction closed, eLandia filed its SEC Form 10-Q, stating it had “not yet made [an] assessment of Latin Node and there may exist control deficiencies in financial reporting departments” — a telling disclosure regarding eLandia’s pre-transaction diligence, particularly given eLandia’s disclosure only months later that Latin Node’s internal controls suffered from material weaknesses in the supporting documentation required for external payments. Latin Node eventually pleaded guilty to FCPA violations and agreed to pay $2 million. Ultimately, eLandia wrote off the Latin Node investment, terminating Latin Node’s operations, placing Latin Node into bankruptcy and winding up the company’s affairs. While eLandia was able to avoid criminal liability based on its voluntary disclosure of Latin Node’s criminal conduct and its immediate steps to address it upon discovery, eLandia’s $22 million investment in Latin Node became worthless, on top of the legal costs incurred by eLandia. The Latin Node case is an important reminder of the importance of FCPA due diligence.
M&A transactions in emerging markets present an opportunity for companies, but due diligence focused on FCPA risk is essential. This will help the acquiring company avoid acquiring FCPA liability, along with structuring the transaction and valuing the target company to account for FCPA risks.