M&A: Compliance due diligence

Dusting off your playbook and refreshing a strong compliance due diligence program may well be one of the best investments you can make

With a renewed focus on mergers and acquisitions (M&A) in the technology sector, it may be time to refresh your M&A compliance playbook to reflect an increasingly complex regulatory environment.

If your company's M&A compliance guidelines have been sitting idle on the shelf for a few years, now may be a good time to take a look at them. According to PricewaterhouseCoopers’ 2014 U.S. Technology Deal Insights, M&A activity in the technology sector now exceeds historical norms thanks in part to a rebounding economy. With the increase in M&A activity—and an increasingly complex regulatory environment to navigate—it is important that companies have a strong due diligence program to evaluate a target company's compliance programs prior to a merger or acquisition.

A strong compliance due diligence program should thoroughly review all applicable legal and regulatory requirements.

Today's complex regulatory environment includes requirements that range from the often-publicized U.S. Foreign Corrupt Practices Act and Health Insurance Portability and Accountability Act to lesser-known regulations such as the U.S. Federal Acquisition Regulation's Contractor Code of Business Ethics and Conduct and the Electromagnetic Compatibility Directive.

If the acquisition target does business outside of the U.S., the regulatory environment becomes even more complex. In that instance, compliance due diligence should be expanded to evaluate applicable foreign regulations such as the European Union's Restriction of the use of certain Hazardous Substances (RoHS) and sanctions, including embargoes and trade restrictions.

Conducting due diligence against the full-blown “A to Z” list of regulatory requirements, however, is impractical. The scope of your due diligence should be tailored to the specific type of deal. For example, if the acquisition target is a software company, you may be able to limit due diligence on RoHS compliance. Similarly, if a target only does business with commercial customers, you might forgo due diligence related to public sector sales.

Categorizing due diligence questions based on factors such as the target's product and service offerings, customer and partner base (e.g., public versus private sector), and geographical presence enables your M&A team to quickly filter out questions that do not apply and sharpens the focus on the laws and regulations that pose the greatest amount of risk.

Tailoring your due diligence to higher risk areas will also help you identify potential red flags—whether they be flashing in bright lights or lurking in the weeds—so that your company can make an informed decision about the potential merger or acquisition. Failure to focus due diligence in the relevant areas prior to a merger or acquisition could result in significant unexpected successor liability or negative impact to your company's brand and reputation. As the Resource Guide to the U.S. Foreign Corrupt Practices Act succinctly summarizes, “[C]ompanies acquire a host of liabilities when they merge with or acquire another company, including those arising out of contracts, torts, regulations, and statutes.” Even if legal liability may not attach, the press may publish the details of a transaction and influence public perception resulting in brand damage.

In this environment, dusting off your playbook and refreshing a strong compliance due diligence program may well be one of the best investments you can make.

Ashley Watson

Ashley Watson is senior vice president and chief ethics and compliance officer at Hewlett-Packard Company.

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.