On October 4, 2023, U.S. Department of Justice (DOJ) Deputy Attorney General Lisa Monaco announced a new, department-wide Mergers & Acquisitions Safe Harbor Policy to incentivize “voluntary self-disclosures made in the context of the mergers and acquisition process.” While such a safe harbor already existed informally or even formally for certain DOJ components, and its principles have been applied at least as far back as 2008, this new, department-wide policy is meant to provide transparent and uniform guidance across the DOJ.
Under this policy, acquiring companies that promptly and voluntarily disclose misconduct discovered at an acquired company, and fully cooperate in any DOJ investigation of and timely remediate that misconduct, will benefit from a “presumption of a declination” of prosecution by the DOJ for that misconduct. While this opportunity to avoid prosecution for legacy misconduct by an acquired company is certain to be welcomed by companies (especially those with robust M&A due diligence processes), the DOJ’s guidelines leave little room for error or hesitation to self-report and unmistakably signal a low likelihood of DOJ forbearance toward acquiring companies that fail to comply with them.
The Policy
The newly announced, DOJ-wide Safe Harbor policy has several notable features:
- Department-wide (but not completely standardized) approach: The Safe Harbor policy’s principles will be applied department-wide, but each part of the DOJ will “tailor its application of this policy to fit their specific enforcement regime, and will consider how this policy will be implemented in practice.”
- Disclosure and remediation timelines: To be eligible for a declination under the Safe Harbor policy, companies “must disclose misconduct discovered at the acquired entity within six months from the date of closing” of the merger, regardless of whether the misconduct was discovered pre- or post-acquisition. This deadline does not apply, however, to “misconduct threatening national security or involving ongoing or imminent harm,” which must be disclosed immediately. Moreover, a self-disclosing company “will then have a baseline of one year from the date of closing” to fully remediate the misconduct. Outside the “immediate harm” circumstances, Monaco noted that both the six-month and one-year timelines are subject to a “reasonableness analysis,” acknowledging that “deals differ and not every transaction is the same.” Prosecutors may also agree to extensions based on the “specific facts, circumstances, and complexity of a particular transaction.”
- Aggravating factors may not preclude declination: Aggravating factors—defined elsewhere in DOJ corporate criminal enforcement policy to include things such as the involvement of executive management, egregious or pervasive misconduct, significant profit from the wrongdoing, and criminal recidivism—at the acquired company “will not impact in any way the acquiring company’s ability to receive a declination,” but may impact the acquired company’s treatment.
- Disclosed misconduct may not affect recidivism analysis for the acquirer: Self-disclosed misconduct by an acquired company “will not affect any recidivist analysis at the time of disclosure or in the future” for the acquiring company.
Key Takeaways
Monaco’s remarks are in line with some of the same themes emphasized in prior announcements this year, including the DOJ’s expansion of corporate criminal enforcement efforts in the national security space, the DOJ’s promotion of new tools and remedies to punish and deter corporate criminal misconduct, and the DOJ’s department-wide standardization of other voluntary self-disclosure policies. This latest policy announcement further amplifies the DOJ’s efforts to incentivize companies to promptly self-report and remediate misconduct and to promote a culture of compliance.
The DOJ’s explicit extension of these efforts and principles to the M&A context necessitates specific considerations for companies engaged in M&A activity, not least because of the DOJ’s threat of successor liability for untimely disclosed misconduct at acquired entities. These considerations include:
- Further elevation of compliance considerations in the M&A process. The department’s extension of the safe harbor period to six months post-closing acknowledges that it may not be feasible for an acquiring company to identify all misconduct during the pre-merger negotiation and diligence process. However, by only allowing companies a “baseline” post-acquisition safe harbor period of six months, the DOJ is making clear that (in Monaco’s words) “[c]ompliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction.” M&A teams (including the senior management of acquiring companies) must ensure the legal, compliance, and, as appropriate, internal audit functions are fully involved, empowered, and vigilant during the process of both pre-merger negotiations and post-merger integration. As the DOJ has said, compliance should be at “the top of every company’s compliance risk chart” and not at the bottom of an M&A diligence checklist.
- Heightened bar for what it means to conduct thorough due diligence. Acquiring companies must ensure even more rigor on regulatory agency correspondence and potential legal violations. M&A due diligence must extend beyond document review and calls with management to more frequently include robust engagement with outside legal counsel, independent auditors, and other advisors.
- Increased engagement, transparent communications, and later-stage due diligence. Regular communications and “bring-down” closing diligence during the interim period pending closing provide substantial opportunities to (1) increase the likelihood that potential issues not discovered during pre-signing diligence are detected; and (2) appropriately plan for previously identified issues to the extent they have deteriorated. M&A teams should exercise even greater vigilance against allowing momentum toward closing to cause oversights in due diligence.
- Involving legal and compliance functions during the critical post-acquisition phase and in making a record. During post-closing integration, legal and compliance officers should take the lead in promptly assessing and, where appropriate, investigating any issues discovered post-closing, and keep the acquiring company’s audit committee and other relevant stakeholders informed. Legal and compliance officers should ensure thorough documentation of their discovery and attention to such issues to prepare for potential engagement with the DOJ regarding the timeliness of any subsequent self-disclosure.
The DOJ’s newly announced Safe Harbor policy framework will be fine-tuned by various DOJ components to meet their specific needs. Companies engaged in or contemplating M&A transactions will need to be aware of the specifics of relevant DOJ components’ policies to ensure they can receive the benefits if necessary. Consultation with interdisciplinary counsel experienced in complex, high-stakes M&A transactions as well as the specifics and complexities of DOJ corporate criminal enforcement policies will be essential for acquiring companies that seek to avoid successor liability for misconduct at acquired companies.