When a company subject to the jurisdiction of the U.S. Foreign Corrupt Practices Act (FCPA) merges with or acquires another company that is also covered by the FCPA, should the former company also acquire the latter’s potential FCPA liability? In other words: Suppose Company A acquires Company B, and evidence later comes to light that prior to the acquisition, Company B’s employees paid bribes to foreign government officials, in violation of the FCPA. Can or should Company A be subject to a post-acquisition enforcement action for these earlier FCPA violations? This is known (in the FCPA context and elsewhere) as the question of “successor liability.” In U.S. law, the general rule is that successors inherit the acquired company’s civil and criminal liabilities. The U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC), which share responsibility for enforcing the FCPA, have long argued that there is no reason to make an exception to this general rule for FCPA cases. Yet critics have argued that successor liability in the FCPA context “can kill deals.” Numerous transactions have fallen through or decreased in value because of corruption-related concerns, and other transactions became costlier due to such risks.
The DOJ and the SEC’s traditional response to such concerns—as laid out in the first edition of their FCPA Resource Guide, published in 2012—is that companies should conduct pre-acquisition due diligence to identify red flags and potentially undertake various forms of remediation. Furthermore, the agencies have stated that they might decline to pursue enforcement actions against an acquiring firm on a successor liability theory if that firm’s pre-acquisition efforts were adequate. The problem, though, is that pre-acquisition due diligence on possible FCPA violations is often difficult or impossible to conduct properly. In some cases, laws in foreign countries known as blocking statutes may prevent the acquiring firm from getting the information it needs from the target company (see, for example, here and here). More generally, there are numerous practical reasons why pre-acquisition due diligence on possible FCPA violations may not be possible, including time-sensitivity, the difficulty of accessing data stored or located in distant places, and the target company’s reluctance to cooperate with external investigations that could result in the target’s personnel facing criminal exposure. These factors can make pre-acquisition due diligence impractical.
The DOJ and SEC appear to have acknowledged and responded to that concern in the second edition of the FCPA Resource Guide, published this past July. While the second edition’s treatment of successor liability seems mostly the same as in the first edition (save for some wording adjustments and references to more recent cases), the second edition also includes one short but potentially crucial additional paragraph, which reads as follows:
DOJ and SEC also recognize that, in certain instances, robust pre-acquisition due diligence may not be possible. In such instances, DOJ and SEC will look to the timeliness and thoroughness of the acquiring company’s post-acquisition due diligence and compliance integration efforts.
Although subtle, this passage represents a potentially important shift, as it indicates that the DOJ and SEC will consider not only pre-acquisition due diligence, but also post-acquisition measures, when deciding whether to pursue enforcement actions against a company on a successor liability theory.
To be sure, this is not the first time that U.S. enforcement agencies have suggested that sufficient post-acquisition measures may convince the agencies not to pursue an acquiring company for the target’s previous FCPA violations. The best-known example of something like this is the DOJ’s response to an inquiry by Halliburton in 2008. At that time, Halliburton was bidding on a UK firm, but a legal impediment prevented Halliburton from conducting thorough pre-acquisition due diligence on the target’s possible FCPA liabilities. Halliburton submitted a request for guidance through the DOJ’s Opinion Procedure Release Program, in which the company emphasized that although it was unable to conduct thorough pre-acquisition FCPA due diligence, it was prepared to implement an ambitious and costly post-closing investigation and remediation plan. In its response, the DOJ indicated that in light of the particular circumstances of the transaction— notably the foreign legal impediments to robust pre-acquisition due diligence—the DOJ did not intend to pursue action against Halliburton if the company followed its proposal by the book. Some saw the DOJ’s Halliburton opinion as blessing a “buy first [and] investigate later” approach, while others argued that this was illusory given that Halliburton’s post-acquisition plan was extremely costly and possibly infeasible. This debate remained largely academic, since Halliburton gave up on the competitive bid, and so never had to carry out its proposed remediation plan.
The passage in the new edition of the Resource Guide is potentially much more significant, as it seems to acknowledge more generally that pre-acquisition due diligence is not always feasible, and suggests that timely and thorough post-acquisition efforts may sometimes suffice to shield an acquirer from successor liability. If that reading is accurate, then this is a welcome change for several reasons:
- First, making pre-acquisition efforts the only way to avoid possible successor liability—or requiring post-acquisition measures to meet the overly demanding bar set by the Halliburton opinion—excessively raises risks and transaction costs for acquiring companies. The more flexible approach suggested by the second edition of the Resource Guide may reduce these transaction costs substantially.
- Second, letting companies know they can potentially avoid successor liability if they undertake sufficiently robust post-acquisition measures to identify and report possible pre-acquisition FCPA violations, and—perhaps more importantly—to implement stringent compliance measures to avoid recurrence of unlawful conduct, will give those companies stronger incentives to undertake such measures. And post-acquisition investigations are more likely to uncover wrongdoing and compliance problems more generally because the acquirer will then have access information to all of the newly-acquired company’s information.
- Third, by encouraging more mergers and acquisitions to take place—but on the condition that the acquirer impose much more stringent and effective compliance systems post-acquisition—the more flexible approach suggested by the new version of the Resource Guide may improve overall compliance. To see why, suppose that Company A, which has a strong compliance system and culture, is interested in purchasing Company B, which has a weak compliance culture and may have engaged in past FCPA violations. Under the traditional approach to successor liability, Company A may decide not to acquire Company B because it’s worried about taking on B’s FCPA liability—which A may not have been able to assess prior to acquisition. That means B would continue to operate with a weak compliance culture and may well continue to violate the FCPA without detection. Under the DOJ and SEC’s new approach, Company A may feel comfortable proceeding with the transaction, and then—in order to avoid successor liability—would go even further than it would have otherwise to improve Company B’s compliance systems and culture. This is a net gain from an FCPA enforcement perspective.
Of course, the DOJ and SEC’s revised policy will not satisfy critics who want to eliminate successor liability for FCPA violations altogether. But the SEC and DOJ are right not to go that far. Doing so would make it too easy for companies to avoid FCPA liability through corporate reorganizations, and acquirers would have too little incentive to address compliance problems in acquired firms. The DOJ and SEC are also right not to give acquirers carte blanche to disregard pre-acquisition due diligence. The agencies will still require companies to show that they did the best that they could to conduct pre-acquisition due diligence under the specific circumstances of a tentative deal. Nonetheless, the remark in the updated 2020 Resource Guide signals a subtle but important shift toward a more relaxed approach to FCPA successor liability, one that promotes the statute’s goals and encourages responsible and diligent companies to expand.
Thanks for this amazing post, Luiz! I think I totally agree with your opinion. The only question I have left is whether, here playing the devil’s advocate, the Company A (that has violated FCPA) should in fact be a more expensive and costly (in the most general definition of cost) as a self-induced punishment for its behavior? I am thinking maybe if those companies become more expensive and less attractive to investors they would in the long-term realize their FCPA violations are not as efficient as they would think. I can think of maybe counterarguments for this (what about promoting competition in general, a specific industry, etc), but what do you think about this? Thanks!
You make a really compelling argument for post-acquisition due diligence, but it makes me wonder what remedies exist for a company that discovers extensive corruption hidden within a new acquisition. The buyer likely overpaid for the new company and may now have to spend exorbitant amounts to bring the purchased company into FCPA compliance. The buying company then has to decide between spending more money on a bad deal or hoping the FCPA violations that cannot be cheaply addressed go unnoticed. Furthermore, this new rule may incentivize countries to impose more stringent privacy laws in order to protect their companies during merger talks. While the financial risks surrounding post-acquisition due diligence may seem too great to chance under the first edition of the FCPA Resource Guide, companies may be forced to incur that risk more frequently if enough countries pass laws that make pre-acquisition due diligence virtually impossible.