Anti-Corruption Due Diligence in Corporate Transactions: Implementing a Risk-Based Approach

Skadden, Arps, Slate, Meagher & Flom LLP

Gary DiBianco

Anti-corruption issues continue to present significant risks in acquisition and investment transactions because regulators continue robust enforcement in this area and emerging markets often present the greatest economic opportunities as well as increased corruption risks. Indeed, failure to identify a significant corruption risk at a target company not only opens the possibility of regulatory risks, it can undermine the core value of the transaction itself. In this context, anti-corruption diligence has become an accepted component of transactional diligence and regulators have endorsed risk-based diligence as appropriate to mitigate risks. While thorough diligence is not guaranteed to identify specific acts of past misconduct, a thoughtful, well-planned and well-executed diligence process will identify structural risks and compliance weaknesses that can be addressed in transaction agreements and in post-closing compliance enhancements.

U.S. Jurisdiction

Recent guidance (the FCPA Guidance)1 from the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) has confirmed the framework for potential liability under the Foreign Corrupt Practices Act (FCPA) following acquisitions and investments:

  • Where a non-U.S. company previously has not been subject to U.S. jurisdiction, acquisition by a U.S. issuer or company does not confer jurisdiction for pre-acquisition conduct. (See FCPA Guidance at 31.) However, post-acquisition bribery payments by the acquired company would be subject to potential investigation and prosecution (Id. at 32), not on a theory of successor liability but on a theory that the payments were violations by the U.S. entity.
  • Where a target company was subject to the FCPA prior to a transaction, the DOJ and SEC may have jurisdiction to prosecute the predecessor company on a theory of direct liability or the acquiring company on a theory of successor liability. (See FCPA Guidance at 33). Where the acquirer has conducted “robust” diligence and sought to implement post-acquisition controls, the FCPA Guidance indicates that the DOJ and SEC are unlikely to prosecute the acquirer for pre-acquisition conduct on the basis that the acquirer sought to understand fully any anti-corruption risks and to remedy them appropriately. (Id.)
  • Where both an acquirer and target were subject to the FCPA pre-transaction and improper conduct occurs at the acquired company post-transaction, the DOJ and SEC take the position that they can — and likely would — prosecute the acquirer. (See FCPA Guidance at 33 – 34). The DOJ and SEC take the position that the acquirer is familiar with its own (and the target’s) industry and risks, and thus is in a position to understand and remedy risks in its own operations as well as those of the acquired entity.

In most transactions that have some degree of multi-jurisdictional corruption risk, it will be appropriate to: (1) include risk-based diligence procedures in the overall diligence plan; (2) implement post-closing enhancements to the target company’s compliance program; and (3) ensure education of directors and officers on anti-bribery compliance. The FCPA Guidance also recommends post-closing anti-corruption audits of “all newly acquired or merged businesses as quickly as practicable,” (FCPA Guidance at 29) and the DOJ notes that the DOJ FCPA Opinion Procedure is available for circumstances where specific issues are identified in pre-acquisition diligence. While the FCPA Guidance also recommends that companies voluntarily disclose “any corrupt payments discovered as part of its diligence” (Id.), decisions regarding voluntary disclosure should be made carefully and on a case-by-case basis, as there may or may not be net benefits to a company from such disclosures.

Goals of Diligence

In light of the above framework regarding successor liability, transactional diligence has several goals:

  • to assess the risks of questionable payments, improper accounting entries or controls weaknesses that could create liability;
  • to satisfy the acquirer that it took prudent and reasonable steps to identify potential risks. If none are discovered pre-transaction, but an issue arises later, the due diligence procedures will form the basis for arguments that no liability should be imposed after the transaction is completed; and
  • given the expectation of “day one” compliance following an acquisition or investment, to identify steps to be taken after closing to minimize forward-looking risks.

Risk Profile

Established practices and guidance from U.S. and European regulators confirm that a risk-based approach to due diligence is appropriate, with diligence resources focused on high-risk interactions with government customers and regulators. The corporate structure of the parties, their industry, relevant geographies and compliance history all impact the risk profile. In a multinational transaction, the parties likely will want to concentrate their anti-corruption review and perform a heightened level of due diligence on affiliates and subsidiaries operating in countries with high perceived corruption risk. Similarly, parties operating in the industries that have been the focus by anti-corruption authorities — such as oil and gas, freight forwarding and logistics, and pharmaceuticals and medical devices — should account for potential regulatory scrutiny in evaluating the risk profile of a transaction.

If one of the parties to the transaction already is under investigation or recently has been under investigation for possible anti-corruption violations, the transaction has a higher perceived risk and authorities will expect heightened attention to corruption due diligence. In environments that have not had a robust history of anti-corruption enforcement, a key economic issue may be assessing whether enforcing anti-corruption policies following a transaction will affect the existing business model or operations. An acquirer also should assess whether imposing necessary compliance programs will result in a loss of sales, licenses or core business assets.

Additional high risk areas include:

  • a target whose revenues rely primarily on large government contracts;
  • a target whose significant assets are or were dependent on government concessions, such as oil fields, mining rights or real estate zoning permissions;
  • highly regulated businesses, such as those that require regular inspection approvals from local health and safety authorities or local financial regulations;
  • companies that depend heavily on product instruction and demonstration, with sales accomplished through regular educational seminars or conferences; and
  • a target with a large network of third-party agents.

Due Diligence Procedures

Initial anti-corruption due diligence usually can be performed in tandem with standard economic and financial due diligence requests and should focus on potentially high-risk areas of a business. Because access to information during the diligence process is almost always more limited than in an investigation, risk should be assessed based on compiling information from several sources. In particular, information can be gathered and compiled from (1) data room materials, (2) financial ledger analysis, (3) management interviews and (4) publicly available information on both the target and third parties retained by the target, such as sales consultants, agents and distributors. Risk areas can be explored by seeking information in the following areas:

  • an entity’s control environment: policies, procedures, employee training, audit environment and whistleblower issues;
  • any ongoing or past investigations (government or internal), adverse audit findings (external or internal), or employee discipline for breaches of anti-corruption law or policies;
  • the nature and scope of an entity’s government sales and the history of significant government contracts or tenders. Risks include improper commissions, side agreements, cash payments and kickbacks;
  • an entity’s important regulatory relationships, such as key licenses, permits, and other approvals. Due diligence in that context would focus on employees who interact with these regulators, and whether there are any fees, expediting payments, gifts or other benefits to government inspectors;
  • travel, gifts, entertainment, educational or other expenses incurred in connection with marketing of products or services, or in connection with developing and maintaining relationships with government regulators. Diligence in this area would include examining expense records, inspection or training trips, and conference attendee lists and expenses;
  • an entity’s relationships with distributors, sales agents, consultants, and other third parties and intermediaries, particularly those who interact with government customers or regulators. In this context, it is important to assess whether an entity (1) has processes for review and approval of contracts with third parties; (2) requires consulting agreements to be in writing and to include appropriate compliance, audit and termination clauses; and (3) authorizes payments only after services have been documented and only to appropriate recipient bank accounts; and
  • an entity’s participation in joint ventures, consortia, or other teaming arrangements that have significant government customers or are subject to significant government regulation.

Timing of Anti-Corruption Due Diligence Procedures

In addition to discussions regarding scope, parties to a transaction may negotiate the timing of anti-corruption due diligence, whether it will be completed prior to signing a definitive agreement, or whether all or some of the inquiry will be performed after signing but before closing. Post-signing due diligence may be preferable when an initial agreement is reached quickly or in an auction or other competitive process, but it also has risks. If an issue is identified after signing, it may lead to renegotiation of price, public disclosures or voluntary disclosures to government authorities, thereby delaying or ultimately preventing closing.

To maximize the possibility that post-signing due diligence will be confidential and orderly, it is often prudent to have a written work plan delineating precisely what the review will consist of, who will conduct it and what access each party will have to the findings. When drafting such a plan, consideration should be given to privilege issues, confidentiality, and each party’s rights and duties regarding disclosure of information that is gathered in the diligence.

The DOJ’s 2008 Opinion Procedure Release to Halliburton Corporation (reaffirmed in the 2012 FCPA Guidance) describes a possible procedure for post-closing due diligence (and voluntary disclosures) in the context of a transaction where pre-closing due diligence was not feasible. (See DOJ FCPA Opinion Procedure Release 08-02 (June 13, 2008)).2 The contemplated target operated in a number of jurisdictions with a high corruption perception index, and at the time Halliburton was under active DOJ and SEC investigation for its activities in many of these same regions. In this circumstance, Halliburton proposed, and the DOJ endorsed, a 180-day post-closing period to conduct staged post-acquisition due diligence and to self-report any corruption, accounting or controls violations identified.

Response to a Potential Anti-Corruption Violation

The actions taken once an issue is identified can affect profoundly the probability of a government enforcement action and whether a transaction can be completed. Specifically, if a potential breach of anti-corruption law is identified during diligence, an entity should consider (1) discipline of employees and officers who made or authorized improper payments; (2) specific remedial steps to improve controls, policies and procedures in the areas related to the issue identified; (3) disclosure of the issue to relevant local authorities or entities as may be required by law; and (4) possible voluntary disclosure to national authorities in the home jurisdictions of the entities involved. To the extent that there is an existing anti-corruption investigation of any of the entities involved in the transaction, the circumstances of that investigation should be taken into account in assessing government and public disclosure obligations arising from the identification of an issue in transactional due diligence.

“Day One” Compliance

Even if no problematic issues are identified in pre-transaction due diligence, regulators expect that appropriate controls will be introduced on “day one” following closing of a transaction. In the merger context, and to the extent permitted by antitrust laws, parties to a transaction may want to begin outlining a post-closing compliance policy framework and organizational structure immediately after signing a letter of intent. Key elements of such a program include (1) written policies that address governing anti-corruption laws, (2) revised reporting structures, (3) compliance resources for sales personnel and other relevant employees, (4) training and (5) an audit function to review compliance. Post-closing compliance also should focus on review and enhancement of controls over third-party relationships. It may be appropriate, for example, to execute contract amendments or new contracts to incorporate appropriate anti-corruption representations and warranties and audit rights.


In light of ongoing anti-corruption enforcement activity, anti-corruption due diligence should be considered as an important component of an acquisition or investment plan, and should be well documented and carefully executed.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.