Not involved in M&A due diligence? Now what?

Nearly every compliance program we evaluate at Spark Compliance has the same problem – failure to have a pre- and post-merger and acquisition (M&A) protocol in place that officially involves compliance in M&A activity. If you find out there’s been an acquisition without any compliance-related due diligence, you’re probably feeling stuck (and maybe a bit panicked). Or perhaps you’ve proposed a pre- and post-M&A plan and you’re getting pushback on its breadth. What is the minimum you can get away with to still have a good enough approach?

An Ideal World and the Real World


In an ideal world, before an acquisition occurs, Compliance gets a call from leadership to involve it in the due diligence process. Compliance gets access to the data room, sends document requests that are promptly responded to, interviews everyone they need to, then makes recommendations and starts an integration plan.

More often, Compliance hears about an acquisition at the last minute, or perhaps after the press release comes out. Compliance freaks out because no sanctions checks were done, no compliance-related documents were reviewed, and no one looked at the investigations data or metrics being tracked by the target company – and that’s assuming such documentation even exists!

Tom Fox and I recently discussed this problem in our podcast (Two Gurus Talk Compliance). As he noted, “Do you have enough records? No. Do you have enough time? Never, because that is the nature of acquisitions. You have a limited amount of time and a limited number of resources.”

The Big Problem


Regulators expect Compliance to be involved in M&A. The Department of Justice’s Evaluation of Corporate Compliance Programs guidance asks, “Was the company able to complete pre-acquisition due diligence and, if not, why not? Was the misconduct or the risk of misconduct identified during due diligence?” Failure to have an answer to these questions will not please a prosecutor.

If Compliance wasn’t brought in, it may be because top leadership is unaware of “successor liability.” Successor liability means that, when an organization is acquired, it brings its bad acts with it. If bad acts can be found before or just after an acquisition closes, they can be disclosed to regulators, which may lessen or eliminate the damage.

What Can Be Done?


If you find yourself in a situation where compliance-related due diligence has not been done on an acquisition (or it’s the last minute for a potential acquisition), Tom Fox has a quick-and-dirty list of activities that should be completed pre- or post-M&A.

They include:

Interview the General Counsel and Chief Compliance Officer


Interview the General Counsel to understand the legal structure of the company and the compliance program. If the target has a Chief Compliance Officer, interview that person as well. Ask about policies, procedures, training, investigations, and whether a risk assessment has been completed.

Review Top Salesperson’s Expense Records


Review the expense records of the top five salespeople. Compare their expenses to the Gifts and Entertainment Policy limits. Review for red flags, e.g., taking out government officials or spouses/children. Follow up if there are discrepancies.

Review Sales Agent Commissions


If the target company has sales agents, request the contracts or commission schedules for the top 10 sales agents. Compare payments made to these agents against their contracts with the company, as well as against the sales booked by the agent and the commissions paid. Make sure the numbers add up.

Review Due Diligence


Review due diligence performed on the highest-risk third parties, including sales agents, distributors, and third parties working on behalf of the company with government officials.

Perform Sanctions Checks


Put the company, its senior executives, board members, and ultimate beneficial owners through a sanctions check. If you have the ability, run a check to see if any of those people qualify as a politically exposed person or PEP. Run an adverse media review on the company and key individuals.

Fixing the Problem


It’s useful to know that even at the last minute, M&A due diligence is helpful. It’s even more helpful to have a protocol in place for when mergers or acquisitions are being considered. Highlight the importance of pre-planning to your leadership team and try to get a policy or procedure in place. That way, you will be ahead of the game when it comes to evaluating whether the company’s next move is a good one from a compliance perspective.

Want to know more? Check out the Two Gurus Talk Compliance podcast with me and Tom Fox. The podcast can be accessed on iTunes, Spotify, or wherever you get your podcasts. It can also be heard HERE.

Share the blog!

Picture of Kristy Grant-Hart

Kristy Grant-Hart

Kristy Grant-Hart is the founder and CEO of Spark Compliance.
She's a renowned expert at transforming compliance departments into in-demand business assets.