The assessment of compliance risks in connection with legal due diligence during the acquisition of a company has become a market standard for organizations of all types and sizes. One of the reasons for this trend is that, in accordance with many territories’ local rules and regulations, the acquirer’s management is obliged to evaluate all available information and use sources of information in all important managerial decisions within reasonable limits. Regulatory due diligence is a vital part of risk management in mergers and acquisitions (M&A). Regulatory issues can significantly constrain company resources when they arise unexpectedly. In an increasingly zero-tolerance regulatory landscape, identifying compliance risks within a target company is critical. It’s especially important in certain high-risk or highly regulated industries. The acquiring company must thoroughly understand the target’s regulatory obligations, risks, and issues.
As M&As are critical to the future of any organization, so is the due diligence process, which identifies risks and issues in the target company. To fulfill its role in the process, compliance should be an integral part of the due diligence team from its inception and should understand the M&A objective and deal structure.
The target company’s preparedness for the due diligence process is paramount. It is highly recommended that the company being acquired perform internal due diligence on their own company first, as a large portion of deals fail due to issues surfacing later in the due diligence process. If the seller (target company) enters the deal unprepared, the process can be extremely time-consuming and frustrating for the acquirer. Therefore, the most successful deals are made between businesses in a state of readiness.
This article aims to describe the crucial role of the compliance function in the due diligence process conducted during M&A and how to assess the information in a practical way to ensure an effective assessment.
Compliance due diligence
Compliance due diligence is defined as the process of conducting a thorough investigation, audit, or analysis of a company’s compliance with governmental and nongovernmental regulatory bodies. It seeks to establish whether a company is following the rules as it should be, to find areas of noncompliance, and identify past breaches. It also allows the acquirer to judge what remedial actions and improvements should be implemented to the compliance framework post-acquisition, estimate costs, and assess less quantifiable risks such as reputational issues.
The expectations of the U.S. Department of Justice and Securities and Exchange Commission regarding Foreign Corrupt Practices Act enforcement in the context of M&A include:
Conduct good faith due diligence to uncover potential corruption and bribery pre-acquisition.
Ensure a well-documented due diligence.
Create a plan to address deficiencies or compliance gaps after the completion of the transaction.
Implement a remediation plan.
Report violations to demonstrate the company’s efforts to implement remedial measures.
However, there are challenges when performing compliance due diligence. Usually there are limited compliance resources, and due diligence is usually an additional task on top of all other routine compliance activities. In some cases, the acquisition involves organizations operating in high-risk jurisdictions; some organizations have an inadequate compliance program—or none at all. Furthermore, one of the most significant barriers is the different cultural and social norms between the two organizations.