On October 4, 2023, Deputy Attorney General Lisa Monaco (DAG Monaco) announced a new U.S. Department of Justice (DOJ) “safe harbor” policy aimed at encouraging voluntary and timely self-disclosures of criminal conduct discovered in connection with mergers and acquisitions (the “Safe Harbor Policy”).1 U.S. enforcement guidance has long made clear the risk of U.S. Foreign Corrupt Practices Act (FCPA) connected successor liability and the DOJ’s baseline expectation as to risk-based M&A due diligence and integration activities. This latest DOJ announcement provides welcome consistency across DOJ components, including with respect to criminal antitrust and sanctions enforcement, with policies like that already applied by DOJ’s FCPA Unit, and builds upon recent efforts to encourage and codify the benefits of voluntary self-disclosure and corporate cooperation, including recent updates to DOJ’s Corporate Enforcement Policy.2
A New Pathway to Presumptive Declination.
The new Safe Harbor Policy applies department-wide to criminal conduct discovered by acquirors in the course of M&A transactions. Going forward, acquiring companies that promptly and voluntarily disclose criminal misconduct within the safe harbor period (discussed below), and that cooperate with the ensuing investigation, and engage in timely and appropriate remediation, restitution, and disgorgement, will receive the presumption of a declination. While certain criteria, discussed below, are consistent, each DOJ component retains discretion to tailor its application to fit their own specific enforcement regimes.
Safe Harbor Policy Criteria. Acquiring companies need to satisfy a number of pre-requisites in order to qualify for a presumptive declination:
- Bona-fide, Arms-Length Transactions. The Safe Harbor Policy will only apply to criminal conduct discovered by acquirors in bona fide, arms-length M&A transactions. It does not apply to misconduct that was otherwise required to be disclosed, or already public or known to DOJ, and will not impact civil merger enforcement.
- Timelines for Disclosure (6 months) and Remediation (12 months). The timeline to meet the safe harbor requirements is short. In order to qualify, companies must disclose criminal misconduct discovered at an acquired entity within six months from the date of closing. This deadline applies whether the misconduct was discovered pre- or post-acquisition. Companies will then have a baseline of one year from the date of closing to fully remediate the misconduct. However, DAG Monaco cautioned that companies should disclose and remediate misconduct “threatening national security or involving ongoing or imminent harm” more swiftly than those deadlines. As a prior Mayer Brown alert explained, DOJ has recently emphasized that companies must promptly disclose violations of national security laws.3
- Exceptions Available in Certain Circumstances. Recognizing that each M&A deal is different, these deadlines are subject to a reasonableness analysis and may vary depending on the specific facts, circumstances, and complexity of a particular transaction.
- Aggravating Factors and Recidivism. Aggravating factors at an acquired company—which may include, e.g., involvement of senior management in misconduct, significant profits derived from misconduct, and pervasive or wide-spread misconduct—will not impact the buyer’s ability to receive a declination. The acquired entity itself may also qualify for the benefits of voluntary self-disclosure, including potential declination, where there are no aggravating factors involved. Finally, misconduct disclosed under the Safe Harbor Policy cannot form part of any future recidivist analysis for the acquiring company.
Focus on Due Diligence and Compliance Integration Processes.
DAG Monaco addressed this latest policy announcement to general counsel and compliance officers in attendance at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute, emphasizing that compliance must have “a prominent seat at the deal table” in order for a buyer to effectively assess and address the risk of a prospective transaction.
DAG Monaco highlighted for those advising boards and deal teams DOJ’s “enhanced premium on timely compliance-related due diligence and integration.” Consistent with DOJ’s focus on strong corporate compliance programs, the earlier misconduct is identified and can be addressed at a potential target, the more options are available to a fully informed buyer. The new policy confirms the importance of prompt post-close information gathering and integration activities—with the clock to qualify for potential safe harbor benefits running from the date of close.
Assessing Disclosure Risks and Rewards.
Despite the welcome clarity provided by this announcement, a company’s decision to voluntarily self-disclose to DOJ will remain a fact intensive exercise requiring a full assessment of the risks and potential rewards in each case. Companies will need to carefully weigh the benefits of disclosure against the costs and consequences of potential restitution, disgorgement, publicity, and reputational or brand damage, even if DOJ ultimately declines prosecution. Where aggravating factors are present the analysis is further complicated by the fact that only the acquiror, and not the acquired company under new ownership, may qualify for a declination.
1 Deputy Attorney General Lisa O. Monaco, Remarks as Prepared for Delivery at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute (October 4, 2023); https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-announces-new-safe-harbor-policy-voluntary-self
2 See our earlier client alert on DOJ Criminal Division’s Corporate Enforcement Policy revisions: https://www.mayerbrown.com/en/perspectives-events/publications/2023/01/dojs-criminal-division-announces-revisions-to-dojs-corporate-enforcement-policy-including-new-paths-to-potential-declinations