​Several recent cases highlight the risks of successor liability when companies acquire targets that have been engaged in violations of anti-corruption laws. They reinforce the benefits of understanding a target’s potential liability and taking steps to minimise the risk. One company even avoided charges after its post-closing review identified that the target was giving improper gifts to government officials. This article also provides tips for conducting pre- and post-acquisition due diligence.

Several recent U.S. Foreign Corrupt Practices Act (FCPA) cases highlight the risks of successor liability when companies acquire targets that have been engaged in conduct that violates anti-corruption laws. These cases reinforce the benefits of both pre-acquisition due diligence and timely post-acquisition review, including potentially avoiding corruption-related charges altogether.

Successor liability

Mondelēz (formerly known as Kraft) acquired Cadbury in a hostile takeover in early 2010. While limited pre-acquisition due diligence was done given the circumstances, Mondelēz undertook substantial post-acquisition due diligence of Cadbury’s business in 24 countries, including India. During this post-acquisition due diligence it failed to identify a relationship between Cadbury India and an agent retained to help secure licences and approvals from government officials in India. In late 2010, Mondelēz discovered the relationship and conducted an internal investigation, but did not disclose the information to U.S. government authorities. 

In January 2017, the U.S. Securities and Exchange Commission (SEC) charged both Mondelēz and Cadbury (now owned by Mondelēz) with FCPA violations for failing to conduct due diligence or monitor the activities of the agent in India and for not maintaining records that fairly reflected the services provided by the agent.^[1] The SEC also cited Mondelēz’ failure to identify Cadbury India’s relationship with the agent in its post-acquisition due diligence, and affirmed that Mondelēz, as the acquirer of Cadbury, was responsible for Cadbury’s FCPA violations.  

Mondelēz was credited with cooperation with the U.S. government investigation and taking remedial measures, including implementing Mondelēz’ global compliance programme at Cadbury and conducting a comprehensive review of Cadbury India’s third parties, but not with self-disclosure. Mondelēz agreed to pay a USD 13 million civil penalty.

Separately, when a U.S. medical device company acquired its competitor in 2015, the target was under an existing compliance monitor imposed as part of a 2012 FCPA settlement with the U.S. Department of Justice (DOJ) and SEC for bribes in Brazil, Argentina and China. Even after the 2012 settlement, the target continued to use a distributor in Brazil known to pay bribes and used a customs broker to pay bribes in Mexico. As a result of these issues, the monitor’s term was extended in 2015 and again in 2016, and the target was ultimately determined to be in breach of the 2012 FCPA settlement with the DOJ. In January 2017, the target reached a new settlement with the DOJ and SEC and agreed to pay USD 30.4 million in penalties and to engage a new compliance monitor. 

Upon acquiring the target in 2015, the medical device company assumed the target’s liability and obligations under the 2012 FCPA settlement (including the compliance monitorship). It will now bear the cost for and assume the obligations under the 2017 FCPA settlements, including the monetary penalties, ongoing investigations and the compliance monitorship.

No FCPA charges against the buyer for conduct of the target  

In 2011, publicly listed U.S. telecom/IT company Harris Corporation (Harris) acquired healthcare IT company CareFx, including its Chinese subsidiary. In spite of the Chinese subsidiary’s pre-acquisition practice of giving improper gifts to Chinese officials that continued post-closing, the SEC announced in September 2016 that it would not bring FCPA charges against Harris due to its cooperation, remediation and prompt report to the SEC. According to the SEC, prompt report was possible because of the company’s “immediate and significant” post-acquisition steps (including anti-corruption training, integration of the Chinese subsidiary into its internal controls system and implementation of an anonymous complaint hotline), which resulted in the discovery within five months of closing that the CEO of the Chinese subsidiary had authorised and facilitated gifts totalling an estimated USD 1 million for officials at state-owned hospitals. 

The SEC brought FCPA charges against the CEO of the Chinese subsidiary personally and imposed a USD 46,000 penalty. 

Based on the SEC orders, the differing outcomes of the Harris and Mondelēz cases appear to hinge on self-disclosure. Harris self-disclosed after quickly identifying the issues in its post-closing review. Mondelēz, in contrast, did not identify misconduct involving the agent in its post-acquisition review in the first place and did not self-disclose any issues to the SEC.

What conclusions can we draw from these cases?

1. U.S. enforcers will bring FCPA charges for the pre- and post-acquisition conduct of a target.
2. Buyers are much better off if they understand the scope of potential liability before the acquisition and take steps to reduce their risk including, potentially, modification of the transaction terms to account for increased risk. 
3. Post-acquisition reviews are critical to identifying issues that were not identified in pre-acquisition due diligence, particularly if there was limited opportunity for pre-acquisition due diligence beforehand. Such reviews should be thorough and done as quickly as possible.
4. Issues identified should be remediated as quickly as possible. If the issues are significant, consider whether there is value in disclosing them to the relevant enforcement agencies.
5. Pre-acquisition due diligence and post-acquisition reviews, identification of issues and compliance programme implementation should take on heightened urgency where there are recent or known issues or an on-going monitorship.
6. Compliance programmes can yield real benefits. Harris achieved this result by having a robust compliance programme and by responding appropriately to the discovered misconduct. 

What are some practical actions for planning for and conducting due diligence?

1. For buyers, understand the risk profile of the target as much as possible before starting pre-acquisition due diligence and then develop an initial plan for due diligence. Modify the due diligence plan to respond to information as it becomes known.
2. For sellers, it is also important to assess the risk profile of the target and the level of interest and exposure of the potential buyer(s). If the seller will be expected to sign anti-corruption-related representations and warranties (or include a closing condition or indemnities), seller due diligence may be appropriate. Sellers may also need to prepare for corruption-related due diligence questions and requests from the buyer. The extent to which sellers can feasibly push back on these depends on the respective leverage of the buyer and seller in the transaction. 
3. Obtain as much publicly available information as necessary. Engaging a third party due diligence provider can streamline information gathering. 
4. Work with your financial/tax due diligence advisers to look for relevant information in the accounts of the target (for example, cash payments, gift and hospitality accounts, miscellaneous or poorly described accounts, large payments to agents and payments to individuals). Include anti-corruption questions in the due diligence requests. 
5. Use the information you find to strategise on next steps, whether it is further due diligence, discussions with the seller or tailored provisions in the transaction documents. Where possible, continue to conduct due diligence following signing and before closing.
6. Develop a detailed plan for post-acquisition review and integration. Engaging and instructing service providers prior to closing will facilitate the review following the acquisition. This step takes on heightened importance if pre-acquisition due diligence is limited due to the nature of the transaction (for example, where the transaction is hostile or subject to a competitive tender process which may limit due diligence and leverage in negotiating transaction terms).
7. Implement the post-acquisition review as soon as possible after closing.

As these cases demonstrate, taking steps to better understand the risk of successor liability and, importantly, conducting post-acquisition reviews quickly after closing can better position a company if violations of anti-corruption laws are identified. Quick action and strategic decisions may even allow a company to avoid FCPA charges in the first place.

[1]   Interestingly, the administrative proceeding does not specify any actual evidence that bribes were paid by the agent to any government officials. Rather, the alleged failure to conduct adequate due diligence on, and monitor the activities of, the agent “created the risk” that bribes would be paid. The settlement is further evidence of the very low bar set by the SEC to bring charges for violations of the FCPA’s books and records and internal controls provisions.