Ed. Note-I recently saw an article on M&A compliance due diligence, from the Canadian perspective, by John Boscariol. I asked John if I could repost his article, which he graciously allowed me to do.
Recent developments in Canadian anti-corruption, economic sanctions, and export control laws are having a significant impact on the due diligence that should be conducted on potential targets in the context of mergers and acquisitions as well as other business combinations such as joint ventures.
New and expanding measures along with increased enforcement, particularly in the resource extraction industries such as energy and mining, have raised the stakes for those investing in Canadian companies. Today, it is becoming more common for potential acquirers or investors to delay, re-price or even walk away from transactions because of actual or perceived compliance failures in the target’s operations.
A misstep in this area can have significant ramifications – in addition to criminal prosecution and penalties, compliance failures can also result in significant expenditure on internal investigations, the inability to move product or transfer technology cross-border, delayed or cancelled customer orders, debarment from doing business with government, and substantial reputational costs in relationships with business partners, including banks, investors, customers, suppliers and other stakeholders. Further, the now well-established pattern in the United States of shareholder class action suits being launched following allegations of management failure to implement proper internal controls is beginning to take hold in Canada.
Canadian authorities becoming more aggressive
In recent years, Canadian authorities responsible for implementation and enforcement of trade controls and anti-corruption laws – including the Royal Canadian Mounted Police (RCMP), the Canada Border Services Agency, Foreign Affairs and International Trade Canada, and Crown prosecutors – have stepped up their game.
Canada’s experience in the anti-corruption sphere is a good example. After many years without any significant enforcement, in 2008 the RCMP formed a special unit responsible for the enforcement of the Corruption of Foreign Public Officials Act (CFPOA). In June of 2011, Nike Resources was convicted of violating the CFPOA and penalised $9.5m. In January of this year, Griffiths Energy was also convicted and fined $10.35m. At the present time, it is understood that the RCMP is conducting over 35 investigations of Canadian companies and individuals suspected of CFPOA violations.
Five areas deserving special attention for due diligence
Although not intended to be exhaustive, the following are five areas where you should at least initially focus before drilling down into any specific matters of concern:
Where is the target doing business? Identifying countries with which the target does business is critical to assessing risk exposure from both the anti-corruption and trade control perspective. Where are their customers, suppliers, licensees/licensors creditors and other business partners located?
Canada currently maintains trade controls of varying degrees of aggressiveness in respect of activities involving Belarus, Burma, Côte d’Ivoire, the Democratic Republic of the Congo, Cuba, Egypt, Eritrea, Guinea-Bissau, Iran, Iraq, Lebanon, Liberia, Libya, North Korea, Pakistan, Sierra Leone, Somalia, Sudan, Syria, Tunisia and Zimbabwe. Activities in these countries with entities based in these countries should be carefully reviewed to ensure compliance with economic sanctions and export controls.
Location also plays a significant role in assessing anti-corruption compliance risk. Developing or newly industrialised countries in Africa, the Middle East, Asia, and areas of Latin America are particularly vulnerable to corruption. Independent country rankings of corruption risk, including Transparency International’s Corruption Perceptions Index, are a helpful starting point.
What are the target’s ‘government touch-points’?Understanding how your target deals with government on a daily basis helps assess the exposure to potential opportunities for government corruption. This includes dealings with government owned entities, including commercial enterprises. Getting a list of the target’s government customers and suppliers is an obvious and important starting point.
It is also necessary to determine what licences or permits are required for the target’s operations and review its dealing in the negotiation of concessions, production sharing agreements or investment agreements with government. The extent to which the target imports or exports product, and therefore its dealings with customs authorities, is important but often ignored government touch-point. This is especially the case for oil, gas and mining companies that need to move heavy, high-value equipment in and out of the host country.
What is the nature of their products, services and technology?Canada controls the export and transfer of goods services and technology, under both export control laws and economic sanctions. These measures are not restricted to military or nuclear items but include many commercial dual-use items used in industry every day, including goods, software and technology for relatively low-level encryption and decryption. Goods and technology controlled for export or transfer from Canada are set out on the Export Control List. Economic sanctions measures also impose similar requirements based on the nature of the goods and technology being supplied – for example, Canada’s sanctions against Iran prohibit the transfer to Iran of any items, including technical data, used in the petrochemical, oil or natural gas industry.
In addition to understanding what product and services your target ultimately provides to its customers, you should consider what inputs are used in the process, how product research and development occurs, and what, if any, after sales service and support is provided. Keep in mind that these controls are not limited to physical export shipments, but include cross-border transfers of information that occur via email transmissions and server upload/download activity or during technical discussions with persons outside of Canada.
What is the target’s exposure to similar measures of other jurisdictions?Depending on the circumstances, Canadian companies can be subject to anti-corruption and trade control laws of other jurisdictions. The US Foreign Corrupt Practices Act (FCPA) is notoriously enforced on a broad, extraterritorial basis often ensnaring Canadian companies that had considered themselves to have little connection to the United States. For example, a Canadian company that causes, directly or through agents, acts in furtherance of a corrupt payment to take place within the territory of the United States is subject to the jurisdiction of the FCPA.
The FCPA obligations are in large part similar to those in the CFPOA. However, the United Kingdom’s Bribery Act 2010 contains some important differences, including the prohibition of private commercial bribery and no exclusion for facilitation payments.
A number of US sanctions and export control measures are also applied on an extraterritorial basis, especially in dealings with Iran or Cuba. In the latter case, Canada has implemented blocking legislation designed to address issues such as US extraterritorial measures. Canadian law prohibits a Canadian company or individual from complying with the US sanctions and export controls on Cuba. This presents a challenging conflict of laws when the target is or will be US-owned or controlled – on the one hand, the company is required to comply with the US trade embargo while on the other hand, to do so will constitute an offence under Canadian law and expose the Canadian company and its officers to potential liability.
What compliance measures does the target have in place? Although there is seldom enough time in the heat of an M&A transaction to conduct a thorough audit of the target’s compliance with anti-corruption and trade controls, there are basic minimum steps that can be taken to get a good sense of the target’s compliance profile and potential exposure. Basic elements we expect to see in any anti-bribery, economic sanctions and export control compliance programs include the following: a written compliance manual and procedures, screening of transactions and all involved parties against lists of sanctioned or designated entities and individuals, appointment of compliance officers, internal compliance auditing, non-compliance reporting, correction and voluntary disclosure, training programs, contract and project review, and procedures for dealing with inconsistent or conflicting laws.
Obtaining a description of the target’s anti-bribery and trade control procedures and a copy of the compliance policy manuals is an obvious start, but it is not enough.
It is also critical to review evidence of implementation of these measures across the operation. For example, how often are employees and executives trained on these policies? When are internal audits conducted and what are the results? How often are potential non-compliance events being reported internally? Is an employee hotline being used and what kind of reports are being made? What voluntary disclosures have they submitted to government authorities? Have they been subject to government investigations or audits and with what results? What is their process for reviewing and determining the control status of their goods, services and technology and what rulings have they obtained in respect of the same? In what circumstances have they terminated or refused to retain agents because of bribery concerns? What specific provisions has the target included in their contracts to address anti-bribery and trade controls compliance? What compliance certifications do they have from business partners? How do they use third parties to assist in implementation of compliance measures – e.g., screening transactions, due diligence of agents, internal review and audit, legal opinions?
Responses to these initial inquiries inevitably beget more questions in this process and the back and forth continues as you drill down into areas of concern and potential exposure for the target and, ultimately, the acquirer. Risks may be so high that the deal is scrapped or at least delayed until they can be addressed through the implementation of enhanced compliance measures or disclosures to the authorities if necessary. In other cases, representations and warranties as well as appropriate indemnities may be sufficient to address any concerns. Once the transaction closes, however, it is important to immediately begin conducting a more thorough review of the target’s compliance based on potential areas of vulnerability identified during the pre-acquisition due diligence phase and addressing any potential non-compliance.
John W. Boscariol is Leader of the International Trade and Investment Law Group at McCarthy Tétrault LLP. He can be contacted on +1 (416) 601 7835 or by email: email@example.com.