"Anti-Corruption Due Diligence in Corporate Transactions: Implementing a Risk-Based Approach"

by Skadden, Arps, Slate, Meagher & Flom LLP

Anti-corruption issues continue to present significant risks in acquisition and investment transactions because regulators continue robust enforcement in this area and emerging markets often present the greatest economic opportunities as well as increased corruption risks. Indeed, failure to identify a significant corruption risk at a target company not only opens the possibility of regulatory risks, it can undermine the core value of the transaction itself. In this context, anti-corruption diligence has become an accepted component of transactional diligence and regulators have endorsed risk-based diligence as appropriate to mitigate risks. While thorough diligence is not guaranteed to identify specific acts of past misconduct, a thoughtful, well-planned and well-executed diligence process will identify structural risks and compliance weaknesses that can be addressed in transaction agreements and in post-closing compliance enhancements.

U.S. Jurisdiction

Recent guidance (the FCPA Guidance)1 from the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) has confirmed the framework for potential liability under the Foreign Corrupt Practices Act (FCPA) following acquisitions and investments:

  • Where a non-U.S. company previously has not been subject to U.S. jurisdiction, acquisition by a U.S. issuer or company does not confer jurisdiction for pre-acquisition conduct. (See FCPA Guidance at 31.) However, post-acquisition bribery payments by the acquired company would be subject to potential investigation and prosecution (Id. at 32), not on a theory of successor liability but on a theory that the payments were violations by the U.S. entity.
  • Where a target company was subject to the FCPA prior to a transaction, the DOJ and SEC may have jurisdiction to prosecute the predecessor company on a theory of direct liability or the acquiring company on a theory of successor liability. (See FCPA Guidance at 33). Where the acquirer has conducted “robust” diligence and sought to implement post-acquisition controls, the FCPA Guidance indicates that the DOJ and SEC are unlikely to prosecute the acquirer for pre-acquisition conduct on the basis that the acquirer sought to understand fully any anti-corruption risks and to remedy them appropriately. (Id.)
  • Where both an acquirer and target were subject to the FCPA pre-transaction and improper conduct occurs at the acquired company post-transaction, the DOJ and SEC take the position that they can — and likely would — prosecute the acquirer. (See FCPA Guidance at 33 – 34). The DOJ and SEC take the position that the acquirer is familiar with its own (and the target’s) industry and risks, and thus is in a position to understand and remedy risks in its own operations as well as those of the acquired entity.

In most transactions that have some degree of multi-jurisdictional corruption risk, it will be appropriate to: (1) include risk-based diligence procedures in the overall diligence plan; (2) implement post-closing enhancements to the target company’s compliance program; and (3) ensure education of directors and officers on anti-bribery compliance. The FCPA Guidance also recommends post-closing anti-corruption audits of “all newly acquired or merged businesses as quickly as practicable,” (FCPA Guidance at 29) and the DOJ notes that the DOJ FCPA Opinion Procedure is available for circumstances where specific issues are identified in pre-acquisition diligence. While the FCPA Guidance also recommends that companies voluntarily disclose “any corrupt payments discovered as part of its diligence” (Id.), decisions regarding voluntary disclosure should be made carefully and on a case-by-case basis, as there may or may not be net benefits to a company from such disclosures.

Goals of Diligence

In light of the above framework regarding successor liability, transactional diligence has several goals:

  • to assess the risks of questionable payments, improper accounting entries or controls weaknesses that could create liability;
  • to satisfy the acquirer that it took prudent and reasonable steps to identify potential risks. If none are discovered pre-transaction, but an issue arises later, the due diligence procedures will form the basis for arguments that no liability should be imposed after the transaction is completed; and
  • given the expectation of “day one” compliance following an acquisition or investment, to identify steps to be taken after closing to minimize forward-looking risks.

Risk Profile

Established practices and guidance from U.S. and European regulators confirm that a risk-based approach to due diligence is appropriate, with diligence resources focused on high-risk interactions with government customers and regulators. The corporate structure of the parties, their industry, relevant geographies and compliance history all impact the risk profile. In a multinational transaction, the parties likely will want to concentrate their anti-corruption review and perform a heightened level of due diligence on affiliates and subsidiaries operating in countries with high perceived corruption risk. Similarly, parties operating in the industries that have been the focus by anti-corruption authorities — such as oil and gas, freight forwarding and logistics, and pharmaceuticals and medical devices — should account for potential regulatory scrutiny in evaluating the risk profile of a transaction.

If one of the parties to the transaction already is under investigation or recently has been under investigation for possible anti-corruption violations, the transaction has a higher perceived risk and authorities will expect heightened attention to corruption due diligence. In environments that have not had a robust history of anti-corruption enforcement, a key economic issue may be assessing whether enforcing anti-corruption policies following a transaction will affect the existing business model or operations. An acquirer also should assess whether imposing necessary compliance programs will result in a loss of sales, licenses or core business assets.

Additional high risk areas include:

  • a target whose revenues rely primarily on large government contracts;
  • a target whose significant assets are or were dependent on government concessions, such as oil fields, mining rights or real estate zoning permissions;
  • highly regulated businesses, such as those that require regular inspection approvals from local health and safety authorities or local financial regulations;
  • companies that depend heavily on product instruction and demonstration, with sales accomplished through regular educational seminars or conferences; and
  • a target with a large network of third-party agents.

Due Diligence Procedures

Initial anti-corruption due diligence usually can be performed in tandem with standard economic and financial due diligence requests and should focus on potentially high-risk areas of a business. Because access to information during the diligence process is almost always more limited than in an investigation, risk should be assessed based on compiling information from several sources. In particular, information can be gathered and compiled from (1) data room materials, (2) financial ledger analysis, (3) management interviews and (4) publicly available information on both the target and third parties retained by the target, such as sales consultants, agents and distributors. Risk areas can be explored by seeking information in the following areas:

  • an entity’s control environment: policies, procedures, employee training, audit environment and whistleblower issues;
  • any ongoing or past investigations (government or internal), adverse audit findings (external or internal), or employee discipline for breaches of anti-corruption law or policies;
  • the nature and scope of an entity’s government sales and the history of significant government contracts or tenders. Risks include improper commissions, side agreements, cash payments and kickbacks;
  • an entity’s important regulatory relationships, such as key licenses, permits, and other approvals. Due diligence in that context would focus on employees who interact with these regulators, and whether there are any fees, expediting payments, gifts or other benefits to government inspectors;
  • travel, gifts, entertainment, educational or other expenses incurred in connection with marketing of products or services, or in connection with developing and maintaining relationships with government regulators. Diligence in this area would include examining expense records, inspection or training trips, and conference attendee lists and expenses;
  • an entity’s relationships with distributors, sales agents, consultants, and other third parties and intermediaries, particularly those who interact with government customers or regulators. In this context, it is important to assess whether an entity (1) has processes for review and approval of contracts with third parties; (2) requires consulting agreements to be in writing and to include appropriate compliance, audit and termination clauses; and (3) authorizes payments only after services have been documented and only to appropriate recipient bank accounts; and
  • an entity’s participation in joint ventures, consortia, or other teaming arrangements that have significant government customers or are subject to significant government regulation.

Timing of Anti-Corruption Due Diligence Procedures

In addition to discussions regarding scope, parties to a transaction may negotiate the timing of anti-corruption due diligence, whether it will be completed prior to signing a definitive agreement, or whether all or some of the inquiry will be performed after signing but before closing. Post-signing due diligence may be preferable when an initial agreement is reached quickly or in an auction or other competitive process, but it also has risks. If an issue is identified after signing, it may lead to renegotiation of price, public disclosures or voluntary disclosures to government authorities, thereby delaying or ultimately preventing closing.

To maximize the possibility that post-signing due diligence will be confidential and orderly, it is often prudent to have a written work plan delineating precisely what the review will consist of, who will conduct it and what access each party will have to the findings. When drafting such a plan, consideration should be given to privilege issues, confidentiality, and each party’s rights and duties regarding disclosure of information that is gathered in the diligence.

The DOJ’s 2008 Opinion Procedure Release to Halliburton Corporation (reaffirmed in the 2012 FCPA Guidance) describes a possible procedure for post-closing due diligence (and voluntary disclosures) in the context of a transaction where pre-closing due diligence was not feasible. (See DOJ FCPA Opinion Procedure Release 08-02 (June 13, 2008)).2 The contemplated target operated in a number of jurisdictions with a high corruption perception index, and at the time Halliburton was under active DOJ and SEC investigation for its activities in many of these same regions. In this circumstance, Halliburton proposed, and the DOJ endorsed, a 180-day post-closing period to conduct staged post-acquisition due diligence and to self-report any corruption, accounting or controls violations identified.

Response to a Potential Anti-Corruption Violation

The actions taken once an issue is identified can affect profoundly the probability of a government enforcement action and whether a transaction can be completed. Specifically, if a potential breach of anti-corruption law is identified during diligence, an entity should consider (1) discipline of employees and officers who made or authorized improper payments; (2) specific remedial steps to improve controls, policies and procedures in the areas related to the issue identified; (3) disclosure of the issue to relevant local authorities or entities as may be required by law; and (4) possible voluntary disclosure to national authorities in the home jurisdictions of the entities involved. To the extent that there is an existing anti-corruption investigation of any of the entities involved in the transaction, the circumstances of that investigation should be taken into account in assessing government and public disclosure obligations arising from the identification of an issue in transactional due diligence.

“Day One” Compliance

Even if no problematic issues are identified in pre-transaction due diligence, regulators expect that appropriate controls will be introduced on “day one” following closing of a transaction. In the merger context, and to the extent permitted by antitrust laws, parties to a transaction may want to begin outlining a post-closing compliance policy framework and organizational structure immediately after signing a letter of intent. Key elements of such a program include (1) written policies that address governing anti-corruption laws, (2) revised reporting structures, (3) compliance resources for sales personnel and other relevant employees, (4) training and (5) an audit function to review compliance. Post-closing compliance also should focus on review and enhancement of controls over third-party relationships. It may be appropriate, for example, to execute contract amendments or new contracts to incorporate appropriate anti-corruption representations and warranties and audit rights.


In light of ongoing anti-corruption enforcement activity, anti-corruption due diligence should be considered as an important component of an acquisition or investment plan, and should be well documented and carefully executed.

Download PDF

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Skadden, Arps, Slate, Meagher & Flom LLP | Attorney Advertising

Written by:

Skadden, Arps, Slate, Meagher & Flom LLP

Skadden, Arps, Slate, Meagher & Flom LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.