What You Need to Know

• The U.S. Department of Justice (DOJ) has announced a new M&A Safe Harbor Policy to encourage greater corporate compliance and more robust due diligence by promoting the voluntary disclosure of criminal misconduct uncovered in connection with merger and acquisition transactions. The policy does not apply to misconduct that was otherwise required to be disclosed or was already public or known to the DOJ, and does not impact civil merger enforcement actions.
• While the M&A Safe Harbor Policy does provide some clarity, there are many open-ended questions which will likely be answered as the policy is implemented by the DOJ over time.
• Companies involved in M&A transactions should ensure that their due diligence is comprehensive and focused on discovering criminal misconduct. Further, for businesses that have not recently undergone or contemplated an M&A transaction, the new policy serves as a reminder of the importance of reviewing all corporate compliance measures, protocols, and issues related to corporate governance.

  ---

On October 4, 2023, Deputy Attorney General Lisa O. Monaco announced a new M&A Safe Harbor Policy for voluntary self-disclosures made in connection with mergers and acquisitions. While all corporations engaging in M&A should pay close attention to the guidance issued in connection with this new safe harbor policy, entities operating in highly regulated industries such as the healthcare sector should take particular note of this policy given the protections it could provide.

The M&A Safe Harbor Policy expands on the Department of Justice’s (DOJ) Policy Memo dated September 15, 2022, which stated that corporations must cooperate fully and early to get cooperation credit. Following years of differing approaches by varying departments of the DOJ, the M&A Safe Harbor Policy was announced “to ensure consistency…be applied department wide” when it comes to disclosing criminal misconduct discovered in the M&A process.

Analysis of Key Takeaways

The following are four key takeaways from the M&A Safe Harbor Policy, as well as some related issues and concerns which require close consideration:

1. Under the M&A Safe Harbor Policy, acquiring companies that (i) promptly and voluntarily disclose criminal misconduct within the Safe Harbor period (within 6 months from the date of closing, regardless of whether the misconduct was discovered pre- or post-acquisition); (ii) cooperate with the ensuing investigation; and (iii) engage in requisite, timely (within one year from the date of closing) and appropriate remediation, restitution, and disgorgement will receive the presumption of a declination of criminal charges.
   • The intent here is clearly to reward companies that perform a more comprehensive due diligence, invest in compliance programs, and self-report criminal misconduct. In the healthcare industry, this could potentially raise issues including violations of the Anti-Kickback Statute (AKS).
   • Does the structure of the deal matter? Does this apply to acquisitions structured as asset purchases instead of an acquisition by purchasing the outstanding shares/equity of a corporation? Under an asset purchase agreement, if the purchaser does not assume the contracts of the seller, if one of those prior contracts could potentially be deemed a violation of the AKS, is the purchaser still required to report such conduct.
   • By way of example: an orthopedic practice (seller) is referring patients to a physical therapy (PT) practice in exchange for a kickback of $1,000 per patient paid by the PT practice. If another orthopedic practice (practice purchaser) and a management services organization (MSO purchaser) agree to purchase the clinical/non-clinical assets, respectively, but not assume any contracts or liabilities of the actual entity, do they still have to self-report if 3 months post-closing the practice purchaser or the MSO purchaser discovers that this scheme had been underway?
2. The 6-month and 1-year deadlines referred to above are subject to a “reasonableness analysis.”
   • The DOJ sets out “to ensure predictability, we are setting clear timelines,” yet provides itself leeway by simultaneously recognizing that not every transaction is the same and “depending on the specific facts, circumstances, and complexity of a particular transaction, those deadlines could be extended by Department prosecutors.”
   • It is unknown whether leeway will depend on the reasonableness of the DOJ prosecutor, the size of the transaction, or the actual misconduct. However, it should be considered that smaller companies or practices often lack the resources to be able to meet such deadlines without incurring a significant burden, financial or otherwise.
3. The M&A Safe Harbor Policy only applies to criminal conduct discovered in bona fide, arms-length M&A transactions. The policy does not apply to misconduct that was otherwise required to be disclosed or was already public or known to the DOJ. It also does not impact civil merger enforcement actions.
   • The DOJ includes language in the M&A Safe Harbor Policy stating it will not affect any recidivist analysis at that time, nor will it be factored into future recidivist analysis for the acquiring company. For businesses involved in M&A, they can seek some shelter under the M&A Safe Harbor Policy with the knowledge that the disclosure will not be held against the company in the future.
   • By including this language in the M&A Safe Harbor Policy, the DOJ seeks to accomplish its goal of not penalizing “good companies – those that invest in strong compliance.”
4. If a company “does not perform effective due diligence or self-disclose misconduct at an acquired entity, it will be subject to full successor liability for that misconduct under the law.”
   • Similar to issues raised above regarding the distinction between asset and equity transactions, the DOJ will at some point have to determine whether full successor can be distinguished based upon the transaction structure.
   • If criminal misconduct is discovered post-closing, how can the DOJ prove effective due diligence was not performed? Put in a contractual context, what role will a seller’s representations or a seller’s indemnification of purchaser play in determining whether or not effective due diligence was performed? Further, to what extent, if any, can a purchaser protect itself through incorporating contractual representations ensuring that the parties understand that irrespective of anything to the contrary, the seller will indemnify the purchaser for its actions or inactions which may cause the purchaser to fail to meet the provisions of the M&A Safe Harbor Policy?
   • From a macro-level perspective, since similar concepts are generally already provided for in most M&A transactions, the practical impact of the M&A Safe Harbor Policy will ultimately be determined by the DOJ’s frequency and extent of enforcement.

Next Steps

While the M&A Safe Harbor Policy does provide some clarity, there are many open-ended questions which will likely be answered as the policy is implemented by the DOJ over time. It also remains to be seen whether the M&A Safe Harbor Policy is enough to either achieve the DOJ’s stated goal of increasing effective compliance efforts, or alternatively have a chilling effect on M&A transactions by deterring prospective purchasers.

That said, it is critical for companies involved in M&A transactions to take appropriate steps to ensure that their due diligence is comprehensive and focused on discovering criminal misconduct. Also, even if a business has not recently undergone or is not currently contemplating an M&A transaction, the DOJ’s announcement should serve as a reminder of the importance of reviewing all corporate compliance measures and protocols, as well as issues related to corporate governance.