DOJ Announces New Safe Harbor Policy for Voluntary Self-Disclosure in M&A

Cooley LLP

Cooley LLP

The Department of Justice continues to make clear that one of its principal corporate enforcement priorities is encouraging companies to voluntarily self-disclose misconduct. To that end, the DOJ recently announced its decision to decline to prosecute Lifecore Biomedical, a pharmaceutical and medical device manufacturer, despite evidence that employees of Lifecore’s former US subsidiary bribed Mexican government officials in violation of the Foreign Corrupt Practices Act.

According to the declination letter, the DOJ found evidence that bribes were paid both before and after Lifecore’s acquisition of the subsidiary, but the DOJ declined to bring charges against Lifecore because, among other things, the company timely and voluntarily self-disclosed the misconduct. What did “timely” mean here? While an officer of the subsidiary affirmatively concealed the bribes during Lifecore’s pre-acquisition due diligence, Lifecore learned about the misconduct during post-acquisition integration, then launched an internal investigation. The DOJ stressed that within three months of first discovering the possibility of wrongdoing – and just hours after the internal investigation confirmed that it had occurred – Lifecore voluntarily reported it to the DOJ. The declination letter also outlines other factors that went into the DOJ’s decision not to prosecute Lifecore, including the company’s “full and proactive cooperation,” the nature and seriousness of the offense, Lifecore’s disgorgement of the financial benefit fairly attributable to the misconduct, and its timely remediation – including terminating the officer engaged in the misconduct, withholding that officer’s compensation and improving the company’s compliance program.

Underscoring the DOJ’s focus on this type of voluntary self-disclosure, in October 2023, Deputy Attorney General Lisa Monaco announced a new Safe Harbor Policy for voluntary self-disclosures made in connection with mergers & acquisitions. A “safe harbor period” is generally defined as a time period where certain conduct won’t trigger a regulatory violation. The purpose of the new policy is to incentivize acquiring companies to timely disclose misconduct uncovered at acquired entities during the M&A process. In short, acquiring companies will receive the presumption of a declination (i.e., the government will not pursue a criminal prosecution) when they “promptly and voluntarily disclose criminal misconduct within the Safe Harbor period,” “cooperate with the ensuing investigation,” and “engage in requisite, timely and appropriate remediation, restitution, and disgorgement.”

After describing certain conditions required for the Safe Harbor to apply, Monaco identified two key takeaways for boards and deal teams. First, she made clear that the DOJ is “placing an enhanced premium on timely compliance-related due diligence and integration.” And second, she cautioned that going forward, “[c]ompliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction.” Read more about the new M&A Safe Harbor Policy below.

Requirements for M&A Safe Harbor

The new Safe Harbor Policy will be applied Department-wide, with each part of the DOJ applying the policy in ways that are tailored to fit its “specific enforcement regime.” The policy applies only to criminal conduct uncovered in “bona fide, arms-length M&A transactions,” and does not apply if the misconduct was: (i) otherwise required to be disclosed, (ii) already public, or (iii) known to DOJ. The Safe Harbor will have no impact on civil merger enforcement.


In an effort to provide greater predictability, the DOJ has included two baseline timing requirements in the policy. First, to qualify for the Safe Harbor, companies must disclose the misconduct at the acquired entity within six months of the deal closing date, regardless of whether the misconduct was discovered before or after the acquisition. Second, companies must fully remediate the misconduct within one year of the closing date. However, both baseline deadlines are subject to a reasonableness analysis, and prosecutors may extend them depending on the “specific facts, circumstances, and complexity of a particular transaction.” On the other hand, Monaco noted that “companies that detect misconduct threatening national security or involving ongoing or imminent harm can’t wait for a deadline to self-disclose.”

Aggravating factors

The acquiring company’s ability to receive a declination will not be impacted by the presence of aggravating factors – such as if the misconduct was egregious or pervasive, or if an executive was involved, or if the company profited significantly from it – at the acquired company. And if aggravating factors do not exist at the acquired company, that entity also may qualify for applicable voluntary self-disclosure benefits (including a possible declination).

Recidivist analysis

Misconduct disclosed under the new policy will not be factored into recidivist analysis for the acquiring company, either at the time of the disclosure or in the future. In other words, the acquiring company will not itself be considered a repeat offender based on misconduct at the acquired company – even if the acquiring company had a prior conviction when it disclosed the acquired company’s misconduct or if the acquiring company is subject to enforcement for unrelated misconduct in the future.

To put the benefits of this policy into perspective, but also drive home the importance of compliance, Monaco reminded companies that if they “do[] not perform effective due diligence or self-disclose misconduct at an acquired entity, [they] will be subject to full successor liability for that misconduct under the law.”

‘Era of expansion and innovation’ in corporate enforcement

Monaco plainly stated that “[c]orporate enforcement is in an era of expansion and innovation.” Indeed, the DOJ’s announcement of this Safe Harbor Policy builds on Monaco’s September 2022 memo outlining revisions to the DOJ’s corporate criminal enforcement policies, as well as the DOJ’s February 2023 announcement of a new voluntary self-disclosure policy for corporate criminal enforcement in US attorney’s offices nationwide, which offered incentives including significant discounts on fines and not guilty plea resolutions for corporations that meet the criteria for a voluntary self-disclosure of misconduct.

In addition to the M&A Safe Harbor Policy, Monaco’s remarks touched on other developments in corporate criminal enforcement, including those outlined below.

Expansion of corporate criminal enforcement related to national security

The number of “major national security corporate resolutions” has already doubled in 2023 as compared to 2022, and the DOJ is powering up the National Security Division by adding more than two dozen new corporate crime prosecutors and the Division’s first chief counsel for corporate enforcement.

New tools to penalize and deter corporate misconduct

This year saw the first criminal resolutions that include divestiture of entire business lines and specific performance as part of restitution and remediation.

Pilot program related to executive compensation

Under a new pilot program, all DOJ criminal resolutions will require companies to “add compliance-promoting criteria to their compensation systems.” Additionally, companies that claw back or withhold incentive compensation from executives responsible for misconduct receive a “clawback credit” (a deduction from the otherwise-applicable penalty).

What’s next?

The DOJ continues to focus on corporate and individual accountability for wrongdoing while incentivizing compliance and timely self-disclosure of wrongdoing. As for the new M&A Safe Harbor, the full written policy has not yet been released. For now, boards and deal teams – and their advisers – should take care to design diligence and compliance programs that strive to detect and remediate potential wrongdoing within the presumptive baseline timelines. For example, companies entering an acquisition should conduct aggressive diligence to identify potential issues prior to a transaction, but also should consider the diligence process as continuing after the acquisition in order to reap the benefits of the six-month Safe Harbor disclosure window. Conversely, companies that anticipate being the target of a merger or acquisition should expect more robust diligence focused on legal compliance. Those companies are advised to identify, investigate and address potential wrongdoing in advance of a transaction so that unaddressed issues emerging in the context of the acquisition do not disrupt the timeline or completion of the transaction.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cooley LLP | Attorney Advertising

Written by:

Cooley LLP


  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Cooley LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide