On Oct. 4, Deputy Attorney General Lisa Monaco (DAG Monaco) announced a new safe harbor policy for voluntary self-disclosures made in connection with mergers and acquisitions (the Safe Harbor Policy).¹ At the outset of her speech, DAG Monaco recognized that there has been a rapid expansion of national security-related corporate crime. Noting that “companies are on the front line in responding to geopolitical risks” and explaining that merger and acquisition (M&A) transactions had been treated differently by different components of the Department of Justice (DOJ), she announced the DOJ-wide Safe Harbor Policy to set the standard for voluntary self-disclosures made by an acquiring company in M&A transactions in order to avoid criminal liability as a successor in interest to the target’s misconduct.

Prior to this announcement, perhaps the most useful M&A compliance guidance could be found in the DOJ’s and SEC’s “FCPA Resource Guide,” in which the regulators state that acquiring companies should (i) conduct thorough risk-based FCPA anti-corruption due diligence on the target; (ii) ensure that the acquiring company’s code of conduct and compliance policies and procedures apply as quickly as possible to the newly acquired or merged entities; (iii) train the directors, officers, and employees of newly acquired businesses or merged entities and, when appropriate, train business partners and agents on the FCPA and the company’s compliance policies and procedures; (iv) conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as possible; and (v) disclose any corrupt payments to DOJ and SEC. The FCPA Resource Guide further states: “Importantly, a successor company’s voluntary disclosure, appropriate due diligence, and implementation of an effective compliance program may also decrease the likelihood of an enforcement action regarding an acquired company’s post-acquisition conduct when pre-acquisition due diligence is not possible. In fact, under the DOJ FCPA Corporate Enforcement Policy, in appropriate cases, an acquiring company that voluntarily discloses misconduct may be eligible for a declination, even if aggravating circumstances existed as to the acquired entity.”²

Regarding the current policy change, which will apply to the self-reporting of criminal conduct uncovered during arm’s-length M&A transactions, DAG Monaco underscored the DOJ’s goals of increasing consistency, predictability, and transparency. Under the Safe Harbor Policy, companies will receive a presumption of declination by self-reporting misconduct, cooperating in any ensuing investigation, and engaging in the appropriate remediation, restitution, and disgorgement. The Safe Harbor Policy sets clear guidelines that compliance teams and lawyers involved in M&A transactions should be aware of:

• Misconduct must be reported within 6 months of closing. This applies whether the misconduct was discovered pre- or post-acquisition. Counsel advising on M&A transactions should ensure they conduct robust due diligence to discover any misconduct within this window.
• Companies will have a baseline of one year from the date of closing to remediate misconduct. This is subject to a reasonableness analysis, which may provide additional time depending on the “facts, circumstances, and complexity of a particular transaction.” Importantly, companies that discover misconduct that affects national security cannot wait for a deadline to disclose it.
• Aggravating factors at the acquired company will not affect the acquiring company’s ability to receive a declination. Aggravating factors include but are not limited to involvement by executive management in the misconduct, a significant profit to the company because of the misconduct, the egregiousness or pervasiveness of the misconduct within the company, and criminal recidivism.
• Misconduct disclosed under the Safe Harbor Policy will not affect any recidivist analysis. This applies to any recidivist analysis for the acquiring company both at the time of disclosure and in the future.

With its new Safe Harbor Policy, the DOJ is sending a clear message that strong compliance protocols will be rewarded, and a lack of such protocols could lead to severe consequences for acquiring companies. As DAG Monaco cautioned, “if your company does not perform effective due diligence or self-disclose misconduct at an acquired entity, it will be subject to full successor liability for that misconduct under the law.”

In many respects, DAG Monaco’s announcement appears to be an extension of the FCPA Resource Guide’s M&A compliance guidance as well as the DOJ’s FCPA Unit’s April 2016 pilot program, which sought to incentivize companies to voluntarily self-report and timely remediate potential FCPA violations in exchange for potential leniency.³ In November 2017, the pilot program became the FCPA Unit’s official policy and was incorporated into the United States Attorneys’ Manual.⁴ In any event, now more than ever, companies engaging in M&A transactions must carefully consider their compliance protocols and include compliance experts as an integral part of any deal team.

For any questions about the DOJ’s Safe Harbor Policy or compliance best practices for M&A transactions, please reach out to the authors of this article or to your regular Lowenstein Sandler contact.

¹ Lisa O. Monaco, Deputy Att’y Gen., Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions, Off. of Pub. Affs., U.S. Dep’t of Just. (Oct. 4, 2023), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-announces-new-safe-harbor-policy-voluntary-self.
² Crim. Div. of the U.S. Dep’t of Just. & Enforcement Div. of the U.S. Sec. & Exch, Comm’n, FCPA: A Resource Guide to the Foreign Corrupt Practices Act 29–32 (July 2020), https://www.justice.gov/criminal-fraud/file/1292051/download.
³ Leslie R. Caldwell, Assistant Att’y Gen., Criminal Division Launches New FCPA Pilot Program, U.S. Dep’t of Just. (Apr. 6, 2016), https://www.justice.gov/archives/opa/blog/criminal-division-launches-new-fcpa-pilot-program.
⁴ Rod Rosenstein, Deputy Att’y Gen., Deputy Attorney General Rosenstein Delivers Remarks at the 34th International Conference on the Foreign Corrupt Practices Act, Off. of Pub. Affs., U.S. Dep’t of Just. (Nov. 29, 2017), https://www.justice.gov/opa/speech/deputy-attorney-general-rosenstein-delivers-remarks-34th-international-conference-foreign.