“Invest in compliance now or your company may pay the price—a significant price—later.”—DOJ Deputy Attorney General Lisa Monaco, October 4, 2023

On October 4, 2023, Deputy Attorney General (AG) Lisa Monaco announced the U.S. Department of Justice’s (DOJ’s) new Mergers & Acquisitions Safe Harbor Policy for acquirers that uncover wrongdoing at a target company. Deputy AG Monaco emphasized the policy as part of the DOJ’s expansion of its corporate enforcement tools and ongoing efforts to combat corporate crime.

The Safe Harbor Policy is designed to encourage firms to identify and report misconduct they uncover quickly after acquiring target companies. For companies that qualify for the Safe Harbor Policy, the DOJ will reward prompt and open disclosure with the presumption of a declination of prosecution for the discovered misconduct.

This client alert explains how companies can make good use of the new Safe Harbor Policy and discusses the policy’s implications for corporate crime enforcement.

The Safe Harbor Policy Shields Acquirers from a Target Company’s Noncompliance

Under the policy, acquirers will receive a presumption of a declination if they complete these three steps:

1. Promptly and voluntarily disclose target company’s criminal misconduct
2. Cooperate with the DOJ
3. Implement remedial measures at the target company.

Each DOJ component will tailor its application of the Safe Harbor Policy to fit its specific enforcement regime. While no written policy has been released, Deputy AG Monaco outlined three key issues that align this policy with the DOJ’s voluntary self-disclosure policy announced in March 2023: timeliness, the presence of aggravating factors, and recidivism.

Timeliness

The Safe Harbor Policy imposes two deadlines on companies that want to make good use of its benefits.

1. First, companies must disclose any misconduct by the target company within six months from the date of closing. This six-month timeframe applies to discoveries made before and after acquisition of the target. The six-month deadline is consistent with enforcement in a 2008 DOJ Foreign Corrupt Practices Act opinion release addressing Halliburton’s post-acquisition liability for bribes paid by a company that it acquired.
2. Second, companies will have one year from the date of closing to fully remediate the misconduct.

Deputy AG Monaco presented both these timeframes as baselines that are “subject to a reasonableness analysis,” noting that those deadlines could be extended based on “the specific facts, circumstances, and complexity of a particular transaction.” But if the target company’s conduct undermines national security or presents an ongoing or imminent harm, companies “can’t wait for a deadline to disclose.” It remains to be seen how much leniency the DOJ will give acquirers in practice, especially when the target companies are large, multinational entities.

Aggravating Factors

In most circumstances, an acquirer can still benefit from the Safe Harbor Policy even if the target company’s misconduct presented aggravating factors. While aggravating factors typically lead to stiffer penalties under other DOJ policies, Deputy AG Monaco emphasized that they will be treated differently in the M&A context. Specifically, the presence of aggravating factors at the target company will not impact the acquiring company’s ability to receive a declination.

Recidivism

The DOJ recently increased its emphasis on corporate defendants’ prior records. Deputy AG Monaco noted in this speech, however, that “any misconduct disclosed under the Safe Harbor Policy will not be factored into future recidivist analysis for the acquiring company.” In other words, strikes against the target company will not count against the acquirer. This safeguard applies whether the recidivism analysis is done “at the time of disclosure or in the future.”

But this Policy’s recidivism shield has a limitation—it applies only “to criminal conduct discovered in bona fide, arms-length M&A transactions” (emphasis added). In other words, it does not apply to target company misconduct that is already public, already known to the DOJ, or already required to be disclosed for other reasons.

Key Takeaways

1. Compliance Diligence Is Critical for M&A Transactions: Deputy AG Monaco made clear that the DOJ expects an acquiring company’s legal and compliance team to “have a prominent seat at the deal table.” Companies must involve outside counsel and legal and compliance personnel to conduct pre-acquisition diligence on target companies.
2. Pre-Acquisition Due Diligence Enhancements: Acquirers should review or adopt a mergers and acquisitions policy with accompanying procedures that help identify and mitigate compliance risks early in the deal process. Acquirers that do not perform effective due diligence or self-disclose misconduct may be exposed to successor liability.
3. Ensure Prompt Post-Closing Remediation: Six months is not a lot of time for an acquirer to identify misconduct, investigate it, and decide whether to self-disclose. Twelve months is not a lot of time to conduct a root cause analysis, integrate the target entity into the acquirer’s compliance program, and implement full remediation. Companies must be thinking ahead to this post-closing clock, even with the DOJ’s offers of flexibility.
4. Consider Increasing Pre-Acquisition Timing: Since the Safe Harbor Policy’s clock begins running on the date of closing, firms should consider proactively expanding the amount of time allotted for investigating and developing compliance measures to ensure timely disclosure. Because this is a DOJ-wide policy, all federal criminal violations are on the table.
5. Deciding Whether (and When) to Self-Report: If the acquiring company is unsure whether the target company’s previous conduct is illegal, it has to weigh the risks of self-reporting. If the company does not self-report and solves the problem internally, the DOJ could learn about the misconduct another way, and the company would not get credit under the Safe Harbor Policy. On the other hand, if the company self-reports, the DOJ could find that it did not meet the Safe Harbor Policy’s requirements, expand its investigation into other areas, or even alert other U.S. or foreign government agencies of the misconduct. This analysis is highly fact- and circumstance-specific.