Early-stage compliance diligence in high-risk transactions: three practical steps

January 2022  |  SPOTLIGHT | MERGERS & ACQUISITIONS

Financier Worldwide Magazine

January 2022 Issue

In the wake of scores of enforcement actions where companies have been faulted for diligence failures in investment transactions, and real-world examples of companies overpaying for targets engaged in corrupt conduct, most sophisticated companies understand the ‘why’ behind pre-investment diligence and risk mitigation actions. This includes protecting the acquiring company from enforcement risks, mitigating risks and costs of post-investment remediation, and understanding whether the value of an acquisition target may be distorted because of unethical business practices. We focus here instead on the ‘how’, outlining steps that we have found particularly helpful in the early days of high-risk transactions. While there is no ‘one size fits all’ approach to pre-investment diligence and risk mitigation, our experience teaches us that the following three steps are useful in the initial stages of virtually any high-risk investment transaction.

Assess the contemplated deal and ownership structure

Compliance advisers in investment transactions need to understand the laws to which an investment target has been subject historically, as well as the laws to which that target and the acquirer will be subject post-closing. Assessing exposure to laws such as the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act (UKBA), UK Proceeds of Crime Act (UK POCA), and various international sanctions and anti-money laundering (AML) regimes is rarely straightforward, and typically includes considerations such as the domicile of a company, the location of its operations and financial activities, if and where it lists securities, and its ownership structure, among numerous other factors. Moreover, compliance advisers must be attentive to risks not only associated with the target’s operations, but also risks arising from the execution of the deal itself, such as potential liabilities for false or inaccurate statements in offering documents.

Because these various structural factors will drive the legal and compliance risks associated with the transaction, it is critical for compliance counsel to develop – at the very outset of the transaction – a detailed understanding of exactly how ownership interests are being acquired and will be held going forward. There are myriad such structural questions to be asked here.

First, it is important to understand the legal form of the transaction, be it stock purchase, asset sale or merger, among others, and what implications the transaction will have on the ownership structure and management of the acquired entity. For example, it is important to ask how the acquired entity will be managed moving forward, including whether the target’s existing management will remain post-closing.

Second, and relatedly, compliance counsel should understand what level of operational involvement and control the acquiring entity will have over the target moving forward, and how the acquiring entity can exercise this control. If the acquirer will obtain a minority ownership interest in the target, it is important to understand whether and how the acquiring entity will be able to exercise control over the target, such as through board seats and veto rights.

Third, a transaction may subject the acquired entity to new legal regimes. Counsel should determine whether the transaction will result in the acquired entity becoming a controlled subsidiary of a parent company subject to the FCPA or UKBA, and whether the acquisition could result in a headcount or turnover that will trigger certain regulatory obligations. For example, article 17 of France’s Loi Sapin II imposes mandatory compliance programme requirements for French companies that employ 500 or more employees with gross revenue of more than €100m, as well as all consolidated subsidiaries of parent companies that meet these size and revenue thresholds.

Frame the legal and compliance risks of the investment

It goes without saying that companies should thoroughly assess the legal and compliance risks that will arise from investment transactions. While a company’s assessment in this regard will necessarily depend on the facts that emerge in the diligence process, we find that it is useful for companies to develop a written framework, such as a simple table, slides or a short memo, to assess these risks at the outset of the transaction, updating that assessment as diligence proceeds.

With the structural considerations discussed above at hand, compliance advisers can typically frame the exercise around various categories of risks. While these risk categories will vary by transaction, in our experience they typically include four key areas. Below we summarise these risk areas, and potential corresponding diligence and mitigation measures that acquiring companies should consider.

First, acquiring entities could face successor liability, or be on the hook for investigation and settlement costs, for pre-acquisition conduct by the target. To assess the extent of these risks, the acquiring entity should examine the target’s pre-acquisition structure and its jurisdictional exposure to laws such as the FCPA and UKBA. It is also important to conduct diligence on legacy compliance issues and investigations at the target, through submission of written diligence questions, interviews with key personnel, and, in appropriate circumstances, retention of an external diligence firm to perform enhanced, human source due diligence. If due diligence identifies historical misconduct, the acquiring company can seek to ringfence pre-acquisition liabilities through the deal structure, require implementation of compliance enhancements and remedial measures post-closing, and consider voluntarily disclosing misconduct to enforcement authorities.

Second, the acquiring company could face go-forward liability, typically under AML laws, from the receipt of benefits generated by tainted assets or pre-acquisition criminal conduct. Assessing risk exposures on this front typically requires diligence on both the ultimate beneficial owners of the target company, and the provenance of assets that may be tainted by historical misconduct, including regulatory assets; concessions, such as mining licences; government contracts; mineral rights; and land. If the acquirer identifies potentially tainted assets, there are a range of potential mitigation measures to consider, including bespoke representations and warranties, carving out the potentially tainted assets from the transaction, exiting certain shareholders prior to closing, and taking steps to ‘cleanse’ the assets, such as surrender and reissuance of licences or concessions.

Third, acquirers can also face go-forward liability from post-acquisition conduct at the target. Assessing risks on this front typically focuses on diligence on the target’s operations, personnel and the present state of its compliance programme. The acquiring company can also assess significant regulatory or political developments, such as local content regulations or upcoming elections, that may give rise to future corruption risks. The most important risk mitigation steps to address this category of risk will typically start with a prompt and thorough post-closing risk assessment and implementation of a tailored, risk-based compliance programme at the target.

Fourth, in addition to legal risks, acquiring companies must take steps to identify and mitigate compliance-related reputational and commercial risks. These risks might stem from a relationship that the target has with a politically exposed shareholder, business partner, or from other commercial arrangements that the target entered historically. Assessing such risks may require diligence on not only the target’s operations and personnel, but also on the target’s significant business partners. This due diligence exercise will help the acquirer assess the financial and operational impacts of remediating issues, such as terminating business partners. Prior to closing, the acquirer should also develop operational resiliency measures to prepare for potential business disruptions that may result from the implementation of a compliance programme in the target, such as preparing for delays that may result if the target no longer makes facilitating payments.

There are numerous advantages to developing a written framework to assess these risks in the early stages of a transaction. First, this exercise functions as a preliminary risk assessment, which can help to crystalise some of the key risks and corresponding diligence and mitigation steps before the acquiring company commits resources to undertaking those steps. Second, we have found that this exercise can be a helpful tool to message and justify to business leaders, or the target, why the company needs to take certain steps in diligence, and to preview at an early stage the types of mitigation steps that may be necessary to consummate a deal and the financial implications of those steps (which can be addressed in both the deal itself through valuation and indemnities, as well as in the company’s planned integration costs). Finally, we find that putting structure around this process at an early stage of the deal will ensure more thorough and effective diligence and more robust consideration of mitigation actions, helping to minimise the possibility of unwelcome surprises as the deal progresses.

Assess, document and plan around any legal and practical constraints on diligence

Experienced compliance professionals understand that when it comes to compliance diligence in investment transactions, ‘you can’t always get what you want’. Companies may face a host of obstacles to obtaining fulsome information in diligence. These obstacles can arise from legitimate concerns over competition law compliance, data privacy or state secrets regulation or market practice under particular transactional regimes such as the UK Takeover Code. An acquiring company should, of course, pressure test a target’s legal and commercial justifications for its refusal to provide requested information and should appropriately document (typically in privileged legal advice) decisions made on such issues. Additionally, if an acquiring company encounters challenges in obtaining material information from the target via diligence requests, it should consider how it might develop useful information by other means. In our experience, while not a perfect substitute for receiving fulsome information directly from the target, investigative due diligence reports that leverage well-placed human sources can be particularly useful in such circumstances. In situations where pre-acquisition diligence is limited, companies should plan to perform a fulsome anti-corruption risk assessment of the target shortly after acquisition.

 

Benjamin S. Haley and Jennifer H. Saperstein are partners and Ben Kramer is an associate at Covington & Burling LLP. Mr Haley can be contacted on +27 11 944 6914 or by email: bhaley@cov.com. Ms Saperstein can be contacted on +1 (202) 662 5682 or by email: jsaperstein@cov.com. Mr. Kramer can be contacted on +44 (0)20 7067 2231 or by email: bkramer@cov.com.

© Financier Worldwide

BY

Benjamin S. Haley, Jennifer H. Saperstein and Ben Kramer

Covington & Burling LLP

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.