Q&A: Managing pre- and post-deal fraud investigations


Financier Worldwide Magazine

February 2016 Issue

February 2016 Issue

FW moderates a discussion on managing pre- and post-deal fraud investigations between Michael Savicki at American Express Global Business Travel, Gregory E. Wolski at Ernst & Young LLP, and Brian E. Dickerson at FisherBroyles LLP.

FW: Could you explain why fraud investigations are so important when conducting deals in today’s market? Is there a need for acquirers to include them in the deal process more often?

Wolski: Acquirers may encounter a variety of fraud and regulatory risks in today’s markets, however, these risks can be mitigated through targeted forensic investigations during due diligence. Any of these risks, which could include a variety of regulatory risks related to anti-bribery and anti-corruption, antitrust, money laundering, export controls and sanctions, among other things, could impact the purchase price. In addition, laws and regulations in various countries include internal control and books and records provisions and requirements. Risks and weaknesses that are not identified prior to purchase may result in significant impairment to the value of the deal. Additionally, buyers may face reputational damage associated with discovery and disclosure of any potentially improper conduct as well. Private equity buyers may also encounter subsequent delays in exiting or even the inability to exit their investment. Many acquirers perform fraud, corruption and regulatory due diligence on every deal. Additionally, acquirers seek to identify and mitigate these risks as early as possible during the deal cycle as part of their due diligence procedures. Post-close, acquirers may desire to conduct confirmatory due diligence to analyse information that may not have been available during pre-acquisition procedures and to verify information previously received.

Savicki: Pre-investment and acquisition due diligence is critical due to a number of factors. The first is the risk of successor liability. Acquirers may be responsible for prior conduct and prospective liability, depending on the transaction. Likewise, in the case of a minority investment, you may not be able to fully implement your own compliance programme and culture upon the target entity but bear the risk from any fraudulent or illegal conduct. Beyond the prescriptive requirements associated with successor liability, there are also significant reputational and commercial risks. For example, in an increasingly shrinking global business environment, there are a number of advantages to acquiring or investing in local entities to execute at the local level. However, if you purchased or invested in a non-compliant local entity, it can have significant global reputational risk for your existing clients and substantially devalue your investment – if not result in an outright negative ROI.

Dickerson: Fraud investigations are so important when conducting deals in today’s global market as one needs to be assured as to the assets, value and financial status of both the company and its business operations before pursuing the acquisition. This is not simply reviewing the financial statements and accounting but more importantly the operations and compliance protocols as well as an understanding and knowledge of the issues facing the industry in which the acquiring entity operates. With all of the monetary regulatory enforcement from various countries and the respective government agencies, in addition to FCPA and UK Bribery Act, and the application of successor liability, it is negligent not to conduct a fraud assessment of any potential acquisition.

With all of the monetary regulatory enforcement from various countries and the respective government agencies, it is negligent not to conduct a fraud assessment of any potential acquisition.
— Brian E. Dickerson

FW: When conducting a pre-deal fraud investigation, what information and red flags should a potential buyer seek to identify? Is it possible to undertake a covert investigation to avoid alerting the target company?

Dickerson: To conduct an effective pre-deal fraud investigation, the firm conducting the investigation must know and thoroughly understand the business side of the industry, as well as the legal issues that would raise red flags. Once the firm has a good understanding of the industry landscape and regulations, it should be able to formulate probing questionnaires to be completed anonymously by key management personnel of the sought after company. Keep in mind that privacy laws vary by country and some countries may have laws that restrict or prevent anonymous responses. Covert investigations can be utilised, but again local laws must be reviewed prior to conducting any covert operations. If responses from questionnaires or in-person interviews reveal concerns of fraud or misconduct, then it may be in the best interest of all parties to hire local private investigators to vet third-parties who may have information related to the identified red flags.

Wolski: During a pre-acquisition investigation, buyers typically seek information related to the risks facing the target of the acquisition, as well as the processes and controls that they have in place to mitigate these risks. Fraud, corruption and regulatory risks can often be identified during pre-acquisition due diligence through an examination of books and records, interviews with senior management, background investigations and testing of specific transactions, such as those related to third party spending, gifts, meals, entertainment and travel expenses. Risks identified during due diligence may include company, industry and geography specific risks. Company specific risks may include a number of factors including the robustness of the compliance environment, including dedicated compliance resources and ‘tone at the top’. The target’s adherence to policies and procedures, including those related to expenses, is a further company specific risk. Equally, whether the target engages in related party transactions, including as consultants, vendors or other third party intermediaries, is a further risk. As is, finally, the target’s process for conducting due diligence when entering into new business relationships. Industry specific risks may include the use of third parties with heightened corruption and regulatory risk, key customers’ and suppliers’ government relationships, the use of distribution and logistics networks for both importing and exporting goods, the use of cash within the business, and charitable and political contributions and lobbying expenses. Geography specific risks may include those related to cultural factors, such as gift-giving, particularly for holidays or religious occasions, expectations regarding facilitation or other payments to government officials for routine matters and the use of third parties as local sponsors or business promoters. While it is possible to conduct a covert investigation into the business activities of a target company, direct access to information may be limited. Background checks, especially on selling shareholders, management, key customers, suppliers and significant third parties is often performed using publicly available information from a wide variety of sources.

Savicki: Ideally, you want to see a robust compliance programme through strong internal controls, and policies and procedures. However, the ideal can be hard to find. Given the commercial realities pushing for continued expansion into emerging markets, you should take a risk based approach to the pre-deal review and focus on whether there are good business processes. For example, if you are seeking to acquire a local company in a high risk region with significant foreign government touch points, you will want to conduct enhanced diligence and transactional testing. Enhanced due diligence will confirm that there are no additional subcontractors or vendors being used. Likewise, targeted transactional testing via an independent third party auditor will provide an additional level of transparency and confidence there is no leakage in the flow of funds and that books and records are accurate and complete. While there may be times where a pre-fraud investigation needs to be kept from the target company, it will be difficult to conduct an effective due diligence review without the target company’s support, especially in the case of privately held companies, and the terms of the transaction should allocate for the additional risk.

FW: In your opinion, is a quick assessment of fraud indicators – such as document irregularities and accounting anomalies – likely to yield tangible results, or is a more in-depth analysis typically required to uncover actual fraud?

Savicki: If a company is suffering from a lack of internal controls as exhibited by document irregularities and accounting anomalies, the most prudent approach is to run not walk away. Although it is always possible that those indicators are due to benign factors and fraud risk can be priced into the transaction, a lack of internal controls can be the first among many red flags and can speak to a company’s overall culture of compliance. US regulators have increasingly used a lack of internal controls as a means of finding FCPA violations. In fact, just this past year, the SEC issued the largest FCPA fine ever recorded based upon a lack of internal controls. Thus, where a quick assessment highlights fraud indicators and significant rehabilitation of the target entity is required, commercial questions emerge, namely what am I investing in? And what will the ‘new’ target entity be worth to our company?

Wolski: A quick assessment of fraud indicators, particularly when combined with management interviews and background investigations, may identify risk factors that lead to a targeted in-depth analysis. Many buyers conduct a ‘risk assessment’ of a target company to determine heightened areas of risk for further investigation and analysis. Areas of risk are determined by specific company, industry and geographical factors. Further examining the factors identified through focused analysis in areas with the greatest perceived risk can eliminate the need to ‘boil the ocean’ or conduct a broad review of low risk areas.

Dickerson: When document irregularities and accounting anomalies are discovered, then the need for a more in-depth analysis is mandatory. However, when a company has knowingly engaged in fraudulent or questionable activities and is seeking a merger, it will ensure that its documentation and accounting principles are maintained to pass a quick assessment or audit. Fraud by definition is the knowing concealment or misrepresentation of a material fact and as such, rarely is fraud discovered by a quick assessment. The simplest example of this would be all of the past FCPA settlements which revealed charitable donations or business expenses that were actually payments to facilitate bribes. A quick assessment would not have discovered the fraud without an in-depth look at the underlying conduct.

Further examining the factors identified through focused analysis in areas with the greatest perceived risk can eliminate the need to ‘boil the ocean’ or conduct a broad review of low risk areas.
— Gregory E. Wolski

FW: How should a potential buyer set out a plan of action for managing a fraud investigation? To what extent should the objectives of the proposed transaction be incorporated into the process?

Wolski: Many buyers choose to engage both attorneys and forensic accountants to assist them with the management of a forensic investigation. The nature and extent of procedures to be performed depends on the risks that are specific to the transaction. A plan of action or scope of procedures should focus on key risks as measured both by the likelihood that the risk may occur and the possible severity of the outcome. Advisers may be able to assist with identifying and categorising these risks appropriately. The objectives of the proposed transaction may determine the extent of the buyer’s exposure to the risk. For example, an asset purchase presents different risks and different possible severity of outcomes than a stock purchase. Similarly, a buyer with a majority investment who plans to actively participate in the management of a target company may have greater knowledge imputed to them than a buyer with a minority interest and no management control. Every transaction and scenario will present different degrees of regulatory risk that will need to be considered and addressed, as appropriate.

Dickerson: Acquirers should engage a single firm that has the industry knowledge and jurisdictional resources to coordinate local counsel and investors when and where needed. Employing a coordinated team that includes local resources ensures that the investigation will adhere to the applicable laws and regulations and may very well help identify known fraudulent schemes. The objectives of the proposed transaction need to be a part of the process, but should not mandate the investigation or dictate the information sought. If the objectives include a significant holdback for a post-acquisition government investigation or a clawback for discovery of subsequent fraud, then guidelines for the investigation can have a pre- and post-acquisition plan of action.

Savicki: An effective pre-deal diligence review will be tailored to the proposed transaction through a risk based approach. Pre-deal due diligence can be extremely costly – especially where there is a need for multiple sets of counsel and outside auditors to facilitate the review. This is where effective compliance programmes are embedded into the M&A business process early and work collaboratively with the business partners to know your target and determine a fair market price for the acquisition. In developing the due diligence plan, threshold factors to consider include the target entities’ industry, countries of operation, history of any prior misconduct, whether it is publicly traded or privately held, use of agents, distributors or other third party intermediaries, and overall state of its internal controls and books and records. These factors will help determine the appropriate scope of the pre-deal review and what additional expertise, such as an outside audit firm to assist with risk based transactional testing, will be needed.

FW: In your experience, what are some of the common challenges that arise during fraud investigations? How can a potential buyer overcome these obstacles?

Savicki: The most difficult challenge is where there is a lack of good data or recordkeeping. You need to determine whether this is due to mere oversight by a developing company or if it is indicative of a corporate culture built upon something more nefarious. This is where good local counsel is critical – you want to ensure there are interviews conducted of officers and beneficial owners in the local language. The burden of proof should be on these individuals to offer plausible and legitimate explanations for the poor documentary record. An analysis should also be conducted regarding whether the individuals can fit into the acquiring company’s compliance culture. Local relationships and expertise matter, but if the existing officers and beneficial owners are not a good fit and are unlikely to be integrated into your corporate compliance culture, the best course may be to pass on the transaction.

Wolski: Common challenges in a transaction setting include obtaining access to information and personnel. In order to begin the investigation, a buyer must first obtain access to relevant personnel and documents, which may include lists of customers, key third parties, financial information, and reports or communications containing information related to prior allegations of potential misconduct. In a competitive bidding process, buyers may have difficulty obtaining the necessary degree of access to conduct a thorough review. Buyers must negotiate access to information and personnel – the necessity of obtaining this access may depend on the degree of perceived risks. Another common challenge includes the timing of the due diligence. A buyer may wish to conduct regulatory due diligence either before or after financial due diligence, depending on the degree of risk that is presented by the transaction. This decision may be informed by the anticipated timing of the bid date, the degree of competitiveness of the transaction, and the amount of information that will likely be disclosed as part of diligence. Buyers will often discuss this timing with the management of the target organisation and their financial and legal advisers.

Dickerson: Honest and straightforward responses from key personnel who have a vested interest in the transaction are always the most common challenge. If the company really wants to be acquired and truly has fraudulent activity or unethical business practices, the management who are participating in the schemes will not willingly disclose untoward activities. Evaluating the corporate hierarchy and interviewing persons below upper management who may have access or knowledge of fraudulent or unethical activity, is key to an effective and thorough investigation. Of course, all employees of the company will be concerned with their employment and that is why anonymous questionnaires if permitted by local laws, are the best and quickest measure for discovering fraudulent or suspicious activity.

Allegations of fraud create a difficult situation. The potential buyer could simply be looking for a price reduction and seeking to use allegations of fraud as a negotiating tactic.
— Michael Savicki

FW: Assuming suspicions of fraud only begin to emerge in the post-deal phase, what options does a new buyer have at their disposal? How does the investigation process change compared to the pre-deal phase?

Dickerson: Any acquisition should include a holdback, clawback or right of termination if fraud is discovered subsequent to the acquisition. This goes beyond the common representations and warranties, but to an undeniable right to monies held in escrow or the ability to delay the actual finalisation of the transaction until a post-deal investigation is conducted. The post-deal investigation should be simplified as now the employees should not be concerned about loyalty to a former employer and, with a true whistleblower and compliance audit, the employee could be promoted for disclosure of previous bad conduct of the company. Without doubt, the post-investigation should be commenced at the earliest opportunity and should not only cover fraud, waste and abuse issues, but also incorporate supply side mechanics, quality control and an extensive review of the sales force conduct.

Wolski: The investigation process differs substantially in the post-deal phase as the buyer has complete access to information and personnel. The buyer has the full range of retained financial information, including supporting documentation, accounting entries, third party contracts and financial records available. In certain cases, there may be substantially more information available post-close then pre-close.

Savicki: Buyer’s remorse is tough to fix. There are obviously contractual protections and indemnifications that should be included in the transaction documents but they may provide little comfort if significant fraud is uncovered post-closing. If the fraud is discovered post-deal announcement but pre-closing, the buyer could instruct the target to file a disclosure with the appropriate regulator and also conduct a compliance audit with outside counsel and auditors. The buyer may also seek to reduce the purchase price or walk away from the transaction. If the buyer continues with the transaction, it should develop a robust compliance gap closure plan to remediate and determine whether a disclosure is necessary. If the fraud is uncovered post-closing, the buyer may choose to file a disclosure with the appropriate regulators and should take immediate steps to conduct a full investigation and audit to mitigate and remediate any fraud. However, none of these scenarios are ideal and illustrate the importance of robust pre-deal diligence.

FW: What advice can you offer to a target company if a potential buyer raises an allegation of fraud against it?

Wolski: Management of a target company must ensure that its reputation is safeguarded as closely as possible. If a buyer raises an allegation of fraud, the purchase price of the company as well as the deal timeline may be impacted. If the allegation is made publicly, other bidders will become aware of the allegation as well. Depending on how substantiated the allegations are, a target company may be able to alleviate the effects of the allegation through conducting its own internal investigation and analysis into the allegations. We generally see target companies retaining external counsel, who in turn engage forensic accountants, in such circumstances in order to assure that privilege is maintained and appropriate confidentiality agreements are established as the sale process continues. In certain circumstances, a target company may elect to defer sale while the allegation is resolved.

Savicki: Allegations of fraud create a difficult situation. The potential buyer could simply be looking for a price reduction and seeking to use allegations of fraud as a negotiating tactic. The target company should work with its outside counsel and auditors to objectively review the allegations and conduct an internal investigation. It will be in the best position to understand if the allegations potentially have merit and work with its outside experts to effectively address the allegations by improving their internal controls and remediating immediately.

Dickerson: The target company needs to provide full disclosure and cooperate in the investigation. If it does not, the deal will most likely die or, if it proceeds to closing, the liability for massive clawback, litigation and possible government investigation will be detrimental to the transaction and potential future transactions. Whereas, if fraud is discovered and the target company did not know of it, the target company may be able to proceed with the transaction at a different but yet acceptable price, or at a minimum stop the fraudulent conduct, set the necessary compliance protocols and reopen discussions at a later date.

Michael F. Savicki is the Vice President, Compliance & Risk – The Americas for American Express Global Business Travel – where he is responsible for all areas of Compliance and Risk regional disciplines.  Previously, he was Senior Attorney – Compliance & Corporate Services for Sikorsky Aircraft Corp., secondee counsel for Deutsche Bank’s Litigation and Regulatory Enforcement Group, and a senior litigation associate for Fried, Frank, Harris, Shriver & Jacobson LLP. He can be contacted on +1 (212) 640 6793 or by email: michael.savicki@aexp.com.

Greg Wolski is a partner and Certified Public Accountant in Ernst & Young LLP’s Fraud Investigation & Dispute Services (FIDS) practice with over 35 years’ experience in due diligence, litigation, accounting and auditing and other advisory services. Mr Wolski is also the EY Global leader for Transaction Forensics services (including purchase price disputes, Foreign Corrupt Practices Act and anti-bribery/anti-corruption due diligence, private equity anti-corruption compliance, transaction fraud and forensic due diligence). He can be contacted on +1 (312) 879 3383 or by email: gregory.wolski@ey.com.

Brian E. Dickerson is a partner at FisherBroyles LLP where he focuses his practice on complex litigation and regulatory matters defending clients against government actions, administrative proceedings and parallel civil and criminal proceedings. Mr Dickerson litigates complex fraud cases, including health care fraud (Stark Law and false claims cases), securities, bank, mortgage, procurement fraud, as well as Foreign Corrupt Practices Act (FCPA) matters throughout the US. He can be contacted on +1 (202) 570 0248 or by email: brian.dickerson@fisherbroyles.com.

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.