Appropriately scoped ABC due diligence should be part of any merger or acquisition. Prior to merging with or acquiring an entity (the “target”), a company should consider taking the following steps.
(1) Collect background information on the target, including:
• the ownership structure of the target and its affiliates;
• the principal customers of the target;
• the identity of third-party representatives who may represent the target before government bodies;
• any information in the public record related to ABC investigations, violations or settlements; and
• the countries in which the target operates, ranked by the amount of business conducted in each country and the perceived corruption risk of that country.
(2) Conduct document collection and review, including potentially:
• sales organizational and reporting charts, and approval limitations;
• agreements with third-party representatives;
• previous due diligence conducted in relation to the target’s third-party representatives;
• invoices from third-party representatives and all other records relating to agent and consultant payments to determine commission amounts paid;
• agreements and other significant correspondence with foreign government entities;
• invoices from foreign government entities;
• business development files; and
• internal audit, investigation, and disciplinary proceeding records.
(3) Analyze the target’s ABC and related policies, procedures, certifications, and training materials.
(4) Analyze the target’s recent ABC investigations, including a review of:
• whether the target has been subject to government investigation in the last five years;
• whether the target has conducted an internal investigation in the last five years;
• reports of calls to the ethics hotline;
• audit reports of ABC compliance; and
• records of ABC- or ethics-related training and personnel actions.
(5) Identify the target’s relevant personnel, such as senior managers, controllers, salespeople, and personnel with government interaction, and consider preliminary interviews.
(6) Review the target’s relationships with third-party representatives and joint venture partners with government interactions, including
• analysis of the level of detail in and reasonableness of invoices, whether commissions were properly calculated, whether invoices reflect the actual services rendered, and whether the invoices are consistent with the terms of applicable agreements;
• determination as to whether there are any unusual arrangements (financial or otherwise), such as retainer agreements, post-project payments, and payments for overhead, rent, leases, utilities, car leases, tuition, etc.; and
• determination as to whether payments are made in cash, bearer checks, or other similar manner, and whether the agents, consultants, distributors, and joint venture partners have requested payments to offshore bank accounts or bank accounts owned by another party.
(7) Identify the target’s accounting and financial structures and review financial and accounting data for any red flags, such as
• payments to foreign government entities or officials;
• business entertainment, travel expenses, and gifts;
• facilitation payments;
• political contributions and charitable contributions; and
• permits and licensing.
(8) Consider interviews of the target’s third-party representatives and joint venture partners.
All of the above steps and the resulting findings and conclusions should be documented, and the records maintained. After the transaction closes, the acquiring company should:
• reevaluate the target’s third-party relationships under the company’s own standards;
• apply the company’s key compliance policies and procedures to the target;
• include the target in the appropriate audit cycle;
• apply the company’s key finance and compliance controls to the target; and
• train new employees.
The DOJ and SEC have stated in the FCPA Resource Guide that a company should ensure, “as quickly as practicable,” that the company’s compliance policies apply to the target; and that the company should “conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.”1 As part of an overall risk assessment, the company should consider scoring itself on accomplishing the above post-acquisition integration steps in a timely and thorough manner. Post-transaction steps should also be documented.