Appropriately scoped ABC due diligence should be part of any merger or acquisition.  Prior to merging with or acquiring an entity (the “target”), a company should consider taking the following steps.

(1)   Collect background information on the target, including:

   the ownership structure of the target and its affiliates;
   the principal customers of the target;
   the identity of third-party representatives who may represent the target before  government         bodies;
   any information in the public record related to ABC investigations, violations or settlements;      and
   the countries in which the target operates, ranked by the amount of business conducted in         each country and the perceived corruption risk of that country.

(2)   Conduct document collection and review, including potentially:

   sales organizational and reporting charts, and approval limitations;
   agreements with third-party representatives;
   previous due diligence conducted in relation to the target’s third-party representatives;
   invoices from third-party representatives and all other records relating to agent and                      consultant payments to determine commission amounts paid;
   agreements and other significant correspondence with foreign government entities;
   invoices from foreign government entities;
   business development files; and
   internal audit, investigation, and disciplinary proceeding records.

(3)   Analyze the target’s ABC and related policies, procedures, certifications, and training materials.

(4)   Analyze the target’s recent ABC investigations, including a review of:

   whether the target has been subject to government investigation in the last five years;
   whether the target has conducted an internal investigation in the last five years;
   reports of calls to the ethics hotline;
   audit reports of ABC compliance; and
   records of ABC- or ethics-related training and personnel actions.

(5)   Identify the target’s relevant personnel, such as senior managers, controllers, salespeople, and personnel with government interaction, and consider preliminary interviews.

(6)   Review the target’s relationships with third-party representatives and joint venture partners with government interactions, including

   analysis of the level of detail in and reasonableness of invoices, whether commissions were       properly calculated, whether invoices reflect the actual services rendered, and whether the         invoices are consistent with the terms of applicable agreements;
   determination as to whether there are any unusual arrangements (financial or otherwise),           such as retainer agreements, post-project payments, and payments for overhead, rent,                 leases, utilities, car leases, tuition, etc.; and
   determination as to whether payments are made in cash, bearer checks, or other similar             manner, and whether the agents, consultants, distributors, and joint venture partners have         requested payments to offshore bank accounts or bank accounts owned by another party.

(7)   Identify the target’s accounting and financial structures and review financial and accounting data for any red flags, such as

   payments to foreign government entities or officials;
   business entertainment, travel expenses, and gifts;
   facilitation payments;
   political contributions and charitable contributions; and
   permits and licensing.

(8)   Consider interviews of the target’s third-party representatives and joint venture partners.

All of the above steps and the resulting findings and conclusions should be documented, and the records maintained.  After the transaction closes, the acquiring company should:

   reevaluate the target’s third-party relationships under the company’s own standards;
   apply the company’s key compliance policies and procedures to the target;
   include the target in the appropriate audit cycle;
   apply the company’s key finance and compliance controls to the target; and
   train new employees.

The DOJ and SEC have stated in the FCPA Resource Guide that a company should ensure, “as quickly as practicable,” that the company’s compliance policies apply to the target; and that the company should “conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.”1   As part of an overall risk assessment, the company should consider scoring itself on accomplishing the above post-acquisition integration steps in a timely and thorough manner.  Post-transaction steps should also be documented.


1 DOJ & SEC, A Resource Guide to the U.S. Foreign Corrupt Practices Act 29 (2012).

More topics in this series