Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Scott Moritz: How much M&A due diligence is enough?

When a company merges with or acquires another company, the successor company risks assuming the predecessor company’s liabilities, including any FCPA violations that occurred prior to the merger.

The DOJ-SEC FCPA Resource Guide talks about hallmarks of an effective compliance program. One of the hallmarks is entitled “Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration.”

It says in part:

Inadequate due diligence can allow a course of bribery to continue — with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target.

What exactly constitutes due diligence in this context?

In the traditional sense, M&A due diligence is an analysis of the finances and legal implications of the acquisition. The term, however, has expanded, and now often includes background investigations of the acquisition target, as well as its key executives/control persons and critical business intermediaries, including sales agents and distributors, to the extent they are an important part of the business model.

Another important and sometimes overlooked aspect of acquisition due diligence is the performance of an anti-corruption risk assessment. In a perfect world, all acquisition targets have robust anti-corruption programs. In actuality, many small-to-midsize companies operating overseas do not have any type of anti-corruption program. This makes the performance of a high-level anti-corruption risk assessment that much more important.

Gaining an understanding of the company’s ownership group, executive team, customer base, distribution channels, products and services, sales and marketing activities, and overall nexus to foreign officials will better position the acquiring entity in evaluating the true purchase price, inclusive of any compliance remediation work that may be necessary to properly integrate the acquired company post-acquisition. Not only does an anti-corruption risk assessment on the front end lower the acquiring company’s risk of a future bribery violation, it could also provide it additional leverage in negotiating a more favorable purchase price that reflects the FCPA exposure.

How much due diligence is required?

The FCPA Resource Guide recognizes that even the most robust acquisition due diligence is based upon limited information. It allows for a grace period (although no time period is defined) to integrate the acquired company into the acquirer’s ethics and compliance program and overall control environment. Indeed, the post-integration actions a company takes factor heavily into whether it will be held liable for the actions of the acquired company.

According to the Resource Guide:

DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program.

The clear implication of this statement is that simply performing robust due diligence on the front end of an acquisition is not enough. There needs to be an urgency with which the newly acquired entity is brought into alignment with all of the hallmarks and associated controls of the acquirer’s anti-corruption program. Failing to do so can lead to the same types of fines, penalties and market capitalization impact that could result if improper acts of the acquired company were committed by the acquiring company itself.

I also want to emphasize something that the FCPA Resource Guide is mute on. This is the fairly common scenario in which a U.S.-based company makes an acquisition that causes it to become global overnight.

Bringing the newly acquired entity into alignment with an existing anti-corruption program is a bigger challenge in this case, either because the acquiring company does not have a program to begin with, or because the one it has is not risk appropriate given the newly expanded business. This exact scenario isn’t contemplated in the FCPA Resource Guide but it should be considered by companies faced with that situation.

What’s most important in all cases is being able to demonstrate a strong command of the potential corruption risks associated with the acquired company’s operations and showing that the acquiring company has taken meaningful steps to identify those risks and implement controls to mitigate them.


Scott Moritz, pictured above, is Managing Director and Global Lead of Protiviti Forensic, based in New York. He served as an FBI Special Agent for nearly 10 years where he focused on white collar crime, domestic and international corruption and money laundering investigations. A version of this post previously appeared on Protiviti View.

Share this post


Comments are closed for this article!