Two very different groups of companies will emerge from the lockdown: thousands with liquidity problems and uncertain futures, and hundreds with piles of cash and an appetite for growth. That means there’s a coming surge in mergers and acquisitions.
For compliance professionals, M&A activity always raises the specter of successor liability. What’s that? In American corporate law, an acquiring company becomes automatically responsible (strictly liable) for the obligations of the acquired company.
What’s most important to know about successor liability is this: No compliance program on earth can guarantee that an acquiring company won’t be prosecuted for the acquired company’s prior FCPA violations.
That’s uncomfortable to say out loud. How, then, might compliance professionals talk about successor liability with boards and management?
The DOJ and SEC said . . . . When the bosses are unfamiliar with successor liability or skeptical about it, primary source material can be helpful.
From the DOJ-SEC FCPA Resource Guide, here’s some rationale for the doctrine:
Successor liability is an integral component of corporate law and, among other things, prevents companies from avoiding liability by reorganizing.
And here’s the crucial sentence from the FCPA Resource Guide that compliance officers might want to memorize:
As a general legal matter, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities.
Successor liability is a big part of FCPA enforcement. FCPA prosecutions based on successor liability include Airbus, Mondelēz International, InVision, Pfizer Inc., Watts Water.
There’s also a current list of ongoing FCPA-related investigations involving potential successor liability: Landec Corporation, United Technologies, Marriott International, Novelion Therapeutics, General Electric.
(Thanks to FCPA Tracker for providing the investigation data. For the record, being the subject of an FCPA investigation isn’t evidence of wrongdoing, and many FCPA investigations end without enforcement actions.)
The DOJ and SEC sometimes soften the application of successor liability. They prosecute the acquired company, after it’s acquired, and not the acquiring company. Examples are FCPA enforcement actions against Polycom after it was acquired by Plantronics Inc., and PBSJ Corporation after it was acquired by WS Atkins plc. The DOJ and SEC also charged Syncor International (or its Taiwan subsidiary), but neither agency charged Cardinal Health, which had acquired Syncor after the FCPA offenses occurred. (Cardinal Health later resolved a different, unrelated FCPA enforcement action.)
Also, the feds have sometimes “declined to take action against companies that voluntarily disclosed and remediated conduct and cooperated with DOJ and SEC in the merger and acquisition context,” according to the FCPA Resource Guide.
Successor liability won’t create liability where none existed before. If a company acquires a foreign company that wasn’t previously subject to the FCPA’s jurisdiction, “the mere acquisition of that foreign company would not retroactively create FCPA liability” for the acquiring company. That’s helpful to keep in mind. It also raises an obscure valuation issue: Do target companies outside FCPA jurisdiction have a higher value, or should they be discounted? Let’s save that discussion for another time.
Successor liability applies not only to the FCPA but also to other crimes. There’s antitrust (Melrose Distillers, Inc. v. United States, 359 U.S. 271, 274), Bank Secrecy Act violations (United States v. Alamo Bank of Texas, 880 F.2d 828, 830), conspiracy and Travel Act violations (United States v. Polizzi, 500 F.2d 856, 907), customs offenses (United States v. Shields Rubber Corp., 732 F. Supp. 569, 571-72), mail fraud and false statements (United States v. Mobile Materials, Inc., 776 F.2d 1476, 1477). I sourced the case law from footnotes in the FCPA Resource Guide.
FCPA risks skyrocket in black-box acquisitions. Again, our memory verse: “As a general legal matter, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities.” So, in hostile takeovers when due diligence isn’t possible, do acquiring companies swallow the risk? Do they hold their nose and proceed? In the real world, sometimes that’s what happens.
Even in a friendly acquisition, with lots of due diligence and strong compliance programs, successor liability means post-acquisition FCPA problems can still happen. That’s the uncomfortable truth. But board members and executives need to hear that advice. Then it’s up to them to decide what to do.
Always show intent to comply. Even though successor liability operates automatically, the DOJ and SEC “encourage” companies to conduct pre-acquisition due diligence anyway, and to improve compliance programs and internal controls after acquisitions. Why? To stop bribery, if it’s happening, and prevent it from happening more. To know what they’re buying, and how much it should be worth (presumably less if the target’s business is built on bribery). To help them draft adequate disclosures and undertakings in relevant documents. And to lay the foundation for post-acquisition remediation (if needed) and compliance integration. That’s how a company shows a commitment to FCPA compliance. Do the feds say these steps will prevent all enforcement based on successor liability? No, they don’t go that far.