“I check every offer. It could be the offer of my life.”
Henry Ford

Due diligence plays a major role in the transaction business. It should enable a risk assessment of the target company and put the purchase decision on a firm footing. This applies to commercial and financial aspects, as well as legal and compliance risks (e.g., corruption risks). The latter is explicitly stipulated in both the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act (UKBA). It doesn’t always have to be a big deal. Investments or joint ventures also require a close look at the compliance issue.

Compliance as spoilsport?

However, reality sometimes offers quite a different picture. A systematic recording of compliance risks in the run-up to an acquisition according to the given possibilities is rarely performed and usually not in the required depth. It often seems as though you don’t want to let compliance issues jeopardize a promising deal. Accordingly, compliance officers are rarely involved in this phase – a risky undertaking because errors at this key stage may have far-reaching consequences.

Action plan in the course of due diligence

Due diligence cannot be a full compliance audit, and the absence of abnormalities does not guarantee that problems will not arise later. Nevertheless, a critical examination of the compliance status of the target is extremely important in order to provide for a realistic assessment of both the deal opportunities and its risks.

In addition to the assessment of the compliance risks inherent in the business model, the evaluation of the target company’s compliance management system (CMS) also plays a key role.

Business model evaluation

The evaluation of the business model basically follows the steps that are similar to those of the compliance risk analysis (see Episode 3 of the ’12-Month Compliance Challenge’). The key question is: What factors posing significant liability risks or company damages can actually be identified? Such factors could be (select):

Importance of licenses and permits for a company (e.g., as a condition for the operation of plants)
Degree of regulatory oversight and control
Involvement of business partners (such as distributors, consultants)
Special features of the industry (e.g., high regulatory requirements in the pharmaceutical or medical device sector)
Geographical aspects (unfavorable Corruption Perception Index,^[1] political instability)
Specific problems, i.e. administrative investigations carried out in the past or, as the case may be, ongoing investigations and/or proceedings against company managers, negative press coverage, etc.

Of course, risks may sometimes give rise to business opportunities, and risks are often inherent in business activities and cannot be eliminated. Example: If there is a strong dependency on official decisions, there will almost always be a risk of corruption. However, it could be controlled in the best possible way through the implementation of targeted measures such as advice, training, or compliance audits. Accordingly, the aim of compliance due diligence should be to ensure a realistic assessment of the existing compliance risks in the target company.

Compliance program assessment

The critical assessment of the compliance program (see the overview in Episode 1 of the ’12-Month Compliance Challenge’) provides an insight into the status of the risk control and the associated probability, so that these risks will be realized in the form of administrative investigations and the associated financial damage in the foreseeable future.

Compliance integration

The work really gets underway when the buyer has decided to make the acquisition. The integration of a CMS (if any) is usually a tough job. Above all, it takes a good deal of tact and sensitivity. Different approaches to compliance issues are mostly based on corporate cultural factors: How competitive are the companies in comparison? Is there a high level of oversight and control or are employees given greater leeway in decision-making? Compliance is all about convincing and building trust, rather than doing some things right or wrong.

Conclusion

Compliance aspects must be taken into account in M&A processes in order to prevent damage to the company. Compliance officers should know what kind of investments play a role in their company and work towards being involved in the relevant processes at an early stage. The arguments are on their side.

What’s next

Our ’12-Month Compliance Challenge’ is drawing to a close. Last but not least, our last episode is about Monitoring & Review.

If you are unsure how to set up and run your compliance project successfully, please feel free to contact me.

[1] https://www.transparency.de/cpi.