Your company has just made its largest acquisition ever and your Chief Executive Officer (CEO) says that he wants you to have a compliance post-acquisition integration plan on his desk in one week. Where do you begin? Of course, you think about the 2012 FCPA Guidance language which stated, “pre-acquisition due diligence, however, is normally only a portion of the compliance process for mergers and acquisitions. DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program. Companies should consider training new employees, reevaluating third parties under company standards, and, where appropriate, conducting audits on new business units.” You also recall that the 2012 Guidance did not have the time lines established in the previous enforcement actions involving Johnson & Johnson (J&J) and Data Systems & Solutions LLC and the Opinion Release 08-02, the Halliburton Opinion Release. Yet you do remember the FCPA M&A Box Score Summary of Opinion Release and enforcement actions regarding M&A issues.
You are also aware of the language from the Evaluation of Corporate Compliance Programs about mergers and acquisitions (M&A), which reads under Prong 11, Mergers and Acquisitions:
Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
Process Connecting Due Diligence to Implementation – What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures at new entities?
Yet many compliance professionals struggle with is how to perform these post-acquisition compliance integrations. An article from the Harvard Business Review, entitled “Two Routes to Resilience”, Clark Gilbert, Matthew Eyring and Richard Foster wrote about business transformation which speak directly to the compliance practitioner to help create post-acquisition integration game plan.
Anyone who has gone through a large merger or acquisition knows how terrifying it can be for the individual employee. Many people, particularly at the acquired company will be fearful of losing their jobs. This fear, mis-placed or well-founded, can lead to many difficulties in the integration process. The creation of a Compliance Capabilities Exchange process which allows “the two organizations to live together and share strengths” and will coordinate “the two transformational efforts so that each gets what it needs and is protected from [unwanted] interference by the other.” There are five steps in this process.
The bottom line is that you must train the newly acquired employees, reevaluate third parties under your company standards, and conduct compliance audits on new business units. This process should be based your pre-acquisition due diligence and risk assessment. Moreover, the Justice Department and SEC clearly view both the pre-and post-acquisition phases of mergers and acquisitions as tied together in a unidimensional continuum. If pre-acquisition due diligence is not possible, you should the requirements and time frames laid out in Opinion Procedure Release No. 08-02, so as was noted in the 2012 FCPA Guidance, “pursuant to which companies can nevertheless be rewarded if they choose to conduct thorough post-acquisition FCPA due diligence.
Three Key Takeaways
This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to Convercent.com.