The Hidden Trapdoor In M&A Deals

Third-party networks bring genuine value, but acquirers need to be cognizant of the inherent risks and bring their GCs and CCOs into the process early—rather than presenting it to them as a fait accompli.

As global M&A activity surges again after a brief Covid-19-related slump, it’s a sure bet some acquiring companies will be inheriting unpleasant surprises along with their new partners.

One of the most underrated acquisition perils out there? Compliance risks arising from third-party relationships that are absorbed during deals. The risks are most acute for large companies acquiring firms outside of North America as they often pick up ecosystems of several thousand third parties in the process. Deals for companies in geographical regions with heightened levels of corruption carry even more risks.

Acquirers can open themselves and their shareholders up to significant legal and financial risks under the U.S. Foreign Corrupt Practices Act (FCPA) if they don’t properly vet their new third-party ecosystems and put controls in place to prevent bribery violations.

The need to do so comes at a critical time. The value of deals in the third quarter more than doubled to $891 billion from $372 billion in the previous three months and rose a third from the same period last year. Many of those transactions are taking place in sectors such as life sciences and oil and gas where substantial links to foreign state actors tend to raise the bribery and corruption risks further.

Toxic Jewels

To minimize these risks, compliance due diligence and planning needs to be an integral part of the deal-making process rather than an afterthought, as is too often the case. What the deal team sees as the jewels of the acquisition may be viewed by general counsels as the biggest legal vulnerabilities. Where the deal team might only see the wealth of sales opportunities through new channels and exclusive relationships with agents in Asia, a GC or chief compliance officer may be justifiably horrified by the same agents’ lack of training or the absence of contract terms saying they will avoid bribery and corruption.

Third-party networks bring a lot of genuine value, but acquirers need to be cognizant of the inherent risks and bring their GCs and CCOs into the process at an early stage rather than presenting it to them as a fait accompli.

That enables the professionals to assess the strength of the target company’s compliance programs up front and to do some spot checking to assess its compliance record and the risks presented by some of its key third parties. They can then put together a plan for how to handle the third-party population once the deal is complete, including a budget that can be worked into the deal cost.

Any significant risks uncovered by the compliance team may need to be included specifically in the reps and warranties of the deal. Once the deal is done, the compliance team needs to ensure the program is executed and extended.

A Heavy Price

The legal and financial risks of skimping on an acquisition compliance strategy are very real. The Department of Justice and the Securities and Exchange Commission have stepped up their FCPA enforcement actions related to acquisitions in recent years. Settlements can rise into the hundreds-of-million-dollar range, and prosecutions can result in hefty legal costs even if declinations are reached, potentially turning an acquisition into a drag on capital.

Evolving from their treatment of high-profile cases including Halliburton and Johnson and Johnson, the DOJ and SEC have provided clear guidance in recent years on how acquiring companies can insulate themselves from FCPA prosecutions. Acquirers are encouraged to conduct pre-acquisition due diligence to ensure their compliance policies apply “as quickly as possible” to acquired businesses, to train the relevant staff of the acquired firm on FCPA compliance, to conduct an FCPA-specific audit as soon as possible and to flag any violations.

A $345 million FCPA settlement paid by Swiss pharma giant Novartis and two of its subsidiaries this year underlined the potentially heavy price of not following these steps. Singapore-based Alcon, which Novartis acquired in 2011, admitted to bribing healthcare providers in Vietnam through a third-party distributor in order to increase sales. The SEC settlement specifically noted that Novartis had failed to stop the improper payments after the acquisition, underlining the importance of compliance procedures in protecting an acquirer from its target’s prior misconduct.

When it comes down to it, there’s no real need for the deal team and the compliance team to be at loggerheads on an acquisition. It’s in everyone’s interest for a deal to be legally sound as well as lucrative. If the deal team can show that the target is clean from a compliance perspective, it should add significantly to the deal’s attractiveness. Conversely, if the compliance team turns up problems, those can be factored into the acquisition cost and result in a better deal as well as reducing the risk of hidden time bombs.