Skip to content.

The Department of Justice announced for the first time a new safe harbor policy that will apply to mergers and acquisitions in cases where an acquiring company with an effective compliance program uncovers misconduct during the M&A process and discloses it in a timely manner.

Deputy Attorney General Lisa Monaco first announced the DOJ’s new Mergers & Acquisitions Safe Harbor Policy on October 4, 2023, in a speech made at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute.

“The last thing the Department wants to do is discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs and a history of misconduct,” Monaco said. “Instead, we want to incentivize the acquiring company to timely disclose misconduct uncovered during the M&A process.”

To be clear, the DOJ has long emphasized the important role compliance plays in M&A transactions, which is covered at length in the Criminal Division’s Evaluation of Corporate Compliance Programs. Additionally, the Criminal Division’s Corporate Enforcement Policy already provides for the potential of a declination for misconduct reported to the DOJ that is uncovered during pre- or post-acquisition due diligence.

Chief compliance officers looking for a case study should review the Safran declination from December 2022. In that case, the French aircraft equipment maker voluntarily self-disclosed that two companies it acquired paid millions of dollars to a China-based business consultant to bribe a Chinese government official in exchange for contracts with the Chinese government. The conduct ended prior to the acquisition. Safran timely and voluntarily self-disclosed, cooperated, remediated and, consequently, secured a declination. 

Consistency, predictability and transparency

While the DOJ has acknowledged self-disclosures pertaining to M&A transactions in the past, they have differed from each other in approach, Monaco said. The new safe harbor policy expands upon the agency’s ongoing effort to ensure greater consistency, predictability and transparency in corporate enforcement actions overall.

In September 2022, Monaco issued a memorandum to all U.S. attorneys’ offices directing prosecutors to consider providing cooperation credit to companies that make a timely, voluntary self-disclosure of misconduct. Then, in March 2023, she announced that all DOJ components and offices engaged in corporate criminal enforcement now have such a policy.

“So, when companies promptly disclose misconduct, fully and in a timely manner, they can take advantage of the programs’ benefits in any type of case, in any part of the Department, and in any part of the country,” Monaco said in her remarks. 

Effectively, this department-wide policy now formally extends to M&A transactions. “Going forward, acquiring companies that promptly and voluntarily disclose criminal misconduct within the safe harbor period, and that cooperate with the ensuing investigation, and engage in requisite, timely and appropriate remediation, restitution, and disgorgement…will receive the presumption of a declination,” Monaco said.

M&A Safe Harbor policy explained

As with the policy announced in March, the M&A safe harbor policy will apply Department-wide. “Each part of the Department will tailor its application of this policy to fit their specific enforcement regime and will consider how this policy will be implemented in practice,” Monaco said.

To ensure predictability, clear timelines will be set. To qualify for the safe harbor, companies must disclose the misconduct within six months from the date of closing, whether the misconduct was discovered pre- or post-acquisition, Monaco said.

Then, companies will have one year from the date of closing to fully remediate the misconduct. Prosecutors may extend that deadline, “depending on the specific facts, circumstances, and complexity of a particular transaction,” Monaco said.

The potential flexibility of this deadline does not apply in all cases. “Companies that detect misconduct threatening national security or involving ongoing or imminent harm can’t wait for a deadline to self-disclose,” Monaco said.

In an effort to be more transparent, the DOJ is “making clear that aggravating factors will be treated differently in the M&A context,” Monaco continued. “The presence of aggravating factors at the acquired company will not impact in any way the acquiring company’s ability to receive a declination.”

Moreover, the company being acquired may also qualify for applicable benefits, “including potentially a declination,” Monaco said, “unless aggravating factors exist at the acquired company.” Monaco further noted that “any misconduct disclosed under the Safe Harbor Policy will not be factored into future recidivist analysis for the acquiring company.”

The policy will apply only to criminal conduct “discovered in bona fide, arms-length M&A transactions,” not to misconduct that was “otherwise required to be disclosed or already public or known to the Department. Nor will anything in this policy impact civil merger enforcement.”

Those who advise boards of directors and deal teams should be aware that prosecutors will place an “enhanced premium on timely compliance-related due diligence and integration,” Monaco stressed. “Compliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction.”

In the end, companies that invest in a strong compliance program “will not be penalized for lawfully acquiring companies when they do their due diligence and discover and self-disclose misconduct,” Monaco said. “By contrast, if your company does not perform effective due diligence or self-disclose misconduct at an acquired entity, it will be subject to full successor liability.”

In her speech, Monaco also talked about the “rapid expansion” of national security-related corporate crime. Already this year, the majority of corporate criminal resolutions implicating U.S. national security has more than doubled since 2022, she said.

“Today, corporate crime intersects with our national security in everything from terrorist financing, sanctions evasion, and the circumvention of export controls to cyber- and crypto-crime,” Monaco said. “And we are seeing new national security dimensions in familiar areas of corporate crime – from FCPA violations to intellectual property theft that affects critical supply chains and involves disruptive technologies.”

In separate remarks made at the Global Investigations Review annual meeting on September 21, 2023, Principal Associate Attorney General Deputy Marshal Miller described how today’s geopolitical environment directly affects corporate compliance programs. “As sanctions and export control laws are increasing in scope and importance, so too are the corporate risks related to national security compliance failures,” he said.

“As nation-state adversaries and associated criminal actors engage in increasingly sophisticated money laundering, crypto-crime, technology theft, and sanctions and export control evasion, so too must corporate compliance programs become increasingly sophisticated to keep up,” Miller added. “Whereas in the past a company’s compliance team might have mitigated national security risks through sanctions-screening software and attention to a couple of sanctioned countries, today a new level of diligence and attention is required.”

Monaco noted how many companies are answering this call and “responding commendably” by “implementing sophisticated compliance controls to mitigate otherwise risky business lines and, where necessary, exiting markets that pose undue risk.” Those that are not are paying the price.

New tools and remedies

Beyond just expanding its enforcement priorities, the DOJ is also developing and adopting new tools and remedies to punish and deter misconduct. “This year, we have announced corporate criminal resolutions that, for the first time ever, included the divestiture of lines of business, required specific performance measures as part of restitution and remediation, as well as tailored compensation and compliance requirements,” Monaco said.

The agency is further dedicating the resources necessary to counter growing national security threats. This year, the National Security Division hired 25 new prosecutors to investigate national security-related economic crimes. In September, the Division named Ian Richardson as its first Chief Counsel for Corporate Enforcement, and Christian Nauvel as Deputy Chief Counsel.

Previously, Richardson served as an assistant U.S. attorney for the Eastern District of New York, where he led corporate crime and national security prosecutions. Nauvel served as senior counsel to the assistant attorney general for the Criminal Division.

Additionally, the DOJ hired six new prosecutors to the Criminal Division’s Bank Integrity Unit, which targets financial institutions that violate the Money Laundering Control Act, the Bank Secrecy Act, and economic and trade sanctions programs authorized by the International Emergency Economic Powers Act.

Chief compliance officers and in-house counsel in companies of all sizes across all sectors should heed Monaco’s warning: “Our message should be clear: The tectonic plates of corporate crime have shifted. National security compliance risks are widespread. They are here to stay, and they should be at the top of every company’s compliance risk chart.”

For more detailed information on the recent DOJ Evaluation of Corporate Compliance Programs, download the annotated ECCP for analysis about the most recent changes.

Download Now