Questions about the “Carrot” and “Stick” Remain: Unpacking DOJ’s New M&A Safe Harbor Policy, Part I

by Joel M. Cohen and Marietou Diouf

Photos of the authors

From right to left: Joel M. Cohen and Marietou Diouf (Photos courtesy of White & Case LLP)

On October 4, 2023, United States Deputy Attorney General (DAG) Lisa Monaco announced a new Department of Justice (DOJ) Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company.  Under the policy, the acquiring party will receive a presumption of criminal declination if it promptly and voluntarily discloses criminal misconduct, cooperates with any ensuing investigation, and engages in appropriate remediation, restitution and disgorgement.

The Safe Harbor policy is a clear continuation of the DOJ’s push for corporate voluntary self-disclosure (VSD).  But as with many DOJ policy pronouncements, the devil is in the details.  It remains unclear what it will take for an acquiring company to obtain the “carrot” DOJ is dangling and poses questions as to the “stick” the DOJ might wield if a self-disclosure does not achieve safe harbor, or more broadly, if an acquirer fails to identify criminal misconduct in the acquisition process.  

Key Policy Takeaways:

  • The acquiring company must disclose criminal misconduct within six months of the transaction closing date—regardless of whether the conduct was discovered pre- or post-acquisition.
  • The acquiring company has one year from the closing date to fully remediate the misconduct, including remediation, restitution and disgorgement, where appropriate.
  • Both deadlines are subject to reasonableness and may be extended by prosecutors due to deal complexity and other factors.
  • Misconduct that threatens national security or involves ongoing imminent harm must be immediately disclosed.
  • Misconduct disclosed under the policy will not factor into present or future recidivist analysis for the acquiring company.
  • The acquiring company’s eligibility for a criminal declination will not be impacted by the presence of aggravating factors at the acquired company.
  • The target company can also qualify for VSD benefits, potentially including a declination, if there are no aggravating factors at the target company.
  • The policy applies only to criminal conduct discovered in bona fide, arms-length M&A transactions. It does not impact civil merger enforcement.
  • The policy does not apply to misconduct that is otherwise required to be disclosed, already public or otherwise known to the DOJ.

Timing is critical as the safe harbor windows for disclosure and remediation are relatively short.  Additionally, while the policy has been implemented Department-wide, each Department component is empowered to tailor its application as it determines.  

Background

In recent years, the DOJ has implemented VSD policies in an effort to combat corporate crime, marking a policy shift from more corporate-friendly enforcement practices of the Trump Administration.  In October 2021, DAG Monaco announced revisions to the DOJ’s corporate criminal enforcement policies and practices geared at strengthening the Department’s ability to prosecute corporate crime.[1]  The DOJ also established the Corporate Crime Advisory Group, charged with reviewing and updating the Department’s approach to corporate enforcement.  A year later, in September 2022, DAG Monaco affirmed that corporate criminal enforcement “will always be a core priority for the Department,” and provided further guidance on the 2021 policy revisions, including revisions concerning VSD, cooperation and evaluation of compliance programs.  While the 2021 revisions announced that corporations seeking cooperation credit must disclose all relevant and non-privileged facts about individual misconduct, the 2022 guidance added that any such disclosure also must be timely to obtain that credit.

Following the issuance of the DOJ’s revised guidance in 2022, several DOJ components implemented their own VSD policies, including the Criminal Division,[2] Antitrust Division,[3] Environmental and Natural Resources Division[4] and the Tax Division.[5]  In March 2023, DAG Monaco announced additional Department policies to incentivize cooperation and compliance, including a VSD[6] applicable to all U.S. Attorney’s Offices—a Department effort to “eliminat[e] geographic disparities and uncertainties” in enforcement efforts across the country.[7]  In announcing this policy, DAG Monaco emphasized that “the pathway to the best resolution will involve prompt voluntary self-disclosure.”[8]

The effect of these policies can be seen in the resolutions of several recent matters before the Department.  For example, in December 2022, French company Safran S.A. obtained a declination with disgorgement following a voluntary self-disclosure of information on payments to consultants used to bribe senior Chinese government officials to win government contracts.[9]  And in March 2023, the DOJ declined to prosecute Corsa Coal Corporation for FCPA violations.  The company, under investigation for having paid bribes to secure $143 million in coal contracts from an Egyptian state-owned company, was able to secure its declination due to the company’s timely voluntary self-disclosure and its remediation of the criminal conduct, cooperation and disgorgement.  Notably, the company provided information about individual wrongdoers, which led to criminal charges for two of the company’s former vice presidents.[10]

Key Questions

The Safe Harbor policy is the latest policy in the DOJ’s push for VSD.  Unlike prior DOJ policies, the Safe Harbor provides specific timelines that a company must abide by to be eligible for declination.  But, as with most DOJ pronouncements, important questions that companies should consider remain:

Will self-disclosure generate additional exposure for a company?  The timelines under the policy are tight and it is unknown how onerous the DOJ’s remediation, restitution and disgorgement requirements will be.  If a company self-discloses but fails to achieve safe harbor status, it remains unclear whether the company will be subject to criminal prosecution, or how the DOJ will treat the information the company provided the government in the disclosure and remediation process.  Can it be offered against the company in a criminal proceeding?  Will the DOJ be able to use it to investigate and prosecute additional crimes?  Further, while the Safe Harbor deadlines are subject to reasonableness on a case-by-case basis, it is the DOJ that ultimately determines whether the company has satisfactorily fulfilled its remediation, restitution and disgorgement requirements.  It is unclear how strictly the DOJ will enforce the disclosure and remediation deadlines.  However, companies should take note that the deadlines are consistent with those in the 2008 Halliburton Opinion issued by the FCPA Unit (Halliburton, an acquiring company, sought comfort from the FCPA Unit on a potential acquisition of a target and proposed timelines that the FCPA Unit ultimately adopted)—a decision referenced by DAG Monaco when announcing the policy—and that the Safe Harbor policy is distinct from previous Department VSDs in that it provides specific timeframes where the others are silent.  Companies should be prepared that the DOJ may hold them to the six-month and one-year windows.

How will the policy impact M&A due diligence?  While M&A deal diligence traditionally encompasses potential violations of AML and sanctions laws, the FCPA and export controls, the Safe Harbor policy is silent on the outer boundaries of criminal misconduct.  And, as the policy is applicable across the entire Department including each individual U.S. Attorney’s Office, the scope of criminal conduct subject could be quite broad.  Traditional deal diligence may not be broad or detailed enough to uncover criminal misconduct in a target company prior to closing.  Similarly, the operation of the acquired company in the first six months post-closing might fail to reveal any misconduct.  Has a company that failed to discover misconduct within the policy’s timeframe “bought” the liability?  Will the DOJ exact harsher penalties against companies that fail to discover misconduct and self-disclose?  The answer to these questions may be yes.  According to DAG Monaco, if a “company does not perform effective due diligence or self-disclose misconduct at an acquired entity, it will be subject to full successor liability for that misconduct under the law.”[11] 

How should companies assess potential collateral risks relating to disclosure?  Companies should assess what risks they might face as a consequence of disclosure, regardless of whether safe harbor is granted.  While a company may obtain a criminal declination under the policy, the company may be subject to investigation and liability from civil regulators outside the DOJ, such as the SEC and the Department of Treasury, or from civil components within the DOJ.  It is unclear how the various VSD policies in place will intersect, but recent comments from Acting Assistant Attorney General Nicole Argentieri suggest that they are intended to work in conjunction with each other.[12]  Companies should further note the potential for foreign and local investigations stemming from a self-disclosure.  And government regulation aside, a company’ self-disclosure could expose the company to shareholder lawsuits that are both costly and reputationally damaging. 

Will the DOJ charge individuals instead of the company?  As with collateral risk analysis, companies should consider whether self-disclosure may result in induvial liability for company officers or directors.  In recent years, the DOJ has emphasized its commitment to holding individuals accountable in corporate enforcement actions.  While a company may self-disclose and obtain a declination, cooperation under the policy may require disclosure of information that inculpates company officials.  Notably, in the Corsa Coal Corporation FCPA resolution, the company’s cooperation and disclosure led to the prosecution of two former company officials.  The DOJ’s focus on individual accountability should factor into a company’s assessment of whether it will be able to meet the level of cooperation demanded under the policy. 

What impact might the policy have on target companies?  Under the policy, target companies are eligible for VSD benefits, potentially including a criminal declination if no aggravating factors exist at the target company.  But what if, after disclosure, the acquiring company gets cold feet and walks away from the deal?  Will the target company be subject to criminal investigation and prosecution by the DOJ?  If there are aggravating factors within the target, will the target be given an opportunity to remediate?  The policy is silent on these crucial questions.  One of the aims of the Safe Harbor policy seems geared at encouraging bringing companies not previously subject to regulation in the United States into the enforcement fold.  However, it is possible that that the demands of the policy could in fact chill the deal market, rather than stimulate it. 

Like many DOJ initiatives, the Safe Harbor policy may appear to be—but ultimately isn’t—a sea change.  The details of how it will operate in practice will clarify only over time as companies and their counsel learn the DOJ’s expectations of companies under the policy.  Much of the discussions surrounding a company’s disclosure and remediation will not make their way into reported judicial opinions or other public record documents.  Accordingly, how the policy is applied in practice will remain hard to discern apart from what experienced counsel learn, case-by-case.  For now, it is important for companies, together with their counsel, to consider the potential risks that might follow from obtaining the “carrot” the DOJ is dangling.

Part II of this alert will address lessons that can be learned from post-acquisition due diligence in other global jurisdictions where White & Case practices.

Footnotes

[1] Memorandum from Deputy Attorney General Lisa O. Monaco, “Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies,” Oct. 28, 2021 (“October 2021 Memorandum”), available at https://www.justice.gov/dag/page/file/1445106/download.

[2] Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, available at https://www.justice.gov/d9/pages/attachments/2023/01/17/criminal-division-corporate-enforcement-policy-january-2023.pdf.

[3] Antitrust Division Leniency Policy and Procedures, available at https://www.justice.gov/d9/pages/attachments/2022/04/04/401697.pdf.

[4] Environmental Crimes Section Environment & Natural Resources Division Voluntary Self-Disclosure Policy, available at https://www.justice.gov/d9/pages/attachments/2023/03/02/ecs_voluntary_self_disclosure_policy_2023_5.pdf.

[5] Tax Division Corporate Voluntary Self-Disclosure Policy, available at https://www.justice.gov/media/1276911/dl?inline.

[6] United States Attorneys’ Offices Voluntary Self-Disclosure Policy, available at https://www.justice.gov/d9/2023-03/usao_voluntary_self-disclosure_policy_2.21.23.pdf.

[7] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-remarks-american-bar-association-national.

[8] Id.

[9] https://www.justice.gov/opa/speech/principal-associate-deputy-attorney-general-marshall-miller-delivers-remarks-global.

[10] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-announces-new-safe-harbor-policy-voluntary-self.

[11] Id.

[12] https://www.justice.gov/opa/speech/acting-assistant-attorney-general-nicole-m-argentieri-delivers-remarks-american-bar.

Joel M. Cohen is a Partner and Chair of the Global White Collar Practice Group and Marietou Diouf is Counsel at White & Case LLP. The authors would like to acknowledge the assistance of associate Gloria Cangé in the preparation of this article. The post was first published on the firm’s blog. 

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).