Recent developments in Europe expand the risks that companies can face when bribery and corruption is uncovered at a newly acquired entity – especially if the investors fail to respond appropriately. Even when direct corporate criminal or regulatory prosecution does not follow, consequences can still include fines, disgorgement of profits, significant legal fees, and severe reputational damage. With private equity and private capital firms engaging more often in cross-border transactions in emerging markets that pose more risk, they should take note: due diligence and post-acquisition compliance integration need to be prioritized more than ever.
The UK position
In the United Kingdom, companies will not generally be criminally liable for past misconduct of newly acquired entities. However, given the wide and globally applicable nature of the United Kingdom’s anti-bribery laws, post-acquisition risks are still significant.
Under the UK Bribery Act, companies carrying on a business in the United Kingdom – whether incorporated there or not – are guilty of the criminal offense of failing to prevent bribery if an “associated person” bribes another person anywhere in the world, and in doing so intends to obtain a business advantage for the company. An associated person includes any natural or legal person who “performs services” for or on behalf of the company – this could be an employee or agent of the company or one of its subsidiaries. Whether a person is performing services for a company is determined by reference to all the relevant circumstances. Ministry of Justice guidance indicates that indirectly benefiting from a subsidiary’s bribe (e.g., through the distribution of dividends) is insufficient on its own to establish the parent company’s liability. However, when a subsidiary’s intention to obtain an advantage for the parent can be shown, the parent company could be liable – even if bribes were made without its sanction or knowledge. In other words, investment and portfolio companies can pose a risk to their investors even if the holding is a minority interest.
It is a defense if the fund or investor can prove that it had adequate procedures in place to prevent bribery at portfolio-company level, but this relies on thorough pre-acquisition anti-bribery and corruption due diligence, and rapid post-acquisition integration of newly acquired entities into a company’s compliance program. At the very least, any bad business practices need to end as soon as an acquisition has completed. It is important to note that the procedures across the portfolio will be reviewed – not just where the issue arose.
Recent guidance from the Serious Fraud Office indicates there is another reason why post-acquisition compliance integration should be prioritized. When historical corruption is identified, the fact that a company has since taken action to improve its corporate compliance program will be an important factor for prosecutors in weighing whether to prosecute at all, or could at least be a factor taken on board when deciding if a deferred prosecution agreement (DPA) would be appropriate. Thus, although rolling out effective compliance procedures post-acquisition may not provide an absolute defense if past criminality is uncovered in the future, it is likely to assist in mitigating the impact that it would otherwise have. Again, one must take a holistic approach across the portfolio.
UK-based companies may also face the disgorgement of profits when dividends received are linked to earnings from contracts tainted by historical bribery. Any assets (e.g., licenses or valuable contracts) obtained by a subsidiary as a result of bribery will constitute the proceeds of crime. If any such assets are passed on to the parent company in the form of dividends, the parent will be deemed to have received criminal property, and may be subject to a civil recovery action – even if they have no knowledge of their subsidiary’s corrupt practices. This is another reason why effective anti-bribery and corruption due diligence is essential.
Successor liability under U.S. rules
In the United States, companies subject to the Foreign Corrupt Practices Act (FCPA) may be held criminally liable for the unlawful conduct of any entities they acquire. This is the case even if the unlawful behavior took place before the acquisition and was unknown to the acquiring company. The U.S. Department of Justice (DOJ) has made clear what it expects acquiring companies to do during pre-acquisition due diligence and post-acquisition integration to avoid running afoul of the FCPA. The danger for companies to be exposed to FCPA violations is present even when they only have fleeting contact with the United States.
It is not just the acquiring entity itself at risk. Parent companies can also face enforcement action if it can be shown that they participated in, directed or ratified their subsidiary’s actions, or if their subsidiary is regarded as their agent. Importantly, to start an investigation into the parent’s conduct, DOJ does not need to demonstrate conclusively that a parent company directed or took part in its subsidiary’s actions. Even if a parent is confident about the ultimate outcome of any potential prosecutorial action, the financial and reputational damage arising out of a government investigation into its oversight of a subsidiary’s acquisition and broader compliance failures can be significant.
DOJ adopts a case-by-case approach, so companies in the business of acquiring entities should ensure they do everything they can to show that anti-bribery and corruption due diligence and compliance are a top priority.
Important developments in Europe
Following a November 2020 ruling of France’s highest court, French companies may now be held criminally liable for offenses committed by acquired entities before their acquisition. The ruling overturns a long-established legal standard, and echoes similar developments in other European courts. It was relatively recently that the Court of Justice of the European Union held that a company’s criminal liability is transferred as part of its assets and liabilities when acquired. Only last year, the European Court of Human Rights found that civil fines against a company for antitrust violations committed by a newly acquired entity before its acquisition did not breach the principle that penalties must be specific to the offender; that judgment was based on the finding that “the acquired entity does not truly qualify as a ‘third party’ vis-à-vis the acquiring company.” The trend in Europe, it seems, is towards corporate accountability for the past wrongdoings of acquired entities.
An important related development is the European Commission’s push to introduce a legislative initiative imposing a mandatory duty on all companies operating in the European Union to conduct human rights and environmental due diligence. A new legal duty of this kind could have significant implications for private equity and private capital firms. It could require companies to put in place and maintain processes to prevent, mitigate, and account for adverse environmental and human rights impacts. According to the terms of an ongoing European Commission consultation, this duty could require companies to conduct due diligence not only with respect to their own operations, but also to those of entities throughout their value chains. This would encompass businesses involved across the full range of activities that add value to raw materials in designing, producing, and delivering a product to a customer. Firms should follow this developing initiative closely, given its potentially enormous impact on corporate due diligence.
How private capital investors should respond
To avoid the severe, wide-ranging and unpredictable consequences that anti-bribery and corruption risks can entail, we set out below the steps companies in the business of acquiring entities should take.
1. Undertake thorough pre-acquisition risk assessments and due diligence
Before an acquisition goes ahead, it is imperative that investors ensure thorough anti-bribery and corruption due diligence is undertaken. Without adequate due diligence, it will not be possible to establish whether corrupt practices exist and are persisting.
2. Ensure transaction documents account for anti-bribery and corruption risks
Transaction documents should include tailored anti-bribery and corruption disclosure and warranty clauses based on initial findings from pre-acquisition risk assessments and due diligence. This action alone is insufficient to alleviate investors’ post-acquisition exposure completely, but it may help to mitigate any damage arising further down the line if misconduct not previously identified is uncovered.
3. Quickly and carefully integrate newly acquired entities into the acquirer’s existing compliance program
Directors, officers, and employees of newly acquired entities should undertake mandatory training to bring them up to speed on their new owners’ compliance program. Where appropriate, agents and business partners should also receive training. Anti-bribery and corruption policies and procedures need to be rolled out across any new entities as soon as possible. This is especially important if newly acquired entities are located in higher risk jurisdictions, as a result of which they may not have had in place the robust policies and procedures expected by U.S. and European authorities.
This step is important as a preventative measure going forward. But it may also serve to demonstrate the acquiring company’s broader commitment to anti-bribery and corruption compliance. If historical misconduct is subsequently uncovered at an acquired entity, the acquiring company’s commitment in this area may prove to be a crucial factor for prosecutors in weighing up how to approach enforcement (e.g., whether to offer a DPA or to pursue a formal conviction).
4. Undertake a thorough post-acquisition anti-bribery and corruption audit
It is almost inevitable that an acquiring company will not have a full picture of a target company’s business practices until after the acquisition has completed. It is vital for an acquiring company to conduct thorough post-acquisition due diligence once all the information becomes available. This is particularly important when red flags have been raised during pre-acquisition due diligence.
5. Consider self-reporting any violations identified in post-acquisition due diligence, and remediate
When any misconduct is identified after an acquisition, the acquiring company must take immediate action and consider with its legal advisers whether a self-report is appropriate. U.S. and European prosecutors’ guidelines indicate that companies will be viewed more favorably in the course of enforcement actions when they promptly report violations to authorities, cooperate with investigations, and take action to remediate problematic conduct.
6. Take a holistic approach
Look at historical acquisitions and investments, and check whether steps were taken at the time to address bribery risks. Regularly monitor and audit bribery risks and compliance across the whole portfolio, to mitigate the risk of contagion and weak-link investments.
Back to top of page