2020 vision: minimising financial crime risk in US/UK M&A

The spread of criminal and regulatory laws into the corporate world has been underscored by a string of cases in the US and, more recently, the UK sparked by M&A activity. As a result, our transatlantic white collar crime defence and investigations group has seen an uptick in advising buyers and sellers on corporate transactions conducting targeted criminal and regulatory due diligence to assess and, if necessary, proactively remedy potential problems.

The stakes are high when buying or selling a business with criminal and/or regulatory issues. Buyers and sellers risk potentially damaging and long-running criminal and regulatory investigations. In addition buyers risk overpaying for an impaired asset and sellers risk future warranty claims and litigation brought by a purchaser.

Importantly, pre-sale and purchase due diligence benefits both buyers and sellers. Sellers conducting pre-transaction diligence can address issues and thus preserve value in a transaction. A buyer who identifies a concern during the run up to a transaction can (i) effectively weigh and address both remedial and preventative concerns when entering into a binding agreement and, importantly (ii) ensure the matter is dealt with in post-closing integration.

In view of the increasing enforcement risk we recommend all UK companies and executives engaging in US/UK M&A consider cross-border criminal and regulatory risks associated with target businesses. In particular, with the US famously taking an expansive view of its jurisdiction many non-US companies have learnt to their cost that US law enforcement has a long reach with significant adverse consequences if US laws are transgressed.

It is anticipated that strong US/UK M&A activity will remain in 2020 as the mists of Brexit uncertainty clear and some investment banks reportedly viewing UK stocks as undervalued. In parallel, we expect the trend of cross border criminal and regulatory specialists involvement in corporate transactions to likewise continue.

Targeted diligence by specialists is key

Accordingly, we recommend targeted and proportionate pre-transaction criminal and regulatory due diligence to minimise and/or avoid risk of enforcement and to ensure that post acquisition businesses are properly integrated.

Recent enforcement actions demonstrate that even where a law enforcement investigation is sparked by M&A activity, companies that identify problems in due diligence and take steps to deal with them (even in circumstances where misconduct continues post acquisition) are dealt with more favourably.

Conversely, where targeted and specific due diligence regarding possible criminal or regulatory risk is done poorly or not at all, there is heightened risk that a nasty surprise can emerge post closing. Worse, in the event that the subject matter is subsequently the subject of law enforcement investigation a lack of due diligence by the parties will be considered an aggravating feature when assessing any penalty resulting in larger fines.

Recent prominent areas of risk

While problems flowing from a lack of due diligence are as unnecessary as they are unwelcome, surprisingly there are plenty of cases. We have flagged some recent enforcement cases below that highlight the importance of criminal and regulatory due diligence and the integration of newly acquired businesses into a buyer’s compliance programme.

Notably, three particular areas of risk stand out (the examples below highlight them) namely, bribery, fraud and sanctions. It’s also worth noting that each of these can raise potential money laundering issues that in turn may trigger reporting obligations and/or criminal risk for failing to report for those involved in M&A in the UK.

Bribery: UK follows US lead

In 2019, after an 18-month SFO investigation, the seller of a company called Alca Fasteners was sentenced to two years imprisonment, was subject to confiscation of nearly £4.5m (and was ordered to pay the SFO’s costs of nearly £500,000). The action arose when, months after the closing of the acquisition, the acquirers of the company self-reported bribery they had uncovered to the SFO. The SFO press release reported that ‘to maintain the value of [the] company prior to selling it in 2017, [the seller]… lied to the purchasers… claiming that the company had not been involved in any unlawful conduct.’

Importantly no action was taken against either the buyer or the target company by the SFO, which noted in its press release: ‘the company and its new directors co-operated fully with the investigation, and no further action will be taken’.

Across the pond, US Foreign Corrupt Practices Act (FCPA) investigations following M&A activity have been a perennial.

As a result of the long history and broad scope of enforcement addressing such concerns, the US Department of Justice has an FCPA corporate enforcement policy regarding mergers and acquisitions.

The DOJ policy states, ‘… where a company undertakes a merger or acquisition, uncovers misconduct through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this policy (including… the timely implementation of an effective compliance programme at the merged or acquired entity), there will be a presumption of a declination’. A declination is a case that would have been prosecuted or criminally resolved except for the company’s voluntary disclosure, full co-operation, remediation, and payment of disgorgement, forfeiture, and/or restitution.

Both the DOJ and other regulators in the US have been involved in cases that illustrate these concerns.

Fraud: acquisition spawns transatlantic criminal and civil action

In an ongoing transatlantic saga, HP alleges that former Autonomy CEO Mike Lynch, and Sushovan Hussain, former Autonomy CFO, fraudulently overstated Autonomy’s value, resulting in Hewlett Packard overpaying by $5.1bn. The claims have resulted in ongoing civil litigation in the High Court in London with Lynch denying the claims. In the meantime, the US has filed a criminal indictment against Mr Lynch and he now faces extradition. In separate US proceedings Hussain has been found guilty of fraud. Whatever the outcome, the case highlights the potentially catastrophic consequences of not identifying a problem pre-acquisition.

Sanctions: US singles out M&A and leads the way

The US has led the way on sanctions enforcement to date with the UK efforts being somewhat muted. In 2019 the US Office of Foreign Assets Control (OFAC) specifically called out M&A as a risk area and took enforcement action on a number of cases following M&A.

The theme emerging from the OFAC M&A enforcement actions is that OFAC acknowledged and credited companies for conducting diligence attempting to prevent violations as well as ultimately disclosing the violations. If no diligence had been done OFAC penalties would have been much higher and failure to conduct diligence may have actually been viewed by OFAC as an aggravating factor in assessing penalty amounts.

Importantly in the 13 June OFAC settlement with Expedia (which involved subsidiaries acquired by Expedia post closing providing travel services to over 2,000 people to Cuba in violation of US regulations) OFAC specifically addressed the M&A as a risk saying:

‘This case illustrates the benefits persons subject to the jurisdiction of the United States … can realise by implementing corporate-wide compliance measures commensurate with their sanctions risks. US companies can mitigate risk by conducting sanctions-related due diligence both prior and after mergers and acquisitions, and taking appropriate steps to audit, monitor, train, and verify newly acquired subsidiaries for OFAC compliance… Foreign acquisitions can pose unique sanctions risks, to which a US person parent company should be alert at all stages of its relationship with the subsidiary.’

While targeted at sanctions violations, the statement has equal application to other similar criminal and regulatory laws.

In short, M&A criminal and regulatory due diligence undertaken by specialists and the integration of new businesses by buyers is critical. Parties who take insufficient steps do so at their peril.