Long before a deal is signed in ink, a company’s compliance and legal team should be involved in the vetting process, writes Severin Wirz.
With the warm days of summer upon us, news of yet one more takeover bid might seem like déjà vu. In late May, US medical-device group Stryker confirmed that it was evaluating a bid for UK-based Smith & Nephew. Before that, GlaxoSmithKline announced a major three-part deal to acquire Novartis’ vaccines business. In June, Minneapolis-based medical device maker Medtronic announced a $43 billion bid to acquire Dublin-based rival Covidien. The reality starting to set in is that 2014 stands to be a record year for mergers and acquisitions with a blistering $3.51 trillion in deals estimated to be set by year’s end.
What to make, then, of this frenzy of M&A activity, especially with so much of it happening in the life sciences and medical device industries? Mergers not only help boost a company’s book value but are also highly attractive to many US companies in search of lower corporate tax rates abroad. Experts have remarked that with many companies facing expiring patents and decreased revenues, the growing M&A trend in the pharmaceutical industry is unlikely to abate anytime soon.
It pays to be cautious
But companies in search of an “easy buck” through an acquisition may end up getting more than they bargained for. That’s because successor liability laws transfer a whole host of liabilities from the target company to the purchaser in an acquisition, including criminal and civil liability stemming from past wrongdoing.
For example, a full decade after buying orthopedic device maker DePuy Inc. in 1998, Johnson & Johnson ended up paying $77 million in fines and penalties to the Department of Justice and Securities & Exchange Commission due to the subsidiary’s widespread bribery activity in Greece at the time of the acquisition. Expect the latest round of mergers to similarly arouse scrutiny from U.S. government regulators, and those companies that have ignored compliance issues in their pre-acquisition due diligence to suffer buyer’s remorse later on.
Think compliance early on
Long before a deal is signed in ink, a company’s compliance and legal team should be involved in the vetting process. One reason why compliance should have a seat at the M&A table early on is so that they stay informed of upcoming deals in the pipeline in order to marshal the necessary resources prior to the announcement of a takeover bid. Once it is determined that the company is serious about acquiring a target company, the first step should be to assess the target’s initial risk profile.
Asking certain key questions at the outset will help determine the target’s risk level and the scope of any future due diligence. For example:
· What, if any, compliance program already exists at the company? Having zero pre-existing compliance is certainly not fatal to the deal, but is a good thing for the acquiring company to know in assessing risk.
· Does the acquisition contemplate a full share purchase or just an asset purchase of the target company? The latter will carry less successor liability for past wrongdoing.
· What laws is the target company currently subject to? The acquisition of a company does not create jurisdiction where none existed before.
· What is the ultimate appeal of the target company? Acquiring an expanded market share carries different risk from solely purchasing new technologies or patents.
Assess the risks
After this preliminary stage, the buyer should develop a better idea of how the target company conducts its business and what are its touch points for regulatory risk. The next step should be to focus the due diligence on those issues that pose the highest degree of risk, be they antitrust, trade and customs compliance, anti-money laundering, anti-bribery, or compliance with applicable local laws. M&A due diligence teams often include anti-corruption specialists, for example, who concentrate on distinct issues from the matters reviewed by the transaction due diligence team.
Each team will want to work alongside the legal department in drafting document requests and interviewing key employees of the target company. In the often hectic days before signing a deal, much of the challenge lies simply in coordinating the various due diligence teams and ensuring that they are not duplicating each other’s efforts. Access to one common online dataroom, for example, is practically a must-have for M&A deals in which due diligence teams do not share the same office.
What information should be reviewed during the investigation will depend largely on the type of risk presented. At the very least, the company’s legal, accounting, and compliance departments will want to analyze the target’s sales and financial data, its customer contracts, as well as its third-party and distributor agreements. For certain heightened risks, compliance may seek to audit selected transactions engaged in by the target or conduct due diligence on the target’s primary third parties. The acquirer should also conduct due diligence on the target’s key employees, looking not only for evidence of past wrongdoing, but also to understand the culture of the organization and the roles, capabilities, and attitudes of its people.
Determining what to do with evidence of prior wrongdoing presents its own unique challenges. Not all wrongdoing will be a deal breaker, of course, especially if the target is already aware of the problem and presents evidence of having conducted its own remediation. But other times, the acquirer may unearth new issues that the target was unaware of, which can be more troublesome and may even require regulatory disclosure. The target’s response and degree of transparency in those situations will often dictate the tone of the deal.
Beware of mines
In practice, however, regulatory landmines rarely lie just beneath the surface. Instead, M&A due diligence will usually reveal potential compliance red flags that simply evidence areas of heightened risk. Quite often, compliance professionals may need to rely on a more basic, guttural reaction in deciding whether the company’s risk is worth the cost. Done properly, pre-acquisition due diligence can be essential to acquirers in deciding whether to accept a deal and determine the price they are willing to pay.
Developing a post-acquisition plan to fully integrate the target company into the buyer’s compliance program may also help mitigate some of these concerns. The acquiring company should ensure that its anti-corruption policies and procedures are implemented within the newly merged entity and that the target’s directors, officers, employees, agents, consultants, representatives, and joint venture partners are promptly trained on applicable laws and the company’s related policies. All red flags raised during the pre-acquisition process should be thoroughly explored and any employees found to have engaged in prior wrongdoing should be appropriately disciplined.
Be safe, not sorry
In today’s heady bull market, many will seek to exploit the M&A boom. But companies would do well to be cautious of who they choose to bed with, lest they wake up with regrets the following morning. Expect compliance officers to play an increasingly important role as gatekeeper, which, in the end, is good news for business.