Banner artwork by Summit Art Creations / Shutterstock.com
Proven strategies for navigating compliance challenges in mergers and acquisitions
Mergers and acquisitions (M&A) are part of many companies’ growth strategies, and the market is not showing signs of slowing down. While M&A can create significant opportunities both for the target company and the buyer, these deals also may pose potential compliance risks for the buyer. These risks can result in financial, legal, and/or reputational consequences. Some risks may not be apparent even with extensive due diligence; however, a proactive and organized approach to reviewing transactions can help mitigate the likelihood of costly mistakes.
First key: Know your company
To effectively identify risks in a target company, compliance professionals on an M&A team must have a deep understanding of their own company, its culture, compliance program and applicable regulatory landscape. That knowledge serves as a benchmark for comparing with the target company’s culture, policies, procedures, and overall compliance framework. Compliance professionals who lack a broad understanding of their company, its processes and regulatory environment may not be well-positioned to serve as key liaisons on the deal team as they may not be able to effectively spot issues or know when to involve more specialized colleagues. If trade compliance or anti-corruption knowledge is key in an industry or transaction, then the compliance professional may need to have a strong awareness of those topics and the buyer’s processes/positions in those areas.
Second key: Create and maintain a risk universe
When time is available in advance of a transaction, it can be incredibly beneficial to create a risk universe. For example, an industry specific listing of risks common and relevant to the transaction (government interactions, international operations, significant outsourcing). Compliance professionals should also evaluate the risk universe from the perspective of the target company, considering the industry and geographic locations in which it operates. It also makes sense to run through a list of standard compliance topics and include those in the risk universe. As always, a “risk based” approach is key.
The risk universe can help inform M&A diligence related tools:
- A library of due diligence questions can be developed to identify deal specific questions as needed. These questions serve as a failsafe, ensuring that relevant topics are considered for each deal, without having to build a question set from scratch each time.
- A risk assessment that assigns specific weights based on the presence or absence of certain factors, such as international business operations, use of third-party intermediaries or government clients. The results of the risk assessment on a transaction can determine the level of diligence or support assigned to the deal team, as well as levels of approval required in the case of potential red flags.
- Identify early on whether external support may be needed on certain niche topics, such as forensics, specialized legal counsel, or investigators.
- Identify what due diligence processes (rather than questions) may be needed to support the transaction, such as screening of the target entities and related individuals, consideration of conflicts of interest.
- Create as many templates as possible. In particular, partner with M&A leads/coordinators to create a standardized compliance due diligence report. Compliance professionals can create a new, tailored version at the start of a specific transaction and keep populating it as content for the report is identified. If the diligence phase is lengthy, this can help minimize the risk of identified issues “falling off the radar” and makes it much easier to finalize the end report.
Over time, this risk universe is a living document that should be reviewed and updated to keep pace with developments within the business and regulatory environment.
Third key: Be an effective team player
This is crucial for success in a compliance professional role and is undoubtedly critical in a fast-paced deal where timelines are often shorter than usual (ideally everything was done yesterday!). Compliance is often seen as an impediment to business rather than a valued partner. M&A transactions present an opportunity to showcase the compliance team’s role in supporting and enabling the business. It may sound obvious, but it is key to partner with business and operations colleagues to identify their key drivers and concerns. Know which colleagues may have this information for the target and coordinate with them to present a united, organized front, speaking with one voice. The same applies to human resources — ethical culture and morale are important data points for compliance professionals. Human resources may request codes of conduct, employee surveys and investigation numbers — all items are of supreme importance to compliance professionals. Being able to use these colleagues as sounding boards and coordinating outreach not only makes sense from an efficiency standpoint but also shows the business that compliance can be a trusted adviser and partner that can be relied on to keep the diligence moving smoothly.
It may sound obvious, but it is key to partner with business and operations colleagues to identify their key drivers and concerns.
Lastly, know when it is appropriate to move from written due diligence questions to a phone call with the target company’s compliance team. Consider the deal dynamics and timing and whether a quick (or lengthy) call with the target may help clear up confusion or ambiguity. A well thought out agenda and asking open-ended questions are both important elements here. It may still be necessary to request a follow-up written response, however, sometimes phone call notes may need to suffice.
Fourth key: Know what is important
Throughout the process, stay focused on what is important. Compliance professionals want to be thorough, and it can be tempting to highlight every risk in the hope that “nothing is missed.” When preparing a due diligence report however, the business usually wants to know deal breakers or price influencing issues. It is important to highlight hidden acquisition or integration costs or potential unknowns, however, it is okay to not have material compliance issues on a deal. It may mean that the business has chosen a target with a good fit for your company. Let the facts lead you to the conclusions and be able to distinguish issues that can be remediated during integration and those that cannot.
Comfort can also be drawn from reps and warranty insurance, when it is available, for unknown/undisclosed issues.
Fifth key: Holistic review of transaction documents
Review of M&A transaction documents is critical, as these documents set out the responsibilities of the seller and those of the buyer. Compliance professionals should advise the business not only on the risks associated with the acquisition of the target but also the obligations of their own company under the transaction documents. Obligations may read as perfectly reasonable to legal colleagues, but those more closely involved in the day-to-day processes (such as sanction screening, complaints handling, etc.) may immediately assess that a particular commitment is unworkable.
Compliance professionals will want to make sure that risks from the acquisition of the target are mitigated but also ensure that their own company does not agree to terms that are inappropriate or otherwise unacceptable.
These documents may or not have been drafted by the buyer’s legal counsel and a lot of the content is often influenced by the parties’ external counsel, who consider what is standard in the M&A market. Compliance professionals are unlikely to be the drivers of these documents, however, they should be involved in reviewing the transaction documents as early as possible in the process. Compliance professionals should carefully review the transaction documents and compare them with the information disclosed during due diligence (whether in documents or via interviews). Disclosure schedules should reflect information disclosed during diligence and any discrepancies should be flagged to deal colleagues as early as possible.
Final thoughts
No one can catch every issue or potential red flag. Artificial intelligence (AI) has already started to assist with data room document review and is likely to not only reduce the manual “lift” required to sift through hundreds of documents but also help identify potential compliance risks. However, as anyone with experience using AI knows, so far nothing can replace years of human expertise in detecting minute discrepancies and exercising professional judgment to determine what issues warrant escalation to overstretched deal teams.
Traditional compliance risks have not gone away, and new ones continue to emerge in a quickly evolving technological and regulatory landscape. By maintaining a proactive and thoughtful approach, compliance professionals can continue to thrive as trusted partners to business colleagues, helping them achieve sustainable and balanced growth while managing risks.
Disclaimer: The information in any resource in this website should not be construed as legal advice or as a legal opinion on specific facts, and should not be considered representing the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical guidance and references for the busy in-house practitioner and other readers.
