Due Diligence of Compliance in M&A

5 May 2017

In February 2017, the Fraud Section of the US Department of Justice (DOJ) published its Evaluation of Corporate Compliance Programs. This guidance pursues a duty of care onus upon the Acquirer in M&A due diligence to ensure misconduct risks are adequately identified. Any subsequent actions taken against the acquirer for misconduct will take into account mitigation commitments made in the due diligence phase as when determining possible liability protections.

Such measures to identify potential vulnerabilities should be included to any leading due diligence framework without the threat of an enforcement action. Executive and the Board will have greater confidence in the projected outcomes and the need for pre-emptive actions to manage risk exposures. Furthermore, potential opportunities to grow revenues within agreed risk tolerances are clearly defined through deeper and more accurate insights.

When embarking upon a transaction, Executive should be scrutinised for their ability to design, assign and make accessible compliance that assist situation assessments and dynamic growth. A number of issues to continuous monitoring can be identified by the below strategies:

Responsive Executive

If the ‘conduct at the top’ of the target company is non-committal and reluctant to provide face time to outline governance and specific risk controls, that should raise some doubts about the culture of best practice.

Stress Testing

To test the efficiency of internal controls, simulated stress testing can deliver a rich set of portfolio metrics, harness collaboration across divisions, increase efficiency, and promote strategic risk-taking. Forensic accounting professionals may be the preferred personnel to consider such a program. Furthermore, such experts may best be retained by Legal Counsel in order to protect their findings under legal privilege.

Supply Chain Transparency

As many developed jurisdictions have or are considering supply chain transparency under a Modern Slavery legal framework, valuation of a target company valuation should be factored by the practice suppliers and major customers in their engagement to mobilise a labour force.

Third-Party Risks

Closely examine agreements with key agents going back several years, looking at commissions, payments and any irregularities. Particular attention should be given to the nature of data and how information security is incorporated to the third party relationships. This is especially so for many open-source repository models and mission criticality.

A Global Governing Network

It is always best to maintain an accurate footprint of jurisdictions where a company operates to ensure stakeholders are aware of the cooperative network between various government authorities.

Compliance Integration

Each enterprise has unique methods to analyse risk. It is important to ensure that a target company not only meets expected stand-alone thresholds of governance but can also integrate to the acquirer’s operating model, industry peer standards, local regulation and governing touch points.

Leave a Reply

Your email address will not be published. Required fields are marked *