DOJ Announces New Mergers & Acquisitions Safe Harbor Policy for Voluntary Self-Disclosures

On October 4, Deputy Attorney General Lisa O. Monaco addressed the Society of Corporate Compliance and Ethics and announced a new Department-wide Mergers & Acquisition (M&A) Safe Harbor policy. According to the new policy, the US Department of Justice (DOJ) will presumptively decline to prosecute acquiring companies that promptly and voluntarily disclose any criminal misconduct within six months from the transaction closing date and fully remediate the misconduct within one year.


The DOJ previously addressed voluntary self-disclosure in the context of mergers and acquisitions transactions. In 2008, the DOJ’s Foreign Corrupt Practices Act Unit published an Opinion Procedure Release involving Halliburton (the Halliburton Release), an energy company, in which the Department said it did not intend to take any enforcement action against Halliburton for misconduct it self-disclosed and remediated post-acquisition pursuant to certain parameters outlined in the release, even though Halliburton had not performed FCPA and anti-corruption due diligence prior to the transaction. Ultimately, Halliburton did not proceed with the transaction. Like all opinion releases, the Halliburton Release only applied to that specific proposed transaction.

In the Halliburton Release, the DOJ outlined several steps that Halliburton would be required to complete in order to avoid an enforcement action if it proceeded with the transaction. The requirements included retaining external legal counsel and third-party consultants, including forensic accountants, to conduct comprehensive due diligence of the target company and remediate any issues identified as a result of the due diligence as soon as possible. The Halliburton Release further specified that the due diligence would need to include an examination of the target company’s records, including emails, financial and accounting records, and interviews of relevant personnel. It also imposed reporting obligations on Halliburton, including submitting a risk-based due diligence work plan to the DOJ, as well as periodic reports on the results of due diligence. In addition, if Halliburton chose to continue working with any of the target company’s agents and third parties following its acquisition, it would need to execute new contracts that included FCPA warranties, anti-corruption provisions, and audit rights. Finally, the release required Halliburton to impose its code of conduct and any FCPA and anti-corruption policies on the target company immediately after acquisition, and conduct training for the target company’s officers and employees within a few months of acquisition.

In March 2023, Monaco announced that every DOJ component engaged in corporate criminal enforcement now has a voluntary self-disclosure policy in order to enhance transparency and predictability. She explained that “when companies promptly disclose misconduct, fully and in a timely manner, they can take advantage of the programs’ benefits in any type of case, in any part of the Department, and in any part of the country.” This year, the DOJ stood behind this policy and declined to prosecute Corsa Coal Corporation for FCPA violations because the company timely and voluntarily disclosed misconduct and cooperated with the government.

New M&A Safe Harbor Policy

Now, the DOJ is taking steps to officially reinforce the voluntary self-disclosure policy in the context of the mergers and acquisition process. The M&A Safe Harbor policy will apply Department-wide, and each department is expected to tailor its application to fit their specific enforcement regime. This means the safe harbor framework will apply to corruption, money laundering, sanctions evasions, national security, and other types of criminal conduct.

To qualify for the safe harbor, the acquiring company must:

  1. Disclose the misconduct at the newly acquired company within six months from the date of the closing, regardless of whether the misconduct was discovered pre- or post-acquisition; and
  2. Fully remediate the misconduct within one year of the closing date.

The timing baselines are subject to a reasonableness analysis and an analysis of the specific facts pertaining to the transaction.

In addition, the DOJ made clear that aggravating factors will be treated differently in the M&A context and will not affect the acquiring company’s ability to receive a declination. Aggravating factors could include involvement by executive management in the misconduct, pervasiveness within the company, and profit to the company from the misconduct. Finally, any misconduct disclosed under the Safe Harbor Policy will not be factored into future recidivist analysis for the acquiring company.

According to Monaco, the government does not want to discourage companies with effective compliance programs from lawfully acquiring other companies with ineffective compliance programs or a history of misconduct. Instead, it aims to incentivize acquiring companies to timely disclose misconduct discovered during the M&A process. In addition, the government continues to emphasize corporate responsibility in holding individual wrongdoers accountable.  

Takeaways for Transaction Teams and Compliance Departments

  • Perform robust due diligence: The M&A Safe Harbor Policy highlights the need for thorough due diligence during the acquisition process. Ensure that your due diligence can detect potential misconduct.
  • Start early: Begin anti-corruption due diligence early in the acquisition process. Waiting until the transaction has nearly closed will make it harder to appropriately and efficiently respond to any uncovered misconduct or to terminate the transaction.
  • Continue due diligence post-closing: After the closing and gaining full access to the target’s corporate books and records, conduct a thorough post-closing audit.
  • Disclose on time: Although the DOJ indicated that the disclosure deadlines are flexible based on specific facts, be prepared to self-report any misconduct within six months from the closing date.
  • Review the target’s compliance program: Evaluate whether the target company’s compliance program is adequate under the DOJ’s Evaluation of Corporate Compliance Programs. Understanding the current state of the target’s compliance program will help you develop a remediation strategy if any misconduct is discovered during the acquisition.
  • Remediate and integrate: A well-designed compliance program includes comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls. You should have a strategy and formalized process for putting your compliance program into the target company as quickly as practicable, and it should be specifically tailored to address any issues identified during the post-closing transaction testing and auditing of high-risk areas.

While the application of the Safe Harbor Policy is case specific, companies should find comfort in the presumption of a declination with early and voluntary self-disclosure.

A copy of Deputy Attorney General Lisa O. Monaco’s October 4 speech can be found here.

FCPA Fox Talk Series

Join Peter V. B. Unger and the team at ArentFox Schiff on October 23, 2023, for a virtual “FCPA Fox Talk” to discuss the new M&A Safe Harbor Policy. The team will share practical tips on successful M&A due diligence strategies, pitfalls to avoid, and what the new policy means for you and your business.

Peter V. B. Unger has served as a monitor on several World Bank corruption-related settlements and with the assistance of the co-authors, recently served as counsel to the monitor on a large four year international DOJ and SEC FCPA-monitorship.

Join us on October 23 at 12:30 pm EDT. Register here.


Continue Reading