Kirkland Alert

DOJ Announces New Safe Harbor Policy to Encourage Acquiring Companies to Timely Disclose Misconduct Uncovered During M&A Transactions


Deputy Attorney General Lisa Monaco recently announced that the Department of Justice has adopted a new Mergers & Acquisitions Safe Harbor Policy, in remarks delivered at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute on October 4, 2023. Under the Safe Harbor Policy, acquiring companies will receive a presumption of declination of prosecution if they: (1) promptly and voluntarily disclose criminal misconduct within six months from closing of an acquisition, (2) cooperate with the DOJ’s investigation and (3) engage in timely and appropriate remediation, restitution and disgorgement. The Safe Harbor Policy, which will be applied department-wide, is a continuation of the DOJ’s efforts to incentivize voluntary self-disclosure and encourage companies to prioritize compliance.

The key takeaways of the Safe Harbor Policy include:

  • The Safe Harbor Policy applies only to criminal conduct discovered in bona fide, arms’-length M&A transactions (rather than conduct that was otherwise required to be disclosed or is already known to the public or the DOJ) and does not affect civil merger enforcement.
  • To qualify for safe harbor, companies must report misconduct identified at the acquired company within six months of closing, regardless of whether the misconduct was discovered before or after the acquisition, and acquirers will then have one year from the date of closing to fully remediate the misconduct. 
  • The baseline timeframes for disclosure and remediation are subject to a reasonableness analysis and may be extended by the DOJ depending on the facts and circumstance of each transaction.
  • Aggravating factors will be treated differently in the M&A context. The presence of aggravating factors at the acquired company will not impact the acquirer’s ability to obtain a declination, but they may prevent the acquired company from receiving the benefits of voluntary self-disclosure, including potentially a declination.1
  • Misconduct disclosed under the Safe Harbor Policy will not be factored into any recidivist analysis for the acquirer at the time of disclosure or in the future.

As explained by DAG Monaco, “the last thing the Department wants to do is discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs and a history of misconduct.” The DOJ expects companies to invest in strong compliance programs, conduct timely due diligence and integration, and provide compliance with a “prominent seat at the deal table” so that an acquiring company can de-risk a transaction effectively.

The DOJ is positioning the Safe Harbor Policy within the context of a broader focus on financial crimes enforcement. 

DAG Monaco highlighted the shift in the DOJ’s corporate criminal enforcement in relation to national security-related crimes, which intersect with terrorist financing, sanctions, export controls, and crypto- and cyber-related misconduct. Notable examples included the first-ever corporate guilty plea made by the French cement firm Lafarge SA in October 2022 for supporting terrorism, in which Lafarge SA admitted paying the Islamic State and an al Qaeda affiliate to protect profits and subsequently agreed to more than $775 million in penalties. In April 2023, British American Tobacco agreed to pay more than $635 million to U.S. authorities for violating U.S. sanctions after a subsidiary admitted to selling tobacco products in North Korea. And in September 2023, the DOJ announced its first-ever criminal resolution for sanctions violations from illicit sales and transport of Iranian oil.   

The DOJ recently added the first-ever Chief Counsel for Corporate Enforcement and 25 new prosecutors to the National Security Division and increased the number of prosecutors in the Bank Integrity Unit, which is responsible for prosecuting financial institutions that violate sanctions and the Bank Secrecy Act. In light of the above, companies should take note of this shift and re-examine their exposure to national security risks in the context of M&A activity.

The “Safe Harbor Policy” continues the DOJ’s long-standing support for self-disclosure and cooperation.

The DOJ has addressed self-disclosure in the context of M&A transactions in the past. For instance, in a 2008 opinion procedure release, the DOJ indicated that it would not take enforcement action under the Foreign Corrupt Practices Act against Halliburton or its acquisition target in a take-private transaction, despite Haliburton’s inability to conduct robust pre-acquisition anti-corruption due diligence. The DOJ outlined an agreed-upon phased plan of post-acquisition due diligence, giving Halliburton 180 days to identify and disclose any pre-acquisition misconduct. The new Safe Harbor Policy similarly uses a 180-day disclosure window, but acquirers do not need to demonstrate the impossibility of conducting robust pre-acquisition compliance diligence to receive the benefits of self-disclosure. 

Outside of the M&A context, the DOJ historically has encouraged voluntary self-disclosures. Following a one-year pilot program, in 2017 the DOJ announced a permanent FCPA self-disclosure policy, providing a presumption of a declination for companies that timely and voluntarily self-disclosed, fully cooperated and appropriately remediated misconduct, absent aggravating circumstances.  

Similarly, the Department of Treasury’s Office of Foreign Assets Control historically has applied a 50% penalty discount for sanctions violations that companies proactively identify and voluntarily self-disclose.

Just over a year ago, DAG Monaco announced that all DOJ units prosecuting corporate crime would be adopting written policies on voluntary self-disclosure to ensure consistent enforcement based on the core principle that “absent aggravating factors, the Department will not seek a guilty plea where a corporation has voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated the criminal conduct.”  

The new Safe Harbor Policy demonstrates the DOJ’s intention to continue to encourage and reward companies that prioritize compliance and are proactive in identifying and remediating misconduct. 

Implications for Companies 

Companies that wish to avoid successor liability in M&A transactions may want to ensure that they conduct effective due diligence by including legal/compliance officers in transactions early on and working with specialist outside legal counsel and other experts, where appropriate. Where the circumstances of a particular transaction limit the scope of pre-investment due diligence, such as in the case of a take-private or a competitive auction process, companies also will want to consider undertaking a deeper review post-closing of higher-risk acquisition targets. Pursuing measures such as forensic transaction testing, targeted audits and similar efforts to identify historical misconduct may provide acquirers a greater opportunity to take advantage of the Safe Harbor Policy. In cases where an in-depth review of historical conduct is not called for, acquirers should still ensure that they have appropriately identified going-forward compliance risks and confirm that the acquired company either has been integrated into the acquirer’s compliance program or has an effective compliance program of its own in place. In addition to written policies, procedures, training and reporting channels, well-designed compensation programs are increasingly seen by the DOJ as an important component of corporate compliance programs, both to encourage compliance culture and to deter employee misconduct. Companies should also consider including guidance on the new Safe Harbor Policy in their M&A processes.  

While the Safe Harbor Policy is an additional factor to consider when evaluating the merits of self-disclosure, companies should continue to make self-disclosure determinations on a case-by-case basis in light of the specific facts and circumstances at hand. 

1. DAG Monaco did not provide further elaboration on this point in her statement. Generally, it is a common principle under the DOJ’s voluntary self-disclosure policy that “absent aggravating factors, no department component will seek a guilty plea where a company has voluntarily self-disclosed, cooperated and remediated the misconduct” and each division has “tailored its policy to serve its specific mission”, see here and here. It remains to be seen how this new guidance will be applied in enforcement actions, and whether it will materially alter the voluntary self-disclosure calculus in the M&A context.

This publication is distributed with the understanding that the author, publisher and distributor of this publication and/or any linked publication are not rendering legal, accounting, or other professional advice or opinions on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use. Pursuant to applicable rules of professional conduct, portions of this publication may constitute Attorney Advertising.