The U.S. Department of Justice (DOJ) has introduced a new Safe Harbor Policy (hereafter referred to as the Policy) for voluntary self-disclosures made in connection with mergers and acquisitions (M&A). The Policy builds on prior DOJ actions, including:
The Deputy Attorney General’s September 2022 memorandum (Monaco Memo – see KPMG Regulatory Alert here)
DOJ’s initiatives on compensation and voluntary self-disclosures (see KPMG Regulatory Alert here)
What is it?
Similar to these other actions, the Policy is intended to incentivize voluntary self-disclosures from companies, hold individual wrongdoers accountable, and prevent companies from being penalized for lawfully acquiring other organizations. The Policy is designed for use in bona fide arms-length M&A transactions and only applies to criminal conduct discovered during pre-acquisition diligence or post-acquisition integration activities. It does not extend to misconduct that was otherwise required to be disclosed, already public, or known to the DOJ.
Under the Policy, acquiring companies have six months from the date of closing to disclose any misconduct discovered during the M&A process, whether before or after the acquisition. The Policy dictates that acquiring companies must remedy the misconduct within one year from closing, provide restitution to any victims, and disgorge any profits. According to the Policy:
Acquiring companies that promptly and voluntarily disclose criminal misconduct (discovered during the M&A process) within the safe harbor period can receive a presumption of declination.
Companies must cooperate with the ensuing investigation and engage in timely and appropriate remediation, restitution, and disgorgement.
If an acquired company is found to have violated certain regulations or laws, it may be eligible for benefits under the program, such as not being prosecuted for the violation. However, if aggravating factors are present, such as intentional or repeated violations, then the acquiring company may not be eligible for a presumption of prosecutorial declination.
Misconduct disclosed under the Policy will not affect any recidivist analysis at the time of disclosure or in the future.
If an acquiring company fails to perform effective due diligence to identify compliance violations at the target entity, or discovers misconduct and fails to report it, then the acquiring company may be held fully responsible for such misconduct through the principle of successor liability.
What does the Policy mean for deals?
Despite M&A activity falling from its peak in 2021, innovators’ appetite for dealmaking remains, and companies must ensure that they take a comprehensive approach to compliance. This requires companies to invest in thorough and timely pre-deal and post-deal compliance due diligence activities. Healthcare organizations that engage in M&A transactions should take heed of the Policy for voluntary self-disclosures and ensure compliance due diligence activities are applied before and after deal closure. Potential buyers should factor the Policy into their overall M&A strategies to put their organizations in position to benefit from these incentives. Specifically, buyers should:
Ensure that their compliance due diligence team consists of the right people, including attorneys and compliance personnel who can assess the effectiveness of the newly merged or acquired entity’s compliance program and identify potential concerns.
Review the policies, procedures, controls, and structures of the compliance program against the standards set forth by the Health and Human Services’ Office of the Inspector General and the DOJ.
Conduct targeted claims testing as part of pre-acquisition diligence, with expanded testing following deal closure.
Enhance internal policies, procedures, and processes related to high-risk areas, such as referral source arrangements, billing and coding, and agreements with research investigators.
Establish plans to accelerate the effective integration of newly acquired entities, along with a budget to address any compliance concerns or issues that are identified during pre- or post-acquisition diligence.
Assess compliance with the draft merger guidelines released by the DOJ and the Federal Trade Commission, which outlines their process for reviewing M&A transactions to determine compliance with federal antitrust laws.
Assess the arrangements made to allocate risk and financial resources after the acquisition to ensure sufficient funds are available to meet the requirements for disgorgement and restitution that may be applicable under the Policy.
In light of the new Safe Harbor Policy for voluntary self-disclosures in mergers and acquisitions, companies must prioritize compliance due diligence and establish plans for prompt remediation and restitution to ensure they are eligible for the benefits offered.