DOJ Introduces New Safe Harbor Policy

DOJ Introduces Safe-Harbor Policy for Disclosing Uncovered Misconduct During Mergers and Acquisitions

If Your Organization May Acquire or Be Acquired by Another Corporate Entity, Be Mindful of the Critical Importance of Corporate Compliance

On October 4, 2023, the Department of Justice (“DOJ”), through Deputy Attorney General Lisa Monaco, announced a new safe-harbor policy for voluntary disclosures of corporate misconduct uncovered in connection with merger-and-acquisition (“M&A”) transactions.

While the recent announcement adds certain specifics and details concerning the benefits of voluntary disclosures in the M&A context, it may be more appropriately seen as the government’s latest effort to encourage and incentivize corporate entities to identify and investigate misconduct through the operation of robust and effective corporate compliance programs, and then to promptly disclose the misconduct to the government.

Beneath all the fanfare surrounding this announcement (as well as various other announcements over the years concerning benefits corporate entities might earn by voluntarily disclosing misconduct), the government is clearly seeking to motivate corporate entities to prioritize and fund compliance efforts – and DAG Monaco has provided, by way of this most recent announcement, compliance professionals with strong, substantive talking points to drive home to corporate leadership the vital importance of compliance in mitigating corporate risk.

Applying Safe-Harbor:

Application of this new policy will result in a presumption of declination of criminal prosecution when acquiring companies:

  1. promptly and voluntarily disclose criminal conduct within six months of the date the transaction closes (regardless of whether the misconduct was discovered before or after the acquisition),
  2. cooperate fully with DOJ’s investigation, and
  3. engage in appropriate remediation, restitution, and disgorgement within one year of the transaction closing.

DOJ will apply a “reasonableness analysis” to these specified safe-harbor time limits, considering the individualized facts, circumstances, and complexity of the transaction at issue, and thereby allowing for potentially extended deadlines on a case-by-case basis. However, corporate entities that discover misconduct relating to national security or involving “ongoing or imminent harm” – and DOJ almost certainly would argue that any issue even tangentially impacting patient health or well-being poses a risk of ongoing or imminent harm – should not wait until the specified deadlines to self-report.

Additionally, the new DOJ policy makes clear that acquiring entities will not be penalized for “aggravating factors” (such as executive-level involvement in the misconduct, or misconduct that is egregious or pervasive, repeated, or highly profitable) that occurred at the acquired entity. Moreover, even the acquired entity may be eligible for the benefits of voluntary disclosure, including possible declination of criminal prosecution, if “aggravating factors” did exist at the acquired entity. And misconduct at the acquired entity will not be factored into any recidivist analysis conducted by DOJ of the acquiring entity at the time of the voluntary disclosure or in the future.

Exceptions and Implementation:

Significantly, this policy only applies to criminal misconduct discovered in the M&A context where the transaction at issue is bona fide and arms-length, and it specifically does not apply to conduct that is:

  1. already public,
  2. known to DOJ (even if only through a whistle-blower claim that has not yet been vetted or investigated by the government), or
  3. otherwise required to be disclosed by the company.

Notably, these exceptions to application of the safe harbor are fairly enormous – and do not apply to civil or foreign-government enforcement actions.

Finally, the policy will be instituted department-wide, with each component of DOJ (including, among others, the U.S. Attorney’s Offices and the Consumer Protection Branch, which along with U.S. Attorney’s Offices prosecutes FDC&A violations), tailoring application of the policy to fit each component’s mandate and enforcement regime, as well as permitting each component to determine how best to implement the policy in practice.

Key Takeaways:

Corporate entities that wish to avoid successor liability through the acquisition of other entities should:

  1. fully integrate and closely consult with compliance professionals,
  2. conduct effective and thorough due diligence, and
  3. timely remediate – and potentially voluntarily disclose – any misconduct identified before, during, or after the close of the transaction at issue.

Meanwhile, target and potential target corporate entities should remember that failure to implement robust and effective compliance controls will lead, at a minimum, to heightened risk, and may result in significant liability (criminal and/or civil) that may be uncovered and disclosed by the acquiring entity at any time, before or even after the close of an M&A transaction.

How MedPro Systems Can Help:

Our diverse team of in-house compliance professionals and attorneys actively track US and international regulations to ensure our customers understand, meet, and comply with their disclosure obligations across countries, associations, and more.

We offer tailored compliance program development, proactive education, and on-call support; policy and SOP generation; compliance gap auditing; and more – all to ensure you’re always up to date and compliant with the latest changes impacting your operations.

Learn more about MedPro’s Compliance Advisory Services here:

Similar Posts