Key Steps for Ensuring Regulatory Compliance in M&A: New Voluntary Safe Harbor Policy Updates | J.S. Held

[author: Ryan Pisarik]


In the dynamic realm of mergers and acquisitions, staying abreast of regulatory changes is paramount. The Department of Justice’s (DOJ) recent introduction of the Safe Harbor Policy for Voluntary M&A Self-Disclosures signifies a clearer delineation of current compliance standards. This policy, aimed at promoting transparency and ethical business practices, requires attention from companies engaged in M&A activities.

When Deputy Attorney General Lisa O. Monaco announced the new policy in early October, she stated, “Going forward, acquiring companies that promptly and voluntarily disclose criminal misconduct within the Safe Harbor period, and that cooperate with the ensuing investigation, and engage in requisite, timely and appropriate remediation, restitution, and disgorgement – they will receive the presumption of a declination.”

“As a baseline matter, to qualify for the Safe Harbor, companies must disclose misconduct discovered at the acquired entity within six months from the date of closing. That applies whether the misconduct was discovered pre- or post-acquisition. Companies will then have a baseline of one year from the date of closing to fully remediate the misconduct.”

While anti-corruption policies are certainly not new to the realm of M&A compliance, the fact that the DOJ has laid down such explicit timelines is an unprecedented move that shows the DOJ’s commitment to enforcing ethical business practices.

The Safe Harbor policy will have far-reaching implications for businesses across the global M&A community – including corporations, law firms, private equity firms, governmental agencies, and more.

How Will the New Safe Harbor Policy Impact Your Business?

Under this policy, companies are asked to adhere to stringent deadlines for reporting and remediating misconduct. Failure to comply can result in dire consequences, including full successor liability that extends not only to the company but also to its officers and directors. This policy serves as a clarion call for companies to elevate their compliance standards, ushering in a new era of transparency and accountability.

In short, the Safe Harbor policy mandates that businesses step up their due diligence, compliance, and remediation efforts. Specifically:

  • The policy demands meticulous attention to reporting and remediating misconduct within stipulated timeframes, ensuring swift actions against any misconduct.
  • Companies must adopt a comprehensive, risk-based approach to compliance, tailored to the specific nuances of each transaction, ensuring a clearer understanding of potential risks.
  • Failing to meet the deadlines or addressing misconduct in a timely manner can expose your business to negative ramifications including financial liability and legal repercussions.

Steps Your Company Can Take to Comply to the Safe Harbor Policy

To comply with the new Safe Harbor policy, businesses should implement more rigorous compliance measures both pre-transaction and post-closing.

Pre-Transaction Merger & Acquisition Due Diligence

During the pre-transaction period, businesses often have limited visibility into the companies they are acquiring, but there are still important steps that can be taken in this phase to expedite the due diligence process.

  • Integrate anti-corruption and FCPA specific testing into the due diligence phase, offering a comprehensive view of the target company’s compliance landscape.
  • Develop a robust risk profile, assessing bribery and corruption issues, thereby identifying potential gaps in the current anti-corruption compliance program.
  • Conduct interviews with key personnel.
  • Identify and address compliance gaps.
  • Coordinate resources for post-closing testing and integration of the acquired company into your current compliance program, ensuring a seamless transition.

Enlisting the guidance of an expert consultant in due diligence, anti-corruption, and corporate governance compliance can help companies navigate these steps within the mandated timeframe.

Post-Closing Merger & Acquisition Guidelines

Once the deal is closed, the true investigative work begins, and again, time is of the essence. Now it is important to:

  • Develop a comprehensive anti-corruption/FCPA risk assessment, offering granular insights into potential vulnerabilities.
  • Devise a meticulous plan for testing the areas at the highest risk for bribery and corruption at the newly acquired company.
  • Engage legal counsel to assess the ramifications of any identified misconduct, offering a strategic approach to resolution and legal compliance.
  • Promptly remediate any identified issues or misconduct, taking swift corrective actions.

In addition to engaging legal counsel, companies should consider utilizing an expert in digital forensics and data analytics to perform a deeper dive into an acquired company’s financial history.

Tailor Your M&A Due Diligence Efforts

Tailoring due diligence efforts for each individual transaction is pivotal to success. Consider risk factors such as the countries the target company operates in, revenue and key financial metrics, prior internal audit findings (including bribery/corruption/FCPA issues), existing compliance resources, and the nature of the target’s operations. Delve into the target’s market strategy, its participation in activities such as government tenders and sponsorships, and other high-risk areas. This tailored approach ensures a nuanced understanding of potential risks, allowing for proactive mitigation.


In conclusion, the Safe Harbor Policy for Voluntary M&A Self-Disclosures clarifies the government’s position, placing heightened importance on compliance and due diligence. Companies must be timely and diligent, assessing their risks and integrating compliance efforts seamlessly into their M&A strategies.

Given the complexity of these new regulations, seeking expert assistance is not just beneficial; it’s invaluable. Expertise in due diligence, anti-corruption measures, data analytics, compliance, and forensic auditing/testing can mean the difference between a successful merger and a legal quagmire.


We would like to thank our colleague Ryan Pisarik, CPA, CFE, CAMS, CFF for providing insight and expertise that greatly assisted this research.

Leave a Comment

Your email address will not be published. Required fields are marked *