Mergers + Acquisitions: 5 Tips For Navigating FCPA Risks

Crystal R Jezierski January 31, 2023

Among the risks inherent in a merger or an acquisition, few bring the financial and reputational consequences of the U.S. Foreign Corrupt Practices Act (“FCPA”).


The FCPA prohibits the offer, promise, authorization, or payment of money or anything of value, either directly or indirectly, to a foreign official, private individual, or entity, to obtain or retain government business. Enacted in 1977 in response to incidents of American companies bribing foreign officials to obtain lucrative government contracts, its enforcement is now among the most prominent white collar enforcement tools used by the U.S. Department of Justice (“DOJ”) and the U.S. Securities and Exchange Commission (“SEC”). Companies that operate globally, particularly in emerging or politically unstable markets, and that also have operational activities in the U.S., should include the FCPA among their highest legal risks.

Take for instance these notable enforcement actions:

  • $5 MILLION: TechnipFMC plc– The global oil and gas services company agreed to pay more than $5 million to resolve violations of the FCPA’s anti-bribery, internal accounting controls and recordkeeping provisions by FMC Technologies prior to its 2017 merger with Technip.S.A. for conduct related to Iraq.
  • $13 MILLION: Cadbury Limited/Mondelez International – The global snacking business agreed to pay a $13 million penalty for FCPA violations occurring after Mondelez (then Kraft Foods Inc.) acquired Cadbury and its subsidiaries, including one in India that proceeded to make illicit payments to obtain government licenses and approvals for a chocolate factory in Baddi.
  • $45 MILLION: Pfizer– SEC charged the pharmaceutical company for illegal payments made by its subsidiaries to foreign officials in Bulgaria, China, Croatia, Czech Republic, Italy, Kazakhstan, Russia, and Serbia to obtain regulatory approvals, sales, and increased prescriptions for its products. Pfizer and recently acquired Wyeth LLC – charged with its own FCPA violations – agreed to pay a combined $45 million in their settlements.

What You Need to Know

The FCPA presents a unique challenge in the merger and acquisition context. The legal principle that “when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities” has been termed by the DOJ and the SEC as an “integral component of corporate law.”[1] This is particularly impactful in the FCPA context where FCPA related internal investigations can cost a company several million dollars, take years to resolve, and result in fines and penalties in the hundreds of millions of dollars. Contracts and lines of business the target company obtained illegally may be lost and profit resulting from the misconduct may need to be disgorged or factor into fines and penalties required to be paid. In extreme cases, if the value of a target company is based on business later learned to have been obtained through bribes, the true value of the target company will be impacted. For example, following one prominent FCPA enforcement action, a merger agreement was terminated as a result of conduct at the target company uncovered by the acquiring company that resulted in an FCPA enforcement action against the target company.

While a company with a well-functioning compliance program will regularly conduct anti-corruption risk assessments and audits, among other practices, to prevent and detect potential anti-corruption misconduct, are often limited or prohibited from conducting the same of the company they have targeted to merge with or acquire. And yet, as noted above, the acquiring company can be held criminally liable and subject to fines and penalties as a result of this misconduct. Particularly, if the conduct continues following the merger or acquisition.

Tips For Navigating FCPA Risks in Mergers and Acquisitions

Recognizing the challenges companies face, DOJ and the SEC included a discussion on its expectations for companies proceeding with a merger or acquisition. In their 2020 Resource Guide, the DOJ and SEC advise that “more often [they] have pursued enforcement actions against the predecessor company (rather than the acquiring company), particularly when the acquiring company uncovered and timely remedied the violations or when the government’s investigation of the predecessor company preceded the acquisition.”[2] Prior FCPA enforcement actions suggest that, assuming an acquiring company itself has not engaged in conduct that violates the FCPA, acquiring companies can avoid FCPA liability if they (1) ensure prior misconduct at the target company ends before the merger or acquisition closes so that the successor company does not continue the corrupt activity, (2) remediate the prior misconduct as quickly as possible and practical, (3) disclose any misconduct found to DOJ and the SEC, and (4) in a timely and good faith manner integrate its compliance program into the target company’s operations.

Top 5 Recommendations for Putting This into Action

  1. Make sure your own house is in order. As the successor company the obligation is on you to prevent a violation of the FCPA or to detect prior or ongoing misconduct at the acquired company. In order to do this effectively, your own compliance program and related practices must be operating at its highest level of effectiveness. If your company is entering into, or in the midst of, a growth strategy built around mergers and acquisitions, take a look at your existing program and make sure your risk assessment and monitoring practices, in particular, are strong and recently refreshed. These will be two of your key tools for successful pre-acquisition anti-corruption due diligence and post-acquisition integration of the legacy company into your anti-corruption compliance program.
  2. Be strategic. If you know your company is entering a merger and acquisition phase, consider whether you need enhanced resources, or dedicated resources, to managing the compliance work necessary to steer your company through the associated compliance risks.
  3. Perform whatever pre-acquisition due diligence you’re able to conduct. Ideally, you can perform pre-acquisition due diligence that will allow you to look under the hood of the soon to be acquired (or merging) company in order to understand their operations, review their current compliance controls and approach, and be briefed of prior issues and matters of concern. In reality, this level of due diligence prior to the transaction closing isn’t always possible. As noted above, there are some instances where the acquiring company is unable to have any contact or communication with its merger or acquisition target. Even in these circumstances, any due diligence you can conduct from publicly available sources, whether reviewing news reports or attempting boots-on-the-ground review, should be pursued in order to develop a risk profile that will allow you to hit the ground running with your risk assessment of the acquired or merged company upon closing the transaction.
  4. Conduct a Thorough Risk Assessment as quickly as possible. Be sure to speak with the front line of all facets of the new business operations. Similarly, fully map out the new business processes and controls so that you immediately begin work of building your program into the legal company’s operations. Finally, consider conducting this risk assessment in phases so that you don’t have to wait to complete the full review before addressing your highest risks.
  5. Develop a long-term integration plan. Often the people you need on the ground to manage transition immediately after the transaction are not the same people who are best suited to building the compliance program in the legacy company over the long-term. Be prepared to place someone strong in change management in the early days while also identifying someone to hold the post longer-term to integrate the culture of compliance ethics you’ve set at the successor company into the legal merged/acquired company.

The Bottom Line

With the many facets of risk to consider during a merger and acquisition, it may benefit a company to engage the support of compliance or FCPA-specific subject matter experts to help conduct due diligence. The cost of not doing so can be significant.

[1] U.S. Department of Justice and U.S. Securities and Exchange Commission, A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition (2020) p. 29.

[2] U.S. Department of Justice and U.S. Securities and Exchange Commission, A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition (2020) p. 30.

Crystal Jezierski wearing a black shirt and a red scarf smiles for the camera

Crystal R Jezierski

Senior Managing Director

Crystal R. Jezierski assists organizations with the design and implementation of global compliance programs; remediation during government enforcement actions; risk assessments; compliance program operations, management, and oversight; compliance training; and conducting internal investigations. She was most recently with the US Chamber of Commerce where she advised on legal and compliance risks including Board of Directors and organizational governance; federal, state, and local campaign finance and lobbying; data privacy; and congressional oversight.