Inside M&A Fall 2014 | View Full Issue

Managing Compliance Risks in M&A Transactions

Buyers can acquire unintended and potentially very damaging liabilities together with target business or assets. Analyzing the financial situation of a target company, understanding its business model and assessing if the target is the right fit for acquisition demands experienced advisers. Unforeseen liabilities, if not properly mitigated, can undermine the commercial rationale underpinning the deal. Lawyers advising on the transaction have clear targets: minimize risks, allocate risks and maximize shareholder value.

Mergers and acquisitions (M&A) transactions are challenging in a lot of ways. Compliance issues are just one of many challenges in a transaction. The valuation of the target has to reflect reputational risks, as well as successor liability. Additionally, the deal structure and wording of the transaction document must reflect the compliance risks associated with the target’s business. During due diligence, a lot of attention goes to financial and operational analysis, as well as legal aspects, of the target company. But compliance risk management now plays an increasingly important role in M&A transactions.

Compliance Due Diligence

The objective of compliance due diligence is to define the target company’s compliance risk profile and uncover any red flags, including any past or ongoing violations of anti-bribery laws, antitrust regulations, data protection rules, trade regulations or worker safety requirements, naming some typical risk areas.

A first step in due diligence is to draw a compliance risk map for the target company in order to understand the concrete risk exposure. This diligence includes the analysis of sectorial risks, jurisdictional risks and counterparty risks. The compliance due diligence reviews compliance reports, incidents and the incident-handling procedure, evaluates existing compliance management programs and reviews the compliance culture at the target company.

Avoiding Successor Liability Under FCPA

The number of investigations under the U.S. Foreign Corrupt Practices Act (FCPA), together with the number of prosecutions by the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC), has significantly increased during the last years.

In the United States, the DOJ has high compliance due diligence expectations, and the successor in a stock transfer or merger is generally held liable for past violations of the target company. If a robust pre-acquisition compliance due diligence cannot be performed—for example, due to insufficient time in bidding procedures—the DOJ sees an obligation to implement a post-closing review plan for non-compliance and respective disclosure, upon detection.

In Europe, the successor liability can be limited if the infringement took place before the acquisition. However, the buyer must make sure that immediately after the acquisition an effective compliance program is enrolled in the acquired company. If non-compliance continues under the new shareholder, the shareholder will be held liable for not managing the compliance risk.

In some circumstances, successor liability may even attach in an asset purchase, for example when the purchasing company is merely a continuation of the selling corporation.

An entire transaction can fall apart if the involvement in corrupt business practices is not discovered. Appropriate due diligence will help to establish the true value of the target company and determine whether bringing the post-merger company into compliance could jeopardize the acquirer’s profitability or result in criminal liabilities for past violations.

Managing the Compliance Risks

Usually, buyers seek to avoid acquiring liability for non-compliance. Appropriate representations in the share or asset transfer agreement can ensure that the seller covers the costs of violations Sellers may also need to conduct a compliance due diligence to ensure that their disclosures and representations are not misleading.

Also, either the buyer or seller should perform in assessment of the FCPA Compliance program and the target’s compliance management system to determine whether the sale price could be challenged due to non-disclosed or non-discovered FCPA or other compliance issues.

M&A Transactions Increase Compliance Risks

The acquisition of a company often means a big organizational change, with many others likely to follow post-closing.

Empirical studies show that the more employees feel change, the bigger the compliance risk. Organizational changes in a company during post-merger integration can exacerbate compliance risks because they distract employees, create new control gaps and affect the company’s culture. This, in turn, affects worker behaviors and decisions.

Therefore, a successful post-merger integration will include compliance initiatives. Practice shows that multichannel compliance communication, as soon as practical before the change via direct managers and with a strong emphasis on integrity, reduces the observation rate of misconduct significantly (by up to 73 percent) and improves the perception of a culture of integrity (by up to 40 percent).

Post-merger Compliance Integration

The post-transaction period provides a unique opportunity to renew focus on compliance and implement a range of compliance improvements. While there are many demands on the new owner in transitioning and integrating the new business and its operations, the new owner should not overlook the opportunity during the post-transaction transition to improve compliance. The post-acquisition transition period opens the door to implement compliance efforts identified during due diligence or during the post-transaction period, improving the target business’ operational compliance going forward.

The compliance program of the acquirer should be rolled out to the acquired business directly after closing. Basic documents like the code of conduct, policies on gifts and hospitality, etc. should be communicated and trained to the relevant employees, even if certain reporting tools (for example, hospitality registers) can be implemented only at a later stage.

As contact person, a compliance manager can be very helpful to employees in the acquired business during this phase.


The early involvement of compliance expertise in an M&A project is one key factor to a successful acquisition. Compliance risks have to be identified during the pre-acquisition due diligence, which are then reflected in the acquisition documents, and then the business needs active management in the post-closing integration process.

You've Acquired a New Qualified Retirement Plan? Time for a Compliance Check

Jeffrey M. Holdvogt

In connection with a merger or acquisition, an acquiring company may end up assuming sponsorship of a tax-qualified retirement plan that covers employees of the acquired company. Basic due diligence on the plan likely was done during the acquisition. But if the plan will continue to be maintained following the acquisition, this is the perfect time to establish procedures to ensure that the numerous administrative and fiduciary requirements involved in maintaining a qualified retirement plan will continue to be met on an ongoing basis. Following is a brief summary of some key issues that a company should focus on after it assumes a new qualified retirement plan.

Review Compliance with Coverage and Nondiscrimination Testing

In order for the plan to retain its tax-qualified status, the Internal Revenue Code requires that a qualified retirement plan be tested periodically to ensure that it does not discriminate in favor of highly compensated employees. Two of the most important tests to be monitored are: (i) the coverage test, to ensure that the plan covers a stated minimum number of non-highly compensated employees on a controlled group (employer-wide) basis, and (ii) the nondiscrimination test, to ensure that the formula for determining the amount of contributions and benefits a particular participant receives does not discriminate in favor of highly compensated employees. Advance planning should be done to determine the impact of the acquisition on these tests, both for the new plan and any existing plans within the controlled group. Different rules may apply for determining which employees are highly compensated, depending on the type of transaction.

Become Familiar with the Plan’s Investments and Investment Policy

The acquiring company, or more typically a committee appointed by the acquiring company, will have fiduciary responsibility for selecting the plan’s investments, including the investment funds offered under a 401(k) or other individual account retirement plan. Plan fiduciaries, who likely will be newly appointed following the acquisition, must familiarize themselves with the fund lineup, obtain information to evaluate the funds and document how they monitor and select funds to ensure compliance with U.S. Department of Labor requirements. Plan fiduciaries also should familiarize themselves with the plan’s written investment policy or guidelines, refer to the investment policy or guidelines when meeting to discuss changes to plan investments and update the policy or guidelines, as needed.

Understand Plan Fees and Revenue Sharing

New plan fiduciaries should carefully review any revenue-sharing arrangements related to the plan and understand the plan’s use of so-called “12b-1 fees” and other revenue-sharing payments. Plan fiduciaries must understand the formula, methodology and assumptions used to determine the respective share of any revenue generated from plan investments by the plan’s service provider. Plan fiduciaries also must monitor the arrangement and the service provider’s performance to ensure that the revenue owed to the plan is calculated correctly and that the amounts are applied properly (for example, for payment of proper plan expenses or for reallocation to participants’ plan accounts).

Review Consultant, Investment Manager and Service Provider Agreements

Qualified retirement plan fiduciaries typically have agreements with various consultants, investment managers and service providers that carry over following an acquisition. This is a good time to review these agreements, both to understand the service providers (and whether they are still needed) and to make sure plan fiduciaries are set up to properly monitor and select new service providers, as needed. In particular, plan fiduciaries should understand whether the consultant or advisor represents itself to be a fiduciary or co-fiduciary of the plan, whether the consultant or advisor maintains adequate insurance coverage, whether fees are reasonable and whether any conflicts of interest exist.

Ensure the Plan’s Eligibility Provisions Reflect the New Controlled Group

The plan document will specify precise rules for employee eligibility. Following an acquisition, the acquiring company often must update the plan’s eligibility provisions to reflect the new controlled group. In addition, with new administrators and new human resources personnel likely to be looking at the plan, this is an ideal time to make sure the plan is following the eligibility and enrollment rules set forth in the plan document, including: (1) eligibility for or exclusion of part-time employees; (2) proper classification of independent contractors; (3) adherence to hours-of-service counting rules or the elapsed-time alternative; (4) re-enrollment of rehired participants; and (5) for automatic enrollment plans, proper automatic enrollment for eligible employees on a timely basis.

Check the Plan’s Definition(s) of Compensation

A plan’s definition of compensation is used for a variety of important purposes, including the calculation of an employee’s allocation in a defined contribution plan or benefit accruals in a defined benefit plan, adherence to limitations on allowable compensation and performing nondiscrimination testing. The plan document must specify precise definitions for applicable compensation for each purpose. Problems frequently arise following an acquisition because the payroll provider may change or key personnel who understood how compensation was applied under the plan may be gone. Also, the transaction agreement may require the continuation of certain benefit levels for a period of time, which in practice may require that the plan continue to apply the same definition of eligible compensation as before the transaction. Plan administrators should review payroll codes against the plan’s definition of compensation and make adjustments to either the plan or the payroll codes, as needed.

Review the Distribution Paperwork

The acquiring company will usually update the plan’s summary plan description and employee communications to reflect the new employer. However, distribution paperwork, including benefit election and rollover forms that the employee must complete, as well as descriptions of optional forms of benefits and other required disclosures, is often overlooked in the due diligence and transition process. If election forms are not periodically reviewed and updated, the plan may fail to provide all the correct options (for example, installments, annuities and lump sums, where available) or fail to require spousal consent for distributions, where it is required under plan rules.

Update ERISA Fidelity Bonds and Fiduciary Insurance Coverage

One of the most common failures noted by the Department of Labor during audits is a plan’s maintenance of an Employee Retirement Income Security Act (ERISA) fidelity bond. ERISA generally requires that every fiduciary of an employee benefit plan and every person who handles funds or other property of such a plan be bonded (for at least 10 percent of the amount of funds he or she handles, subject to a $500,000 maximum per plan for plans that do not hold employer securities) to protect from risk of loss due to fraud or dishonesty on the part of persons who “handle” plan funds or other property. The period after an acquisition is an excellent time to make sure the plan maintains appropriate bonds, as well as to make sure the company is adequately protected with fiduciary insurance coverage, which may be with the same insurer as the fidelity bond.

A Personal Interest in Compliance

Officers, executives and managers have a very personal interest in assuring that compliance efforts with U.S. federal, state and local law are effective—depending on the issue in question, noncompliance may expose the individual to personal liability. This potential for personal liability impacts all parties in a proposed sale transaction: the buyer, the seller and their officers and agents who are, or will be, involved in the target business. The following potential bases for liability are in addition to failing to observe corporate formalities, under the familiar doctrine of “piercing the corporate veil.” Coupled with the more expansive successorship liability available under U.S. labor and employment law, the potential personal liability for the employing entity’s noncompliance can be surprising and significant.

Typically, the organization that employs the individual executive or manager will indemnify the individual for liability resulting from actions taken within the scope of the individual’s duties that are in accordance with the company’s policies and in its best interests, and it may have corresponding insurance coverage. However, it is not uncommon for insurance coverage to be unavailable and, if the organization is financially unsound or contests the individual’s eligibility for indemnification, the personal financial exposure can be significant. Thus, it is incumbent on the individual to be aware of the areas in which there are potential personal exposure and exercise vigilance to maximize legal compliance by the organization.

Even where the organization has sufficient resources to defend a civil claim, the individual may face civil or other claims for several reasons. Most significantly, there is a risk of criminal prosecution in certain circumstances. For example, a California grand jury recently indicted an owner of a company and the company’s project manager when a day laborer died after the collapse of an unsupported excavation wall. The grand jury accused the individual defendants of manslaughter and willfully violating state occupational safety and health regulations If convicted, the individual defendants could receive up to a three-year prison sentence. [People v. U.S. Sino Investment Inc., Cal. Super. Ct., No. 214054] The employee’s survivors also have filed a wrongful death claim against the company and its owner seeking $25 million.

The Fair Labor Standards Act (FLSA) definition of an “employer” includes “any person acting directly or indirectly in the interest of an employer in relation to an employee …” In Irizarry v. Catsimatidis, 722 F.3d 99 (2nd 2013), the U.S. Court of Appeals for the Second Circuit held that the owner of a New York City grocery chain is personally liable for $2 million of a $3.5 million settlement of a wage and hour class action after the chain claimed financial inability to satisfy the settlement. Personal liability of the owner was appropriate because he had functional control over the enterprise as a whole and was heavily involved in its daily operations.

Such potential personal wage and hour liability is not limited to owners. For example, in Jang v. Woo Lae Oak, Inc. Chicago (No. 12-cv-00782 Dec. 12, 2013), the plaintiffs sued under the FLSA and the Illinois Wage Payment and Collection Act, claiming that the restaurant and certain individuals, including a supervisor, failed to pay them minimum wage and overtime, required them to pay credit card processing fees for customer charges, and failed to make deductions and payments for Social Security, Illinois Employment Security, worker’s compensation insurance and state and federal income taxes. The supervisor, who had no ownership interest and was not an officer, denied that she had the type of authority required to render her liable as an employer, and moved to be dismissed from the lawsuit. However, the district court denied the motion because under the “economic reality test” there were fact questions, including, among other things, whether she was responsible for hiring and firing workers and setting their schedules and whether she had a hand in overseeing the restaurant’s financial transactions and accounting.

Sometimes a plaintiff sues an individual for lost wages because the plaintiff has no other means of recovery. For example, the plaintiff may be faced with an employer that is judgment proof. If the plaintiff sues the employing entity and the executive and/or managing individuals and the employing entity file for bankruptcy, the bankruptcy law provides for an automatic stay of the litigation against the employing entity. However, the claims against the individual defendants are not automatically stayed and may be pursued by the plaintiffs in many situations.

Even if the employing entity possesses sufficient funds to defend a lawsuit and satisfy any judgment, sometimes the plaintiff joins individuals as defendants in order to put additional pressure on the entity to resolve the matter. Such claims may impede the individuals’ ability to secure a loan (such as financing for a real estate purchase) or require reporting the potential liability to comply with pre-existing loan covenants or for other reasons. Additionally, such claims create the potential for adverse publicity. In other words, the claims against the individuals, at the very, least present an irritant that may cause them to influence the entity to resolve the dispute.

Potential personal liability may exist beyond the area of wage and hour/wage payment statutes, and may depend on both federal and state and local laws. On the one hand, the federal courts generally have held that there is no personal individual liability under certain federal civil rights statutes, including Title VII of the Civil Rights Act of 1964, the Age Discrimination in Employment Act of 1967 and the Americans with Disability Act. However, many states provide for potential personal liability in their counterpart civil rights statutes, and the federal and state laws are not mutually exclusive.

Normally, there is no personal liability under the federal National Labor Relations Act, which protects the rights of non-supervisory employees to organize a union or engage in other protected, concerted activity, or under the federal Worker Adjustment and Retraining Notification Act, which requires notice of mass layoffs and plant closing, in certain circumstances. Similarly, an individual normally does not have potential liability for compliance with worker’s compensation laws or the contract between an employer and its employee (with some exceptions based on wage payment violations that the executive/manager knowingly permit).

However, an individual who is not an officer may be liable under the Family and Medical Leave Act (FMLA), where the individual controlled , at least in part, the plaintiff’s ability to take FMLA leave and the restoration of the plaintiff to his or her former position on return from leave. Similarly, the federal Uniformed Services Employment and Reemployment Rights Act defines an employer to include “any person, institution, organization, or other entity that pays salary or wages for work performed or that has control over employment opportunities.” (Emphasis added.) Under the Internal Revenue Code, an individual may be responsible for an employer’s failure to collect, account for and pay federal withholding taxes to the government, where the individual is a “responsible person” for collection and payment of the employer’s taxes and he or she “willfully” fails to pay the taxes.