DOJ Announces New Department-Wide Mergers & Acquisitions Safe Harbor Policy and Emphasizes Expanded Focus on National Security Corporate Crime

On October 4, 2023, Deputy Attorney General Lisa Monaco delivered a significant speech at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute.[1] The DAG announced a new DOJ-wide policy on voluntary self-disclosures in the context of mergers and acquisitions, and underscored the DOJ’s focus on national security-related corporate crime.

Mergers & Acquisition Safe Harbor Policy

The Department’s new “Mergers & Acquisitions Safe Harbor Policy” (the “Safe Harbor Policy”) establishes a presumption that companies that take certain steps to disclose and remediate misconduct in the context of mergers and acquisitions will receive a declination. Although some DOJ divisions had already established Voluntary Self-Disclosure (“VSD”) policies in the context of mergers and acquisitions, the new Safe Harbor Policy is the first such policy that applies Department-wide and extends to the full range of corporate criminal offenses, including antitrust violations, FCPA violations, environmental crimes, and sanctions and export control violations. Additionally, the Safe Harbor Policy provides more clarity regarding DOJ’s expectations of acquiring companies that identify misconduct in the due diligence process, including important guidance regarding the timetables for disclosure and remediation, the impact of aggravating factors and the nature of the benefit to be received.[2]

The DAG underscored that the Safe Harbor Policy is intended to ensure that compliance has a “prominent seat at the table” during mergers and acquisitions and to “incentivize the acquiring company to timely disclose misconduct uncovered during the M&A process.”

The key characteristics of that policy are as follows:

• Presumption of Declination: Under the Safe Harbor Policy, an acquiring company that makes an appropriate disclosure, remediates misconduct and cooperates with an ensuing investigation will “receive the presumption of a declination.”
• Established Deadlines: A company must disclose “misconduct discovered at the acquired entity within six months from the date of closing . . . whether the misconduct was discovered pre- or post-acquisition.” A company will “have a baseline of one year from the date of closing to fully remediate the misconduct.” The DAG explained that these “baseline” deadlines will be “subject to a reasonableness analysis because we recognize deals differ and not every transaction is the same” and based on “the specific facts, circumstances, and complexity of a particular transaction, those deadlines could be extended” by prosecutors.
• Consideration of Aggravating Factors: Under the Safe Harbor Policy, aggravating factors will be treated differently in that they “will not impact in any way the acquiring company’s ability to receive a declination.”
• No Criminal History Consequences: According to the DAG, misconduct disclosed under the Safe Harbor Policy “will not affect any recidivist analysis at the time of disclosure or in the future,” meaning such conduct would not be factored into the calculation of a company’s criminal history in future matters.
• Acquired Entity Covered: Under the Safe Harbor Policy, an acquired company may also be able to benefit from the VSD. Specifically, the DAG explained that “unless aggravating factors exist at the acquired company, that entity can also qualify for applicable VSD benefits, including potentially a declination.”[3]
• Scope of Application: The Safe Harbor policy will “not apply to misconduct that was otherwise required to be disclosed or already public or known to the Department.”[4] Furthermore, the policy will not “impact civil merger enforcement.”

The DAG stated that “[e]ach part of the Department will tailor its application of this policy to fit their specific enforcement regime, and will consider how this policy will be implemented in practice.” Particular departments within DOJ may offer further guidance on their implementation of the Safe Harbor Policy.

In light of this new Safe Harbor Policy, acquiring companies should consider whether they have developed diligence processes and dedicated sufficient resources to timely review potential misconduct at companies they are acquiring.

Expanded Focus on National Security Corporate Crime

The DAG also highlighted the “rapid expansion” of “national security-related corporate crime,” describing it as “the biggest shift in corporate criminal enforcement that I’ve seen during my time in government.” Warning that the “the tectonic plates of corporate crime have shifted,” the DAG stated that “national security compliance risks are widespread; they are here to stay; and they should be at the top of every stated compliance risk chart.” Those risks extend beyond sanctions to include everything from “terrorist financing, sanctions evasion, and the circumvention of export controls, to cyber- and crypto-crime.”

The DAG said that DOJ was undertaking a “dramatic expansion of our corporate enforcement efforts in the national security realm, as we confront new risks that threaten our collective security.” The DAG announced that the DOJ would be putting additional resources into these cases, including by increasing by 40% the number of prosecutors in the Criminal Division’s Bank Integrity Unit, which focuses on financial institutions that violate U.S. sanctions and the Bank Secrecy Act. Those resources come on top of the previously announced creation of a Chief Counsel for Corporate Enforcement in the National Security Division (“NSD”) and the addition of 25 new corporate criminal prosecutors in NSD.[5] Additionally, the DAG highlighted that DOJ is developing “new tools and remedies to punish and deter”—including in recent cases where DOJ required a divestiture as part of a corporate criminal resolution.

We will continue to report on developments in this space.

                                                                                                                          *       *       *

[1]       DOJ, Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions (Oct. 4, 2023), available here. We previously discussed a September 2023 speech by Principal Deputy Associate Attorney General Marshall Miller that previewed these themes. See Paul, Weiss, DOJ Previews New Guidance on Voluntary Self-Disclosures in Mergers and Acquisitions While Signaling Continued Focus on Corporate National Security Crimes (Sept. 27, 2023), available here.

[2]       See DOJ, Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (updated Jan. 2023), available here.

[3]       Certain existing DOJ guidance on VSDs has emphasized that the misconduct must be reported soon after the discovery of the potential misconduct. See, e.g., DOJ, Antitrust Division Leniency Policy and Procedures (updated April 2022), available here (to qualify for corporate leniency, the Antitrust Division requires that the applicant “promptly reports” the misconduct to DOJ); DOJ, NSD Enforcement Policy for Business Organizations (updated March 1, 2023), available here (the National Security Division requires that a VSD from a business organization be submitted “within a reasonably prompt time after” the company becomes aware of the potential violation). Given that existing guidance, it remains to be seen whether DOJ will offer a declination to the acquired company if their management was aware of the misconduct but failed to promptly report it.

[4]       This could mean that an acquiring company would not receive the benefits of the Safe Harbor Policy if DOJ was already aware of the misconduct at issue, such as through a whistleblower or a VSD from another company.

[5]       We discussed that announcement in a prior Client Alert. See Paul, Weiss, Recent DOJ Announcement Signals Continued Surge of Resources to Combat Corporate National Security Crime (Sep. 14, 2023), available here.