In spite of the fact that there is no legal obligation to conduct such verifications, they can be useful for companies when assessing corruption risks related to the corporate changes of this kind and preparing the organization that is acquired/to be merged with for its integration into the anti-corruption system of the acquiring company.
For the purposes of the guide:
- merger is defined as an operation that results in the transfer of the assets of one company to another existing company (acquisition of assets/takeover) or the establishment of a new company by these (consolidation);
- acquisition is an operation that results in the acquisition of the capital of a company by another company with the former remaining an autonomous legal person.
Part one of the guide is centered on the assessment of different kinds of risks related to the acquisition/merger, including:
1) financial risks concerning potential expenditures:
- if the organization that is being acquired is subject to an investigation into a violation of anti-corruption legislation, considerable expenditures may be needed for an internal investigation, cooperation with the investigation and the payment of potential fines; besides that, the investigation/prosecution and their coverage by the mass media may adversely affect the reputation of the company that is being acquired, decreasing its economic value and/or affecting the image of the acquiring company;
- an update of the compliance programme of the organization that is being acquired may require expenditures in the event that the latter was obliged to do so as a result of having been held liable;
2) legal risks regarding legal succession with respect to:
- administrative liability and obligations to update the compliance programme: AFA highlights that in the case of acquisition such obligation rests on the company that is being acquired, however the acquiring company can be also held accountable by the sanctions committee (an AFA’s division responsible for ensuring accountability for the failures to comply with the requirements regarding the adoption of compliance programmes); in the event of merger/takeover the sanctions committee may hold accountable only the company that is established as a result of merger/the acquiring company, as the prior legal person ceases to exist;
- civil liability: according to the guide, in the event of acquisition such responsibility rests on the company that is being acquired, in the case of takeover it is the acquiring company that it held liable, and in the event of consolidation the responsibility is handed over to the newly established company.
- criminal liability: in the event of acquisition such liability does not shift to the acquiring organization, but the mere fact of the prosecution of the organization that is being acquired (or of its personnel) may serve as a pretext for the acquiring organization to conduct additional verifications to prevent such offences in the future or to detect other possible offences. In the case of merger/takeover the liability of the enterprise that is taken over/participates in consolidation does not shift to the company that acquired it/is established as a result of consolidation (with the exception of the situations when the illegal action continues after the respective transaction to merger/take over is completed). The guide stresses that the Court of Justice of the European Union is of the opposite view, considering that in the case of merger by takeover the responsibility to pay the fines for criminal offences, committed by the company that is being taken over, shifts to the company that takes it over.
3) operational risks: the acquiring company may use the findings of an anti-corruption verification as a pretext for withdrawing from the transaction if they indicate the presence of considerable risks. Moreover, if the verification uncovers facts of corruption, the acquiring organization should take the necessary corrective measures as soon as possible after the transaction is concluded.
Part two of the Guide is focused on the anti-corruption verification procedure. AFA underlines that the scope of verifications should be proportional to the objectives to be achieved (depending, for instance, on the size of the company that undergoes the verification) and the degree of exposure of the company undergoing the verification to corruption risks. Such risks may depend on geographic footprint, presence of third parties/intermediaries, frequency of interaction with public bodies, etc.
In order to conduct verifications the individuals in charge may be either appointed from among the personnel of the company or contracted on an outsourcing basis. It is also reasonable to include in the group that conducts verifications the individuals who have the knowledge of and experience in different fields: jurisprudence, finances, compliance, human resources management, and the like. The individuals in charge gather and analyse targeted information, received in the course of surveys, interviews, documentary research, etc., and submit a report on the findings and identified risks to the governing body and, if necessary, integrate the company that is being acquired in the existing compliance system.
According to the guide, the verification may be conducted either before the contract for merger/acquisition is signed or after the transaction is concluded.
In the first case the scale of the verification can be limited by the uncertainty of further action: the company that is being acquired can refuse to provide the requested information in order to guard its trade secret, as at this stage there is no guarantee that the transaction will be definitely concluded. In this case AFA recommends that a “letter of intent” is drafted, thereby the acquiring organization formalizes its intention to conclude the transaction and assumes the responsibility to preserve the confidentiality of all data received from the company that is being acquired.
At this stage the verification is aimed at:
- studying the history and the activities of the company, the structure of its shareholders, managers and beneficial owners;
- detecting possible links with politically exposed persons and the extent of interaction with public officials;
- getting an idea of the main components of the anti-corruption programme (for example, if a code of conduct, anti-corruption policy and corruption risk map, etc. are in place);
- detecting the cases of corruption in which the company may be involved (information about ongoing investigations/trials);
- verifying if there are sanctions of French or foreign authorities in force against the company.
Relevant information may be gathered through open sources, for instance, free or commercial public databases, and requests of information sent to the company that is being acquired (surveys and submission of documents).
In the period when the contract is signed but the transaction is not technically concluded, an additional verification of the acquired company may be conducted. At this stage, in particular, the following information may be requested:
- about third parties (clients, suppliers, intermediaries), which are particularly exposed to corruption risks according to the risk map of the company;
- about mechanisms of internal control, notably, over high-risk transactions, gifts and invitations, donations and sponsorship contributions;
- about the effectiveness of reporting mechanisms (for example, the information about tracking recent reports of alleged corruption offences).
Part three of the Guide is devoted to the audit of the anti-corruption measures, adopted by the company that is being acquired, after the transaction to merger/acquire is concluded. AFA recommends that such audit is conducted independently of the scale and objectives of the previous verification with a view to:
- detect the flaws of the system of anti-corruption measures of the acquired company;
- ensure the compliance of the system of anti-corruption measures of the acquired company with its specific risks;
- define the corrective actions that would bring the system of anti-corruption measures in line with legal requirements.
The audit of anti-corruption system may include, among other things:
- analysis of the risk map;
- verification of separate transactions, based on the risk map, with accounting and financial instruments;
- analysis of the submitted reports of alleged corruption offences and their tracking by the company;
- review of the policies and procedures of the third parties that are particularly exposed to corruption risks (selection procedure, analysis of bids, contracts, payments that have been made, etc.).
The system of anti-corruption measures of the acquired organization should further be integrated into the system of the acquiring company. To this end, it is necessary to define the steps to take in the course of anti-corruption audit. These may include, for instance, the drafting or update of the risk map, or additional training of the personnel. At the same time the acquiring company may learn from the experience of imposing some effective or cutting-edge anti-corruption measures of the acquired company.
If anti-corruption audit has uncovered corruption offences, companies should take measures to put an end to the illegal action and prevent such practices in the future. In addition, AFA reminds that voluntary disclosure of information about the offences that have been detected to the law enforcement bodies may further become a valid argument in support of a settlement (convention judiciaire d’intérêt public, CJIP) with that organization.