Bribery and corruption risks in acquisitions

Amid a surge in global mergers and acquisitions, regulators are increasingly holding organizations responsible for the bribery, corruption and fraud found at the entities they purchase. Data analytics is becoming an important tool in a due diligence process that’s more important than ever for companies seeking to avoid such risks.

When a well-known pharmaceutical company acquired a competitor in the late 2000s, it created a global health care powerhouse by expanding its operations, product lines and manufacturing capabilities. Little did it know, however, that it had also inherited significant bribery risk that would ultimately cost the company millions of dollars.

Soon after the pharmaceutical firm had closed the acquisition, a due diligence review of the acquired company’s operations revealed evidence of illicit activity, which was ultimately reported to the Securities and Exchange Commission (SEC). Several years later, the SEC alleged that subsidiaries of the acquired company had been bribing government doctors across multiple countries in Asia well before the acquisition. In the scheme, doctors promoted products to patients in exchange for cash and other incentives, which were concealed using fake invoices. The two companies eventually agreed to separate settlements amounting to tens of millions of dollars in disgorgement and prejudgment interest to the SEC.

Such cases are hardly rare, but they illustrate the importance of conducting thorough pre-deal anti-bribery and corruption due diligence and the repercussions of failing to do so. The potential impact of hidden bribery and corruption risks on a company are extensive and may include convictions of employees and executives, mounting compliance costs, reputational damage and loss of future business.

While the consequences of these risks are abundantly clear, signs of bribery, corruption and fraud are often less obvious — especially prior to closing a deal — as such illicit activities are intrinsically elusive. Some legal experts say that organizations often underestimate these liabilities even though they may be held responsible for the corrupt practices of a target organization if they fail to carry out proper due diligence during the acquisition phase. (See “FORUM: Managing corruption risks in M&A pre- and post-transaction,” Financier Worldwide magazine, Feb. 2018.)

Data-driven due diligence

By conducting high-quality due diligence, the acquiring company can preemptively identify potential liabilities. In doing so, acquirers may reduce or avoid post-transaction scrutiny from regulators and punishment, such as fines and prosecution of employees. Moreover, due diligence provides the acquirer the opportunity to terminate the transaction if it determines that the acquisition would bring excessive exposure to risk and higher compliance spending. Beyond the regulatory benefits, conducting due diligence may help the buyer better assess the true market value of the seller’s company. The discovery of substantial corruption and bribery risks may allow the buyer to negotiate a better price and terms.

Conducting due diligence can be complicated, however. Buyers often face competition and are under pressure to complete the acquisition quickly, and due diligence can slow the process. Reviewing mountains of documents, conducting risk assessments, evaluating the compliance programs of the target, and examining issues identified are time-consuming and can delay the transaction. But there’s one solution that buyers can leverage to accelerate the process — technology.

One technological application that can enhance and accelerate the due diligence process is data analytics. Data analytics not only offers considerable time and cost savings to buyers but it can also lend a competitive edge in uncovering liabilities and risks at a time when activity in the M&A market has reached new highs.

Merger mania

The recent surge in M&A activity across the globe has only meant that proper due diligence to detect bribery, corruption and fraud in target companies is all the more critical. A surging stock market, cheap debt funding, deep cash coffers, the popularity of special purpose acquisition companies (SPACs) and optimism about future economic growth have all driven a spike in mergers and acquisitions. [A SPAC, or what’s sometimes called a “blank-check company,” is a special purpose vehicle set up for the sole purpose of acquiring another company typically using capital raised through an initial public offering (IPO). See “What You Need to Know About SPACs,” SEC, May 25 2021.]

The M&A market saw its strongest start to the year in 2021 since records began in the 1980s, according to Refinitiv data. The value of announced transactions across the globe in the first half of 2021 reached $2.8 trillion, a 131% increase from the same period a year ago. (See “Global M&A surges to record high for third straight month,” by Patturaja Murugaboopathy and Gaurav Dogra, Reuters, June 4, 2021.)

CEOs are targeting companies across the world for potential M&A. And the global scale of such activity only brings added complexities as organizations try to navigate cultural differences and seek to purchase assets in countries where sometimes corruption, bribery and fraud are common. Indeed, statistics on corruption worldwide show that the odds of an organization with global ambitions coming across instances of wrongdoing are high. According to the 2020 Corruption Perceptions Index by Transparency International, about two-thirds of the countries surveyed by the organization are moderately or highly prone to corruption, indicating that corruption risk is a global challenge. (See page 4 of the Transparency International report, “Corruption Perceptions Index, 2020.”)

Some industries within those countries may be more exposed to bribery and corruption risk than others. One such example is a sector that’s heavily reliant on government permits or approvals and interfaces directly with the local governments. Additionally, buyers should consider cultural norms of the business community in the country or region of the target company. One example is a gift or reward made to a business contact or government official, which may be considered a bribe in some countries but may well be a cultural expectation in others.

Regulatory risks

In addition to geographic and industry-specific challenges in rooting out bribes and corrupt activities, the growth of anti-corruption regulations and enforcement necessitates a heightened awareness of the risks posed and the need to conduct due diligence prior to any acquisition.

The U.S. Foreign Corrupt Practices Act (FCPA), the U.K. Bribery Act and similar regulations in European countries differ but they all pose successor liability risks to companies seeking to expand their global footprints. (See “Post-acquisition anti-bribery and corruption liability – a growing area of transactional risk,” by Ann C. Kim, Liam Naidoo and Arthur Dethomas, Hogan Lovells, 2021.)

Companies subject to the FCPA, for instance, may be held liable for unlawful actions of acquired organizations, even if that illegal conduct took place before the acquisition and the acquirer was unaware of what happened, according to law firm Hogan Lovells. “As a general legal matter, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities,” the U.S. Department of Justice and the SEC write in the latest guide to the FCPA. In that document, they lay out how best to avoid infringing the FCPA through pre-acquisition due diligence and how that ultimately pays off. (See “A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition,” July 2020.)

Meanwhile, a recent ruling by France’s highest court in November 2020 determined that entities can be held liable for criminal actions of companies they acquire, which overturned prior case law and put the country in line with earlier directives by the European Parliament. And while companies in the U.K. are generally less exposed to criminal behavior of acquired entities, they may still face successor risks given the scope of anti-bribery laws in that country. (See “Post-acquisition anti-bribery and corruption liability – a growing area of transactional risk,” Hogan Lovell, and “Corporate Parents, Beware in France: One Can Be Liable for Another’s Doing,” by Christina Renner and Cecile Manong, Morgan Lewis, March 11, 2021.)

Regulators and law enforcement have been coming down hard on violators of anti-corruption and bribery laws as seen by the number of fines handed out last year. U.S.-recovered penalties from corporate resolutions under the FCPA exceeded $2.75 billion last year, a record amount. And robust enforcement of the FCPA is likely to continue with the administration of U.S. President Joe Biden, signaling that it will prioritize anti-bribery and corruption enforcement in the coming years. Across the Atlantic, France and the U.K. were leaders in anti-corruption enforcement in 2020 and other European nations are following suit.

In Asia, China has adopted amendments that allow the punishment of private-sector employees participating in corrupt activities. (See “2020 Year in Review: Top Anti-Corruption Enforcement and Compliance Trends and Developments,” Covington Alert, Jan. 20, 2021.)

As global enforcement increases, it’s crucial that organizations pay more attention to anti-corruption and bribery due diligence in acquisitions as the target company’s malpractice could become their responsibility. And data analytics is one way of enhancing this process.

Incorporating data-driven due diligence

How does a buyer incorporate data analytics into the due diligence process? In the early stages of due diligence, it’s likely that the buyer will conduct a general risk assessment of entities involved in the transaction. Using information gathered from this assessment, the buyer, its counsel and forensics experts should determine where to focus the review. This assessment may include interviews or questionnaires that provide an overview of the target company’s policies and procedures, the strength of its compliance programs, previously identified corruption risks and information gathered about executives. The assessment should also aim to understand  the industry and country-specific risks associated with the entities involved in the transaction, so data analytics tests are tailored to account for regional or cultural nuances.

Once the risk profile of the target company or companies is established, the work can begin. IT system and forensic data analytics experts can use the information gathered during the risk assessment to identify the most relevant data sources and systems on which to conduct due diligence analysis. This step typically comprises on-site interviews with accounting, internal audit, compliance and IT teams to give the forensic data analytics team a holistic understanding of how the IT systems reflect an entities’ operations.

Once key systems and processes are understood, forensic data collection teams work alongside the entities’ IT teams to optimize data extractions and ensure that data is collected in a forensic manner so it’s unaltered and will yield reliable and defensible results. The types of data that forensic data analytics teams usually collect include payments, bank transfers, travel and expense reimbursements, procurement records, etc.

The types of data that forensic data analytics teams usually collect include payments, bank transfers, travel and expense reimbursements, procurement records, etc.

Data analysts use the collected data to craft a customized analysis plan to identify high-risk transactions. Coupled with the background information gathered during the risk assessment, data analytics experts can form an arsenal of red-flag tests to run on the data to identify high-risk activities. Analyses may search for shipments or sales to high-risk or sanctioned jurisdictions, expose contracts with state-owned entities, reveal suspicious travel expenses or find excessive commissions paid to third-party intermediaries. No two acquisition, due diligence analyses will be the same, and these tests must be fine-tuned to unveil risks pertinent to the target company and its operations.

Red-flag analysis is most common in risk analysis, but it’s not the only option. Data analysts can employ machine-learning to build predictive models. To do this, analysts need a set of transactions that are known to be fraudulent and that they can feed to machine-learning algorithms, which in turn learn how to find unidentified fraudulent transactions based on those characteristics. Analysts can deploy network analyses to visualize relationships between employees and external actors to identify high-risk relationships with third parties, allowing investigators to hone background checks on high-risk individuals.

Fuzzy-matching algorithms can compare lists of suppliers, employees, customers and subcontractors to publicly available lists of politically exposed persons and sanctioned individuals and entities. (Fuzzy matching is a data analytics technique that uses algorithms to assess and score the similarity between two words or phrases.)

After analyses surface high-risk activities, the investor or buyer of the target company can use the findings to determine potential post-acquisition bribery and corruption risk. The identified risks may be considered in the valuation of the target company and, upon closing the deal, the purchaser may use this information to make voluntary disclosures to regulators and to mitigate future risk. In other scenarios, the purchaser may decide that the risk is too great and abandon the transaction.

Benefits of forensic data analytics in due diligence

Forensic data analytics is underutilized in the due diligence of acquisitions with high exposure to anti-bribery and corruption risk, but it’s a highly efficient and cost-effective option that buyers should consider for a few reasons. First, it offers time efficiencies if structured data sources are available. Armed with forensic data analytics, analysts can methodically perform due diligence on millions of rows of financial and accounting data in minutes or hours. The due diligence team can rely on these rapid analyses to reveal potential corrupt activity instead of conducting a manual review of documents — allowing the team to focus their efforts on other facets of the due diligence process.

As with any risk assessment or investigation, the discovery of new information may lead to new approaches to examining company records. The second major benefit of data analytics is its flexibility in adapting its review to incorporate new findings. If an interview, for example, revealed new patterns of employee bribe schemes, scripts and code can be adjusted with a few keystrokes to adapt the search to seek out employees following those patterns. Conversely, more advanced analytics methods may discover patterns of corrupt behavior that may inform other parts of the due diligence review.

The basis of any anti-corruption and bribery data analytics exercise is its code. The third strength of data analytics is that the code can be audited and reviewed for quality control, which isn’t possible in the review of physical documents. Moreover, if an error or issue is found in analysis, changes can be made to the code and the analytics-based due diligence can be conducted again by rerunning scripts.

While it’s an effective technique, it has one major requirement — structured data. Not all target companies may have robust IT systems that capture data required for due diligence and, in these situations, data analytics isn’t the best option. Furthermore, in many due diligence reviews, data analytics may not be the sole solution and should be coordinated with due diligence conducted by forensic accountants and other forensic technology experts.

Beyond pre-deal due diligence

Once the deal is completed, the benefits of forensic data analytics extend further. Thanks to the reproducibility of data analytics, code and analytics-based tests can be reused or altered for post-deal due diligence and proactive compliance efforts. Post-acquisition, the buyer may have greater access to company data sources and more time to conduct a deep dive into findings. Beyond post-acquisition due diligence, data analytics can continue to provide cost savings and efficiencies.

Using the insights gained about the company and its risks to bribery and corruption, the buyer and the former target company can use the previously developed foundation of knowledge of IT systems and tests tailored to the industry and regional nuances of the company to develop an analytics-based compliance program to proactively fight bribery and corruption. Thanks to the integration of forensic data analytics in the pre-deal due diligence process, the company doesn’t need to start from scratch when building a data-driven compliance program and can focus on developing a solution that works best for its compliance team.

Though using data analytics in pre-deal corruption and bribery due diligence is an emerging strategy, the short- and long-term benefits are considerable. As buyers look to enhance their approach and competitive advantages in making acquisitions and weigh the corruption risks when purchasing a company, they can look to data analytics as a solution.

Josh Cox, CFE, is a senior manager of forensic data analytics at consulting and advisory firm BDO. Contact him at jdcox@bdo.com.