CSG Law Alert: DOJ’s Safe Harbor Policy in the M&A Context

The U.S. Department of Justice (“DOJ”) recently unveiled a new policy geared toward encouraging the self-disclosure of criminal activity by companies involved in mergers and acquisitions (“M&A”).

On October 4, 2023, DOJ announced a new Mergers & Acquisitions Safe Harbor Policy (the “Safe Harbor Policy”) to encourage voluntary self-disclosure of criminal activity by companies involved in a M&A. The new policy is DOJ’s latest effort to expand and innovate its corporate enforcement actions and promote voluntary self-disclosure by companies involved in the M&A process. In announcing the Safe Harbor Policy, Deputy Attorney General Lisa O. Monaco made clear that “the last thing the [DOJ] wants to do is discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs and a history of misconduct. Instead, we want to incentivize the acquiring company to timely disclose misconduct uncovered during the M&A process.”

The Safe Harbor Policy allows and encourages acquiring companies to report criminal misconduct by the acquired company within six months from the date of the transaction closing, regardless of when the misconduct was discovered. The acquirer will then have one year from the date of the transaction closing to cooperate with DOJ and “engage in requisite, timely and appropriate remediation, restitution, and disgorgement” of the proceeds received from the criminal misconduct. If the acquirer does so, it receives a presumption of a declination.1 Additionally, the reported criminal misconduct will not be considered in DOJ’s analysis of whether the acquirer is a “recidivist,” subject to exclusion from the presumption of non-prosecution. Unless aggravating factors exist with respect to the acquired company, the acquired company may also qualify for voluntary self-disclosure benefits. DOJ recognizes the complexity of certain M&A transactions and stated that the timeframes to report and remediate criminal misconduct under the Safe Harbor Policy may be extended depending on the specific facts, circumstances, and complexity of a transaction. Notably, the Safe Harbor Policy only applies to misconduct discovered as part of “bona fide, arms-length M&A transactions” and will not apply to conduct that is already public, known to DOJ or otherwise required to be disclosed. The Safe Harbor Policy also does not apply to civil merger enforcement actions.

The Safe Harbor Policy reinforces the need for companies in the M&A context to conduct timely compliance-related due diligence and integration. As DOJ stated, “compliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction.” Failure to conduct proper due diligence on an acquired company and self-disclose criminal conduct within the reporting timeframe may subject the acquiring company to successor liability for such conduct.


1 A declination refers to a case that would have been prosecuted or resolved criminally had it not been for the company’s voluntary disclosure, full cooperation, remediation, and potentially, payment of certain fines.