Michael Gaul, Managing Director at Acquinex Germany, Felix Rettenmaier, Partner at Rettenmaier & Adick, Jacob Kuipers, Associate at McDermott Will & Emery, Dr. Barbara Roth, Chief Compliance Officer at UniCredit Bank AG, Simon Tesselment, Chief Broking Officer EMEA at AON, together with panel head Dr. Nadine Hartung, Counsel at McDermott Will & Emery, discussed issues around compliance in M&A transactions and the respective questions arising for obtaining W&I coverage.
The panel started by discussing recent trends across M&A transactions, including the filing of criminal complaints if compliance issues surface in the wake of a transaction. Mr. Rettenmaier stated his belief that the initiative for a more rigorous corporate criminal law will be implemented in some form or another within the near future. He provided a quick overview of the main features of such corporate criminal liability and what this means in a M&A context.
Asked for recent enforcement and legal trends in the US, Mr. Kuipers noted that in a cross-border context, it is important to focus on the laws that are covering entities regardless of their home jurisdiction. Important topics, therefore, are cybersecurity and privacy. Mr. Kuipers also drew attention to the fact that actions of the current administration—with respect to sanctions laws—are still rather unpredictable. Also, the compliance of a target can have a significant impact on the pricing of a deal. For example, in the Yahoo deal, the parties agreed on cutting the acquisition price by USD 350 million because of two security breaches at Yahoo.
Addressing her experiences with compliance risks in acquired companies and M&A transactions in general, Dr. Roth stressed the importance of due diligence and formal compliance guidelines and procedures for banks due to the fact that they are highly regulated. She also explained that any bank involved in the US Dollar market needs to tread very carefully due to recent enforcement trends in the US, in particular with respect to the US sanctions regime. In that context, any business with high-risk countries such as Iran, Sudan, Cuba, China, or Turkey, need to be reviewed intensively.
Mr. Gaul shared his view as an insurer and explained that there seems to be a recent shift from more abstract to more specific compliance guarantees. Asked what he as an insurer deems preferable, he explained that insurers are closely looking at new areas of regulation, such as for example data security, and are still in the process of learning more about the associated risks and their evaluation. Clearly, some areas of regulation are more critical than others.
The panel then shifted focus to questions arising for a seller that is aware of (current or past) non-compliance by the potential target or its personnel. Dr. Hartung asked the panel what the scope of disclosure should be and what they believe was the right time in a transaction process to disclose. Mr. Rettenmaier answered that from his point of view any information relevant for the pricing of the deal needs to be disclosed and the disclosure needs to be true and honest. He also stressed the need to properly document any disclosure to protect the seller against any alleged fraudulent behavior.
Mr. Gaul and Mr. Tesselment stressed that from the insurance point of view, the question whether fraud was involved or not is relevant in a second step. The insurance, usually taken out by the buyer, would cover guarantee breaches in a first instance. However, then the insurer would naturally review the question whether the seller acted fraudulently and needs to indemnify the insurer for fraudulent misrepresentations.
Dr. Roth pointed out that instances of non-compliance are often looked at retroactively, which influences the way a buyer or court looks at the issue. Disclosure in a transaction is particularly difficult if internal investigations are ongoing. Then any disclosure should be in line with any existing results of the investigation without jeopardizing the investigation or any position toward supervisory or criminal authorities.
The panel concluded that due diligence starts with understanding the market of the target, the applicable regulatory framework and high-risk areas. Any issues should be raised as early as possible and can usually only be solved if seller and buyer have an open and honest conversation about the issue. On the upside, prices for compliant organizations with a functioning compliance management will regularly be higher. Thus, compliance management in the best-case scenario adds significant value to an organization.
Dr. Nadine Hartung
McDermott Will & Emery