Compliance Issues in Corporate Transactions
This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight
Introduction – why is compliance important?
Identifying and appropriately addressing risks associated with compliance issues in corporate transactions is key to ensuring that a prospective purchaser avoids a host of pitfalls. Unfortunately, it is sometimes the case in pre-transactional due diligence that compliance issues become a secondary concern. However, properly addressing compliance issues, although often difficult to do in practice, is key not only to ensuring that a prospective deal is viable but also to safeguarding a purchaser against a wide range of liability issues that can and frequently do arise.
The question of why compliance issues are important in the context of corporate transactions can be answered by looking at the consequences of when companies get it wrong.
One immediate consequence of failing to identify compliance issues before completing a transaction is the fact that the purchaser has made a bad bargain. Depending on the level of misconduct, the acquired target may in fact be worthless. For example, if a target has relied on bribery to secure its key contracts, it is unlikely to be able to successfully compete for those contracts on a level footing with other competitors. Therefore, if after the acquisition the misconduct is identified and is stopped, the company may no longer be able to operate profitably, because without its unfair advantage, it cannot compete. In addition, the fines and legal costs that the target company may have to pay if its misconduct is identified can often materially affect the value of the company.
In addition to the ‘bad bargain’ risk, companies that acquire target entities tainted with compliance wrongdoings can, in certain circumstances, be liable for fines for offences that occurred prior to the acquisition. The concept of successor liability is something that is particularly relevant to companies subject to the US Foreign Corrupt Practices Act (FCPA) and there have been a number of cases under this law in which entities have been fined in relation to bribery offences that took place in foreign subsidiaries of a target. Although structuring a deal as an asset purchase rather than a stock or share purchase or merger may provide some level of risk mitigation by allowing compliance liabilities to be left behind with the seller, there are a number of factors that courts and government regulators may weigh that may allow them to look through the transaction structure and nonetheless impose successor liability, including whether:
- there was an implied assumption of the target’s liabilities, such as by public disclosures, as to the transaction or by performance of contracts that were not actually assigned to the purchaser;
- there was a de facto merger of target and acquirer as a result of the asset purchase owing to continuity of ownership, continuity of management, personnel and business operations, dissolution of target soon after closing and purchaser’s assumption of ordinary course liabilities; and
- the transaction was entered into fraudulently to escape the obligations of creditors of the target.
Moreover, if the assets themselves are tainted (e.g., a key contract or concession was secured through misconduct), future operations may be at risk even if historic liabilities remain with the seller.
In addition to successor liability issues, the purchaser may be liable for breaches that continue post-acquisition (whether for an asset or stock or share deal) and may even be liable in some jurisdictions (such as the United States, the United Kingdom and Australia) for offences in respect of the accurate keeping of books and records from the day the transaction completes.
There is also a risk of civil claims being brought in relation to historic or continuing compliance issues that have been inherited as part of a corporate transaction. There is an emerging trend in many jurisdictions for civil claims by shareholders or customers to follow criminal allegations or prosecutions of wrongdoing. In addition to potential claims from shareholders and customers, in some jurisdictions, notably the United Kingdom, courts have determined that it is possible for a competitor to bring a claim against another competitor who used bribery to secure a contract.
Reputational harm is another key risk associated with failing to address compliance issues. That harm can manifest itself in a number of ways, from a reduction in a company’s share price to difficult conversations with current or prospective counterparties.
Although compliance risks in corporate transactions are important for all companies, the profile of a particular company may mean that the risks associated with failing to properly undertake compliance due diligence are greater. For example, corporations that are either publicly listed or have dealings with public entities may find themselves in a difficult position when disclosing compliance issues they may have inherited from an acquisition, whether that disclosure is to the market or in response to tenders or pitches. Depending on the terms of the business’s key contracts, a company may also be required to disclose any prosecutions, or investigations by government agencies, for compliance matters.
In addition to liability on behalf of the company, failing to address compliance issues can lead to personal liability for directors and officers of a company in the form of fines and, depending on the nature of the wrongdoing, imprisonment. In jurisdictions such as the United States, the United Kingdom and Australia, and indeed most common law-based jurisdictions, where directors owe fiduciary duties to the company and its shareholders, there is also the risk that if directors fail to take reasonable steps to prevent, investigate and respond to potential compliance issues, they are in breach of their directors’ duties, which may give rise to fines and disqualification orders.
Although compliance issues can be make or break in terms of whether a transaction goes ahead, identifying them can be very difficult in practice. By their nature, the types of conduct that give rise to compliance issues are often those engaged in by wrongdoers who are eager to cover their tracks. This means that a surface-level due diligence exercise may not be effective in identifying misconduct.
Other limitations associated with carrying out effective compliance due diligence include the often limited nature of the information disclosed by the target, time pressure, lack of resources and insufficient compliance expertise in the team managing the transaction.
An additional difficulty in considering the consequences of identified compliance issues is the application of various statutes relating to bribery and sanctions issues that have extraterritorial effect. For example, the UK Bribery Act 2010 and the FCPA have extraterritorial operation and have the potential to give rise to unlimited fines, disgorgement of profit orders and, for individuals, imprisonment. US sanctions laws also have a wide jurisdictional reach, for example, when a transaction deals with goods, technology, software or materials that can qualify as being of US origin.
Offences under the UK Bribery Act, including the failure by a commercial organisation to prevent bribery, could be enforced in situations where inadequate diligence failed to identify current or continuing bribery and employees of the acquired company have continued to engage in the misconduct.
An understanding of these statutory frameworks is key in any assessment of whether an identified compliance issue represents something that can be remedied in parallel with the transaction going ahead or represents such a significant risk that the transaction must not continue. That understanding is also essential in considering the available options in circumstances where a significant compliance issue has not been identified prior to the transaction but surfaces once it has been completed.
To minimise exposure to legal, financial and reputational risks that may result from acquiring a target with significant compliance issues, purchasers should adopt a ‘good practice’ approach to compliance due diligence in their corporate transactions. This approach will also help companies to be compliant with the provisions of anti-bribery legislation in the multiple jurisdictions in which they operate, including the UK Bribery Act and the FCPA, as well as other relevant financial crime legislation.
Key compliance areas in due diligence
Although the concept of compliance can have various meanings in different jurisdictions, some of the key areas that comprise compliance due diligence are bribery and corruption, sanctions, fraud and money laundering.
Although each of these areas will be subject to specific laws in each jurisdiction, there are common themes in how best to identify conduct that may constitute one of these specific sub-categories of compliance.
Bribery and corruption
In most jurisdictions, bribery and corruption constitutes a criminal offence that can attract significant pecuniary penalties and imprisonment. Relevantly, purchasers may incur liability in respect of historical or ongoing bribery and corruption that can lead to fines and regulatory enforcement.
Generally, bribery is the offer, payment or provision of a benefit to someone to influence the performance of a person’s duty in an attempt to secure some undue advantage. Although the risk associated with bribery is higher where public officials are involved, private bribery (i.e., company to company) can also be the source of significant liability.
In undertaking any pre-transactional due diligence, there are a number of red flags that may indicate the presence of bribery within a prospective target:
- Historical misconduct: If there are any disclosures about a previous bribery issue either by way of regulatory enforcement action or issues raised internally from within the target’s compliance framework that is a clear red flag and an indicator that further diligence would need to be carried out. Questions should be asked not only about historical cases or regulator action but also about any internal investigations or reports, such as whistleblowing reports.
- High-risk industry or jurisdiction: Certain jurisdictions and industries are considered to be high risk from a bribery and corruption perspective. The global Corruption Perceptions Index published by Transparency International is a useful tool in assessing the level of risk associated with corruption in any particular jurisdiction. There may be a need for more extensive bribery due diligence if the target has any dealings in high-risk countries or in industries that carry higher risks, such as mining or construction.
- Ties with government officials: There is an increased bribery and corruption risk if the target has frequent dealings with government officials or has links with government agencies or state-owned entities. This includes not only interactions to obtain permits, licences or approvals but also interactions with potential government customers. If that is the case, a further review of those relationships and any agreements with public entities is essential in establishing whether there are any bribery risks. If the target has made any gifts to government officials, including non-monetary gifts such as travel or entertainment, those gifts should be reviewed to determine whether they constitute violations of applicable anti-bribery legislation.
- Use of intermediaries or agents: A high proportion of bribery schemes involve an intermediary, and it is clear that the use of an intermediary does not absolve the bribe payer from liability. Asking questions about the use of intermediaries (including joint venture partners), particularly in high-risk jurisdictions, is key to establishing potential risk.
- Excessive payments or commissions: Although excessive payments may be difficult to identify in the course of pre-transactional due diligence when looking at documents in the abstract, being on the lookout for unusually large or oddly timed payments is a key part of any effective bribery due diligence. For example, payments or commissions that differ disproportionately between jurisdictions for ostensibly the same service or product could be a red flag.
- Poor compliance programme: If the target does not have a satisfactory anti-bribery policy, compliance framework, or books or records policy, it may be indicative of some larger bribery or corruption issues. This is particularly relevant to targets and purchasers who are subject to the UK Bribery Act 2010 (for example, those entities that are either incorporated in the United Kingdom or carry on a business or part of a business in any part of the United Kingdom), as the lack of an adequate compliance programme may preclude reliance on the adequate procedures defence in response to a charge of failing to prevent bribery. Other jurisdictions, such as Malaysia, have also followed suit with similar legislation where there is a defence of adequate procedures. Training is particularly important and generally diligence requests should seek information about training provided to employees and agents.
- Large cash transactions and vague invoices: Unitised or vague invoices for ‘marketing fees’ or ‘consulting services’ can often be indicative of improper payments and would be a red flag for bribery, as would be evidence of large cash transactions.
If any bribery or corruption issue is identified in the course of pre-transactional due diligence, the next step is to undertake a deeper review of the conduct and, as much as possible, to understand the extent of the misconduct. This includes the identities of the persons involved, including whether the behaviour can be attributed to a rogue actor or whether that person has support or tacit approval from management, the amount of the bribes being paid, the frequency of any illegitimate payments, and the presence of any records (including doctored or falsified records).
Once the extent of the wrongdoing has been identified, then an assessment of available options can be considered, one of which may be to not proceed with the transaction. This is discussed below.
Sanctions issues are of particular importance if the target entity has business dealings across multiple jurisdictions or operates in high-risk industries, such as currency exchange platforms or payment processing companies. It is crucial that any sanctions risks are identified and addressed to avoid regulatory enforcement, fines and potentially frozen assets.
Sanction issues can be difficult to identify, not least because the various sanctions regimes administered in key jurisdictions – such as the United Kingdom, the European Union and the United States – are subject to frequent change. Sanctions lists are continually evolving, with new sanctions being added and older ones being removed. It can be difficult to mitigate the risk when the regulatory goalposts are shifting continuously.
Another difficulty in identifying potential sanctions risks is that the various sanctions regimes often prohibit dealings with entities that have sanctioned ‘ultimate beneficial owners’. An ultimate beneficial owner may be the natural person (or persons) who ultimately owns or controls an entity. It may also include those persons who exercise ultimate effective control over a legal person or arrangement. It is critical to identify any ultimate beneficial owner of a target company or entities with which the target company deals. For example, under the regulations of the US Office of Foreign Assets Control (OFAC), even if an entity is not listed on OFAC’s Sanction List, the same prohibitions apply if dealing with an entity of which 50 per cent or more is owned by an entity or person that is on the list.
Not only can proper due diligence minimise exposure to sanctions risks in commercial transactions, in some jurisdictions, such as Australia, a defence is available to breaches of sanctions regimes for companies that can prove they took reasonable precautions and exercised due diligence to avoid contravening the relevant law.
The strategy for sanctions compliance should ideally be a risk-based exercise built on screening of the target entity, its key counterparties and their ultimate beneficial owners. Screening should be done against the key sanctions, such as Her Majesty’s Treasury Sanctions List in the United Kingdom, the EU Consolidated List of Sanctions and the OFAC Sanctions List.
There is a range of third-party screening services that are commonly used by companies both in undertaking pre-transactional due diligence and as continuing monitoring practice to ensure compliance with the fluid sanctions regimes that are enforced worldwide. In addition to screening a target and its owners against sanctions lists, purchasers should confirm whether the target has any presence – through employees, offices, sales, joint ventures, investment or otherwise – in, or transactions with parties in, countries that are subject to UK, EU or US sanctions, and whether it has applied for and received any regulatory licences to trade with parties in sanctioned countries. Given the evolving nature of sanctions regimes, it is also important to verify that the target has a process in place to screen prospective new counterparties against sanctions lists.
Fraud can involve a wide range of misconduct from embezzlement to doctoring books and records. Fraudulent conduct within a target entity greatly exacerbates the ‘bad bargain’ risk in the context of a corporate transaction and creates difficulties in terms of carrying out effective due diligence as the information being supplied by the target can be of dubious authenticity.
In addition to the typical bribery and corruption red flags, the following may raise questions of potential fraudulent conduct:
- accounting irregularities – inconsistent accounts that do not reconcile or exhibit inexplicable fluctuations may be a sign that the target’s books are being manipulated;
- whistleblower complaints – where a company has implemented a whistleblower reporting mechanism, it can be very beneficial to dig deeper into the nature of those complaints and how they were handled; and
- results that are too good to be true – taking an analytical mind to reported performance, particularly armed with comparable performances in like businesses in the same industry, is crucial in identifying any fraudulent reporting of performance.
As fraudulent activity can be difficult to identify if the fraudsters have taken steps to cover their tracks, often the most effective way of confirming that there is no fraudulent activity taking place at a target is to undergo a more in-depth diligence exercise that involves interviews with management and key compliance personnel. If there are indications of fraud, one option may be to engage expert forensic accountants to confirm whether the reported figures are accurate.
For more routine diligence exercises where no other compliance red flags have been identified, often the best way to feel assured that a target entity is not engaged in any fraud is to confirm that the target has implemented satisfactory compliance and monitoring procedures, including appropriate financial controls and auditing processes.
Generally, money laundering due diligence falls into two categories:
- target companies providing services that are regulated in the jurisdictions in which they operate under specific money laundering regimes requiring anti-money laundering programmes, including customer due diligence and reporting. Financial services entities are usually the most highly regulated, but companies in many other sectors (such as bullion, gambling and real estate) can also be subject to these regulations, depending on the jurisdiction. Due diligence for these companies will require obtaining information to make sure that they are compliant with the regulations that specifically apply to their operations; and
- the remainder of companies that are likely to be subject to legislation in different jurisdictions making it an offence to deal in the proceeds of crime. Identifying risks for such target companies is primarily focused on understanding (1) how the company undertakes due diligence on those with which they engage contractually and (2) how likely it is that the company would be aware if it were dealing with an entity that could pass on tainted funds.
The optimal anti-money laundering programme for any company depends on the source and significance of its exposure to money laundering risk. Consequently, in evaluating a target’s anti-money laundering programme, purchasers should consider whether the geographical location of the target, as well as the nature of its business and customers, expose the target to particularly stringent money laundering regulations or increase the risk of a violation of applicable anti-money laundering laws and regulations. Cash transactions, as well as those that are not conducted face-to-face or involve cross-border transfers, create heightened risk of money laundering.
Effective assessment of compliance policies and procedures
A compliance due diligence exercise can comprise three stages:
- Pre-transaction due diligence: The extent to which this can be undertaken will vary between deals and the different levels of access to information provided. The key steps in this process are addressed below.
- Post-acquisition due diligence: In some circumstances, either because of the size of the transaction, the hostile nature of the transaction, concerns about disclosing the existence of the potential transaction to employees and thereby increasing the risk of news of the potential transaction being leaked or time pressure in getting the deal done, the pre-transactional diligence may have been relatively confined. Consequently, it will be necessary to undertake a post-acquisition due diligence. Although the option to remediate any compliance issues prior to completion, or to decide not to proceed with the transaction at all, is not available to a purchaser undertaking post-acquisition due diligence, there are benefits to the exercise, which should be relatively easier to undertake because the purchaser will have direct access to employees and documents that may assist in identifying compliance issues. The goal of post-acquisition due diligence should be to confirm representations made by the target prior to completion, identify any suspected compliance risks and address them as quickly as possible.
- Ongoing monitoring and review: In all corporate transactions, it is good practice to implement monitoring procedures and mechanisms for ongoing reviews of policies and procedures. Often this occurs as part of a broader roll-out of policies and procedures of the purchaser group to the target following the purchaser’s acquisition.
Pre-transaction due diligence – the key steps
The following steps are key in undertaking an effective pre-transaction due diligence exercise:
- compiling a detailed knowledge of the target’s market and competitors to assess any known compliance risk factors. This could include, for example, business dealings in a jurisdiction that has a low ranking on Transparency International’s global Corruption Perceptions Index;
- preliminary media and background checks on the target and key owners and management;
- a review of the target’s code of conduct and other compliance policies, including in relation to anti-bribery and anti-corruption, gifts and hospitality, political donations, lobbying, sanctions, anti-money laundering and whistleblowing. There are two aspects to this review. The first is to confirm that the key policies reflect good practice and adequately prohibit bribery and misconduct and address any specific risks the target may have as a result of its particular business activities or jurisdiction. The second is to confirm, to the extent possible, that the policies have actually been implemented within the target. Key to understanding whether compliance policies have been implemented is looking for evidence of a training programme being delivered to all employees and officers of the target. Another method for determining this is to speak to directors and senior managers directly (or through the use of questionnaires) to assess their knowledge of the policies and to get a feel for how seriously they take their obligations under those policies and whether any compliance issues have occurred in the past (and if so, what steps were taken to investigate and prevent recurrence). Speaking directly with directors and senior management of the target can provide important insights on the ‘tone from the top’ on compliance issues. Purchasers should also confirm whether the target has processes in place to ensure periodic review of compliance policies;
- identifying the key counterparties and third parties with which the target engages. If the target deals with public sector entities or routinely engages third-party intermediaries, then further diligence should be undertaken in respect of those relationships. It should be confirmed that the services provided by the third-party intermediaries are legitimate and are not, for example, a cover for the payment of bribes;
- interviewing key compliance personnel. A robust discussion regarding known compliance risks and steps that have been taken to address those risks is a good indicator that the target takes its compliance obligations seriously. The lack of a dedicated compliance function may be an indicator that compliance is not a high priority. If there is a dedicated function, the reporting line of compliance managers (e.g., to the chief financial officer or the board of directors) and the percentage of their time devoted to compliance may be indicative of the importance that the target attaches to compliance;
- interviewing officers or employees of the target in key functions (such as financial controllers, internal auditors or sales directors). This assessment should be focused on whether the people with day-to-day responsibility for monitoring for compliance issues understand the risks and their role in preventing misconduct; and
- undertaking a detailed financial review of the target’s accounts to ensure there are no discrepancies that could indicate misconduct. Although this may not be required in every diligence exercise, if there are other red flags or the target operates in a particularly high-risk jurisdiction, then engaging expert forensic accountants to review the target’s books and records can be an effective method to identify compliance risks. It is also important to understand (as part of the review of accounts or otherwise) the target’s processes for approval and recording of transactions and asset dispositions, and consider whether those processes facilitate compliance with the target’s policies and the ‘books and records’ provisions of applicable anti-corruption laws.
A number of factors uncovered by the due diligence exercise may lead to a decision not to continue with the transaction. Although such a decision will be heavily dependent on the context and purposes of the deal, factors may include:
- past or present misconduct;
- historical or current regulatory investigations or prosecutions;
- disengaged management who do not take compliance issues seriously;
- a total lack of compliance policies and procedures, especially if the target operates in a high-risk jurisdiction or industry; and
- dependence on key persons who do not have a track record of propriety.
If a prospective purchaser does decide to discontinue a transaction, it should consider whether it may be obliged to report to relevant authorities any evidence of misconduct that it identified.
In the pre-transaction due diligence process, the purchaser should be looking for evidence that the target has a strong culture of compliance and that its policies and procedures have been fully integrated from the top down.
The use (or lack of use) of a target’s whistleblowing policy can also be informative. A target that actively encourages whistleblowers to raise issues, and has a track record of adequately dealing with any reports of misconduct, may appear more favourable to a prospective purchaser than a target who reports no use of their whistleblowing policy and no known compliance issues.
Risks associated with third-party dealings
Third parties are often the source of regulatory enforcement for misconduct.
The risk from third-party dealings arises from the fact that the target (and especially a prospective purchaser) has little to no control over the actions of that third party, who may be acting as an agent or otherwise on behalf of the target. However, in certain circumstances, a third party engaging in wrongdoing may give rise to liability for the target. By way of example, third parties may be taking legitimate consultancy fees from the target and using them to pay bribes to local government officials to advance the target’s interest (unbeknown to the target). Alternatively, the target may be intentionally using third parties to pay bribes to government officials.
An acute risk of liability arises if a target entity has engaged third parties and intermediaries to interact with public officials in relation to licences or permits. In many jurisdictions this constitutes a significant bribery and corruption risk.
When conducting diligence exercises, prospective purchasers should confirm that a target:
- engages in a robust tendering or diligence process before contracting with (or renewing a contract with) any third party and that integrity and probity assessments of prospective counterparties form part of that process;
- requires third parties to adhere to all relevant anti-bribery, anti-money laundering and sanctions laws;
- requires third parties to comply with a robust compliance framework (either their own compliance regime, which is of an adequate standard, or the target’s compliance policies); and
- has audit rights under any agreement with third parties acting on its behalf and is able to ensure compliance with any requirements set out under the relevant agreement or retainer between the target and the third party.
Remediation of compliance issues
When a compliance issue is identified during the course of a due diligence exercise, a prospective purchaser is faced with a number of options in terms of remediating that issue, including the threshold question of whether to remediate it at all and instead to discontinue the transaction.
The answer to how best to address an identified compliance issue will depend on a range of factors, the key one being the potential liability associated with the misconduct. If the misconduct is so far-reaching as to render the deal valueless then a prudent purchaser would not attempt to remediate the issue and instead call off the deal. By way of example, this may occur when it is discovered that a key revenue-generating contract has been secured by way of improper payments to government officials.
However, more routine or minor compliance issues may be dealt with in parallel with completion of the transaction or post-completion.
A purchaser may be content to remediate minor issues, such as a sub-standard anti-bribery policy, following completion. This is typically done as part of a larger merger of a target into a purchaser’s business. For more moderate or immediate concerns, such as inconsistencies in the books and records, a purchaser may require the target to remediate the matter prior to the transaction completing, either as a pre-completion covenant or, if sufficiently material, then potentially as a condition precedent to completion such that the purchaser can walk away if the matter is not remediated to its satisfaction.
If misconduct was not identified during the due diligence prior to a transaction completing but is discovered post-completion, a question arises as to whether a purchaser should self-report the misconduct to the relevant authorities. The decision to self-report is often a complicated process and will necessarily depend on the particular circumstances of the matter as well as the regulatory framework in the particular jurisdiction. For example, the US Department of Justice has been active in encouraging companies to self-report breaches of the FCPA. Prosecutors in the United States may consider whether the company made a voluntary and timely disclosure and any remedial actions, including improving an existing compliance programme.
In any event, remediation efforts should be meaningful and, if necessary, include personnel, operational and organisational changes that are needed to prevent the issue from arising in the future.
Representations and warranties and indemnities
One mechanism for mitigating the risks associated with past misconduct is to seek appropriate representations and warranties – and potentially indemnities – from the target. Representations and warranties are often drafted as broadly as possible to capture the widest possible range of past misconduct. However, the terms of any representations and warranties should also be drafted to account for any particular compliance issues or risks identified in the due diligence process and we increasingly see warranties focused just on anti-money laundering, anti-bribery and corruption, and sanction issues. This can help focus management of a target on particular issues and thereby ensure that disclosure is truly fulsome and that the purchaser can make an informed decision.
The fact that the target is willing to make those representations and give those warranties may give a purchaser some comfort about their past behaviour. If information is disclosed by the seller (target) consequent to a request for representations and warranties, the purchaser can consider seeking specific indemnities to cover the identified risks. However, it is important to note that in some jurisdictions (such as the United Kingdom and Australia), for public policy reasons, an agreement for the seller to pay or otherwise indemnify for any fines or penalties for which the target or purchaser becomes liable will be unenforceable.
The purchaser will also need to consider other factors in relying solely on representations and warranties or seeking an indemnity, including the ability to enforce in countries where the seller has assets and the future creditworthiness of the seller if it brings a claim. In this respect, although the use of warranty and indemnity insurance is increasingly common in deals globally as a means to recover losses where there is a breach of warranty, or under certain indemnities, either instead of or to top up a claim against the seller, the insurance policies invariably exclude claims for bribery and corruption and other dishonest, criminal or fraudulent conduct, whether or not due diligence has identified an issue. For these reasons, although contractual protections can offer some comfort if the purchaser still wishes to proceed where there is higher risk, or issues have been identified, it may be worth considering either a reduction in the purchase price, particularly if the risk can be quantified, or some form of retention or holdback (perhaps through escrow-type arrangements) as ‘security’ for such claims.
There is a range of jurisdictional issues that may arise in the course of identifying and assessing compliance risks in corporate transactions.
Primarily, an understanding of the different jurisdictions in which the target operates is crucial as particular compliance risks may arise in certain jurisdictions. For example, some jurisdictions may have a culture of gift giving that, although it may be common in practice, technically is in breach of local bribery and corruption laws, as well as other anti-bribery legislation with extraterritorial reach (e.g., the UK Bribery Act 2010 and the FCPA).
Additionally, multinational transactions can present challenges in terms of the due diligence team getting adequate access to information and employees of the target being based in different geographical regions. On larger transactions, an effective diligence exercise may involve teams based in the different jurisdictions in which the target operates undertaking joint compliance reviews.
 Georgie Farrant and Michelle Rae Heisner are partners, Gareth Austin is a senior associate and Andrew Martin is a managing principal at Baker McKenzie. The authors wish to thank the following colleagues for their contributions to the chapter: Maria McMahon (senior knowledge lawyer) and Laura Bentham (lead knowledge lawyer).
 For example: WPP plc agreed in September 2021 to pay US$19 million to resolve charges in relation to misconduct at recently acquired subsidiaries in high-risk markets, including India, where a WPP subsidiary continued to bribe Indian government officials in return for advertising contracts even though the misconduct had been brought to WPP’s attention via anonymous complaints; Cadbury Limited and Mondelez International, Inc agreed in January 2017 to pay US$13 million to settle charges of violations of the US Foreign Corrupt Practices Act arising from improper recording of payments made by Cadbury’s Indian subsidiary in the year that Mondelez acquired Cadbury; and Pfizer Inc and its subsidiary Wyeth LLC agreed in August 2012 to pay more than US$45 million to settle charges that Pfizer and Wyeth subsidiaries made improper payments to foreign officials both before and after Pfizer’s acquisition of Wyeth.
 See Jalal Bezee Mejel Al-Gaood v. Innospec Ltd  EWHC 3147.
 The Export Administration Regulations (15 C.F.R. §§ 730–80) apply to US-origin items as well as items made outside the United States that incorporate certain US-origin items. Additionally, sanctions issued by the US Treasury Department’s Office of Foreign Assets Control (such as sanctions currently in place in respect of Russia, Iran and Cuba) can apply to non-US subsidiaries of US companies, and to non-US companies who have subsidiaries or business activities in the United States or process transactions through US banks.
 UK Bribery Act 2010, Section 7.
 Section 17A of the Malaysian Anti-Corruption Commission Act, which came into effect on 1 June 2020.
 For further detail on sanctions issues arising in corporate transactions, refer to the Global Investigations Review Guide to Sanctions, available at https://globalinvestigationsreview.com/guide/the-guide-sanctions/third-edition (last accessed 8 July 2022).
 For example, see US Department of Justice, ‘Resource Guide to the U.S. Foreign Corrupt Practices Act’ (2nd ed), pp. 54–56. See also Chapter 3 of this Guide, ‘US Compliance Requirements’.