Skip to main content
November 20, 2023

Takeaways From the DOJ New Safe Harbor Policy For Mergers & Acquisitions


Update as of November 20, 2023

During a November 16 panel in Washington, D.C., Department of Justice (DOJ) National Security Division Deputy Assistant Attorney General Eun Young Choi clarified that companies should immediately report and remediate any potential harm to national security discovered during the course of dealmaking.

“Make sure you come to us before we come to you,” she said.

Originally published October 12, 2023

On October 4, Deputy Attorney General Lisa Monaco announced a new safe harbor policy (Safe Harbor Policy) for voluntary self-disclosures made in connection with mergers and acquisitions (M&A), placing an “enhanced premium on timely compliance-related due diligence and integration.” The new policy raises complex issues for both buyers and sellers in M&A transactions.

What Is the New Policy?

“Going forward, acquiring companies that promptly and voluntarily disclose criminal misconduct within the Safe Harbor period, and that cooperate with the ensuing investigation, and engage in requisite, timely and appropriate remediation, restitution, and disgorgement — they will receive the presumption of a declination,” Monaco said. Conversely, acquirers that do not perform effective due diligence, self-disclose misconduct at an acquired entity, and remediate the misconduct, may be subject to full successor liability.

The Safe Harbor period will be:

  • Six months from the date of closing to disclose misconduct at the acquired entity, regardless of whether the misconduct was discovered pre- or post-acquisition
  • One year from the date of closing to fully remediate the misconduct

Not surprisingly, there are some qualifications. Monaco noted that “depending on the specific facts, circumstances, and complexity of a particular transaction, those deadlines could be extended by Department prosecutors.” And a shorter period may be appropriate in cases involving a threat to national security or “ongoing or imminent harm.” Meanwhile, the Safe Harbor may not apply to misconduct otherwise required to be disclosed or already public or known to the DOJ, or where “aggravating circumstances” are present.

The new Safe Harbor Policy builds on the DOJ Criminal Division’s Corporate Enforcement Policy updated earlier this year, which “recognizes the potential benefits of corporate mergers and acquisitions, particularly when the acquiring entity has a robust compliance program in place and implements that program as quickly as practicable at the merged or acquired entity.”

What Else Did Deputy Attorney General Monaco Have To Say?

In addition to announcing the new M&A Safe Harbor Policy, Monaco’s October 4 speech addressed:

  • The “dramatic expansion” of DOJ’s efforts to hold corporations accountable for violations of national security laws. This includes the addition of 25 corporate crime prosecutors and the appointment of the first-ever Chief Counsel for Corporate Enforcement in the National Security Division. As an example of corporate enforcement, last year the DOJ prosecuted a multinational company for material support of terrorism involving payments made to designated terrorist organizations in connection with business operations in Syria. The multinational company paid over US$775 million in penalties.1
  • DOJ’s use of new tools and remedies in corporate resolutions such as corporate divestitures and specific performance. For example, as part of deferred prosecution agreements earlier this year, the DOJ required two generic pharmaceutical companies to divest product lines affected by alleged antitrust violations. And, as part of a deferred prosecution agreement to resolve sanctions violations, an international shipping company was required to deliver Iranian oil to the United States for seizure.

What Are Some Key Takeaways From the Safe Harbor Policy?

  • Consider making compliance part of deal teams. In order for buyers to take advantage of the Safe Harbor, Monaco noted that compliance personnel should “have a prominent seat at the deal table.” Companies therefore should consider increasing compliance-related due diligence in M&A transactions, and incorporating compliance personnel into M&A deal teams early to perform compliance-related due diligence, to assess risks, consult on deal terms, and plan for post-closing integration.
  • Consider ways to identify misconduct promptly after closing, such as through audits, transaction testing, and use of internal whistleblower systems. Under the new Safe Harbor Policy, buyers have a limited amount of time to identify issues and disclose misconduct, particularly when national security issues are implicated. Because buyers may not be able to discover all potential wrongdoing before closing, diligence may need to continue post-close. Companies should consider promptly conducting risk-based compliance audits and transaction testing. Additionally, companies should consider how to leverage internal whistleblowing systems, including by making sure employees know to report compliance issues and closely monitoring any such reports.
  • Take steps to promptly integrate acquired companies into compliance programs. The Safe Harbor Policy places a premium on swift integration into the buyer’s corporate control and compliance environment. Companies should prioritize integration efforts in high-risk areas. Previous DOJ cases and opinions suggest that integration steps may include adapting compliance policies and procedures; providing training on those policies and procedures (including internal reporting channels); and ensuring adequate compliance resources for the acquired entity.
  • Consider what remedial actions, including with respect to employee compensation, may be needed if misconduct is discovered. When determining how to treat companies under investigation, the DOJ and other government agencies have given credit for taking appropriate remedial actions, including employment actions against individual wrongdoers.2 In her speech, Monaco touted the DOJ’s pilot program that “rewards companies that claw back or withhold incentive compensation from executives responsible for misconduct — or attempt to do so in good faith.” Accordingly, companies reporting misconduct under the Safe Harbor would be well-served to consider what remedial steps DOJ will expect — while also staying mindful that certain actions, such as efforts to defer or clawback compensation, potentially implicate other legal issues, such as employment law obligations.3

With its new Safe Harbor Policy, the DOJ is clearly trying to encourage companies to self-report misconduct. Whether, when, and what to voluntarily disclose to the DOJ nevertheless involves a difficult calculus for many companies. For questions on this or any other subject, please reach out to the authors or any of their colleagues in Arnold & Porter’s White Collar Defense & Investigations practice group.

* Junghyun Baek contributed to this Advisory. Junghyun is a graduate of Harvard Law School and is employed at Arnold & Porter's Seoul office. Junghyun is admitted to the practice of law in Washington, D.C.

© Arnold & Porter Kaye Scholer LLP 2023 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.

  1. For more on this enforcement action, see our blog here.

  2. The DOJ’s decision late last year not to prosecute Safran S.A. for violations of the U.S. Foreign Corrupt Practices Act that occurred pre-acquisition at companies Safran acquired illustrates the potential benefits of “timely and full remediation, including termination of a remaining employee involved in the misconduct, withholding the deferred compensation of another employee involved in the misconduct who had previously left the company, and efforts to enhance its anti-corruption training and compliance program.”

  3. For more on how the DOJ guidance on compensation clawbacks intersects with the world of employment law, see our recent Advisory here.