Boards should be wary of deals being aggressively pushed through by individual executives as well as those that provide little information or lack representation from the compliance team.
Involve forensic professionals in the diligence process
In every deal, forensic professionals experienced and adept at identifying red flags and issues should be called in to conduct one or more of the following typical forensic due diligence procedures.
Integrity or reputation due diligence
This will include checks on the target entity and its key personnel, using specialized databases, sanctions lists, open-source information, discreet interviews and targeted site visits. These look for any incidents of legal or regulatory violations, disputes, adverse media coverage or association with politically exposed persons.
Anti-bribery and anti-corruption due diligence
Anti-bribery and anti-corruption (ABAC) due diligence involves assessing and testing the effectiveness of the target’s ABAC program, taking the level of interaction with government-exposed entities into account. This test is especially important because of the long reach of laws, including the US Foreign Corrupt Practices Act — one of the world’s most punitive regulations — and the UK Bribery Act. There are also ongoing crackdowns on corruption in many Asia-Pacific jurisdictions.
Anti-fraud due diligence
This involves tailored forensic procedures and targeted integrity testing of financial statements and representations crucial to the deal valuation. Forensic specialists with extensive fraud investigation experience check that revenues and asset valuations stand up to scrutiny. Where possible, they will assess key third parties and search for evidence of coordinated fraud, conflicts of interest or related-party transactions. They will also conduct forensic data analytics of customer transactions to identify anomalies in customer profiles or activities to verify that reported sales stack up.
The extent of these additional diligence practices in the pre-deal stage will depend on the time available, level of access to information and granularity of information. In some cases where the target has many “suitors”, the target entity may refuse access to data requested by the compliance team. This is not necessarily a red flag, but directors should ask themselves why the target is reluctant to share information. They should also be prepared to walk away or have warranties drafted into the sales and purchase agreement pending the conduct of these procedures.
Forensic accountants can advise on whether there are red flags identified from their work procedures and help the board weigh the risk assessment. While higher-risk developing markets promise strong growth opportunities, high costs to clean up improper operations or limited compliance information to do comprehensive diligence may present enough cause for not proceeding.
Growing the asset post-investment
Getting the deal done is just the first step. As companies seek to realize deal value or grow the asset for a future exit strategy, establishing a robust governance, risk and compliance (GRC) framework with a strong fraud and compliance monitoring program is essential. Forensic capabilities can be valuable for the following.
Cyber compromise due diligence
An IT forensic assessment is crucial to uncover likely indicators of an active cyber compromise that could expose sensitive data, particularly if the asset value resides in patents, trade secrets or proprietary technology. The existence of advanced persistent threats will likely impact the target’s data assets and must be investigated and eradicated before interconnecting the target entity’s IT networks with the acquiring entity.
Fraud and compliance monitoring program
A GRC framework needs to be established for the target entity, including ongoing compliance monitoring. Establishing a culture of compliance that incorporates data-driven insights is the new standard that regulators expect today. The US Department of Justice’s revised guidance on corporate compliance programs signals the importance of proactive data analytics in compliance programs — from using data and analytics in identifying and monitoring misconduct to testing the effectiveness of policies, standards and procedures. For example, a multinational conglomerate, Honeywell International, tapped into the EY Virtual technology platform to optimize compliance analytics.
Key questions that boards should ask deal or investment teams
If deal or investment teams are presenting to the board without a strong compliance team’s presence or the use of forensic capabilities in the due diligence process, directors should ask the following questions:
- Is the target’s reputation or that of its key personnel tainted by offenses, litigation or dispute matters, compliance issues or adverse news?
- Is the target paying bribes or generating sales from corruption activities to grow or sustain its business?
- What is the risk that financial statements or key representations disclosed by the target have been falsified to make the deal more attractive?
- Is the target’s sensitive data (trade secrets, intellectual property or personal data) compromised or at risk due to insider or external threats?
- Is the target’s GRC program adequate and effective in safeguarding against fraud and compliance risks and monitoring them?
Our related articles
Summary
Acquisitions or investments with fraud, bribery or corruption issues can lead to severe financial, reputational and legal consequences. To address this risk, acquirers and investors must involve a compliance team from the start and engage experienced forensic professionals for due diligence support.
Following the deal’s conclusion, a robust governance, risk and compliance framework, supported by cyber compromise due diligence and a strong fraud and compliance monitoring program, is crucial.