Anti-Bribery & Anti-Corruption Compliance in M&A

Anti-bribery and anti-corruption (ABAC) compliance is a critical but frequently underestimated dimension of M&A due diligence. When you acquire a business, you do not just inherit its assets and contracts, you inherit its compliance history, its regulatory exposure, and potentially its liability for past corrupt conduct. Under the legal doctrine of successor liability, the acquiring entity may be held responsible for bribery and corruption violations that occurred before the acquisition closed. The consequences are severe: criminal prosecution, multi-million-dollar fines, debarment from government contracts, and reputational damage that can destroy the value of the acquired business.

This guide covers the major anti-bribery legal frameworks, how to identify corruption risk during due diligence, the red flags that signal elevated risk, and how to build an effective compliance program post-acquisition.

The Foreign Corrupt Practices Act, enacted in 1977, is the foundational US anti-bribery statute. The FCPA has two main components: the anti-bribery provisions and the accounting/books-and-records provisions. Together, they create a thorough framework that prohibits corrupt payments to foreign officials and requires companies to maintain accurate financial records and adequate internal controls.

Anti-bribery provisions

The FCPA's anti-bribery provisions make it unlawful for any US person, company, or issuer (or their agents) to offer, pay, promise, or authorize the payment of anything of value to a foreign government official for the purpose of obtaining or retaining business, or securing an improper advantage. The statute applies broadly: “anything of value” includes not just cash payments but also gifts, travel, entertainment, charitable donations, and employment opportunities for officials' relatives. “Foreign official” includes employees of government-owned or government-controlled entities, including state-owned enterprises, sovereign wealth funds, and public universities, a much broader category than many acquirers realize.

Books-and-records provisions

The FCPA's accounting provisions require issuers (companies listed on US exchanges) to keep books, records, and accounts that accurately and fairly reflect their transactions, and to maintain a system of internal accounting controls sufficient to provide reasonable assurance that transactions are authorized and recorded properly. These provisions apply regardless of whether any bribery occurred, a company can violate the books-and-records provisions through sloppy accounting alone. For acquirers, this means that even if no bribery is found during due diligence, weak internal controls and inadequate record-keeping in the target company can create liability.

FCPA jurisdiction and extraterritorial reach

The FCPA's jurisdictional reach is remarkably broad. It applies to US companies and their worldwide subsidiaries, foreign companies listed on US stock exchanges, and any person (including foreign nationals) who takes any act in furtherance of a corrupt payment while within the territory of the United States. US enforcement authorities have interpreted “within the territory” expansively to include the use of US banking systems, email servers, and telecommunications networks. This means that virtually any international transaction with a US nexus can fall within the FCPA's reach, making it directly relevant to cross-border acquisitions.

The UK Bribery Act is widely regarded as the most sweeping anti-bribery legislation in the world. It goes significantly beyond the FCPA in several important respects, and any acquirer doing business in or through the United Kingdom, or acquiring a UK company, must understand its requirements.

Key differences from the FCPA

• No foreign official limitation: The Bribery Act prohibits bribery of any person, public or private. Commercial bribery (bribing a private business counterpart) is explicitly covered, while the FCPA focuses primarily on foreign government officials.
• Strict liability offense: Section 7 of the Bribery Act creates a corporate offense of “failure to prevent bribery” by “associated persons” (employees, agents, subsidiaries). The only defense is that the company had “adequate procedures” in place to prevent bribery. This is a strict liability offense, the company is liable unless it can prove its compliance program was adequate.
• No facilitation payment exception: The FCPA contains an exception for “facilitating” or “grease” payments, small payments made to foreign officials to expedite routine governmental actions (issuing permits, processing visas, scheduling inspections). The Bribery Act contains no such exception. All payments to influence official conduct are prohibited.
• Broader territorial scope: The Bribery Act applies to any company that carries on business in the UK, regardless of where the bribery occurs. A US company with a UK subsidiary or significant UK business operations is subject to the Bribery Act for its worldwide conduct.

Successor liability, the principle that an acquiring company can be held responsible for the acquired company's pre-existing legal violations, is the primary reason anti-bribery due diligence matters in M&A transactions. Both the US Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have made clear that acquiring companies can face FCPA liability for the conduct of their acquisition targets.

The DOJ and SEC have published guidance stating that they will consider the quality and timing of the acquirer's due diligence when deciding whether to bring enforcement actions. If an acquirer conducts thorough pre-acquisition due diligence, identifies corruption issues, discloses them to authorities, and implements effective remediation, the enforcement agencies have indicated they will exercise discretion in favor of the acquirer. Conversely, an acquirer that fails to conduct adequate due diligence, or that discovers red flags and ignores them, may face the full weight of enforcement for the target's historical conduct.

The structure of the transaction also matters. In an asset purchase, successor liability risk is generally lower than in a stock purchase, because the buyer acquires specific assets rather than the entire legal entity (and its liabilities). However, asset purchases do not eliminate FCPA risk entirely, particularly if the buyer continues the target's operations, retains its employees, and maintains its business relationships. The representations and warranties in the purchase agreement should specifically address anti-bribery compliance, with the seller representing that it has not violated any applicable anti-corruption laws.

Anti-bribery due diligence should be a distinct workstream within the broader due diligence process, led by experienced compliance counsel. The scope and depth of the ABAC due diligence should be calibrated to the target's risk profile, a domestic services business with no government customers requires less scrutiny than a company that sells into emerging markets through local agents and distributors.

1. Country risk assessment: Evaluate the countries where the target operates, sells, or sources materials. High-risk jurisdictions (as measured by Transparency International's Corruption Perceptions Index) warrant deeper investigation. Countries scoring below 40 on the CPI should trigger enhanced due diligence.
2. Third-party intermediary review: Identify all agents, consultants, distributors, and other intermediaries used by the target. These third parties are the primary channel through which bribes are paid. Review their contracts, commission structures, and the business justification for their engagement. Unusually high commissions, vague service descriptions, or intermediaries in jurisdictions where they are not needed are red flags.
3. Government touchpoints: Map all interactions between the target and government entities: permits, licenses, inspections, customs clearances, government contracts, and tax audits. Each touchpoint is a potential corruption risk.
4. Books and records review: Examine the target's accounting records for irregularities that may indicate off-book payments: cash disbursements without supporting documentation, payments to entities in high-risk jurisdictions that lack a clear business purpose, excessive consulting fees, and entertainment expenses that are disproportionate to the business purpose.
5. Compliance program assessment: Evaluate the target's existing compliance program (if any): written anti-bribery policies, training records, reporting mechanisms (whistleblower hotline), third-party due diligence procedures, and compliance leadership. A company with no compliance program is not necessarily corrupt, but it has no infrastructure to prevent or detect corruption.
6. Litigation and enforcement history: Search for any prior enforcement actions, investigations, debarments, or litigation related to bribery or corruption. Check regulatory databases, court records, and media coverage.
7. Employee interviews: Interview key personnel in finance, sales, procurement, and operations about their understanding of anti-bribery requirements, how they handle government interactions, and whether they are aware of any conduct that could raise concerns.

Certain patterns and indicators should trigger heightened scrutiny during anti-bribery due diligence. The presence of one or more red flags does not necessarily indicate that corruption has occurred, but it warrants further investigation before closing.

• Opaque third-party relationships: Agents or consultants engaged without a clear business rationale, paid excessive commissions, or connected to government officials through family or business ties.
• Unusual payment patterns: Cash payments to unnamed individuals, payments routed through offshore entities, unexplained discounts or rebates, and invoices from shell companies or entities with no apparent operational presence.
• Inadequate internal controls: Lack of segregation of duties, absence of approval processes for significant expenditures, no policy for gifts and entertainment, and no compliance training.
• Government contract concentration: Heavy reliance on government contracts, particularly in high-risk jurisdictions, without a corresponding compliance infrastructure.
• Charitable donations and sponsorships: Donations to charities connected to government officials or sponsorships that lack a legitimate business purpose and appear designed to curry favor with decision-makers.
• Facilitation payments: Routine payments to low-level officials to expedite services. While common in some markets, these payments are illegal under most anti-bribery regimes (except the FCPA's narrow exception) and indicate a culture of paying to get things done.
• Lack of transparency: The target resists providing access to financial records, intermediary agreements, or government correspondence during due diligence. Reluctance to disclose is itself a red flag.

Even when pre-closing due diligence does not uncover active corruption, the acquirer should implement a strong compliance program in the acquired business as part of the post-acquisition integration process. For targets with weak or nonexistent compliance infrastructure, this is both a legal imperative and a value-protection measure.

Immediate post-closing actions

• Tone from the top: The new ownership should communicate immediately and clearly that bribery and corruption will not be tolerated. This message must come from the CEO/owner and be reinforced at every level.
• Policy implementation: Adopt and distribute a written anti-bribery and anti-corruption policy. The policy should define prohibited conduct, establish gift and entertainment thresholds, require pre-approval for government interactions, and outline the consequences of violations.
• Reporting mechanisms: Establish a confidential reporting channel (hotline, email, or web-based system) that allows employees to report suspected violations without fear of retaliation. Anonymous reporting should be available.
• Training: Conduct anti-bribery training for all employees within the first 90 days of ownership. Tailor the training to the specific risks faced by different roles (sales, procurement, finance, operations).

Ongoing compliance infrastructure

Beyond the immediate post-closing period, the acquirer should build sustainable compliance infrastructure that includes regular risk assessments, periodic training updates, third-party due diligence for new agents and intermediaries, monitoring of high-risk transactions, and periodic audits of compliance with internal policies. The risk assessment should be updated annually or whenever the business enters new markets, engages new intermediaries, or experiences a significant change in its government-facing activities.

Facilitation payments, small payments made to low-level government officials to expedite routine, non-discretionary actions (processing visas, clearing goods through customs, connecting utilities), present one of the most challenging practical dilemmas in anti-corruption compliance. The FCPA carves out an exception for facilitation payments, but the UK Bribery Act, the Canadian Corruption of Foreign Public Officials Act (as amended), and most other anti-bribery regimes do not.

For acquirers, the existence of facilitation payments in the target's operations signals two things. First, the target operates in environments where petty corruption is common, which increases the overall bribery risk. Second, the target lacks a clear policy framework for handling government interactions, which means there may be inadequate controls over larger, more consequential payments. The practical guidance for acquirers is to adopt a zero-tolerance policy for facilitation payments post-acquisition, even if the target has historically relied on them. This policy should be communicated clearly during the integration process, with practical guidance on how to operate without making such payments (using licensed customs brokers, engaging government relations consultants, and building in additional time for bureaucratic processes).

Yes. Under the legal doctrine of successor liability, the acquiring entity may be held responsible for the target company's pre-existing anti-bribery violations. Both the US Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have made clear that acquiring companies can face FCPA liability for conduct that occurred before closing. However, the DOJ and SEC have indicated that acquirers who conduct thorough pre-acquisition due diligence, identify corruption issues, disclose them to authorities, and implement effective remediation will be treated more favorably. The structure of the transaction also matters, asset purchases generally carry lower successor liability risk than stock purchases, though they do not eliminate FCPA exposure entirely.

Penalties under both statutes are severe. FCPA anti-bribery violations can result in criminal fines of up to $250,000 per violation for individuals and up to $2 million per violation for corporations, plus disgorgement of profits and pre-judgment interest. The SEC can impose additional civil penalties. Under the UK Bribery Act, individuals face up to 10 years' imprisonment and unlimited fines, while corporations face unlimited fines. Beyond direct financial penalties, convicted companies may face debarment from government contracts, reputational damage, and loss of business relationships. The OECD reports that the average resolution amount for FCPA enforcement actions has exceeded $100 million in recent years.

If red flags surface during ABAC due diligence, the acquirer should engage experienced anti-corruption counsel to investigate further before closing. Key steps include deepening the investigation of the specific red flag (e.g., forensic accounting review of suspicious payments, interviews with relevant personnel, and background checks on third-party intermediaries), assessing the scope and materiality of the potential violation, and modeling remediation costs. In some cases, it may be appropriate to voluntarily disclose findings to the DOJ or SEC, which can result in more favorable treatment. The acquirer should also negotiate specific ABAC representations and warranties in the purchase agreement, with indemnification provisions and escrow holdbacks to cover potential liability.