What dangers lurk beneath the numbers?

ME PoV Fall 2022 issue

The case for business conduct due diligence

As most countries are still in the throes of the COVID-19 pandemic, companies all over the world are eager to make up for lost time. Reuters reported a surge in merger and acquisition (M&A) activities in the first quarter of 2021, the second biggest quarter on record according to data provider Refinitiv.

M&A activity typically triggers companies to conduct some form of due diligence, be it a potential acquisition, a critical transaction, or even a significant new business relationship. To most business owners and companies, due diligence instinctively means a deep dive into the figures.

However, there is more to a company than just the numbers, and for those who really want to understand if other dangers may lurk beneath the numbers, there is an entire suite of due diligence available. Aside from financial due diligence, which is probably the most common, companies can also opt to perform operational and business conduct due diligence.

An operational due diligence exercise, which also includes Human Resources and Information Technology, focuses on the strength and compatibility of a company’s operations including supply chain integration, operational efficiency and organizational resources-important aspects of a company to consider, particularly ahead of any major acquisitions. But how can acquirers evaluate how compliant the business practices of a target company are?

Business conduct due diligence (BCDD) goes beyond the numbers to assess and evaluate any potential exposures to key international business conduct regulations such as the U.S. Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, leading economic and financial sanctions regimes, as well as other more specific regulations such as supply chain integrity and ethical labor supply, among others.

BCDD aims to address two key concerns: successor liability for bad practices at the acquired business, and potential loss of value if businesses need to change their practices going forward.

Successor liability

Successor liability arises when the acquiring company is liable and responsible for the obligations of the target company. Under the principles of the FCPA, this means a buyer could, potentially, be held liable for any pre-closing instances of
non-compliance on part of the target. The U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC), who jointly enforce the FCPA, published a first edition of their FCPA Resource Guide in2012 directly addressing the topic of successor liability, advising companies engaging in M&A activities to “conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions”.  Recent updates by the DOJ and SEC with regards to successor liability recognize that in certain circumstances, robust pre-acquisition due diligence may be challenging for practical reasons and where this is the case, the timeliness and adequacy of the post-acquisition due diligence would be examined closely.

This latest guidance signals to buyers that not just pre-acquisition, but also post-acquisition due diligence will be considered by the DOJ and SEC prior to determining any enforcement actions regarding successor liability. 

This is good news and provides companies with a second chance to mitigate the risk of expensive legal and professional advisory bills, hefty penalties/fines, reputational damage and loss of investor confidence that may come with a FCPA related disclosure.

The relevance of BCDD in the Middle East region

Companies may be less familiar with BCDD, but the reasons for why this component is equally important, particularly in the Middle East region, would surely resonate with them.

Through its Corruption Perceptions Index (CPI), Transparency International ranks countries on a scale of 0 (clean) to 100 (very corrupt). In January 2021, the CPI reported that the Middle East and North Africa (MENA) region scored an average of 39 for the third consecutive year and the general perception was that the region remained highly corrupt with little progress made to control such practices. 

In recent years, the appetite of multinational firms to conduct business with, and invest in, local companies in the region has markedly increased. Aside from tie-ups and joint ventures with regional organizations, there has also been a number of major acquisitions made by multinational corporations in the Middle East over the last decade, namely, Amazon’s acquisition of the region’s biggest online retailer and the acquisition of Careem by Uber being two stand-out examples.

It is important to remember, however, that it is not just U.S. firms that need to worry about exposure to the FCPA and anti-corruption laws. The concept of extra-territorial jurisdiction (which hinges on the involvement of U.S. “persons,” U.S. currency or existence of U.S. operations) has given the U.S. authorities power to flex their regulatory muscles far from American shores. Coupled with increasing enforcement of local anti-corruption laws, this means that outbound M&A deals from the Middle East, and even purely intra-regional deals, can create FCPA exposure.

How can a BCDD review help? 

The biggest advantage of a company investing its time and resources to understand the potential business conduct risks of a potential acquisition is not getting caught out later for unsustainable and non-compliant business practices. Where a company identifies a revenue stream that is dependent on corrupt practices, they can consider the potential loss of revenue when such practices cease and evaluate the real performance of the target business under ethical practices.

Understanding what the associated business conduct risks are for a potential acquisition also gives the acquiring company the option to choose relatively less risky investments options which may not be obvious at face value.

What dangers lurk beneath the numbers?

BCDD: A real-world example

This was the scenario faced by one business where a financial due diligence exercise on a target identified a high number of large cash payments recorded under marketing expenses. The target was a local business and the payments in question had no accompanying journal descriptions. Given the lack of commercial rationale for a company of this nature to be dealing in consistently large amounts of cash, a business conduct due diligence quickly ensued.

The review identified that these payments had little to no supporting documentation and the explanation offered by management made little commercial sense casting further doubt on the business practices at the target. The review unearthed a number of additional concerns such as benefits offered to senior ranking officials in positions of influence, either within clients or agencies/organizations that directly impacted the target’s operations, large unsupported cash payments to related parties and the settlement of partners’ personal expenses using company funds.

While this acquisition was eventually completed, it was under the express agreement that a detailed compliance program would be implemented as a highest priority and follow-up business conduct reviews would be undertaken on an ongoing basis to evaluate whether the identified risks remained, and if they were being appropriately mitigated by the target.

BCDD considerations 

The advice issued by the DOJ and SEC is to follow a thorough risk-based approach when conducting FCPA and anti-corruption due diligence on potential new business ventures/acquisitions.

As a starting point, there are a few common indicators of potentially troubling business practices companies should remain alert to:

  • Lack of established compliance and business conduct procedures; 
  • Lack of employees’ awareness and knowledge of bribery, corruption and
  • Existence of key business conduct risk factors in the business such as
    customer/vendor base, significant business development activities, use of third parties and agents for key government interactions; and
  • Poor record keeping/ documentation for transactions associated with a
    heightened business risk.

While there is a perception that the detection of risky or potentially corrupt business practices can signal the end of a potential M&A deal, this does not
necessarily have to be the case. Light touch and pre-acquisition reviews are a
good way of providing quick answers and insight into whether there are any
show-stopping issues lurking beneath the figures. A more fulsome review can
then be conducted as soon as possible post-acquisition, to immediately identify
and curtail any risky behavior. 

The risk of notidentifying corrupt practices is greater than the risk of identifying them upfront because they can be addressed head-on.


By Collin Keeney, Partner and Razia Mir, Assistant Director, Financial Advisory, Deloitte Middle East



2. First resource Guide to US Foreign Corrupt Practices Act, dated 14 November 2012.


Did you find this useful?