Compliance is not the box ticking exercise that many people believe it to be. Far from it, in fact.
One survey conducted by a risk management association showed that its members spend 6-10% of their revenue on compliance. But if the cost of compliance seems steep, try non-compliance. In 2017, the average cost of non-compliance was three times that of compliance.
The message is clear - compliance is extremely important, and not just from an ethical standpoint. Thus, when acquiring another company, compliance should be central in the buyer’s thoughts.
With so many other forms of due diligence gaining most of the attention, compliance due diligence is often left behind. In this article we, at DealRoom, provide an overview of compliance due diligence and share how our clients conduct it during M&A.
What is Compliance Due Diligence?
Compliance due diligence is the process of conducting a thorough investigation, audit, or analysis of a company’s compliance with regulatory bodies, both governmental and non-governmental. It essentially seeks to establish whether a company is following the rules as they should be.
Some companies may have found a loophole that allows them to skirt certain regulations and this is an example of an issue that compliance due diligence attempts to expose.
Why is Compliance Due Diligence Important?
In addition to the costs of non-compliance outlined above, there is a hidden cost when a company chooses not to comply with regulations: the cost of reputational damage.
Deutsche Bank, the once great German bank, provides a live case study of how this is the case. The company has been found guilty of a series of compliance breaches over the past decade. Its vast revenues could pay for them.
By all accounts, the reputational damage is proving far more difficult to mend.
Issues which are now commonly analyzed by compliance due diligence include:
- Anti-corruption laws
- Environmental laws
- Data protection laws
- Antitrust laws
- Trade regulations
- Employee safety regulations
- Product (or ingredient) safety regulations
The Stages of Compliance Due Diligence
As with any form of due diligence, compliance due diligence begins with asking the big questions, before digging down into the details.
- Understand what the compliance issues are in the target’s field of business: This is easier for the buyer if the target is in the same industry, but even companies of different sizes in the same industry can face different compliance issues. If the company is in a different country, this throws up a whole new set of compliance issues. Also, think about what the compliance issues are with the new entity formed by a merger.
- Collect and Assess the documents relevant to the compliance issues outlined in 1 (above): As always, asking the right questions will lead to the collection of a slew of documents. Some of them - for example, sanction lists, legal history, regulatory history of various kinds - are often obtainable from public records. A risk assessment should then be conducted based on the information retrieved.
- Conclusions of Compliance Due Diligence and Ongoing Compliance Plan: Compliance is an issue where, even if everything seems okay, a company has to plan for the worst. Thus, it’s important to keep track of the due diligence that was conducted - ideally in a secure virtual data room - along with details of the documents retrieved. If the worst does come to pass, these will at least serve as evidence to regulators that every attempt was made to ensure compliance. Finally, a compliance plan needs to be developed to ensure that compliance is maintained after the transaction.
Compliance Due Diligence Checklist
A checklist, as always, will depend to a great extent on the level of compliance required in an industry. Even casual onlookers will know the loops that financial institutions have to jump through to be compliant, for example.
The list below therefore represents a general compliance due diligence checklist, which should be adapted to the requirements of the company in question:
1. In-house compliance
- How effective are the company’s in-house compliance standards?
- What records are kept?
- How transparent is the company about compliance?
- How much does it spend on compliance every year?
- Are employees given compliance related training?
2. Integration with buyer’s compliance
- Are there areas of overlap between your compliance standards and those of the target company?
- What needs to improve in the target company’s compliance standards?
- How much would an improvement in compliance cost your company and how would this affect the deal structure?
3. Government Investigations
- Are there any ongoing government investigations and what do they concern?
- Were there investigations in the past, and if so, how were they resolved?
- How often does the government check compliance at the target company?
4. Follow the money (often included in financial due diligence)
- Are there anti-money laundering (AML) procedures in place?
- How strictly are contracts processed (i.e. no intermediaries involved)?
- Are there any suspicious payments?
- How often does the company disclose its financials to the relevant authorities?
The full compliance due diligence playbook could be found in our platform, together with all the needed features and built-in virtual data room that help our clients organize all the information and communication in one place.
Conclusion
Compliance becomes more important to companies every day, reflected by compliance costs, which have risen far in excess of the average company’s revenue over the past decade. As always, good documentation is key.
DealRoom currently helps hundreds of companies manage their compliance documents, ensuring that they’re secure and up to date.
Talk to us today about how our virtual data room services can add value to your compliance due diligence.