DOJ New Safe Harbor Policy for Voluntary Self-Disclosures in M&A

October 13, 2023

In recent months, U.S. Department of Justice (“DOJ”) leadership reiterated their intention to continue focusing on prosecuting crime by companies and responsible individuals, in particular in areas relating to national security. 

To this end, DOJ recently has amended or formalized policies intended to incentivize companies to report criminal misconduct, cooperate in DOJ’s criminal investigations and remediate.[1]  In line with that trend and as previewed last month by the Principal Associate Deputy Attorney General,[2] the DOJ officially announced its New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions (“M&A Safe Harbor”).[3]

Most recently, in an October 4, 2023 speech, Deputy Attorney General Lisa O. Monaco provided additional guidance outlining the DOJ’s new Department-wide M&A Safe Harbor for companies that voluntarily self-disclose and remediate criminal misconduct during the acquisition process.[4]

Conditions for the Safe Harbor

In particular, the new M&A Safe Harbor offers buyers the presumption of a declination for criminal misconduct of a target company discovered by the buyer during the M&A process.[5]  To qualify for the safe harbor and presumption of a declination, the buyer must voluntarily self-disclose, cooperate, and remediate, including payment of any applicable restitution or disgorgement.[6]  DAG Monaco made clear that the policy:

  • will only apply to criminal conduct discovered in “bona-fide, arms-length M&A transactions”;
  • “does not apply to misconduct that was otherwise required to be disclosed or already public or known” to the DOJ; and
  • “does not impact civil merger enforcement.”[7]

In an effort to provide greater predictability, the M&A Safe Harbor outlines baseline timing requirements for disclosure and remediation.  To qualify for the safe harbor, a company must:  

  • voluntarily disclose misconduct discovered at the acquired entity within six months from the date of closing, irrespective of whether the misconduct was discovered pre- or post-acquisition; and fully remediate the misconduct within one year from the date of closing.[8]

DAG Monaco explained that both baselines for timing may be extended, subject to a “reasonableness analysis” of the “specific facts, circumstances, and complexity” of a given transaction, recognizing that deals differ and not every transaction is the same.”[9]  On the other hand, serious “misconduct threatening national security or involving ongoing or imminent harm” must be disclosed promptly.[10]

Advantages of the Safe Harbor

For buyers that successfully utilize the new M&A Safe Harbor, a presumption of declination will be available even in the presence of aggravating circumstances that could otherwise impact the ability to qualify for a presumption of declination.[11]  Moreover, in addition to a presumption of declination, any misconduct disclosed under the new policy will not factor into any recidivist analysis of the buyer, either at the time of disclosure or in a future recidivist analysis.[12]  These new incentives for buyers stand in stark relief to the alternative, if the policy does not apply, of “full successor liability” for a target company’s criminal misconduct and resulting collateral consequences that may restrict certain regulated business activities in the United States.[13] 

In regard to target companies, DAG Monaco clarified that when a buyer self-discloses under the M&A Safe Harbor, the target company can still qualify for any appliable voluntary self-disclosure benefits, including potentially a declination.[14]  However, a target company will not be eligible for a declination in the presence of aggravating factors at the target.[15]  Only the buyer will be eligible for a declination in the presence of aggravating factors at the target.[16]

Takeaways and Path Forward

In the near future, we can expect further details as to the application and expansion of the new policy.  The M&A Safe Harbor is set to be applied Department-wide, like the voluntary self-disclosure policies, and it is intended to ensure consistency across the DOJ with respect to self-disclosures that occur in the context of an M&A transaction.[17]  But DAG Monaco has instructed that “each part of the Department will tailor its application of this policy to fit their specific enforcement regime, and will consider how this policy will be implemented in practice.”[18]  We can expect that future criminal corporate resolutions applying the new policy may provide clarity into any such differences in application across the Department.[19] 

As DAG Monaco explained, “the last thing the Department wants to do is discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs and a history of misconduct.”[20]  In practice, DOJ’s new policy sends a strong message to buyers to give compliance teams a “prominent seat at the deal table,” including by further incentivizing compliance-related M&A due diligence and integration.[21] 

DAG Monaco also noted that DOJ would be looking to apply its approach to corporate enforcement across the entire DOJ, “especially in areas implicating cybersecurity, tech, and national security.”[22]  She also indicated that we should “expect more to come on this topic” as DOJ may extend its corporate enforcement policies “beyond the criminal context to other enforcement resolutions,” including “breaches of affirmative civil case settlements to violations of CFIUS mitigation agreements or orders.”[23]  Likewise, it remains to be seen whether or how other regulatory agencies may implement similar policies to the M&A Safe Harbor.  Any expansion of DOJ’s policy will only increase the potential benefits for companies that conduct rigorous compliance diligence during the M&A process.[24]  DAG Monaco also cautioned that “[g]one are the days when executives could view corporate enforcement matters as the cost of doing business,” and emphasized a need for responsible companies to “redouble time and attention” to implementing effective compliance programs, instituting appropriate compensation policies, and conducting thorough due diligence on acquisitions.[25] We generally advise buyers in M&A transactions to conduct thorough due diligence where there are suspicions of misconduct at target companies, especially in the current climate.[26]  We also advise buyers to use findings from the due diligence process as a guide in remediating issues and enhancing the compliance program at the acquired entity post-closing.  We expect that DOJ’s new policy will encourage these practices.  It remains to be seen whether, as a result of the new policy, potential buyers may be more willing to complete acquisitions that otherwise would have been abandoned due to misconduct uncovered during pre-signing due diligence.

This memo has been republished by Thomson Reuters Westlaw Today.


[1]        In January 2023, the DOJ updated its Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy to institute a presumption of a declination to prosecute misconduct when a buyer voluntarily self-discloses a target company’s misconduct during the M&A process.  See 9-47.120 Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (January 2023), https://www.justice.gov/opa/speech/file/1562851/download; see also “DOJ Announces Additional Guidance on Voluntary Self-Disclosure in M&A Context | Cleary Enforcement,” Watch (Oct. 2, 2023), https://www.clearyenforcementwatch.com/2023/10/doj-announces-additional-guidance-on-voluntary-self-disclosure-in-ma-context/.  In March 2023, Deputy Attorney General Lisa O. Monaco announced that each DOJ division that prosecutes corporate crime has adopted a voluntary self-disclosure policy.  See “Deputy Attorney General Lisa Monaco Delivers Remarks at American Bar Association National Institute on White Collar Crime” (Mar. 2, 2023), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-remarks-american-bar-association-national. Also in March 2023, the DOJ issued updated guidance on the Evaluation of Corporate Compliance Programs, noting with regard to “Mergers and Acquisitions” that pre- and post-acquisition due diligence and integration must appropriately scrutinize targets, enforce internal controls, and remediate misconduct. See U.S. Dep’t of Justice, “Criminal Division Evaluation of Corporate Compliance Program” (March 2023), https://www.justice.gov/criminal-fraud/page/file/937501/download; see also “DOJ Announces Additional Guidance on Voluntary Self-Disclosure in M&A Context | Cleary Enforcement,” Watch (Oct. 2, 2023), https://www.clearyenforcementwatch.com/2023/10/doj-announces-additional-guidance-on-voluntary-self-disclosure-in-ma-context/.

[2]        See “Principal Associate Deputy Attorney General Marshall Miller Delivers Live Keynote Address at Global Investigations Review” (Sept. 21, 2023), https://www.justice.gov/opa/speech/principal-associate-deputy-attorney-general-marshall-miller-delivers-remarks-global; see also “DOJ Announces Additional Guidance on Voluntary Self-Disclosure in M&A Context | Cleary Enforcement,” Watch (Oct. 2, 2023), https://www.clearyenforcementwatch.com/2023/10/doj-announces-additional-guidance-on-voluntary-self-disclosure-in-ma-context/. 

[3]        “Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions,” (Oct. 4, 2023), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-announces-new-safe-harbor-policy-voluntary-self.  Other topics addressed by DAG Monaco include the addition of 25 new corporate criminal prosecutors in the National Security Division, an increase of 40% to the number of criminal prosecutors in the Bank Integrity Unit, and a greater focus on corporate criminal resolutions that go beyond monetary fines, e.g., divestiture, specific performance, and compensation and compliance requirements.

[4]        Id. The Department-wide application of the new M&A Safe Harbor Policy extends the DOJ’s January 2023 Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy.  See 9-47.120 Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (January 2023), https://www.justice.gov/opa/speech/file/1562851/download.

[5]        “Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions,” (Oct. 4, 2023), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-announces-new-safe-harbor-policy-voluntary-self. 

[6]        Id.

[7]        Id.

[8]        Id.

[9]        Id.

[10]       Id.

[11]       Id. However, note that the presence of aggravating factors at the target company may render the target company ineligible for a presumption of declination.  Id.  (“Unless aggravating factors exist at the acquired company, that entity can also qualify for applicable VSD benefits, including potentially a declination.”).

[12]       Id.

[13]       Id.

[14]       Id.

[15]       Id.

[16]       Id.

[17]       Id.

[18]       Id.

[19]       Id.

[20]       “Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions,” (Oct. 4, 2023), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-announces-new-safe-harbor-policy-voluntary-self. 

[21]       Id. DOJ has consistently emphasized the role of compliance in pre- and post-acquisition diligence and integration. As recently as March 2023, in its updated guidance on Evaluation of Corporate Compliance Programs,  DOJ recommended that compliance departments complete pre-acquisition due diligence, monitor and remediate misconduct or misconduct risks identified during due diligence, implement compliance policies at newly acquired companies, and conduct post-acquisition audits. See U.S. Dep’t of Justice, “Criminal Division Evaluation of Corporate Compliance Program” (March 2023), https://www.justice.gov/criminal-fraud/page/file/937501/download.

[22]       Id.

[23]       Id. CFIUS has also significantly expanded its enforcement activity in the past year, releasing its first-ever enforcement and penalty guidelines in October 2022 and creating a new Chief Counselor for Enforcement role.  It is expected to issue more civil monetary penalties in 2023 than in its entire history.  See U.S. Dep’t of Treasury, “Remarks by Assistant Secretary for Investment Security Paul Rosen at the Second Annual CFIUS Conference” (September 14, 2023) https://home.treasury.gov/news/press-releases/jy1732.

[24]       Id.

[25]       Id.

[26]       In addition to scrutiny by DOJ, SEC and CFIUS, the U.S. Department of the Treasury’s Office of Foreign Assets Control has also highlighted the importance of “appropriate due diligence” in M&A transactions and has issued a number of recent enforcement actions on the basis of pre-acquisition sanctions violations and failures of post-acquisition remediation.  See U.S. Dep’t of Treasury, “A Framework for OFAC Compliance Commitments” (May 2, 2019) https://ofac.treasury.gov/media/16331/download?inline.