On October 4, 2023, Deputy Attorney General Lisa Monaco announced that the U.S. Department of Justice has launched a Safe Harbor Policy for companies that self-report financial violations discovered during the acquisition of a target company. The Safe Harbor Policy will be applied across the DOJ, Monaco said, and each part of the DOJ — including individual US Attorney’s offices and DOJ components such as the Criminal Division and National Security Division (NSD) — “will tailor its application of this policy to fit their specific enforcement regime and will consider how this policy will be implemented in practice.” In the healthcare arena, the Safe Harbor Policy will apply to, e.g., violations of the Anti-Kickback Statute, the False Claims Act, and other billing fraud; COVID-19 health care fraud schemes; and prescription fraud.
The Safe Harbor Policy applies to violations reported within six months of the deal’s closing; once the violation is reported, the acquiring company will have one year from the date of closing to “fully remediate the misconduct,” according to Monaco, who also said that both the six-month and one-year deadlines could be “extended” by DOJ prosecutors, depending on the specific “facts, circumstances, and complexity of a specific transaction.” However, the six-month reporting period does not apply when detected misconduct threatens national security or involves ongoing or imminent harm. In that situation, self-disclosure should occur immediately upon discovery.
The Safe Harbor Policy applies only to criminal conduct discovered in bona fide, arms’-length M&A transactions (rather than conduct that was otherwise required to be disclosed or is already known to the public or the DOJ, or part of a civil merger enforcement) and applies regardless of whether the violation was discovered before or after the acquisition. The Safe Harbor Policy does not offer protection from foreign enforcement authorities that may later learn of the misconduct through a public favorable resolution with DOJ or from other U.S. federal or state enforcement authorities.
The new guidance, which reflects the DOJ’s continued efforts to incentivize self-disclosure and remediation of corporate misconduct, rewards companies for their timely compliance-related due diligence by providing the presumption of a declination of prosecution if the companies engage in timely remediation, restitution, and disgorgement. (“Declination” refers to a case that would have been prosecuted or resolved criminally had it not been for the voluntary disclosure, cooperation, and remediation of the violations.) An acquiring company that does not self-disclose misconduct within the required window in accordance with this new policy could be subject to full successor liability for that misconduct, both civilly and criminally.
Any misconduct disclosed under the policy will not be factored into future recidivist analysis for the acquiring company. Additionally, the acquiring company will not be affected by the presence of aggravating factors (e.g., involvement of company executives in the misconduct, significant profits to the company from the misconduct, misconduct that is egregious or pervasive within the company, or repeated misconduct) at the acquired entity.