How boards can manage integrity risks in M and As and investments

How boards can manage integrity risks in M&As and investments

A compliance team and robust due diligence and monitoring are key ingredients needed to effectively manage integrity risks in deals.


In brief

  • Without adequate due diligence and monitoring, acquirers and investors risk facing severe consequences from deals tainted by fraud, bribery or corruption.
  • To address this risk, boards should stress the need for a compliance team’s involvement from the start and due diligence support from forensic professionals.
  • A robust governance, risk and compliance framework with a strong fraud and compliance monitoring program is also crucial after the deal is done.

In the last decade, fraud issues in relation to acquisitions or investments had led to global companies making billion-dollar write-offs. In some cases, respected and experienced boards were forced to admit that they had not paid sufficient attention to what might have appeared to be straightforward acquisitions. These incidents led to severe financial and reputational losses for the companies concerned and sometimes left their directors open to personal liability risks. More recently, corporate failures of entities that attracted high-profile and sophisticated investors have led many to question the degree of due diligence and monitoring put in place by these investors.  

There are examples of companies across the Asia-Pacific region manipulating financial statements to overstate their value as they enter acquisitions or joint ventures (JVs) or accept a minority investment. Improper practices include artificially inflating revenue by manipulating sales data, channel stuffing or fictitious round tripping of sales countered with purchases from the same counterparties without real delivery of goods or services. In other cases, companies misstate assets and liabilities or local JV partners pad expenses with those of their other non-related businesses through the JV’s books.

Such fraud is not isolated to higher-risk geographies. Accounting frauds have been perpetrated in some of the world’s most hallowed financial hubs. The message for directors is clear: every deal needs to be protected by compliance due diligence. Without the expertise of forensic professionals, acquirers and investors risk having to explain flawed deals to shareholders and financiers alone. They would have to explain why they spent millions on an essentially worthless asset or worse, one saddled with liabilities due to bribery and corruption. 

Thirty-seven percent of emerging market respondents in a global EY survey rated fraud, bribery and corruption as the greatest risk to the long-term success of their organization, ahead of pandemics and cyber and ransomware attacks.1

Involve compliance teams from the start

An investment or deal team’s number one key performance indicator is to get the deal done. As a result, it can be hesitant to involve the compliance team. This is a critical error. The compliance team should not only be involved from the outset but must also have sufficient influence and authority so that compliance-related issues and concerns related to the deals reach the board.

Hopefully, after a careful review, the deal will still get done with a more favorable negotiated deal value and a confident plan to remediate potential issues. But it should not be concluded at any cost or for any reason other than a compelling business case. Boards should watch for deals being aggressively pushed through by individual executives as well as those that are light on information or lack representation from the compliance team.



Boards should be wary of deals being aggressively pushed through by individual executives as well as those that provide little information or lack representation from the compliance team.



Involve forensic professionals in the diligence process 

In every deal, forensic professionals experienced and adept at identifying red flags and issues should be called in to conduct one or more of the following typical forensic due diligence procedures.

Integrity or reputation due diligence

This will include checks on the target entity and its key personnel, using specialized databases, sanctions lists, open-source information, discreet interviews and targeted site visits. These look for any incidents of legal or regulatory violations, disputes, adverse media coverage or association with politically exposed persons.

Anti-bribery and anti-corruption due diligence

Anti-bribery and anti-corruption (ABAC) due diligence involves assessing and testing the effectiveness of the target’s ABAC program, taking the level of interaction with government-exposed entities into account. This test is especially important because of the long reach of laws, including the US Foreign Corrupt Practices Act — one of the world’s most punitive regulations — and the UK Bribery Act. There are also ongoing crackdowns on corruption in many Asia-Pacific jurisdictions.

Anti-fraud due diligence

This involves tailored forensic procedures and targeted integrity testing of financial statements and representations crucial to the deal valuation. Forensic specialists with extensive fraud investigation experience check that revenues and asset valuations stand up to scrutiny. Where possible, they will assess key third parties and search for evidence of coordinated fraud, conflicts of interest or related-party transactions. They will also conduct forensic data analytics of customer transactions to identify anomalies in customer profiles or activities to verify that reported sales stack up.

 

The extent of these additional diligence practices in the pre-deal stage will depend on the time available, level of access to information and granularity of information. In some cases where the target has many “suitors”, the target entity may refuse access to data requested by the compliance team. This is not necessarily a red flag, but directors should ask themselves why the target is reluctant to share information. They should also be prepared to walk away or have warranties drafted into the sales and purchase agreement pending the conduct of these procedures.

 

Forensic accountants can advise on whether there are red flags identified from their work procedures and help the board weigh the risk assessment. While higher-risk developing markets promise strong growth opportunities, high costs to clean up improper operations or limited compliance information to do comprehensive diligence may present enough cause for not proceeding.

Growing the asset post-investment 

Getting the deal done is just the first step. As companies seek to realize deal value or grow the asset for a future exit strategy, establishing a robust governance, risk and compliance (GRC) framework with a strong fraud and compliance monitoring program is essential. Forensic capabilities can be valuable for the following.

 

Cyber compromise due diligence

An IT forensic assessment is crucial to uncover likely indicators of an active cyber compromise that could expose sensitive data, particularly if the asset value resides in patents, trade secrets or proprietary technology. The existence of advanced persistent threats will likely impact the target’s data assets and must be investigated and eradicated before interconnecting the target entity’s IT networks with the acquiring entity.

 

Fraud and compliance monitoring program 

A GRC framework needs to be established for the target entity, including ongoing compliance monitoring. Establishing a culture of compliance that incorporates data-driven insights is the new standard that regulators expect today. The US Department of Justice’s revised guidance on corporate compliance programs signals the importance of proactive data analytics in compliance programs — from using data and analytics in identifying and monitoring misconduct to testing the effectiveness of policies, standards and procedures. For example, a multinational conglomerate, Honeywell International, tapped into the EY Virtual technology platform to optimize compliance analytics.

Key questions that boards should ask deal or investment teams

If deal or investment teams are presenting to the board without a strong compliance team’s presence or the use of forensic capabilities in the due diligence process, directors should ask the following questions:

  • Is the target’s reputation or that of its key personnel tainted by offenses, litigation or dispute matters, compliance issues or adverse news?
  • Is the target paying bribes or generating sales from corruption activities to grow or sustain its business?
  • What is the risk that financial statements or key representations disclosed by the target have been falsified to make the deal more attractive?
  • Is the target’s sensitive data (trade secrets, intellectual property or personal data) compromised or at risk due to insider or external threats?
  • Is the target’s GRC program adequate and effective in safeguarding against fraud and compliance risks and monitoring them?

Related articles

Is your organization upholding its integrity standards?

Standards of integrity in emerging markets are improving, but the appetite and opportunity for wrongdoing continues. Learn more.

How boards can drive compliance transformation

A technology-enabled ethics and compliance function underpinned by a culture of integrity can lead to greater business value. Learn more

How boards can close the integrity “say-do” gap

Boards must strengthen the integrity agenda as companies find it harder to uphold integrity standards in the post-pandemic environment. Learn more.

    Summary

    Acquisitions or investments with fraud, bribery or corruption issues can lead to severe financial, reputational and legal consequences. To address this risk, acquirers and investors must involve a compliance team from the start and engage experienced forensic professionals for due diligence support.

    Following the deal’s conclusion, a robust governance, risk and compliance framework, supported by cyber compromise due diligence and a strong fraud and compliance monitoring program, is crucial.

    About this article