Client Alerts  - International Business Oct 19, 2023

New DOJ M&A Safe Harbor Policy Self-Disclosure Rules and Foreign Investment Transactions

Puzzle pieces

New Policy to Promote Disclosure of Misconduct in M&A Process

On October 4, 2023, in remarks delivered by Deputy Attorney General Lisa O. Monaco at the Society of Corporate Compliance and Ethics 22nd Annual Compliance & Ethics’ Institute1, the U.S. Department of Justice (DOJ) announced the imminent release of a new Mergers & Acquisitions Safe Harbor Policy to promote disclosure of corporate (or other) misconduct uncovered in the M&A process.

Her remarks further highlighted and clarified a DOJ policy that has been trending throughout the past year. In January 2023, DOJ revised its Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy to initiate a “presumption of a declination” when an acquirer voluntarily discloses a target company’s misconduct during the M&A process.2 Later, in March, DOJ updated its guidance regarding M&A corporate compliance to note that acquisition due diligence (pre- and post-) must appropriately scrutinize counterparties, evaluate and enforce internal controls and remediate misconduct.3 Monaco stressed that, ultimately, this policy is intended to be adopted across DOJ and the entire spectrum of agencies with potential corporate criminal reporting and enforcement responsibilities. Notably, she specifically cited an expanded emphasis on M&A transactions and technology having national security implications—such as those subject to review by the Committee on Foreign Investment in the United States (CFIUS) or/and involving potentially sanctioned or restricted parties (with licensing and enforcement jurisdiction under Treasury’s Office of Foreign Assets Control (OFAC)).

Monaco’s remarks reinforce the increasing focus on national security-related enforcement activity previously evidenced at Treasury’s Second Annual CFIUS Conference on September 14th, 2023. In prepared remarks and in response to questions, Assistant Secretary of the Treasury for Investment Security Paul Rosen revealed that CFIUS was devoting new resources to enforcement and to pursuing non-noted transactions, hiring third-party auditors to determine compliance with mitigation agreements and “are on track to have more civil monetary penalties issued this year than we have in our entire history.”4

And just a year ago, in October 2022, CFIUS issued its first published set of enforcement and penalty guidelines and appointed its first Chief Counselor for Enforcement.

Qualifying for Safe Harbor

According to Monaco’s summation, for an acquirer to qualify for the Safe Harbor Policy and presumption of declination, it must voluntarily self-disclose, cooperate and remediate (including making applicable disgorgement or restitution). She clarified that the Safe Harbor Policy will:

  • Apply to criminal conduct discovered in “bona fide, arms-length M&A transactions”
  • Not apply to any conduct “otherwise required to be disclosed or already public” or known to the authorities
  • Not affect civil merger enforcement

In addition, she set forth a time framework within which qualifying measures must be taken. Misconduct (or, in the case of sanctions violations or status, the discovered information) must be voluntarily disclosed within six months of the date of closing, regardless of whether discovered pre- or post-closing; and required remedial action must be satisfactorily completed within one year of closing.

Monaco noted that these deadlines may be subject to some reasonable flexibility, depending on the facts of the transaction. Nevertheless, she said that ongoing misconduct, or facts indicating imminent harm or “threatening national security,” must be disclosed immediately.

Among the benefits of qualifying for the Safe Harbor Policy under these circumstances would be a presumption of declination even if there are found to be aggravating circumstances (a benefit for the buyer; the offending target entity would not be entitled to declination in the presence of such aggravating circumstances); and relief from potential “successor liability” for the activity or status comprising the misconduct.

CFIUS Takeaways

This increased emphasis on national security considerations in M&A sharpens the focus on foreign investment review. For U.S. parties to a CFIUS-reviewable foreign direct investment, the perspective is shifted somewhat, as the U.S entity is (almost by definition) most often the target rather than the acquirer in such a transaction. Moreover, the parties to the transaction may already be under substantial disclosure obligations with regard to CFIUS filings. Nevertheless, there are circumstances where issues regarding disclosure might arise:

  • Where the counterparty seeks to avoid filing, and diligence later uncovers information indicating that such a filing may have been known to be mandatory
  • Where discovery unveils the involvement of, or attachment to, a previously undisclosed sanctioned or restricted entity in the foreign investor
  • Where diligence reveals that false, misleading or incomplete information was knowingly provided to CFIUS by the counterparty in its part of a filing

While a U.S party may have contractual remedies against a counterparty in such circumstances, the possibility of criminal exposure—and thus the possible benefits of self-disclosure—cannot be dismissed.

In instances of pre-closing discovery of misconduct, there is always the option—as with any M&A transaction, whether or not involving foreign investors—simply not to proceed with the transaction. There may be costs associated with such a decision (i.e., breakup fees and sunk transaction costs), as well as loss of the anticipated business benefits or needed capital. It’s often possible that, with appropriate remediation measures (certain specified divestitures, proxy boards, in-house monitors and mandatory audits), important aspects of a modified transaction can be salvaged.

However, if the discovered misconduct is criminal or constitutes a U.S national security risk, the U.S. party must carefully consider to what competing obligations it may be exposed. This entails a weighing of the particular facts and circumstances, including a full legal assessment of potential enforcement risk, as well as balancing possible countervailing concerns regarding the risks of self-disclosure, potential shareholder actions and contractual obligations (including the terms of any applicable non-disclosure agreements) to counterparties. It’s the clear intent of DOJ and other authorities that the availability of the incentives under the new Safe Harbor Policy might tilt the balance in such decisions toward disclosure, at least where apparent criminal conduct is involved.

As always, it is essential to conduct rigorous diligence regarding counterparties, proposed investors, their business record and past conduct, and to identify and thoroughly investigate the beneficial ownership of participating investors all as part of a robust compliance program as set forth in DOJ guidelines.

But the growing focus on corporate criminal disclosure in M&A transactions, especially involving national security and advanced technology (both central concerns for CFIUS), and the enhanced resources dedicated to enforcement, clearly augur further intensified scrutiny of such activity—as well as, perhaps, further refinement of incentives for cooperation and self-disclosure (Monaco said in her speech that “there’s more to come”).

In that light, parties to either side of a CFIUS transaction (or any M&A transaction, for that matter) and their counsel would be well advised to closely follow DOJ’s compliance and self-disclosure pronouncements on an ongoing basis, so that the described benefits (and any new ones to be revealed) can be weighed carefully in instances where self-disclosure is under consideration.

Additional Assistance

For further information regarding the Safe Harbor Policy or other matters regarding foreign investment, please contact James Kevin Wholey at (202) 617-2714,; any member of the Phillips Lytle International Team; or the Phillips Lytle attorney with whom you have a relationship.

1    Lisa O. Monaco, Deputy Attorney Gen., U.S. Dep’t of Just., Remarks at the Society of Corporate Compliance and Ethics 22nd Annual Institute, U.S. Dep’t of Just. (Oct. 4, 2023),

2    See Crim. Div., U.S. Dep’t of Just., Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy at 9-47.120, U.S. Dep’t of Just. (updated Jan. 2023),

3    Crim. Div., U.S. Dep’t of Just., Evaluation of Corporate Compliance Programs, U.S. Dep’t of Just. (updated Mar. 2023),

4    Paul Rosen, Assistant Secretary for Inv. Sec., U.S. Dep’t of Treas., Remarks at the Second Annual CFIUS Conference, U.S. Dep’t of Treas. (Sept. 14, 2023),

Related Insights

View All