Regulatory Due Diligence: How To Conduct It Properly (+ Checklist)
Compliance is an expensive business. According to one estimate, large firms pay an average of $10,000 per employee in compliance costs per year.
While this may seem like a staggeringly large sum, companies are incentivized to pay it by the fact that non-compliance is even more expensive. One estimate puts the cost of non-compliance at almost three times that of complying with mandates.
In short, it pays to know that your company is operating within the lines. And that is in part where regulatory due diligence comes in.
DealRoom helps companies of all sizes to negotiate their path through the maze that regulatory due diligence can represent.
In this article, we look at how to conduct regulatory due diligence, as well as providing a checklist of the items that require attention to ensure that it passes successfully.
What is Regulatory Due Diligence?
Regulatory due diligence is an audit of the regulatory compliance of a company, its projects, and its employees. In an M&A context, regulatory due diligence seeks to ensure that there are no regulatory inconsistencies within a target company.
As a company expands and moves into different geographies and operations, an increasing array of legal contexts need to be dealt with and the risk of inconsistencies arising tends to increase.
Why is Regulatory Due Diligence Important?
As the previous paragraph alluded to, the more legal contexts that a company is introduced to, the more chances of it being in breach of compliance at some point.
This is broad and could range from something relatively innocuous, such as out-of-date packaging on a product, to something far more serious, such as insider trading. The more serious the compliance breach, the more severe the punishment and the reputational damage suffered by the company.
Elsewhere, the ubiquity of data, and by extension, the necessity to ensure it is adequately protected, has meant that compliance has become more challenging for companies over the past decade.
This is a trend that is likely to continue — particularly as the United States’ current data regulation is a patchwork of individual laws — making regulatory due diligence an increasingly important component of a company’s due diligence process.
When acquiring a firm, all of these issues have to be considered at once. As outlined above, compliance — or the lack of it — has serious implications for the value of a company.
Therefore, before a company is acquired, it is of the utmost importance for the success of the transaction that a thorough regulatory due diligence process is conducted. The last thing any company wants is to inherit regulatory issues with an acquisition.
The Regulatory Due Diligence Checklist
Each industry will have its own set of regulations at the state and federal levels that govern its activities, and it is the job of your company’s legal counsel to be on top of these.
The scope of these regulations is beyond the scale of this article, but should obviously be given priority.
Bear in mind also, that if the acquisition involves a company with some operations in a different industry, this may involve drafting legal counsel with expertise in that area.
The following checklist is general enough to fit most firms’ requirements:
1. Antitrust Regulation
- If antitrust approval is required in your industry, understand the process of obtaining this approval/
- Understand in advance of the deal what the impact on future consolidation will be.
- Gain insight into the entire scope of antitrust issues affecting your company before and after the transaction.
- If necessary, address a Hart-Scott-Rodino filing (for more info, see here), and other requests from antitrust regulatory bodies such as DOJ and FTC.
2. Past or Pending Regulatory Investigations
- Understand whether the company has been, or is currently being, investigated, audited, or reviewed by any organization at the state or federal level.
- Understand the nature of the details uncovered in a. (if applicable).
- Understand whether the company has any active qui tam actions.
3. Compliance Policy and Procedures
- Establish if the company possesses a written compliance policy and if so, obtain a copy.
- Establish if the company has written standards of conduct and if so, obtain a copy.
- Establish if the company has a compliance officer and what their responsibilities entail. Interview the compliance officer, if applicable.
4. Employee Compliance
- Understand whether new employees undergo pre-employment screening for compliance.
- Ask whether there is anyone currently working within the company that is the subject of an investigation at the state or federal level.
- What procedures are in place for current employees to report concerns surrounding violations of compliance? Is there a confidential hotline?
5. Product Compliance
- Confirm mandatory product regulations and directives (e.g. those set by the FDA) and applicable product standards.
- Confirm that the relevant labeling standards are met on all products.
- Confirm that the applicable documentation and certification requirements have been met.
- Confirm production facility requirements.