DOJ Announces “Safe Harbor” Self-Reporting Policy for M&A

Legal Alerts


On October 4, 2023, Deputy Attorney General Lisa Monaco announced that the U.S. Department of Justice launched a department-wide Safe Harbor Policy for companies that self-report financial violations discovered during the acquisition of a target company if reported within six months of the deal’s closing.

This policy will apply regardless of whether the violation was discovered before or after the acquisition. Once the violation is reported, the acquiring company will have one year from the date of closing to remediate the violations, which can include victim restitution and disgorgement. These deadlines may be extended depending on the specific facts, circumstances, or complexity of a particular transaction. However, the six-month safe harbor period does not apply when detected misconduct threatens national security or involves ongoing or imminent harm. In that situation, self-disclosure should occur immediately upon discovery.

In an effort to reward companies for their timely compliance-related due diligence, the Safe Harbor Policy will provide the presumption of a declination of prosecution if the companies engage in timely remediation, restitution, and disgorgement. This declination refers to a case that would have been prosecuted or resolved criminally had it not been for the voluntary disclosure, cooperation, and remediation of the violations. An acquiring company that does not self-disclose misconduct within the required window in accordance with this new policy could be subject to full successor liability for that misconduct both civilly and criminally.

Any misconduct disclosed under the policy will not be factored into future recidivist analysis for the acquiring company. Additionally, the acquiring company will not be affected by the presence of aggravating factors at the acquired entity. Aggravating factors include: involvement of company executives in the misconduct, significant profits to the company from the misconduct, misconduct that is egregious or pervasive within the company, or repeated misconduct.

Nevertheless, there are certain exceptions to the new policy. For example, the Safe Harbor Policy does not apply to misconduct that was otherwise required to be disclosed, already public, known to the DOJ, or part of a civil merger enforcement. It also does not offer protection from foreign enforcement authorities that may later learn of the misconduct through a public favorable resolution with DOJ or from other U.S. federal or state enforcement authorities.

The new guidance reflects the DOJ’s continued efforts to formalize its policies to incentivize self-disclosure and remediation of corporate misconduct. Companies that wish to avoid successor liability should incorporate compliance personnel in M&A deals, conduct effective due diligence, and timely disclose and remediate any misconduct that they identify.

For more information about the policy, please contact Chantel Febus, Jonathan Feld, Howard Iwrey, Jeffrey Gifford, and Monika Harris, or your Dykema relationship attorney.