On October 4, 2023, Deputy Attorney General Lisa O. Monaco, the second-ranking official in the US Department of Justice (“DOJ” or the “Department”), announced a new Safe Harbor Policy for Voluntary Self-Disclosures (“VSDs”) made in connection with mergers and acquisitions (“M&A”) (together, “M&A Safe Harbor Policy”).  The new policy encourages acquiring companies to timely disclose misconduct uncovered during M&A due diligence and harmonizes the DOJ-wide approach to VSDs for M&A transactions.  The implementation of the M&A Safe Harbor Policy is the most recent initiative in the Biden Administration’s efforts to combat corporate crime and has broad implications across DOJ’s Divisions.


On October 28, 2021, Deputy AG Monaco issued the first of a series of memoranda on the Department’s enforcement policies. The Memorandum on Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies (the “October 2021 Memo”) announced the establishment the Corporate Crime Advisory Group (“CCAG”) which would be charged with evaluating and recommending guidance, and considering policy revisions to enhance DOJ’s enforcement against corporate crime, among other tasks. It also announced three initial policy revisions: 1) revision of the Justice Manual directing prosecutors to examine all corporate misconduct discovered during any prior enforcement actions including members of a company’s corporate family (e.g., parents, divisions, affiliates, and subsidiaries); 2) reinstatement of prior guidance under which a corporation could only qualify for cooperation credit if it provided the Department all relevant facts relating to the individuals responsible for the corporate misconduct; 3) modification of the standards, policies, and procedures for evaluating the need for an independent corporate monitor to assess a corporation’s compliance with the terms of a criminal resolution (favoring the appointment of a monitor where there is a “demonstrated need for, and clear benefit to be derived from, a monitorship[]” and “[w]here a corporation’s compliance program and controls are untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution”).

Next, on September 15, 2022, Deputy AG Monaco issued the Memorandum on Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group (the “Monaco Memo”). The Monaco Memo, as accompanied by remarks from Deputy AG Monaco as well as Assistant AG Kenneth Polite, the then-head of the DOJ Criminal Division, announced additional revisions to the Department’s corporate criminal enforcement policies and practices. Notably, it zeroed in on mechanisms to further the Department’s approach to corporate accountability, including, most critically, to incentivize voluntary self-disclosures (VSDs) by corporations. On this subject, the Monaco Memo instructed the various DOJ components that prosecute corporate crime to review their existing policies on corporate VSDs, to revise those policies to provide guidance on the form, content, and timing of such disclosures, and to draft and publicize policies that incentivize such disclosures.

In the months following, more detailed VSD guidance consistent with the principles articulated in the Monaco Memo was issued by a number of DOJ components, including by the Criminal Division (for more on that guidance, see our prior alert on this topic), the National Security Division (for more on the Tri-Seal Compliance Note describing the March 2023 update to NSD’s VSD policy, see our prior client alert on this topic), the Environmental Crimes Section of the Environment and Natural Resources Division, the Civil Division, and the US Attorney’s Offices.    

M&A Safe Harbor Policy

As VSD guidance has become more well-aligned across DOJ divisions, DOJ’s new M&A Safe Harbor Policy and Deputy AG Monaco’s accompanying remarks are the latest indications that the DOJ is increasingly focused on the intersection between national security, foreign policy, and business. Specifically, the policy advances DOJ efforts to encourage VSDs for corporate criminal enforcement, this time in the corporate M&A context. Deputy AG Monaco explained that the Department is “placing an enhanced premium on timely compliance-related due diligence” and warned that the failure to perform effective due diligence or self-disclose misconduct at an acquired entity will subject the acquiring company “to full successor liability for that misconduct under the law.” The M&A Safe Harbor Policy states that an acquiring company will receive the presumption of a declination if it (1) promptly and voluntarily discloses criminal misconduct by the acquired company to the DOJ within a baseline of six months from the date of closing (i.e., the Safe Harbor period), (2) cooperates fully with the ensuing investigation, and (3) engages in requisite, timely, and appropriate remediation, restitution, and disgorgement. 

Like the previously announced VSD policies, the M&A Safe Harbor Policy does not apply to misconduct otherwise required to be disclosed, or that is already known whether publicly or to the DOJ.  Nor will the M&A Safe Harbor Policy be honored if the acquisition is not a bona fide, arm’s length transaction; the DOJ will not protect companies abusing the Safe Harbor by engaging in a combination as acquiree in order to immunize themselves.  Nevertheless, even when there are aggravating factors at the acquired company,  the M&A Safe Harbor Policy arguably allows acquiring companies that voluntarily disclose to structure an acquisition as an asset purchase, as opposed to the acquisition of a company as a wholly-owned subsidiary, in order to avoid the burdens of having one of its wholly-owned subsidiaries incur criminal liability.  Indeed, this would be consistent with the M&A Safe Harbor Policy’s emphasis on “timely compliance-related due diligence and integration.”  But it is uncertain whether such an agreement would be considered “bona fide” – it would be an “arm-length M&A transaction[],” yet the purpose of the structure is to avoid criminal liability.  Under either scenario, individuals at the acquired (or absorbed) company would still be subject to criminal liability for any criminal conduct they engaged in.   

The six-month time limit of the Safe Harbor baseline period applies whether the misconduct was discovered pre- or post-acquisition.  Companies will then have a baseline period of one year from the date of closing to fully remediate the misconduct.  Both of the baseline time periods can be extended for a reasonable time depending on the facts, circumstances, and complexity of a particular transaction.  Likewise, Deputy AG Monaco stressed that companies that detect misconduct that threatens national security or involves ongoing or imminent harm “can’t wait for a deadline to self-disclose.”

Notably, the DOJ will treat aggravating factors under the M&A Safe Harbor Policy somewhat differently than in other VSD policies.  The presence of aggravating factors at the acquired company will not affect the acquiring company’s ability to receive a declination, but the acquired company will only qualify for “applicable VSD benefits, including a declination” – which presumably refers to benefits conferred under the other VSD guidance currently in place – if no aggravating factors exist at that company.  Additionally, any misconduct disclosed to the DOJ under the M&A Safe Harbor Policy will not be factored into any recidivist analysis concerning the acquiring company. 

The M&A Safe Harbor Policy will be applied DOJ-wide, but each DOJ component will tailor the application of the policy to fit its respective enforcement regime.  No individual component of DOJ has yet released specific written guidance regarding the application of the new M&A Safe Harbor Policy in the context of its own corporate enforcement policies.

This latest policy announcement builds, once again, on policies and practices developed by the FCPA Unit in the Fraud Section for some years.  Indeed, in her speech announcing the new policy, Deputy AG Monaco referenced an advisory “Opinion Release” issued by the FCPA Unit over 15 years ago, in 2008, setting forth a framework for acquiror companies to seek to avoid FCPA successor liability for past violative conduct by the target, through a combination of due diligence, self-reporting, and remediation.   Opinion Procedure Release No. 08-02, June 13, 2008 (the “Halliburton Opinion Release”).  The DOJ and SEC’s Resource Guide to the Foreign Corrupt Practices Act, first issued in 2012 and updated in 2020, also contains extensive discussion of the subject of successor liability in FCPA matters.  See pp. 29-35. 

Predictably, this new policy has already received criticism from those who view such policies as lenient with respect to corporate entities. Press reports indicate that US Senator Elizabeth Warren has already sent a letter to the DOJ criticizing the M&A Safe Harbor Policy, arguing that the policy’s promise of declinations upon a merger will incentivize corporate criminal behavior, and that the policy would also reduce competition by making it easier for companies that have engaged in illegal activity to be acquired. Of course, many of the incentives to companies built into the policies come at the explicit detriment of individual criminal actors, whose offenses are precisely what the DOJ is looking for corporate actors to disclose, if they wish to take advantage of these dovetailed enforcement policies.  

Implications for Specific DOJ Divisions

Although the M&A Safe Harbor Policy sets forth seemingly clear standards for eligibility to be applied uniformly across Divisions, the devil will, as always, be in the details.  Indeed, Deputy AG Monaco recognized the need for Division-specific tinkering, stating in her accompanying remarks that “[e]ach part of the Department will tailor its application of this policy to fit their specific enforcement regime, and will consider how this policy will be implemented in practice.” 

In this section, we consider the potential implications of the M&A Safe Harbor Policy on enforcement in some of the major DOJ Divisions.

              A.          The Criminal Division

As noted above, much of the M&A Safe Harbor Policy draws from principles that have been followed by the FCPA Unit of the Fraud Section for years.  However, the new Policy formalizes what was in the past only a statement of principles as to how successor liability would be assessed in FCPA matters and requires implementation across the entire Criminal Division.  In addition, the new Policy goes beyond prior practice in important respects: 1) expressly providing for a safe harbor of a formal declination for an acquiror that timely discloses and remediates, in addition to cooperating with DOJ in any related investigation; 2) defining a bright-line both for timely disclosure, i.e., six months after the date of closing, and for timely remediation, i.e., one year after closing; and 3) providing a safe harbor for the acquired company as well, so long as there are no aggravating factors associated with the acquired company.   

At the same time, the formalization of this policy could result in a greater emphasis on enforcement against those successors that do not self-disclose.  Previously, the Department had taken the position that successor liability should arise “only in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.”  FCPA Resource Guide at 30.  The recent policy developments put into doubt the Department’s prior stated approach of pursuing enforcement against successors “only in limited circumstances.”

It is also worth noting that companies subject to regulatory regimes that impose mandatory disclosure requirements may face difficulties in availing themselves of the safe harbor policy applicable to voluntary disclosures in the M&A context.  Government contractors and subcontractors, for example, are required to disclose “credible evidence” of certain violations of law, including federal criminal law to the relevant contracting agency’s Office of Inspector General.  FAR 52.203-13.  Thus, where that requirement comes into play in the context of an acquisition, the DOJ may well take the position that the disclosure is not voluntary.  DOJ policy states that “voluntary self-disclosure only occurs when companies disclose misconduct promptly and voluntarily (i.e., where they have no preexisting obligation to disclose, such as pursuant to regulation, contract, or prior Department resolution).”  That said, if a company encounters an issue that triggers the mandatory disclosure requirement, the company should not rely on a disclosure to the OIG to itself satisfy the DOJ’s voluntary disclosure policy, and should instead make two parallel disclosures if the company and its counsel conclude there may be a basis under the circumstances for seeking voluntary disclosure credit from DOJ.  Monaco Memo at 7 (September 15, 2022).

Finally, even with the most recent reiteration by DOJ of its push for companies to voluntarily self-disclose, it must be remembered that disclosure is no panacea – even a formal declination can be accompanied with a disgorgement or forfeiture order, in addition to the significant cost and time involved in addressing the government’s investigation and requirements.  Credit can still be obtained for cooperation and remediation even where there has been no self-disclosure.  Certainly, however, with this most recent policy announcement the Department has taken one step further towards unifying and further reinforcing its approach to voluntary disclosure across the many different situations in which the DOJ can pursue an enforcement action for corporate conduct.  With every new policy pronouncement in this area, the Department further emphasizes its aim to use the proverbial carrot-and-stick approach to drive ever more VSDs.

              B.          The National Security Division

The M&A Safe Harbor Policy, although Department-wide, should be viewed in the context of recent emphasis on corporate enforcement implicating national security interests by the DOJ and US authorities more broadly.  Notably, Deputy AG Monaco announced the M&A Safe Harbor Policy in a speech focused on the DOJ’s efforts to address the “rapid expansion of national security-related corporate crime[,]” which she called “the biggest shift in corporate criminal enforcement” of her government career.

The announcement of this new policy comes only a few months after the DOJ and the Departments of Commerce and the Treasury issued a joint compliance note on their respective VSD policies focused on US economic sanctions, export controls, and other national security laws.  The new policy also follows the recent announcement by NSD of the hiring of the Division’s first Chief Counsel and Deputy Chief Counsel for Corporate Enforcement, each experienced prosecutors who were previously involved in significant corporate criminal matters, including the recent conviction of Lafarge S.A., the Department’s first corporate conviction for providing material support to foreign terrorist organizations.

In her speech, the Deputy AG also highlighted several recent national security-related corporate enforcement actions, including the recent resolution of charges involving British American Tobacco and its subsidiary, through a combination of deferred prosecution and guilty plea, and through which the company paid more than $635 million for violating US sanctions imposed on North Korea. The day prior to the Deputy AG’s remarks, the Department’s Russian sanctions and export control task force – KleptoCapture – announced the guilty plea by, and $160 million forfeiture judgment against, the president of Metalhouse LLC, a company engaged in the transfer of steelmaking equipment to a sanctioned corporation.  Against the backdrop of these significant – though traditional – criminal enforcement actions, the Deputy AG also noted DOJ’s commitment to pursue somewhat novel remedies in national security enforcement actions, such as divestiture of lines of business, specific performance, and tailored compensation and compliance requirements. In particular, she discussed the Criminal Division’s ongoing pilot program in which companies will be required to add compliance incentives to their compensation systems and to attempt to withhold or claw back compensation from executives responsible for misconduct as part of enforcement resolutions. Deputy AG Monaco urged companies to proactively adopt compliance-promoting compensation policies and to assess the state of their clawback programs.

              C.          The Antitrust Division

Under the Antitrust Division’s longstanding leniency program (“AD Leniency Program”), corporations can receive complete immunity from criminal prosecution, with that immunity extending to its employees under circumstances, where it is the first among members of a price-fixing or bid-rigging conspiracy to disclose the fact of that conspiracy to the Antitrust Division.  To receive that immunity, the corporation must disclose promptly, cease the violative conduct, cooperate fully with the ensuing investigation, and provide restitution to the victims of the conspiracy. 

While seemingly similar in concept to the M&A Safe Harbor Policy, there are important differences between the two VSD regimes.  These differences include:

  • The AD Leniency Program provides immunity to the entire corporate family – both the acquirer and its new subsidiary – as long as the disclosure is made post-merger, while the M&A Safe Harbor Policy may only grant declination to the acquirer, and the acquired company can still be subject to criminal prosecution, where aggravating factors exist at the acquired company.  
  • The AD Leniency Program provides immunity to the disclosing company’s  employees if those employees provide full cooperation, but the M&A Safe Harbor Policy does not. 
  • The AD Leniency Program reduces liability for a company in follow-on private civil actions by limiting civil liability to single (rather than treble) damages and removing joint and several liability, as long as the company provides full cooperation to the private plaintiffs; the M&A Safe Harbor Policy provides no such protections.
  • The AD Leniency Program is unavailable where the applicant coerced another party to participate in the conspiracy or was the leader or originator of the conspiracy; the M&A Safe Harbor Policy does not have any such restrictions.

In addition, regarding timing, under the AD Leniency Program, a corporation considering disclosure must disclose promptly upon its discovery of the illegal activity, and cannot sit on the information until the six-month period following the transaction’s closing date expires.  Nor should it delay, given that one of the other antitrust conspirators may disclose in the interim and thereby deprive the acquiror of the benefit under either of these VSD regimes.  These factors counsel heavily in favor of ensuring that any disclosure of a criminal antitrust conspiracy be disclosure to the Antitrust Division in conformance with its promptness requirement, and not under the M&A Safe Harbor Policy’s looser deadlines. 

Moreover, although the M&A Safe Harbor Policy does not address the scenario where the acquiror discovers misconduct by the acquiree that also involved the acquiror itself (as could occur in an acquisition of one competitor by another where those competitors had engaged in price-fixing or bid rigging unbeknownst to the acquiror’s management), acquirors facing these circumstances would likely be better off availing themselves of the AD Leniency Program (i.e., making the disclosure as soon as possible in accordance with the promptness requirements thereunder, rather than availing itself of the 6 months after closing), given that the M&A Safe Harbor Policy, as Deputy AG Monaco made clear in her accompanying statements, is meant to incentivize “companies with effective compliance programs…to timely disclose misconduct uncovered during the M&A process.”

In light of the inconsistencies in these two VSD regimes, we expect to see the Antitrust Division amend its Leniency Program guidance to address these inconsistencies, including a reaffirmation of its promptness requirement as applied to the M&A context.  In the meantime, because of the AD Leniency Program’s much broader benefits and the “race to DOJ” it creates, an acquiring company should give serious consideration to seeking leniency under the AD Leniency Program as it normally would have done before the issuance of the M&A Safe Harbor Policy, rather than doing so under the M&A Safe Harbor Policy.

              D.          Civil Division

Although the M&A Safe Harbor Policy’s precursors have all been focused on the potential avoidance of criminal liability, it is surprising that there were no changes made in their aftermath to the Civil Division’s 4+ year-old guidance applicable to False Claims Act enforcement.  As we noted in a prior alert, while the requirements for cooperation credit under the Civil Division’s current guidance (codified in Justice Manual, § 4-4.112) align with those set forth in the original Monaco Memo, the benefits a company receives in making a VSD in terms of avoiding or minimizing its civil FCA liability remain unclear and imprecise.  However, the Civil Division may not remain silent on this issue for much longer, as Deputy AG Monaco not only made clear that the M&A Safe Harbor Policy will apply “Department-wide” (which presumably includes the Civil Division), but also is setting expectations for “extend[ing] consistent, transparent application of our corporate enforcement policies across Department, beyond the criminal context to other enforcement resolutions.”  We may thus see the Civil Division issue specific guidance on VSDs not just specific to the M&A Safe Harbor Policy, but applicable to VSDs more generally.