Compliance Juridique

Compliance obligation: vigilance is required on the buyer’s side

A “surprise” decision of the French Supreme Court, taken in November 2020, directly affects certain M&A transactions. It modifies the mapping of risks incurred by the buyer by adding an additional dose in the area of compliance. Explanations.

Does anyone remember the time when a financial audit and a few legal investigations were all that was needed to structure the acquisition of a company in France? The fact is that those days are long gone. With the rise of private equity funds and their practices inspired by the Anglo-Saxon world, transactions have gradually been structured around a panoply of due diligences, intended to reassure the buyer as to the state of its target. But, for once, this inflation of analyses prior to takeover operations did not come from practitioners. At the end of 2020, the French legislator ruled on an issue that has consequences on the way such transactions are prepared. In a decision dated November 25, the Criminal Division of the French Supreme Court (Cour de cassation) ruled that, from now on, any company could be held liable for acts attributable to a company it has absorbed. This is a real change of jurisprudence, decided in the light of the Iron Mountain case. This group was held responsible for the security failures of Intradis – a company acquired, like its parent company Recall France, through a merger – which had led in January 2002 to a fire and the involuntary destruction of property belonging to others.

Limited scope of the decision

The decision of the Cour de cassation changes the situation, as it tends to align the transfer of criminal, civil and administrative responsibilities. Gone is the principle of the personality of the penalty, by virtue of which any possible criminal sanction was extinguished at the same time as the absorbed entity disappeared. Since the date of publication of this decision (the principle of legal certainty obliges), the former practice is no longer applicable. But how likely is it that this decision will affect M&A transactions? In any event, the French Anti-Corruption Agency (AFA) immediately reacted to the new case law by updating its practical guide at the very beginning of the year to incorporate this compliance obligation. “We were in the process of updating our recommendations when the Court of Cassation’s decision was handed down. In an effort to integrate changes in market practices into our publications, we mentioned this ‘reversal’ of case law but also integrated new recommendations and risk scenarios to make them easier to understand,” explains Laurence Goutard-Chamoux, AFA’s Deputy Director of Consulting, Strategic Analysis and International Affairs. “This ruling reinforces the need for companies to be vigilant,” she assures us. Because that’s what it’s all about: compliance has taken on a new dimension due to the abolition of what was, in the end, a legal protection. For the time being, the decision of the Cour de cassation targets mergers and acquisitions between limited companies or SAS. But it would be wrong to believe that any other form of company could be unaffected. “Although this ruling is limited in scope, for the time being, the court has been quick to point out that it is likely to apply to any company if there is fraud, for example if the purpose of the merger was to escape a criminal penalty,” says Blandine Cordier-Palasse, founder of BCP Partners, which specializes in governance, legal recruitment and compliance consulting.

Fundamental trend

It must be noted that this ruling is in line with history. Even if some deplore the inflation of constraints transposed from the Anglo-Saxon world, compliance issues have become part of the landscape and have found a resonance that goes beyond corruption issues alone. “France wanted to show that it was bringing itself up to speed,” says one professional, pointing out that the European Court of Human Rights (ECHR) has recently changed its position. Nevertheless, it is better to take into account the penal risk for any acquisition. Whether or not one is a company already aware of these issues – as are those directly concerned by Sapin 2, for example. This important decision could have been expected because it is part of an underlying trend,” says Stéphane Alaphilippe, head of the anti-corruption and anti-fraud division in TotalEnergies’ legal department. At the end of November, the French Supreme Court ruled that the liability insurance of the acquiring company could not guarantee the debt of the acquired company if it resulted from events prior to the merger. In such transactions, extra caution is therefore called for. There is a vast movement of liability transfer to companies,” points out Blandine Cordier-Palasse. In the past, it was up to the judge to prove that the company had failed; today, the burden of proof is reversed. In this context, it is understandable that pre-acquisition analyses are strongly recommended – if not mandatory.

Criminal liability of the director

Moreover, this additional point of attention does not only affect international groups active in “sensitive” sectors, as one might think at first glance. There is a lot of talk about legal risks, but it is important to have a more global vision and to examine transaction risks more broadly,” considers Caroline Leblanc, associate managing director at Kroll. Faced with the costs of integrating an acquisition target, which have potentially increased as a result of this new case law, it is necessary to adopt a risk-based approach to evaluate the entire transaction. And this may concern a Franco-French group wishing to reorganize its subsidiaries for organizational or tax purposes. Not to mention that one can never totally exclude the possibility of discovering fraud in the absorbed French entity after the fact. And if you think you are miles away from this problem, simply ask yourself if your next acquisition target is fully compliant with the RGPD. In this case, this is just one of the issues to review. The Court of Cassation’s ruling transfers to the acquirer the responsibility for all compliance issues: compliance with antitrust laws (in France and internationally), anti-money laundering, fraud, compliance with embargoes, cybersecurity and cybercrime issues, etc. All of this now entails the criminal liability of the manager. So what should be done? In its guide, the AFA argues for thorough prior analysis. It is possible to carry out a compliance or anti-corruption due diligence even in a short period of time,” explains Chloé Auffret, director at Deloitte. In the first 15 days, we can identify the main “red flags”, on which the buyer can intervene post-acquisition through corrective actions. By aligning best practices between entities, the acquirer will be able to demonstrate its good faith if it is subsequently audited by the AFA. Caroline Leblanc confirms: “We must be pragmatic. After conducting reputational due diligence, to get to know the target in its environment and understand its ecosystem, we can go further by asking in the data room for information on the compliance programs already in place. This is not so long to do, nor is it expensive. That said, the presence of hidden elements cannot be ruled out. In this case, the buyer will have to adjust his purchase contract by including a specific clause in the asset/liability guarantees or even a prejudice clause – which will limit the risk of penal exposure, without exonerating him.

Reputational risk

“Companies that have already set up robust compliance programs are used to using such clauses. They are even in a position to use it as a competitive argument, like Tarkett, which developed its R&D after having suffered a corruption problem in Russia, or Ipsen, which has changed its corporate culture to align processes with performance and production, under the impetus of its chief compliance officer,” points out Blandine Cordier-Palasse. For those who are not used to exploring such topics, however, the road may be long… even if it must be taken more quickly now that jurisprudence has pointed the finger at the risks involved. Until then, there should also be an obvious consequence on valuations. Even if it is difficult to transfer this risk directly to a company’s value, without knowing what the penalty could be. The only certainty, if any, is what it will cost to upgrade the compliance program of the acquisition target. All the experts agree: being involved in a compliance matter necessarily entails a reputational risk. This is an argument that seems to be making more than one person aware of it at the moment.

Charles Ansabère

Option Droit & Affaires

N° 560 du 10/11/2021