How DOJ’s Safe Harbor Policy Rewards Honesty Within M&A Deals

 |  Share

Be you a merger and acquisition attorney, corporate compliance officer, or counsel to an acquiring entity or target entity, you should review the Department of Justice’s new Merger and Acquisition Safe Harbor Policy (“Policy”) to enhance your law firm’s diligence process, to educate your company’s compliance personnel, and/or to incorporate procedures to report criminal conduct in your company’s operation standards. Otherwise, both the acquiror and the target in a merger and acquisition (“M&A”) transaction may lose the Policy’s potential shield from prosecution and liability for the prior criminal acts of the target company.

Background on the Safe Harbor Policy

Following Deputy Attorney General (“DAG”) Lisa Monaco’s September 15, 2022 request to all departments of the DOJ to implement a voluntary corporate self-disclosure policy (“Monaco Memo”),[1] the DOJ’s Criminal Division announced its Corporate Enforcement and Voluntary Self-Disclosure Policy on January 17, 2023.[2] The United States Attorney’s Offices followed suit on February 22, 2023 and announced its new corporate voluntary self-disclosure policy (“VSD Policy”), setting a nationwide standard for when corporate misconduct must be voluntarily disclosed by a company to qualify for the policy’s safe-harbor provisions.[3] Under the VSD Policy, if a company voluntarily discloses “all relevant facts concerning the misconduct that are known to the company at the time of the disclosure”: (1) prior to an imminent threat of disclosure or government investigation; (2) prior to the misconduct being publicly disclosed or otherwise known to the government; and (3) within a reasonably prompt time after the company becomes aware of the misconduct, then the USAO may not seek any criminal penalty (or will not impose a criminal penalty that is greater than 50% below the low end of the U.S. Sentencing Guidelines) when the company (1) voluntarily self-disclosed according to the VSD Policy; (2) cooperated fully; and (3) timely and appropriately remediated the criminal conduct.[4]

The Safe Harbor Policy Explained

Since the Monaco Memo was issued, the DOJ has not decelerated its efforts to incentivize the self-reporting of criminal conduct, and, DAG Monaco’s announcement of the Policy on October 4, 2023 extended this incentivization trend to private M&A transactions. Under the Policy, the acquiror and the target may be rewarded by self-reporting criminal activity of the target that is discovered during, and even after, the due diligence process.[5] In order to take advantage of the Policy’s purported presumption of a declination of prosecution and avoidance of criminal liability (as to the target), the Policy establishes the following deadlines, disclosure requirements, and post-closing obligations of the acquiror after a disclosure of the target’s prior criminal conduct:

Timing of the Disclosure and Remediation Efforts

  • For the disclosure to qualify under the Policy, a company must report the misconduct within six months of closing. The timing of the discovery of criminal conduct (pre- or post-closing) does not modify the six-month reporting deadline.
  • A company that discovers criminal activity related to national security should not wait until the deadline to self-disclose.
  • Then, the company that self-reports will have one year from the date of closing of the M&A transaction to remediate the misconduct.
  • However, DAG Monaco indicated that these deadlines may be extended based on the facts, circumstances, and complexity of the M&A transaction at issue, and the determination regarding whether extensions should be granted will be subject to a reasonableness analysis.

Qualification Factors

  • In contrast to the VSD Policy, the Policy will not penalize or disqualify the acquiror from declination if aggravating factors (such as the conduct posing a national security threat, being deeply pervasive throughout the target, or involving current executive management) are present.
  • The target may also qualify for a declination unless the aforementioned aggravating factors are present in the acquiror.

Benefits of Self-Reporting

  • Should a timely self-reporting occur that includes the required disclosure of criminal conduct, then the reporting entity will receive the presumption of a declination, meaning that the DOJ will exercise its discretion to not charge and prosecute the offending company for criminal conduct.
  • Any reported misconduct will also not be considered in any future recidivist analysis of the acquiror.


In her announcement, DAG Monaco highlighted select areas in which the Policy seeks to catalyze change, stating:

“We are placing an enhanced premium on timely compliance-related due diligence and integration. Compliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction. By contrast, if your company does not perform effective due diligence or self-disclose misconduct at an acquired entity, it will be subject to full successor liability for that misconduct under the law.”[6]

Clearly, the Policy seeks to increase (1) the level of investigation and diligence performed to uncover corporate criminal activity, and (2) the reporting of the same during an M&A transaction. Both the purchaser and the target/seller companies involved in a bona fide arms-length M&A transaction may be able to take advantage of Policy benefits, including a declination of prosecution, for the target/seller company’s prior criminal acts by incorporating the following enhanced procedures (the seller may qualify for Policy benefits and potentially a declination if there are no aggravating factors present at the acquired entity). For either the purchaser or the target/seller company, incorporating employee misconduct reporting policies and otherwise incentivizing the internal reporting of corporate criminal conduct will be paramount to timely identifying such criminal activity at the operations level.

For compliance officers, enacting policies to timely and thoroughly investigate internal reports of corporate criminal activity will be essential to determine whether a company should self-disclose to the DOJ. For M&A deal lawyers, an investigation should be conducted on any potential corporate criminal misconduct discovered during diligence, and if such conduct is discovered, the merits and risks associated with self-disclosure should immediately be discussed with your client. Potential risks for participation in the Policy include liability from civil lawsuits from private parties, noncompliance arising from the refusal of executive or employee support in attaining compliance, and the ambiguous compliance requirements of the program which could potentially set up an entity for failure from the start. All of these aspects should be taken into account when determining if voluntary self-disclosure is appropriate (as opposed to alternative settlement routes), as absent strict compliance with the Policy, your client may lose its ability to receive a declination of prosecution.


This DarrowEverett Insight should not be construed as legal advice or a legal opinion on any specific facts or circumstances. This Insight is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The contents are intended for general informational purposes only, and you are urged to consult your attorney concerning any particular situation and any specific legal question you may have. We are working diligently to remain well informed and up to date on information and advisements as they become available. As such, please reach out to us if you need help addressing any of the issues discussed in this Insight, or any other issues or concerns you may have relating to your business. We are ready to help guide you through these challenging times.

Unless expressly provided, this Insight does not constitute written tax advice as described in 31 C.F.R. §10, et seq. and is not intended or written by us to be used and/or relied on as written tax advice for any purpose including, without limitation, the marketing of any transaction addressed herein. Any U.S. federal tax advice rendered by DarrowEverett LLP shall be conspicuously labeled as such, shall include a discussion of all relevant facts and circumstances, as well as of any representations, statements, findings, or agreements (including projections, financial forecasts, or appraisals) upon which we rely, applicable to transactions discussed therein in compliance with 31 C.F.R. §10.37, shall relate the applicable law and authorities to the facts, and shall set forth any applicable limits on the use of such advice.

[1] Deputy Att’y Gen. Lisa Monaco, Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group, Department of Justice Memorandum, Sept. 22, 2022,

[2] U.S. Department of Justice, 9-47.120 – Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, Jan. 17, 2023,

[3] U.S. Attorneys’ Office, United States Attorneys’ Offices Voluntary Self-Disclosure Policy, Feb. 22, 2023,


[5] Deputy Att’y Gen. Lisa O. Monaco, Policy Designed to Encourage Disclosures of Misconduct and Hold Individual Wrongdoers Accountable, Remarks as Prepared for Delivery at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance and Ethics Institute, October 4, 2023,

[6] Id.