Six months from the date of closing. That’s how long acquiring companies have under the newly announced Department of Justice (DOJ) Mergers and Acquisitions (M&A) Safe Harbor Policy to disclose misconduct discovered in the context of a merger or acquisition – whether discovered pre or post-acquisition.  And the acquiring company has one year from the date of closing to remediate, as well as provide restitution to any victims and disgorge  any profits.

Over the last two years, the DOJ has made clear its priority to encourage companies to self-disclose misconduct aiming to establish transparency and predictability as to the requirements for a self-disclosure. Now focusing on the M&A context, the new Safe Harbor is intended to ensure that “good companies – those that invest in strong compliance programs – will not be penalized for lawfully acquiring companies when they do their due diligence and discover and self-disclose misconduct.”

The new M&A Safe Harbor comes on the heels of a series of new DOJ policies that place an enhanced premium on voluntary self-disclosure, incentivizing companies to come forward to disclose misconduct with cooperation credit and the possibility of declinations.  We have previously reported that Deputy Attorney General (DAG) Lisa Monaco directed every DOJ component with responsibility for corporate enforcement matters to adopt voluntary self-disclosure policies, which are now available on the DOJ website. All of the U.S. Attorneys’ Offices have now adopted a single Voluntary Self-Disclosure policy, which we have also previously reported on.

The M&A Safe Harbor has been teased by DOJ over the past few months.  For example, in a speech at the Global Investigations Review annual meeting on September 21, 2023, the Justice Department’s Principal Associate Deputy Attorney General (PADAG), Marshall Miller, noted that “[o]ne area where [DOJ] received lots of feedback about self-disclosure from the private sector relates to mergers and acquisitions.”  PADAG Miller further commented that: “Encouraging corporate responsibility includes avoiding unintended consequences – like deterring companies with good compliance programs from acquiring companies with histories of misconduct. Acquiring companies should not be penalized when they engage in careful pre-acquisition diligence and timely post-acquisition integration to detect and remediate misconduct at the acquired company’s business.” 

In his September 21, 2023 speech, PADAG Miller noted that the DOJ Criminal Division’s Evaluation of Corporate Compliance Programs emphasizes integrating compliance into the M&A process and that the Criminal Division’s Corporate Enforcement Policy offers the incentive of the prospect of a declination for misconduct reported to the DOJ that is uncovered during pre- or post-acquisition due diligence. PADAG Miller cited to the DOJ’s December 2022 declination in the Safran case as an example of how the Criminal Division’s Policy works for such misconduct. The Safran declination stemmed from a self-disclosure that Safran had acquired two companies that had paid millions of dollars to a Chinese business consultant to win contracts with the Chinese government, knowing that some of the money would be used to bribe senior Chinese government officials in violation of the Foreign Corrupt Practices Act.  The conduct at issue had ended prior to the acquisition of the companies by Safran. According to PADAG Miller, Safran timely disclosed the conduct, cooperated, remediated, and “thus secured a declination with disgorgement.”

PADAG Miller noted that DOJ is “working toward an extension of this approach across the Department as part of our ongoing efforts to promote and standardize voluntary self-disclosure. That extension will highlight the critical importance of the compliance function having a prominent seat at the table in evaluating and de-risking M&A decisions.” 

What Does the New M&A Safe Harbor Policy Entail?

On October 4, 2023, DAG Monaco announced the Department-wide Mergers & Acquisitions Safe Harbor Policy at the Society of Compliance and Ethics 22nd Annual Compliance & Ethics Institute.

Under the Safe Harbor Policy just announced, acquiring companies that (1) promptly and voluntarily disclose criminal misconduct within the Safe Harbor period - within 6 months from the date of closing, regardless of whether the misconduct was discovered pre- or post-acquisition; (2) cooperate with the ensuing investigation; and (3) engage in requisite, timely – within one year from the date of closing - and appropriate remediation, restitution, and disgorgement will receive the presumption of a declination of criminal charges.

Are These Firm Deadlines?

Not necessarily.  DAG Monaco recognized that M&A deals differ in their specific facts, circumstances, and complexity, and stated that the Safe Harbor  baseline deadlines are subject to a “reasonable analysis” and that DOJ prosecutors have the ability to extend the 6 month and one-year deadlines.   How this plays out in real-life remains to be seen.  Much seems to depend on if a company is dealing with a reasonable DOJ prosecutor.

How Will Aggravating Factors Be Treated by DOJ?

Aggravating factors include (but are not limited to) conduct that poses a grave threat to national security, public health, or the environment; is deeply pervasive throughout the company; or the conduct involves current executive management of the company. DAG Monaco explained that “aggravating factors will be treated differently in the M&A context. The presence of aggravating factors at the acquired company will not impact in any way the acquiring company’s ability to receive a declination.”

How Will Acquiring Companies Who Have a Prior History of Misconduct Be Treated in the new Safe Harbor Policy?

DAG Monaco also explained that “misconduct disclosed under the Safe Harbor Policy will not affect any recidivist analysis at the time of disclosure or in the future.”  This is consistent with DOJ’s stated goal of not deterring troubled companies from being purchased and turned around. 

What Subject Areas Are Outside the New Safe Harbor Policy?

The new M&A Safe Harbor Policy is limited in its application. It only applies to criminal conduct discovered in bona fide, arms-length M&A transactions.  The policy does not apply to misconduct that was otherwise required to be disclosed or already public or known to the DOJ (e.g., a qui tam under seal). It also does not impact civil merger enforcement actions.


According to DAG Monaco, the takeaways for anyone advising boards and deal teams are:

  • DOJ is placing an enhanced premium on timely compliance-related due diligence before a deal closes and integration after a deal closes.
  • Compliance must have a prominent seat at the deal table if an acquiring company wishes to effectively de-risk a transaction. DAG Monaco noted that “Compliance should no longer be viewed as just a cost center for companies. Good corporate governance and effective compliance programs can shield companies from enormous financial risks and penalties.”
  • If a company does not perform effective due diligence or self-disclose misconduct at an acquired entity, it will be subject to full successor liability for that misconduct under the law.

Will the availability of this avenue for resolving potential criminal liability encourage acquiring companies to conduct more extensive pre-acquisition due diligence or post-transaction integration compliance reviews? Will the risk of staying silent about misconduct discovered during a transaction and facing full successor liability if later discovered be enough to convince acquiring companies to avail themselves of this process and voluntarily disclose such misconduct to the DOJ? It remains to be seen how successful the new M&A Safe Harbor Policy will be at encouraging voluntary self-disclosures by acquiring companies, or how the policy will work in the real world. Only time will tell. 

Back to Commercial Litigation Update Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Commercial Litigation Update posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.