Skip to main content

On-demand webinar coming soon...

Blog

What is the DOJ’s Safe Harbor Policy?

Due diligence for acquiring companies gets expanded guidelines when gauging risk

Hannah Middleton
Content Marketing Specialist
January 16, 2024

Photo of the US Capitol rotunda's interior

Coming on the heels of major policy rollouts and updated guidelines, the Department of Justice (DOJ) announced in October 2023 the Safe Harbor Policy for voluntary self-disclosures, which encourages acquiring companies to report misconduct uncovered during the M&A process. This latest policy expands upon existing guidelines that prompt companies to self-report misconduct or wrongdoing to protect themselves from hefty financial risks and legal penalties down the line.

During the announcement, Deputy Attorney General Lisa O. Monaco explained the intent behind the Department's policy, stating: "In a world where companies are on the front line in responding to geopolitical risks, we are mindful of the danger of unintended consequences. The last thing the Department wants to do is discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs and a history of misconduct. Instead, we want to incentivize the acquiring company to timely disclose misconduct uncovered during the M&A process."

Let's take a closer look at what the policy says and how it’ll impact acquiring companies and compliance teams moving forward.

 

What is the Safe Harbor Policy?

Under the Safe Harbor Policy, acquiring companies can voluntarily disclose any findings of misconduct or wrongdoing discovered before or during the M&A of a target company. To qualify and fall within the safe harbor period, the acquiring company must report its findings within six months of the acquisition's closing date and then fully remediate the underlying problems within a year.

According to the DOJ, deadlines are subject to a reasonableness analysis based on the deal's complexity. Companies that disclose findings within the safe harbor period, cooperate with the ensuing investigation, and engage in requisite, timely, and appropriate remediation will receive the presumption of declination, where the DOJ declines to bring about charges or take enforcement action, absent any aggravating factors.

 

How acquiring companies can stay compliant throughout the M&A process and beyond

For companies and compliance teams undergoing the M&A process, there are a few takeaways from the DOJ’s latest policy:

  • Begin the due diligence process early. Smaller companies often lack the resources and infrastructure to implement ongoing third-party due diligence, so it's best to get the process rolling before acquiring the target company. Due diligence is critical to any acquisition to ensure you understand exactly what you’re buying. It also enables you to allocate resources more efficiently — conducting the right amount of diligence to the right risk is key.  

  • Cross-functional collaboration is key. Every relevant department within an organization must be involved in the acquisition strategy and due diligence process, from finance to legal.

  • Start the risk-reward conversation. Is it a big deal if a red flag pops up during the due diligence process, or would the risks of reporting them outweigh the benefits? Acquiring companies must also understand their risk tolerance while conducting due diligence. Start by reviewing the target company's processes, contracts, and so forth and tiering them by risk level; this requires understanding internal and external vulnerabilities and encourages you to assess risk across domains, including IT and operational risk.

 

Go beyond checklists with enhanced due diligence 

The DOJ has made it clear that while due diligence is crucial, taking a risk-based approach is just as important — especially in the context of mergers and acquisitions. Learn what enhanced due diligence involves and why it’s important to protect your organization. 

Read next: The art of enhanced due diligence for third parties


You may also like

Webinar

Third-Party Risk

Third-Party risk management and due diligence: What's the difference and why does it matter?

In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.

May 08, 2024

Learn more

Webinar

Third-Party Risk

Live demo EMEA: Building your third-party risk management program with OneTrust

Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation

April 23, 2024

Learn more

Video

Third-Party Risk

OneTrust third-party management demo video

Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems. 

April 04, 2024

Learn more

Checklist

Third-Party Risk

6 steps to effective third-party risk management

See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.

March 29, 2024

Learn more

Webinar

Third-Party Risk

A look back at 2023 & third-party management trends for the new year

Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.

January 24, 2024

Learn more

Webinar

Third-Party Due Diligence

Best practices for conducting third-party due diligence for ethics & compliance​

Join this webinar for best practices for conducting third-party due diligence for ethics and compliance.

January 11, 2024

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

December 05, 2023

Learn more

Webinar

Third-Party Risk

Elevating third-party safety: The art of TPRM and TPDD integration

Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.

November 21, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Investigations

Join our live webinar and learn how to conduct comprehensive ethics investigations that are trustworthy and efficient.

September 07, 2023

Learn more

Infographic

Third-Party Risk

What are your third parties not telling you?

Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.

July 24, 2023

Learn more

Webinar

Third-Party Due Diligence

Driving excellence in third-party risk management: An in-depth look at different due diligence approaches

Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.

July 20, 2023

Learn more

Webinar

Third-Party Due Diligence

A shortcut to third party due diligence fundamentals

In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.

July 13, 2023

Learn more

Webinar

Third-Party Due Diligence

Sanctions and export controls: Ensuring compliance

Watch our live expert webinar on understanding global sanctions and export controls and how to reduce your organiztion's risk exposure and ensure compliance.

June 29, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

Webinar

Third-Party Risk

Bridging the gap: How procurement and InfoSec can work together to reduce third-party risks

Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.

June 08, 2023

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

eBook

Third-Party Due Diligence

The global regulations driving third-party due diligence

Download our eBook learn how to start building a robust third-party due dilligence (TPDD) strategy that protects your brand and minimizes risk.

May 30, 2023

Learn more

Webinar

Third-Party Due Diligence

Ethics live Demo: Third Party Due Diligence webinar

Learn how OneTrust's Third-Party Due Dilligence, backed by Dow Jones, can help provide your business the data it needs to find trustworthy third parties and mitigate risk.

May 18, 2023

Learn more

Webinar

Third-Party Due Diligence

Maturing your third-party due diligence program: Process, data & technology

Experts at OneTrust and Dow Jones discuss third-party due diligence, covering industry trends, challenges, and how to streamline the process with technology.

April 27, 2023 1 min read

Learn more

Webinar

Third-Party Risk

Third-Party management secrets: Aligning risk management and due diligence

Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.

April 20, 2023

Learn more

Webinar

Ethics & Compliance

Unpacking the global third-party due diligence regulatory landscape

Learn how a strategic plan for compliance can help companies eliminate human rights and environmental violations and avoid costly consequences.

March 06, 2023

Learn more

Webinar

Ethics & Compliance

Third party due diligence – A practical deep dive

In this session, we'll look into the scope of third-party due diligence and a deep dive into practical implementation aspects and best practices for organizations.

December 13, 2022

Learn more

Webinar

Third-Party Due Diligence

7 best practices for conducting third-party due diligence for ethics & compliance

Watch this webinar and learn the seven best practices for third-party due diligence. 

January 03, 2022

Learn more