Sanction issues in M&A practice – update on DD requirements and transaction design

PrintMailRate-it

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​published on 1 February 2024 | reading time approx. 6 minute​​​s​

   ​
​​In the past, sanctions usually only played an incidental role in transactions, in the sense that compliance with sanctions was covered by the standard formulation of the guarantee catalog, according to which the target company carries out its business activities in accordance with the applicable legal requirements.


Only in the case of more or less obvious points of contact with countries that were the subject of sanctions (in particular Iran, Belarus and, from 2014, Russia) was compliance with applicable sanctions increasingly also explicitly demanded as an assurance.

However, with Russia's attack on Ukraine and the subsequent rapid escalation of sanctions packages by the EU, US, UK and other countries and organizations, the issue of sanctions compliance has become a core topic of due diligence and a frequently decisive element of transaction structure and acquisition contract design.

One of the main reasons for this is that sanctions issues are of (possibly even existential) importance both at the level of the target company and at the level of those directly involved in the transaction, such as buyers, sellers and other parties such as investors, financing banks, W&I insurance companies, etc.

And yet the issue of sanctions is still not a matter of course for many economic players, especially in (apparently) only national transactions. Occasionally one is even confronted with a denial-approach, stating that sanctions regulations merely create “red-tape” whose non-compliance would not have any tangible negative consequences.

Such an impression can indeed arise, as the consequences of sanction violations are not yet visible to the public in their full extent. Occasionally, there are media reports about particularly obvious sanctions violations and circumvention measures, which at least result in corresponding reputational damage for the actors concerned. However, the criminal consequences associated with violations of EU (and national) sanctions will only become visible in the media in a few years' time – once the investigations, indictments and convictions have been concluded. The competencies and personnel capacities required for the expected large number of proceedings have been created in Germany, in particular through the Second Sanctions Enforcement Act, the creation of the Central Office for Sanctions Enforcement, the Federal Financial Criminal Police Office and the FIU (Financial Intelligence Unit). It is therefore assumed that a tsunami-like wave of corresponding proceedings is currently building up.

Some of the current and immediate consequences of sanctions violations or inadequate sanctions compliance measures are still hidden from public view – but are clearly visible in our consulting practice.

Banks in particular play a prominent role here. They are the ones who, through their compliance departments, which are highly sensitized by strict regulations on money laundering and combating terrorism, also uncover indirect sanctions violations – for example through subsidiaries in third countries. The declarations and evidence of internal sanctions compliance measures, process documentation and responsibilities required against the background of the KYC documentation requirements and the necessary risk assessment make banks the key drivers in the enforcement of EU and, in particular, US sanctions requirements.

In contrast to the consequences under criminal law, the reactions on the part of banks are swift and the consequences are directly noticeable for companies. These generally consist of the threat and subsequent implementation of account freezes, account terminations and the termination of financing agreements. It is therefore important to be prepared and react correctly to corresponding notifications and requests from banks due to the short response times given.

Especially in M&A transactions, it is important to adapt to the changed requirements. Sanctions law issues must be considered throughout almost the entire course of a transaction, both on the acquirer's and the seller's side. To this end, the existing due diligence obligations for the parties involved must be individually determined in advance and suitable risk management methods applied.

It is therefore important to carry out checks on the target company, the companies and natural persons involved as early as the initial contact or the initiation of talks. The focus here is in particular on clarifying any possible entry of the persons directly involved in the transaction as well as the other persons along the shareholding structures through to the beneficial owners on a relevant sanctions list.

The extent of the requirements arising from the applicable due diligence obligations must be assessed on the basis of the risk factors to be determined for the specific case.

The same applies to the evaluation of the results of a sanctions list comparison. If, for example, it turns out that formally there is no exercise of control by persons subject to individual sanctions due to the shareholding ratio under company law (e.g. if the shareholding ratio is below 50 percent), an examination of the shareholding history may nevertheless reveal indications that suggest a de facto control position of the sanctioned person. This would be the case, for example, if a transfer of shares to persons who are economically or personally dependent on the sanctioned person took place in connection with the inclusion in a sanctions list. If there are corresponding indications, further checks must be carried out, for example of articles of association, partnership agreements, voting agreements, trust agreements, etc.

Possible topics and subjects of sanctions audits in connection with transactions can be listed as follows:
1. Examination of applicable sanctions regimes:
  • Determination of the applicable sanctions law/scope of application (EU - territorial principle/US sanctions OFAC/BIS, e.g. primary sanctions via US nexus - dollar as agreed currency for the purchase price, participation of persons with US citizenship or green card, banks with branches in the USA, goods of US origin)
  • Application risk beyond the defined scope of application, e.g. extraterritorial application of US sanctions (secondary sanctions)

2. In accordance with the sanctions provisions identified as applicable, the following parties are then screened under individual sanctions law (Sanctioned Party List Screening):
  • Target company (-ies) 
  • Transaction parties (up to UBO level)
  • Other persons directly and indirectly involved in the transaction (e.g. financing banks, investors, trustees, investment banks, brokers, W&I insurers)

3. DD review of the target company under sanctions law:
  • Compliance with sanctions regulations and possible risks and violations due to type of business activity/services and activities/production and trade of sanctioned goods/creation and use of circumvention structures
  • Checking sanctions lists of senior employees (in case of suspicion) 
  • Sanctions list screening of business partners, customers and suppliers (using screening software that enables the comparison of large amounts of data)
  • Fulfilment of compliance requirements in the form of export control and sanctions compliance systems (internal guidelines, process specifications, checklists, manuals, use of technical aids, responsibilities)
  • Known sanctions violations, adverse media check
  • Ongoing (investigative) proceedings against companies and private individuals involved (e.g. customs, law enforcement authorities -​ also in other countries)

Prior to a sanctions check, it is also advisable to clarify which requirements exist with regard to the scope and depth of the audit, evidence requirements, level of detail and documentation on the part of third parties, in particular W&I insurers and financing banks.

It is important for the seller to identify sanction-related weaknesses and risks in advance of the transaction (e.g. as part of a vendor DD) and to eliminate or at least minimize them prior to an acquisition review.

Where no clear results can be achieved due to the vagueness of sanctions law (in some cases intended by the legislator) or due to a lack of information, the parties involved often only have the option of carrying out and documenting a risk assessment and weighing up in accordance with the requirements, on the basis of which economic decisions can then be made.

The fact that such vagueness probably collides with the constitutional requirement of certainty in criminal law will certainly be a weighty argument in the future when defending against criminal prosecution of allegations of a sanctions violation.

Ultimately, however, the transaction-induced sanction check must be included in the overall view of compliance assessments. There are many overlaps here with measures that lead to the clarification and detection of breaches in other areas. A sanctions check should therefore be carried out in close coordination with experts from other compliance areas (e.g. KYC, CRA, fulfilment of investigation, documentation and reporting obligations in the area of AML, UBO investigation, forensic investigations) in order to avoid unnecessary duplication of audits. The underlying data and findings should be exchanged on an ongoing basis – with the aim of conducting a holistic risk assessment and identifying suitable measures for dealing with these risks.

These can consist, for example, of the carve-out of certain risk-exposed parts of the target company or the removal of units from the group to be acquired prior to the acquisition, for example in the form of the sale of shareholdings in subsidiaries in Russia or Belarus (if currently possible at all due to the Russian and Belarusian approval requirement for direct and indirect share transfers) or also of units in third countries with (suspected) participation in circumvention structures.

If the sanctions list comparison of the target company's master data has revealed that certain suppliers or customers are subject to a high risk of sanctions, the termination of business relationships with these persons should be made a condition precedent. The exclusion of exposed persons (e.g. if they have been involved in sanctions violations in the past or if their participation could establish a US nexus) is also an option to consider.

Deficits in the design and execution of internal compliance processes should preferably be remedied before the acquisition or the expenses required for this after the acquisition should be taken into account as a deduction item when determining the purchase price.

If specific sanction risks have been identified, the buyer should in general insist that the seller accepts indemnification for any financial losses that may arise as a result (including fines imposed on the company).  

Investigation proceedings initiated between singing and closing or sanction violations disclosed by the media should be covered by suitable MAC clauses.

Particularly in the area of sanctions, a documentary presentation that goes beyond mere red-flag reporting in the DD report is recommended in order to enable the buyer to exculpate itself for actions prior to the acquisition in the event of future criminal investigations.

When drafting the warranty and indemnification provisions, it should be noted that although W&I insurers require corresponding evidence of sanction risk assessments, they do not generally grant insurance cover for this area and the insurance contracts contain corresponding exclusion clauses.

The question of whether the acquirer is obliged under the so-called “public disclosure obligation” introduced with the 11th EU sanctions package pursuant to Art. 6b Regulation (EU) 833/2014 to notify the law enforcement authorities of any sanctions violations of the target company that come to its attention during the DD check is still unresolved. Attorneys in particular are explicitly excluded from such a notification obligation, which is subject to a fine, which is why consideration should be given to making the relevant information available exclusively to the attorneys commissioned with a corresponding assessment (e.g. via a so-called clean team agreements) – in line with the usual procedure for the disclosure of sensitive information that falls under the restrictions of antitrust or data protection law.
Skip Ribbon Commands
Skip to main content
Deutschland Weltweit Search Menu