Skip to content

To Self-Report or Not to Self-Report: With New M&A Safe Harbor Policy, DOJ Tries to Answer the Question

Beware DOJ's Statutory Tool For Fighting COVID-19 Fraud Background Decorative Image

It is one of the hardest questions a company can face: after discovering criminal conduct inside your company, do you self-report to the government or not? If you can quickly and quietly fix the problem, then you may be able to fully remediate the issue and avoid any negative publicity or government involvement. But if the government later finds out, there could be a lengthy and expensive investigation that likely will result in a public settlement and reputational harm. On the flip side, if you self-report, then you are more likely to receive a declination and avoid an enforcement action, but you will be buying yourself a lengthy internal investigation, you will need to commit to fully cooperate with all government requests for documents and interviews, and you will be required to disgorge profits, which can add up to significant financial costs, distractions to operations and expenditures of limited resources.

The reality is that when faced with the question of self-reporting, most companies generally believe it would be unwise to voluntarily self-report and disclose criminal conduct to the government. Recent statements by senior Department of Justice (“DOJ”) officials, however, strongly suggest that significant policy changes are afoot in the mergers and acquisitions (“M&A”) space that will create a formal “safe harbor” and significant new incentives and may change the calculus in favor of self-reporting in the aftermath of a M&A deal.

DOJ’s Evolving Steps Toward Incentivizing Self-Reports

Criminal enforcement of corporations takes significant time and resources, and DOJ has long recognized the need for companies to police themselves and report wrongdoing to the government. In April 2016, DOJ first enacted a “pilot program” to try and incentivize more self-reporting by offering potentially significant reductions of penalties and the presumption of a declination in cases involving violations of the Foreign Corrupt Practices Act (the “FCPA Pilot Program”).1 In November 2017, the FCPA Pilot Program became formal DOJ policy, and the incentives under DOJ’s new Corporate Enforcement Program (“CEP”) were expanded to other cases of self-reporting within DOJ’s Criminal Division.2 In June 2019, DOJ signaled heightened attention on self-reporting in the M&A context when then-Deputy Assistant Attorney General Matt Miner delivered prepared remarks explaining that acquiring companies in M&A deals could obtain a declination of criminal charges without DOJ always requiring public recognition in the form of published declination letters.3 More recently, in September 2022, the Biden DOJ has taken significant efforts to expand the CEP’s voluntary self-disclose policy to all components within the department, beyond the Criminal Division.4 And just last week, on October 4, 2023, Deputy Attorney General (“DAG”) Lisa O. Monaco delivered remarks at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute and announced the upcoming release of a new M&A Safe Harbor Policy (the “M&A Safe Harbor Policy”), designed to “incentivize the acquiring company to timely disclose misconduct uncovered during the M&A process.”5

New Incentives in DOJ’s M&A Safe Harbor Policy

DOJ’s new M&A Safe Harbor Policy continues to provide a self-reporting company with a presumptive declination if the self-report is timely, involves full cooperation with DOJ’s investigation into others, and disgorgement of profits. However, for the first time, the M&A Safe Harbor Policy sets forth specified time periods for self-reports and remediation to target in order to reap the benefits of a declination. Specifically, in order to obtain a declination, an acquiring company must voluntarily self-report criminal conduct to DOJ within six (6) months of closing on an acquisition regardless of whether the acquiring company discovered the misconduct pre- or post-acquisition. Although companies generally adhered to a six-month benchmark for such self-reports to occur based on previous DOJ guidance and practice, the black-and-white timelines from the date of closing and inclusion of conduct that could have been discovered pre-closing should provide acquiring companies with greater clarity and comfort when considering when and how quickly to self-report.

In addition, official statements make clear that under the new M&A Safe Harbor Policy, DOJ will expect an acquiring company to “fully remediate” the misconduct within one (1) year from the closing date. In her statements, DAG Monaco slightly tempered these “clear baselines,” stating that they are “subject to a reasonableness analysis” because “deals differ and not every transaction is the same.”6 She also indicated that prosecutors could extend these baselines based on the facts and circumstances of the particular transaction, but she was quick to clarify that any companies that detect potential national security-related misconduct will likely be held to a higher standard and would be given less leeway on the timing of their disclosure.

During her remarks, DAG Monaco also made two important changes concerning how DOJ would treat the presence of “aggravating factors” in connection with self-disclosures in the M&A context. Under the CEP, the existence of aggravating factors–such as high-level executive involvement, extraordinarily high profits, or pervasiveness of wrongdoing geographically or across business units–generally could be used by DOJ to overcome the presumption of a declination and justify a criminal enforcement action. However, DAG Monaco explained that under the new M&A Safe Harbor Policy, a self-report that included such aggravating factors at an acquired company would not be used by DOJ to overcome the presumption of a declination or otherwise impact the acquiring company’s ability to receive a declination. Second, DAG Monaco stated that, under the new M&A Safe Harbor Policy, DOJ would not consider any self-disclosure as a negative factor as part of DOJ’s normal “recidivist” analysis, meaning that a self-reporting company would not be dinged, both at the time of the self-report if it had a previous conviction or if the company were to get into trouble for unrelated conduct in the future. Both concessions also could prove to be relatively significant factors in a company’s analysis whether to self-report.

DAG Monaco also encouraged companies to conduct robust pre- and post-acquisition due diligence in connection with M&A deals. She cautioned that companies that fail to perform effective due diligence will be subject to full successor liability for misconduct that is later discovered. She also reiterated existing DOJ policy that DOJ would not credit self-reports that companies were legally required to disclose, for example in connection with certain national security or government contracting matters, and DOJ will not treat as a self-report any information that was already known or under investigation by DOJ. In sum, DAG Monaco explained the goal of the M&A Safe Harbor Policy is to encourage good companies to acquire and remediate problems at bad ones, saying: “good companies — those that invest in strong compliance programs — will not be penalized for lawfully acquiring companies when they do their due diligence and discover and self-disclose misconduct.”7

Significant Disincentives May Still Exist

Notwithstanding the several new incentives that appear to be present in DOJ’s M&A Safe Harbor Policy, significant disincentives remain. As noted above, in addition to requiring full remediation of the problems that are identified within a year of disclosure, the M&A Safe Harbor Policy continues to require companies to fully cooperate with DOJ’s investigation against individuals, which in practice could mean costly and voluminous document reviews and productions and facilitating interviews for current and former employees, which can be expensive endeavors. More significantly, the M&A Safe Harbor Policy continues to require an acquiring company to disgorge all profits and pay restitution to victims, which in larger cases could result in financial costs of millions, or even tens of millions, of dollars. Finally, DOJ officials have been silent about whether DOJ will continue its practice of publicizing the names of companies that receive declinations under the CEP, even if a declination results from a self-disclosure pursuant to the new M&A Safe Harbor Policy. This means that companies that make the decision to self-report may still need to suffer at least one “bad news day,” and such disclosures could also result in derivative litigation costs and reputational harm.

What This Means for You

Recent remarks by senior DOJ officials suggest positive changes in the M&A Safe Harbor Policy that could result in significant new incentives for acquiring companies to self-report in the aftermath of a M&A deal. The positive trend toward more uniformity across DOJ and the country’s 93 U.S. Attorney’s Offices means that similarly situated companies should also be treated relatively similarly no matter where or to whom they self-report. Moreover, the more concrete deadlines provide better clarity for companies to understand the government’s expectations that self-reports now should occur within six months of closing on a M&A deal and that remediation should be completed within one year thereafter. And the new M&A Safe Harbor Policy includes encouraging information for companies to know that they can still receive a declination even if a self-report includes evidence of aggravating circumstances and that a self-report under the M&A Safe Harbor Policy is generally exempted from DOJ’s recidivist analysis.

However, the fact that acquiring companies are still on the hook for restitution and disgorgement of profits, and that their declination will likely be made public are significant disincentives.8 It should be noted that DOJ’s M&A Safe Harbor Policy has not yet been formally released and these disincentives could still be addressed by DOJ before it finalizes the contours of the policy. But even if the disincentives are not addressed, DOJ’s heightened interest in encouraging companies to self-report in the M&A context presents opportunities for competent counsel in a given case to engage with DOJ and solve these thorny problems. Among other things, counsel could engage DOJ in advance of a self-report to gain commitments that a client would not be named in connection with a future declination. M&A deals also present a unique context for counsel to persuade DOJ to be open to foregoing a disgorgement of profits, especially when such profits may be de minimis given the limited time that an acquiring company may have had to reap the benefits of any transaction.

The decision whether to self-report remains a perilous one and there are significant pros and cons to consider. However, with the release of its new M&A Safe Harbor Policy, DOJ may finally be adding more clarity and significant new incentives to sweeten the deal for companies to self-report after discovering misconduct in the aftermath of a merger or acquisition.

1Press Release, Leslie Caldwell, Assistant Att’y Gen., U.S. Dep’t of Justice, Criminal Division Launches New FCPA Pilot Program (Apr. 5, 2016), available at; see also Fry Wernick et al., Carrots Take Root: DOJ Significantly Revamps Corporate Enforcement Policy to Increase Incentives for Companies to Cooperate, V&E Insight (Feb. 1, 2023),

2Rod Rosenstein, Deputy Att’y Gen., U.S. Dep’t of Justice, Remarks at the 34th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2017),; see also Fry Wernick et al., supra note 1.

3Fry Wernick and Francis Yang, What the Dramatic Rise in FCPA Enforcement Means for M&A, Law360 (Aug. 1, 2019),; see id. for a fulsome discussion of past DOJ statements on the topic and the potential for advocacy to eliminate the need for disgorgement of profits in M&A cases, as well.

4Memorandum from Lisa Monaco, Deputy Att’y Gen., U.S. Dep’t of Justice, to Assistant Att’y Gen., Crim. Div., et al., Further Revisions to Corporate Criminal Enforcement Policies following Discussions with Corporate Crime Advisory Group (Sept. 15, 2022), (requiring “each Department of Justice component that prosecutes corporate crime to review its policies on corporate voluntary self-disclosure, and if the component lacks a formal, written policy to incentivize such self-disclosure, it must draft and publicly share such a policy.”). On September 21, 2023, Principal Associate Deputy Attorney General Marshall Miller delivered a series of remarks at a public meeting in New York, announcing that “[f]or the first time, all 94 U.S. Attorneys’ Offices have now adopted a single Voluntary Self-Disclosure policy[.]” Marshall Miller, Principal Assoc. Deputy Att’y Gen., U.S. Dep’t of Justice, Remarks at the Global Investigations Review Annual Meeting (Sept. 21, 2023),

5Lisa A. Monaco, Deputy Att’y Gen., U.S. Dep’t of Justice, Policy Designed to Encourage Disclosure of Misconduct and Hold Individual Wrongdoers Accountable (delivered at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute) (Oct. 4, 2023), available at



8See id; 9-47.120 Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (Jan. 2023),

This information is provided by Vinson & Elkins LLP for educational and informational purposes only and is not intended, nor should it be construed, as legal advice.