Disregarding M&A Due Diligence - Is It Worth the Risk?

Stericycle’s Rapid Global Expansion with Lack of Due Diligence and Compliance Program Cost $90M in FCPA Violation Fines

Global markets continue to be the domain of the largest corporations. However, developments in technology, transportation, and communications, international markets, customers, professionals, and resources have opened global markets to smaller firms. The potential benefits, conceal certain inherent risks. Traditionally, companies tended to think in terms of long-term profit, using that profit to reinvest in R&D, improving current products, creating new offerings, and introducing new services. These new market share gains might represent the company’s expansion by means of M&A to expand the company’s portfolio and enter international markets, with little regard to the risks involved. What can companies do to protect their new business interests? Robust due diligence can help mitigate these risks. 

This can be seen recently with WPP plc whose rapid expansion through the acquisition of over 2,200 subsidiaries became the world’s largest advertising company but with little to no due diligence, or effective compliance programs on these acquisitions, problems soon followed. In 2021 this led to fines of over $19 million for violations of the anti-bribery, books and records, and internal accounting control provisions of the Foreign Corrupt Practices Act (FCPA). 

Earlier this year, another large corporation with international holdings, medical waste-disposal company Stericycle, was charged with breaching FCPA antibribery and books and records provisions, and has agreed to pay around $84 million to the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), and about an additional $17 million to regulators in Brazil. In both cases, investment in deep due diligence prior to any M&A proceedings and regularly within, could have saved the companies millions and untold amounts more legal, business loss in those locations, and other monetary fallout.


Stericycle, Inc. was founded in Lake County, IL. In 1989. They specialize in collecting and disposing of regulated waste and expanded to provide related services. Their regulated waste services include medical waste and sharps, pharmaceutical, and hazardous wastes. They also offer communication services to healthcare providers and patients, and with the acquisition of Shred-it in 2015, provide disposal of information storage, such as documents and hard drives.

The company has a presence in 21 countries and approximately 640 locations worldwide with around 20% of its revenue coming from its international operations. Stericycle came under government scrutiny in 2017 for possible bribery related violations. The company has cooperated with the DOJ and conducted its own internal investigation as well.

In April 2022, the FCPA announced they came to a resolution with Stericycle to “resolve parallel investigations by authorities in the United States and Brazil into the bribery of foreign officials in Brazil, Mexico, and Argentina.” 

The court agreement states

“From in or about and between at least 2011 and 2016, Stericycle, through certain of its employees and agents, knowingly and willfully conspired and agreed with others to corruptly offer and pay approximately $10.5 million in bribes to, and for the benefit of, foreign officials in Brazil, Mexico, and Argentina in order to obtain and retain business and other advantages for and on behalf of Stericycle. Stericycle earned approximately $21.5 million in profits from the corrupt scheme and through its corruptly obtained and retained government contracts.”

“Stericycle first entered the Latin America market in 1997, and rapidly expanded in Latin America through the acquisition of many local businesses in Argentina, Brazil, and Mexico. The prior local business owners continued to run the operations in each country. Each country had an executive team that reported to, among others, a former Stericycle executive responsible for all of Latin America (the “LatAm Executive”). The LatAm Executive reported directly to Stericycle executives at Stericycle’s corporate headquarters.”

What measures did the company take to start vetting their new subsidiaries? Did they conduct any due diligence investigations or have any substantive compliance measures in place? It seems the company had little in place to address these matters, nor did they put anything into place until the alleged illicit conduct came to light many years later.

Stericycle pushed for rapid expansion into Latin America starting around 2010. They acquired local waste disposal businesses leaving the original owners in place, seemingly without vetting them or without regard to how business was being conducted by these new subsidiaries. The executive teams in the high-risk Latin America countries of Argentina, Mexico, and Brazil reported to the head executive of all Latin America, a Mexican national, who in 2015 relocated to the Miami, FL to run operations from there.

Stericycle agreed to a three-year deferred prosecution agreement and to a two-year monitorship agreement by an independent compliance monitor. The $52 million criminal payment included a 25% discount for the company’s cooperation with the investigation. According to the DOJ’s FCPA Corporate Enforcement Policy, up to 50% discount is available for companies who both full cooperate and who self-disclose the conduct issue in a timely and voluntary manner, however Stericycle failed to do the latter. In addition, Stericycle will also pay $28.2 million in disgorgement and interest to the SEC. And as a part of a separate resolution in Latin America of around $17 million, there is an available offset for making timely payments to the Brazilian government.

The company was given a large list of remedial actions and in a 2022 press release stated:

Under the direction of the board's audit committee, Stericycle conducted its own thorough internal investigation, cooperated fully with the DOJ, SEC and Brazilian authorities, and took extensive steps to establish a strong global anti-corruption compliance program by enhancing its compliance policies, procedures and internal controls in every country in which it operates. Stericycle's remedial actions were acknowledged by the DOJ, the SEC and the Brazilian authorities in the settlements.”

“Since 2017, Stericycle has transformed its board of directors and leadership team. The company has named multiple new members to its board of directors and added new, experienced executives to its leadership team, including Cindy J. Miller, who was named president and chief operating officer in 2018 and chief executive officer in 2019. The company also created a new Operations, Safety and Environmental Committee to enhance board oversight and hired compliance personnel including an experienced chief ethics and compliance officer reporting directly to Miller and the chair of the audit committee.

Building a Culture of Compliance-Remedial Measures and Global Enhancements

U.S. authorities credited Stericycle for its cooperation in the investigation and for steps the company's new leadership has taken to enhance and ensure compliance and internal controls. As detailed in Stericycle's deferred prosecution agreement, these steps have included:

  • strengthening its corporate governance by appointing new executive leadership and board members;
  • strengthening its compliance function by hiring additional personnel, including an experienced chief ethics and compliance officer;
  • updating its code of conduct and internal controls relating to anti-corruption, retention and management of commercial agents and other third parties, and gifts, travel and entertainment;
  • enhancing its internal reporting, investigations and risk assessment processes;
  • overhauling its compliance training and communications;
  • terminating employees involved in the relevant conduct; and
  • divesting its subsidiaries in Argentina and Mexico.”

The last requirement of divesting its holdings in Argentina and Mexico is a rather unusual one. This does highlight the measures Stericycle has had to take in the aftermath of FCPA violations. All of which could have been mitigated or prevented had due diligence taken place. 

The Costs of Disregarding Due Diligence

One particularly noteworthy statement in the SEC Order is:

“As Stericycle grew in Latin America through acquisition, the accounting processes and systems remained mostly decentralized with neither uniformity nor proper oversight, resulting in internal control deficiencies. Additionally, Stericycle had no centralized compliance department and failed to implement its FCPA policies or procedures prior to 2016.”

Due diligence should be one of the cornerstones of a robust compliance program. M&A transactions and key executive hires should always include due diligence being conducted on the entity and executives. The human side of the equation is often missed when focusing solely on legal and financial risk elements. This is an important step which informs legal due diligence about risk issues involving people at the most senior levels. 

Due diligence investigations are designed to detect secret, hidden, and undisclosed information that is not readily available in standard background checks. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other issues. Open Source Intelligence (OSINT) investigations are an important source of information in addition to publicly available records.

These investigations need to be looked at in relation to the culture and location of the executives and organizations as well. What can be socially, and sometimes legally, acceptable in one location, may in fact, be a legal issue in another. In-country due diligence may be needed in some situations to gain “on the ground” intelligence.  When operating in a foreign domain, a business is still accountable for adhering to the FCPA and other applicable laws if they have management or financial activity through the USA.

Deep due diligence should be a standard practice in any M&A proceeding, along with the usual legal, financial, and operational due diligence. This important information informs who you are doing business with and prevents “bad actors” willing to commit bribery, fraud, or other criminal acts from getting involved with your business. 

Due diligence investigations would have helped Stericycle to prevent their FCPA and DOJ proceedings had they employed them prior to acquiring holdings in Argentina, Mexico, and Brazil. 

This also is not a one-and-done process. Due diligence investigations on executives should be done on a regular basis (typically every 1 to 3 years) depending on the company its overall risk exposure. Plus, situations change, and with those changes, corruption can still occur.

Fraud, shell companies, bribery, and corruption are only a few of the risks that deep due diligence can help companies guard against. Thirty-five percent of global vendors, consultants, agents and distributors have corruption-related issues. Costs for not having a robust compliance program and for not performing deep due diligence can be staggering. Some can have exact numbers as in fines by the SEC and DOJ, and others can involve reputation damage, loss of clients, and even prison time, as in the case of “Pharma-Bro” Martin Shkreli.

Often when acquiring new entities through M&A, there can be a clash of company cultures and values. Often, the individuals within a newly acquired company will continue to conduct business as usual.  As already mentioned, what might be “business as usual” in one country, might be illegal in yours.

It is important to create a culture of integrity from the top down and make clear what is expected in regards to compliance with your company’s policies and procedures for ethical behavior. 

FCPA violation costs are rising and new penalties are being evaluated.  JDSUPRA notes that imposing a monitor may seem surprising given the efforts by Stericycle:

“…but it tracks with the Biden administration’s commitment to using monitors to combat corporate crime. In an October 2021 speech at the American Bar Association’s National Institute on White Collar Crime, Deputy Attorney General (“DAG”) Lisa O. Monaco remarked that “there is no default presumption against corporate monitors. That decision about a monitor will be made by the facts and circumstances of each case.” This is a significant departure from the Trump administration’s approach, which favored pursuing monitorships “only where there [was] a demonstrated need for, and clear benefit to be derived from, a monitorship relative to the projected costs and burdens.”

They further report that with the enforcement of DAG Monaco and the imposition of monitorships “[w]here a corporation’s compliance program and controls are untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution,” there can be “significant on-going costs” for monitorship to companies.

The Need for Robust Due Diligence

This new approach further underscores the need for robust due diligence including deep dive due diligence on executives and companies prior to undertaking any M&A proceedings. 

Legal and financial due diligence should always be enhanced by due diligence investigations to evaluate serious exposures that may be hidden or undisclosed.

It is better to invest upfront as part of your company’s success strategy by putting together an ongoing due diligence and compliance program to prevent “bad actors” from entering your company to begin with, or identifying them if they have already snuck in. 

The costs of disregarding the need for effective due diligence investigations can hit a company with: reputation damage, stock price drops followed by shareholder law suits, profit loss, staggering regulatory fines, and even loss of freedom for key executives if penalties include jailtime. With FCPA violations being at an all-time high and the introduction of additional enforcement actions, including mentorships and even divestment of entities as part of a settlement agreement, it is more important than ever to proactively incorporate due diligence investigations into your company’s strategy for success and to protect the board as well as the company’s profits.


Related Posts

I recently spoke with Tom Fox, The Compliance Evangelist on The Compliance Podcast Network regarding insights from recent enforcement actions, where we considered various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. We looked at actions that help us […]
Read more
In this 5 part series, I am visiting with Tom Fox, the Compliance Evangelist. We consider various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. We discussed ways through the maelstrom to find useful and actionable information for your […]
Read more
1 2 3 12

CLE Accredited Courses

Infortal’s Continuing Legal Education (CLE) courses are designed to equip executives, attorneys and risk managers with strategic insights to navigate the complex landscape of geopolitical risk. We cover topics such as international sanctions, regulatory risks, corporate espionage, AML, global warfare, anti-terrorist financing and corruption.

We can help you make informed decisions and mitigate potential risks for your business.
This is a block of text. Double-click this text to edit it.