top of page

Importance of compliance risk management in M&A transactions


M&A deals or transactions have been for many years the primary process used by big and small businesses to achieve growth , expand and also improve their business. Business transactions in most cases have an impact whether large or small within the market they serve and also for the parties themselves involved in it. Hence most business transactions have to adhere to specific regulations to ensure the transaction is fair and equitable for both parties involved and also to ensure that the market where such transactions occur is not adversely affected by such transactions. Managing risk is also imperative to any business transaction so that the deal being conducted is without any ambiguity and both parties realise the full value of the transaction without any adverse situations attached to it.

M&A transactions

What does an M&A transaction mean ?

M&A or mergers and acquisitions is a business process by which two or more companies combine in various ways through a number of different transactions which could include - purchasing assets , tender offers and also acquisition of the management of a company.

The Companies Act 2013 does not define the term but provides an explanation about the concept of this process. It explains that a “merger” simply does not only imply the accumulation of the liabilities and assets of two very different business entities but also as a resultant of the transaction gives rise to organization of two entities into one singular business.

M&A transaction as by the name are of two types -

Merger- Whereby two different businesses combine to form a new singular entity which has a distinct identity from the parent companies.

Acquisition - Whereby one business is absorbed completely by another business and the independent existence of the acquiree company no longer exists.

Legal Compliance

Compliance means the act of adhering to a certain amount of regulations implemented by the government to ensure that any form of business transaction is within the permissible financial and ethical standards and that they do not cause adverse effects on society and markets during such transactions or during the everyday course of business of companies.

Compliance for businesses is not just limited to interpreting what a given legislation implies but the very act of adhering to such given regulations at all points of time throughout the lifespan of a given business. This would mean that companies have records of checks and have policies and procedures around such given legislations.

Laws governing M&A deals in India

Mergers and acquisition transactions are regulated by very specific laws formulated by the indian government and every transaction needs to abide by the rules stated in the given regulations to achieve a successful outcome. The laws governing M&A deals in India are as follows -

Companies Act 2013 - The new act with circulars , rules , orders , notifications and enhanced disclosure norms provide better protection to investors and minorities and thus ensure M&A deals are smooth and efficient.

Indian contract Act, 1872 - Focuses on general principles of contracts and how collection of damages can be included incase of a breach of contract. This is very important as M&A deals typically have numerous contracts involved in them and such measures are necessary to safeguard interests of all parties.

Specific relief Act, 1963 - Specifies remedies for private parties who have faced civil or contractual breach of rights. Mentions remedies for breach of contract.

Income Tax Act , 1963 - it contains various provisions which deal with taxation aspects of various forms of M&A deals. IT act also deals with indian mergers as well as deals that have a cross border aspect to them.

Competition Act , 2002 - This is an extremely important regulation that all M&A deals need to comply with. The competition act promotes fair competition in all markets and also restricts anti competitive agreements which may have anti competitive aspects related to them.

Foreign Exchange Management Act , 1999 - The FEMA regulations are used to govern all mergers and amalgamations which take place between indian and foreign and indian companies , it covers investment related information including inbound and outbound investments.

Securities and Exchange Board India Act , 1992 - Rules and regulations of the SEBI Act govern the securities market of india. Which also include acquisition of companies listed on the stock exchange of India.

Due Diligence

Due Diligence is the precursor for every M&A deal that takes place. It is essentially investigative procedures used to determine the overall health and internal affairs of a company that is set to be acquired. Due Diligence plays an extremely important role in transactions as it enables the acquirer to understand the overall value of the company and as a result the acquirer is able to make a fair offer during a transaction. Due Diligence helps an acquirer understand the underlying risks and liabilities if any associated with a given company which enables the acquirer to make a decision whether to acquire a given company if risks and liabilities seem to large or to develop a specific strategy to deal with such liabilities and risks if they are in manageable amounts post acquisition.

Regulatory Due Diligence

Regulatory Due Diligence is a process which involves systematic review of a given company's regulatory compliance status and that of its suppliers , agents and partners.

The information that is required to be reviewed when such a due diligence is carried out while assessing transactions includes -

  • Regulatory investigations audits and reviews

  • Existing compliance policies for the prevention of fraud.

  • Written standards of conduct

  • Compliance programmes or appointment of a compliance officer.

  • Audit processes

  • Inclusion of compliance regulatory training for employees.

  • Contracts and agreements with suppliers and partners.

These investigations are conducted to find out any unknown issues or “Red Flags” which can help mitigate the regulatory risk of any transaction. It can also help a business to understand other roadblocks to a deal like - regulatory obligations, legitimacy of business partners and also help evaluate business impact and rectify any issues if present.

Risk and Compliance management in India

India at present does not possess standard legal guidelines when it comes to corporate risk and compliance management. In current times however compliance with labour , industrial , financial and corporate laws have picked up great pace and importance in the corporate sector.

Labour Compliance

India is a nation with a humongous labour force and the same forms the core of the country. Labour force is a quintessential component of any company in the corporate sector and hence well defined labour compliances have become a core part of the functioning of any company and non compliance with the same can lead to severe consequences in terms of legal action. For proper management of corporate risk , companies in current times are required to use effective contract management with their employees along with other related third parties as per the Indian Contract Act 1872.

A very recent development in the corporate risk management with regards to the labour force is the pre-emptive screening of employees. Pre-emptive screening of employees or conducting background checks before hiring isn't a mandatory requirement under any regulation in the country except in case of banks, schools etc under specific government notifications.

There are specific acts with regards to labour compliance which need to be strictly adhered to which include -

  • the Industrial Disputes Act 1947;

  • the Employees State Insurance Act 1948;

  • the Employees’ Provident Funds and Miscellaneous Provisions Act 1952;

  • the Payment of Bonus Act 1965;

  • the Factories Act 1948;

  • the Contract Labour (Regulation and Abolition) Act 1970;

  • the Child Labour (Prohibition and Regulation) Act 1986;

  • the Maternity Benefit Act 1961;

  • the Payment of Gratuity Act 1972; and

  • the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act 2013.

Financial Compliance

India for a long time bears a complex accounting , tax and regulatory framework which makes it an uphill task for all major companies in the nation to keep up with such an ever changing regulatory environment and ensure that they are compliant with all the essential financial regulations and laws. The government through its efforts has tried to ease certain regulations from time to time which reduces the hurdles of doing business in the nation and attracts more foreign investment in the country. A recent example of such an action would be the Goods and Services Tax regime which came into force on 1st July 2017 which helped in subsuming a gamut of indirect state and central taxes and made india a singular market thus helping in promoting business in india.

Corporate Compliance

Besides labour and financial compliance , all companies are required to strictly comply with all existing corporate compliances with respect to the applicable laws. The government has tried to relax certain regulations here as well so as to increase the inflow of foreign investment in the country. A recent example would be that foreign direct investment has been allowed upto 100% for ‘single brand retail trading’.

There are specific regulations for financial and corporate compliance that need to be strictly adhered to by all companies and they may be classified as -

  • the Companies Act 2013;

  • the Income Tax Act 1961;

  • the Reserve Bank of India and its subsequent guidelines;

  • the Banking Regulation Act 1949;

  • the Foreign Exchange Management Act 1999;

  • the Securities and Exchange Board of India 1992 and its subsequent guidelines; and

  • the Goods and Services Tax Act 2017.

The Competition Act 2002 also plays a key role in promoting fair competition throughout any specific market and prohibits the formation of Monopolies as well as price fixing which is a crucial form of risk management as it enables many companies in a given market to flourish which would otherwise be sold or taken off the market due to lack of sales and profits.

Principal Regulators for Corporate Compliance

  1. The Registrar of companies ( ROC) deals with all activities encompassing the Companies Act 2013 the Ministry of Corporate affairs has authority over the ROC. Any company incorporated under the Companies Act 2013 has to compulsorily file a multitude of forms and returns with respect to their daily compliance activities.

  1. The Reserve Bank of India ( RBI) is the key authority laying down compliances for banks around the country. The RBI via notification 2006/2007/335 dated 20th April 2017 has focused on certain key compliances which need to be adhered to compulsorily. The legislations in focus by RBI with respect to which compliance needs to be maintained generally include - Banking Regulation Act 1949, Reserve Bank of India Act 1934, Foreign Exchange Management Act 1999, Prevention of Money Laundering Act 2002, RBI also focuses on adherence with standard guidelines such as The Banking Codes and Standards Board of India, Indian Banks Association, Foreign Exchange Dealers Association of India, Fixed Income Money Markets and Derivatives Association, etc.

  1. The Securities and Exchange Board of India (SEBI) is principal regulator of the securities market in India. The SEBI exists to provide protection to investors and safeguard their interests. SEBI has formulated various guidelines whereby specific compliances need to be adhered to by listed entities. SEBI also helps manage corporate compliance in various stock exchanges across the country by setting up monitoring cells to keep corporate compliances in check.

  1. The Competition Commission of India was set up in line with the Competition Act of 2002. The duty of the CCI is to prevent formation of Monopolies , anti competitive business actions and colluding between companies for price fixation.The CCI strives for a market whereby multiple businesses can thrive and exist which enables customers a multitude of options to purchase from at specific quality and prices , hence acting to protect interests of customers as well.

  1. The Enforcement directorate exists for the primary reason of administering two specific regulations namely the - Foreign Exchange Management Act 1999 and the Prevention of Money Laundering Act 2002. The officers of the directorate impose penalties on entities in case of violation of these acts.

Risk mitigation by compliance management

An efficient compliance management system can help identify and mitigate any impending risks of a company by -

  • identifying the risk inherent in achieving goals and objectives;

  • establishing risk appetite across the entire risk spectrum;

  • establishing and communicating risk management frameworks;

  • building accurate and consistent risk assessment;

  • establishing and implementing measurement reporting standards and methodologies;

  • building a risk profile;

  • establishing the key control processes, practices and reporting requirements;

  • monitoring the effectiveness of control;

  • ensure all the exposures are adequately identified, measured and managed in accordance with board-approved frameworks;

  • provide early warning signals;

  • ensuring risk management practices are adequate and appropriate for managing the risks;

  • Reporting areas of stress where crystallisation of risks is imminent;

  • present remedial actions to reduce or mitigate such risks;

  • reporting on sensitive and key risk indicators;

  • communicating with relevant parties;

  • review and challenge all aspects of the company’s risk profile;

  • advising on optimising and improving the company’s risk profile; and

  • review and challenge risk management practices.

Liabilities for Compliance deficiencies

Administrative and regulatory liabilities

Section 105B of the IRDA states that any insurer who fails to deliver general or life insurance to the rural or social sector of India would be liable to a fine ranging upto Rs 500,0. or imprisonment upto a term of 3 years or fine for each such failure.

Criminal Liabilities

The companies act 2013 lays down penalties for offences committed by companies.Under the Income Tax Act 1961, the Customs Act 1962, the Central Sales Tax 1956 and the Central Excise Act 1944, various crimes related to tax such as evasion of tax, smuggling, customs duty evasion, value added tax evasion and tax fraud are prosecuted.

The Environment (protection) Act 1986 enables the indian government to protect and improve the quality of the environment. A rule formed under this act the Hazardous Waste (Management and Handling) Rules 1989 states that any violation under the said rules would lead to imprisonment upto 5 years and if the violation would continue then the term of imprisonment would increase by another 5 years.

Cases relating to compliance failure

Satyam Scam

Referring to the case of Byrraju Ramalinga Raju vs the State , it is stated to be the biggest fraud in the corporate domain and a prominent example of compliance failure. Two brothers, B. Rama Raju and B. Ramalinga Raju started Satyam Computer Services Ltd (popularly known as Satyam) as a private limited company with just 20 employees for providing software development and consultancy services to large corporations (the company went public in 1991). The company was growing at a massive rate and had received sterling global accolades and was providing IT services to global giants such as the World bank.

On the 7 January 2009 B. Ramalinga Raju by way of an emotionally charged 4 page letter announced that he had committed a fraud of over 78 billion rupees. There was an attempt initially to cover this up by way of acquiring Maytas Infra, a company owned by Raju’s son Teja Raju. PWC the company's auditors also confessed that their audits were incorrect due to the botched financial statements submitted by Satyam Computers. The company’s CFO had also admitted to inflating the number of employees to over 10,000 to draw approximately 200 million rupees from non-existent salary accounts. The company had also shown inflated revenues by showcasing false sales invoices and had shown the amount received as fixed deposits in banks.

The Sahara Case

The case Subrata Roy Sahara vs Uoi & Ors was another great example of compliance failure whereby The Sahara group had failed to refund investments upwards of Rs 200 billion to 30 million small investors. Sahara had offered shares using two of their unlisted companies but the Securities and Exchange Board of India stated that it was not compliant with the public issue of securities legislations of SEBI. In 2014 the chairman of Sahara group Mr Subrata Roy was arrested for the said fraud with his petition to settle to SEBI and the court rejected.

Punjab National Bank (PNB) fraud case

The second largest state owned lender of the nation Punjab National Bank (PNB) had stated in 2018 that it had fallen prey to the biggest bank scam the nation has ever known amounting to US$1.77 billion or over 110 billion rupees.

The complaint to the Central Bureau of Investigation explicitly stated that the primary perpetrator of the said case Mr Nirav Modi and certain companies linked with him (M/s Diamonds R Us, M/s Solar Exports and M/s Stellar Diamonds) had conspired with its own officials to get fraudulent letters of undertaking to enable them to receive buyers credit from other overseas banks. It was stated that the funds that were raised for import of diamonds were not used for this purpose and that this fraud extended to a multitude of other banks namely State Bank of India, Union Bank, Axis Bank Ltd and Allahabad Bank, all of whom were victims of the fraud. Initial investigations showed that two officials of the bank had offered fraudulent letters of undertaking that allowed the firms to receive credit for their said activities.


Compliance plays a massive role in each and every form of Mergers and acquisition transaction. As M&A deals are deals to expand an existing business or to become more profitable by way of acquiring high performing target companies, they include buying of shares and assets in all forms from the target company and acquiring the services of the highly skilled people of the target company. With such decisions comes the need for conducting Due Diligence by the acquiring company to ascertain the risk profile of the target company. It enables the acquirer to get a picture of how compliant the said company is with the major regulations affecting M&A deals as in Labour , Financial and Corporate compliances, this enables the acquirer to ascertain the valuation of the target company keeping in mind the risks and liabilities involved and also whether to still pursue the transaction as risks maybe too large. Compliance management plays a quintessential role here as it is near impossible for a company to keep in check all compliance requirements throughout its lifetime without a structured process, without such a structure a company may have to face huge liabilities in form of massive fines and long drawn litigations in various fora which would not only damage the company monetarily but also damage the reputation of the company. As a result if a company is facing such issues it becomes unsuitable for acquisition and even when an agreement might be reached the target company might not be in a position of power to bargain over the offer price as the acquirer will look to pay much less than what the target company would deserve owing to its performance in the market , but as the acquirer takes on the liabilities of the target company as well they will look to lower the offer price. Compliance management is also essential post the deal has been completed to ensure seamless integration of the newly formed entity.

Compliance management enables a company to keep its inner workings in line with all essential regulations in a constantly changing and complex regulatory environment. It enables a company to realise maximum value from its operations while reducing risks and subsequent liabilities to a great extent and also maintain a sterling reputation in a given market which would keep a company in pole position should it decide to sell the business and prepare itself for acquisitions.

Sayantan Dey

2nd Year BA LLB student ( University of Calcutta)






17 views0 comments

Recent Posts

See All

I. BACKGROUND The advancement of internet trend has caused a shift in the business sector. Many business organisations have migrated to the internet realm of marketing and commerce, inc

Introduction Black’s law dictionary defines Double Jeopardy as: – A second prosecution after a first trial for the same offense. In India, protection against double jeopardy could be an elementary rig