Kusserow on Compliance: Tips on mergers and acquisitions due diligence

– Failing to engage in regulatory due diligence may result in legal exposure

– Most M&As in health care fail to adequately check regulatory risk liabilities

Tom Herrmann, a former senior executive in the Office of Counsel to the Inspector General (OCIG) and Medicare Appeals Council Appellate Judge, provides interesting insights on this subject as result of his government experience and work with due diligence reviews.  Traditionally, law firms conducting due diligence reviews focus on contracts and other legal obligations. They examine a multitude of areas including an entity’s structure; contractual, intellectual and property obligations; securities and financing compliance; tax exposure risks; and previous and current litigation. Public accounting firms assess the financial accountability and viability of an entity. It is not uncommon for the accounting and law firms to have the scope of their due diligence reviews limited to their areas of expertise, which often do not include health care regulatory compliance. This may result in a failure to adequately review and address potential problems in the regulatory compliance arena. Regulatory due diligence is a specialized review process that requires the application of certain protocols, and protocols and can be performed quickly and efficiently to identify areas of regulatory risk and vulnerability. A review should include assessing the effectiveness of the entity’s compliance program; evaluating internal monitoring of high-risk areas; conducting sample of claims audits and extrapolations; and the ongoing internal audit process of a company. Regulatory compliance experts know where to look for weaknesses without having to do a “deep dive.” Thus, such a review can be performed in an efficient and cost-effective manner. He offers the following tips for those engaged in M&A:

  1. Any party considering an acquisition or entering into a merger should adequately assess potential future government enforcement or regulatory action. This provides an incentive for an acquiring party to require the disclosure prior to a merger or acquisition of any information or documentation relating to a pending or potential government enforcement or regulatory action.


  1. The matters disclosed during a regulatory due diligence review may encompass a broad range of issues, including employing or contracting with an excluded party, a flawed arrangement with a physician, or Medicare or Medicaid overpayments.


  1. Once a potential legal or regulatory violation is identified, a resolution of the matter, including self disclosure to appropriate government authorities, should be addressed by the parties.

Tom Herrmann may be reached at thermmann@strategicm.com or at (703) 535-1410 for more information on this topic.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.