Search by Topic:

Choose Your Topic

Export Compliance Successor Liability in Mergers and Acquisitions

Two business people finalize and deal and shake hands to seal the deal.

Custom Audio Player
0:00

Article Summary

What is successor liability in export compliance and why does it matter in M&A?

Successor liability is the principle that an acquiring company may inherit the legal and regulatory violations of the target company – including those related to ITAR and EAR – meaning past noncompliance, whether known or undiscovered at closing, can follow the target into the buyer's hands and result in significant penalties, reputational harm, and operational disruption.

Does successor liability apply regardless of how the M&A transaction is structured?

Yes – U.S. regulatory authorities including the Departments of State, Commerce, and Treasury have consistently held that acquiring companies assume responsibility for the target's prior export compliance failures regardless of whether the transaction is structured as a stock purchase, asset acquisition, or merger, making transaction structure an insufficient shield against inherited export liability.

What must export compliance due diligence include before an M&A transaction closes?

Due diligence should include reviewing the target's export classifications, licensing history, internal compliance policies, past disclosures to regulators, restricted party screening practices, and recordkeeping adequacy – because inadequate diligence leaves buyers exposed to liabilities that could have been identified, mitigated, or priced into the deal before closing.

How does voluntary disclosure reduce successor liability risk after an acquisition?

If potential violations are identified during due diligence or after closing, submitting a voluntary disclosure to the appropriate regulatory agency can significantly reduce penalties – because U.S. enforcement authorities treat voluntary self-disclosure as a mitigating factor, especially when combined with prompt corrective action, and proactive disclosure by the acquiring company demonstrates good faith that can lead to more favorable enforcement outcomes.

Why must post-acquisition compliance integration happen immediately rather than gradually?

Delays in integrating the acquired entity into the buyer's export compliance program prolong exposure to risk and may be viewed negatively by regulators if violations continue after the acquisition – making immediate implementation of the acquiring company's compliance program, including employee training, updated procedures, and proper classification and licensing practices, a compliance obligation rather than an operational preference.

What contractual protections should acquiring companies negotiate in M&A transactions involving export-controlled businesses?

Acquiring companies should negotiate representations and warranties addressing the target's export compliance history, seek indemnification provisions that allocate pre-closing violation risk to the seller, and consider escrow arrangements or price adjustments tied to compliance findings – because contractual protections are one of the few mechanisms available to shift the financial consequences of inherited violations back to the party whose conduct created them.

Introduction

In mergers and acquisitions (M&A), buyers often focus on financial performance, synergies, and strategic fit. However, export compliance is an equally critical—yet sometimes overlooked—area of risk. Successor liability refers to the principle that an acquiring company may inherit the legal and regulatory violations of the target company, including those related to export controls such as the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). In the context of global trade, this means that past noncompliance—whether known or undiscovered—can follow the target into the hands of the buyer, potentially resulting in significant penalties, reputational harm, and operational disruption.

Understanding Successor Liability in Export Compliance

U.S. regulatory authorities, including the Departments of State, Commerce, and Treasury, have consistently emphasized that companies acquiring another business also assume responsibility for that entity’s prior export compliance failures. This applies regardless of whether the transaction is structured as a stock purchase, asset acquisition, or merger. While enforcement agencies may consider the acquiring company’s due diligence efforts and post-acquisition remediation, they retain broad discretion to pursue penalties for historical violations.

Key Details to Understand

1. Liability Can Extend to Pre-Acquisition Violations

One of the most significant risks in M&A transactions is that export violations committed before closing can still be enforced against the acquiring company. These may include unauthorized exports, improper classification of controlled items, or dealings with restricted parties. Even if the buyer had no knowledge of these violations at the time of acquisition, regulators may still impose fines or require corrective actions.

2. Due Diligence Is a Critical First Line of Defense

Robust export compliance due diligence is essential for identifying potential risks before a transaction is finalized. This process should include reviewing the target’s export classifications, licensing history, internal compliance policies, and past disclosures to regulators. Companies should also assess whether the target has conducted restricted party screening and maintained adequate records. Inadequate diligence can leave buyers exposed to liabilities that could have been mitigated or priced into the deal.

3. Voluntary Disclosures Can Mitigate Risk

If potential violations are identified – either during due diligence or after closing – submitting a voluntary disclosure to the appropriate regulatory agency can significantly reduce penalties. U.S. enforcement authorities generally view voluntary self-disclosure as a mitigating factor, especially when combined with prompt corrective action. In some cases, proactive disclosure by the acquiring company can demonstrate good faith and lead to more favorable enforcement outcomes.

4. Integration and Remediation Must Be Immediate

Post-acquisition integration is a key opportunity to address compliance gaps. The acquiring company should quickly implement its own export compliance program across the newly acquired entity, including training employees, updating procedures, and ensuring proper classification and licensing practices. Delays in integration can prolong exposure to risk and may be viewed negatively by regulators if violations continue after the acquisition.

Common Pitfalls

A common mistake in M&A transactions is treating export compliance as a secondary issue or addressing it too late in the process. Additionally, companies may underestimate the complexity of the target’s international operations or fail to involve compliance experts early enough. Overlooking these factors can lead to costly surprises after closing.

Best Practices

To effectively manage successor liability risk, companies should integrate export compliance into every stage of the M&A lifecycle. This includes conducting thorough due diligence, negotiating appropriate contractual protections such as representations and warranties, and developing a detailed post-closing integration plan. Engaging experienced export compliance professionals and legal counsel can further strengthen these efforts.

Conclusion

Successor liability in export compliance is a critical consideration in any M&A transaction involving international operations or controlled technologies. The risks are real and potentially significant, but they can be managed through proactive diligence, timely disclosures, and effective post-acquisition integration. By treating export compliance as a core component of transaction planning, acquiring companies can protect themselves from inherited liabilities and ensure a smoother path to realizing the full value of their investment.

Key Points

What is successor liability in export compliance and what legal framework creates it?

  • Successor liability is the principle that an acquiring company inherits the legal and regulatory violations of the target – including those related to ITAR, administered by the Directorate of Defense Trade Controls, and EAR, administered by the Bureau of Industry and Security, as well as sanctions violations enforced by OFAC and the Department of Treasury
  • U.S. regulatory authorities have consistently held that acquisition creates compliance responsibility regardless of whether the acquiring company had any involvement in or knowledge of the target's prior violations – the enforcement framework does not require intent or knowledge as a precondition for successor liability
  • Transaction structure does not eliminate exposure – stock purchases, asset acquisitions, and mergers all carry potential successor liability under the export control enforcement framework, meaning buyers cannot use deal structure alone to insulate themselves from the target's compliance history
  • Past noncompliance can follow the target regardless of when it occurred – export violations committed years before closing remain enforceable against the acquiring company, and enforcement agencies retain broad discretion to pursue penalties for historical violations even when the acquiring company has taken remediation steps
  • The financial and operational consequences are significant – penalties for export violations can reach millions of dollars per violation, criminal liability can attach to individuals as well as entities, and operational disruption from license revocations or debarment can affect the entire acquired business's ability to operate in international markets

What must export compliance due diligence include to adequately assess successor liability risk?

  • Export classifications must be reviewed across the target's product and technology portfolio – misclassification of controlled items under the EAR or ITAR is a common compliance failure that creates both past violation exposure and ongoing compliance risk, and the due diligence process must assess whether the target's classification determinations were made correctly and documented adequately
  • Licensing history requires comprehensive examination – the due diligence team should verify that the target obtained required licenses for past exports, that licensed activities remained within approved scope, and that license conditions were satisfied, because licensing gaps in historical transactions represent pre-closing violations that transfer to the acquirer
  • Internal compliance policies should be assessed for adequacy and implementation – a target may have written compliance policies that are not actually followed in practice, and the due diligence assessment must evaluate both the quality of the written program and the evidence that it was operationally implemented
  • Past disclosures to regulators are critical indicators – voluntary disclosures, warning letters, and prior enforcement actions reveal the target's compliance history and give the acquirer a baseline for assessing the scope of inherited risk, and their absence should be verified rather than assumed
  • Restricted party screening practices and recordkeeping adequacy are areas where compliance gaps are frequently found – a target that screened only at customer onboarding and not before shipment, or that maintained inadequate records of screening determinations, has structural compliance weaknesses that create both past and ongoing exposure

How does voluntary disclosure function as a successor liability risk management tool?

  • Voluntary disclosure to the appropriate regulatory agency can significantly reduce penalties' when potential violations are identified either during due diligence or after closing – the enforcement framework at BIS, DDTC, and OFAC all treat voluntary self-disclosure as a meaningful mitigating factor in penalty assessment
  • The timing of disclosure matters – a disclosure made promptly after identification of a potential violation demonstrates good faith and organizational control, while a disclosure made only after a violation is discovered by regulators through other means receives less mitigation credit and creates additional compliance credibility concerns
  • Combining disclosure with prompt corrective action strengthens the mitigating effect – regulators assess not just whether a disclosure was made but whether the disclosing company identified the root cause, corrected the underlying compliance gap, and implemented controls to prevent recurrence, making remediation a component of the disclosure strategy rather than a separate subsequent step
  • The acquiring company's decision to disclose inherited violations demonstrates the kind of compliance posture that regulators view favorably – proactively surfacing violations that occurred before the acquisition, rather than hoping they go undetected, signals organizational integrity and a compliance-first culture that affects how regulators approach the enforcement relationship going forward
  • Legal counsel experienced in export compliance should guide the disclosure process – the decision to disclose, the timing, the scope of what is disclosed, and the accompanying remediation narrative all have strategic dimensions that affect enforcement outcomes and that require specialized expertise to navigate effectively

What does post-acquisition integration of export compliance require and why must it be immediate?

  • The acquiring company must implement its own export compliance program across the newly acquired entity without delay – this includes training all employees who perform export-related functions on applicable regulations, the company's compliance policies, and their specific obligations under ITAR and EAR
  • Updated procedures must replace the target's compliance processes immediately – the target's pre-acquisition compliance program may have contained gaps that created the inherited violations the acquirer is now managing, and allowing those procedures to continue post-closing prolongs exposure to risk that the acquisition itself has not eliminated
  • Proper classification and licensing practices must be established for all ongoing export activities – the integration process should include a review of all current and planned exports to verify that classification determinations are correct and that required licenses are in place before shipments proceed under the acquirer's compliance umbrella
  • Delays in integration may be viewed negatively by regulators if violations continue after the acquisition – the enforcement framework does not grant acquiring companies a grace period for compliance integration, and violations that occur post-closing because integration was incomplete or delayed are treated as the acquiring company's own violations rather than inherited ones
  • Integration should be treated as a first-priority workstream, not an operational afterthought – companies that treat export compliance integration as secondary to financial, operational, or cultural integration priorities consistently find that the compliance exposure they inherit compounds rather than diminishes during the integration period

What contractual protections should acquiring companies pursue in export-controlled M&A transactions?

  • Representations and warranties addressing export compliance history are the foundation of contractual protection in M&A transactions involving controlled technologies or international operations – the seller should represent the accuracy of its compliance disclosures, the completeness of its licensing history, the adequacy of its screening practices, and the absence of undisclosed violations
  • Indemnification provisions that allocate pre-closing violation risk to the seller are the primary mechanism for shifting the financial consequences of inherited violations back to the party whose conduct created them – these provisions should cover penalties, legal costs, and remediation expenses arising from violations that occurred before the closing date
  • Escrow arrangements or purchase price adjustments tied to compliance findings provide additional financial protection when due diligence identifies compliance concerns that cannot be fully quantified before closing – they ensure that the financial consequences of post-closing enforcement actions related to pre-closing violations are borne by the seller rather than absorbed entirely by the acquirer
  • Specific disclosure schedules addressing known compliance issues create a documented baseline for the representations and warranties, and gaps between the disclosed compliance history and subsequently discovered violations provide grounds for indemnification claims that require clear contractual foundation to pursue effectively
  • Engaging experienced export compliance professionals and legal counsel before finalizing contractual protections ensures that the representations, warranties, and indemnification provisions are drafted with sufficient specificity to be enforceable and to cover the actual categories of risk that the due diligence process identified

What are the most common mistakes in export compliance M&A risk management and how are they avoided?

  • Treating export compliance as a secondary issue or addressing it too late in the M&A process is the most common and consequential mistake – export compliance due diligence requires specialized expertise and adequate time to execute properly, and beginning the process after financial and legal due diligence is substantially complete creates a compressed timeline that results in incomplete risk assessment
  • Underestimating the complexity of the target's international operations leads to due diligence scopes that miss significant compliance exposure – a target with distribution partners, foreign subsidiaries, technology licensing arrangements, or defense-related products requires a more comprehensive export compliance assessment than a domestically focused business, and the due diligence scope must reflect that complexity
  • Failing to involve export compliance experts early enough means that material compliance risks may be identified too late to affect deal pricing, negotiate contractual protections, or walk away from a transaction that poses unacceptable inherited liability – compliance experts should be engaged as part of the initial due diligence team rather than brought in after a compliance issue surfaces
  • Assuming that asset deal structure eliminates successor liability is a misunderstanding of how U.S. export enforcement authorities approach successor liability analysis – while deal structure is a factor that regulators may consider, it does not provide reliable protection against enforcement actions for pre-closing violations under the ITAR and EAR frameworks
  • Failing to develop a detailed post-closing integration plan before the transaction closes means that the acquiring company enters the integration period without a structured roadmap for bringing the acquired entity into compliance, extending the window of exposure during which inherited compliance gaps and post-closing violations coexist without clear accountability or remediation timeline

Search by Keyword:

Search by Topic:

Choose Your Topic

Comprehensive Trade Compliance

Whether your needs are ITAR or EAR related, CTP experts will help you develop and maintain complete export compliance. We also assist with important and supply chain issues, notably tariffs.

Our ServicesContact CTP
CTP Updates

Latest Posts

A woman works on cybersecurity in a server room of a secure office.

Trusted Third Parties in the DECCS Portal: Roles, Responsibilities, and Compliance

DECCS Trusted Third Parties allow companies to delegate complex ITAR filings to outside experts — but delegation doesn't shift liability. This guide covers TTP authorization, access controls, identity verification, data segregation, and the internal oversight practices that keep the arrangement defensible.

Read More
Blue Arrow Icon
Two professionals execute licensing agreement paperwork at a desk in an office.

Manufacturing License Agreements (MLAs) Under ITAR: How They Work

Under ITAR, authorizing a foreign entity to manufacture U.S. defense articles requires a Manufacturing License Agreement approved by DDTC. This guide covers MLA scope requirements, technical data controls, party vetting, retransfer restrictions, recordkeeping obligations, and the compliance framework required to sustain authorization.

Read More
Blue Arrow Icon
Men Sitting a Table Signing Papers More info Share

How Technical Assistance Agreements (TAA) Under the ITAR Work

Under ITAR, sharing technical data or providing defense services to foreign persons without authorization – even in routine collaboration – can constitute an unauthorized export. This guide covers how Technical Assistance Agreements work, what they must contain, and the compliance controls required to keep them effective.

Read More
Blue Arrow Icon
Contact Us

How Can CTP Help You?

Please complete the form.
A member of the CTP team will be in touch soon!

Phone Icon
Email Icon
Location Ping Icon
// Simple Form Validation by BRIX Agency
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
All rights reserved 2026 © CTP, Inc. | Privacy Policy