Mergers and acquisitions (M&A) involving government contractors present unique challenges that extend beyond standard corporate diligence. Government contractors operate in a highly regulated environment where contractual rights, regulatory compliance, and reputational exposure can significantly impact deal value and viability. For buyers and sellers alike, understanding the nuances of the Federal Acquisition Regulation (FAR), personnel security and facility security clearances, the Committee on Foreign Investment in the United States (CFIUS) regulations, and contract novation are essential requirements in avoiding costly post-closing surprises and persistent risk. Moreover, the U.S. Department of Justice’s (DOJ) M&A Safe Harbor Policy incentivizes robust pre‑ and post‑closing diligence by providing a presumption of declination where acquirers voluntarily disclose misconduct discovered at an acquired entity within six months of closing.

Although not an exhaustive list, some key considerations are:

  • Address Export Controls and National Security Risks: Scrutinize compliance with International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR), and identify any Foreign Ownership, Control, or Influence (FOCI) issues or any issues that may warrant a CFIUS notice or declaration or could trigger risk of a CFIUS
  • Validate Contract Transferability and Novation: Confirm the status of all prime and subcontracts, teaming agreements, license agreements, or other agreements, assessing the terms of performance, and identifying any restrictions on assignment or change of control that require a formal novation agreement with the government, or notice or approval of the transfer with a third party. Assess whether there are certain restrictions, such as small business or other set-aside statuses, that may affect the ability to transfer or perform contracts post-closing and the effect of the M&A event on any open bids or proposals.
  • Assess FCA Risks and Regulatory Compliance: Go beyond basic compliance to evaluate exposure under the False Claims Act (), ensuring there are no undisclosed violations, pending audits, or systemic billing issues (for more on FCA concerns, see Fluet writings here and here).
  • Identify Organizational Conflicts of Interest (OCI): Determine if the target’s current work precludes the future combined company from bidding on future contracts, which could drastically alter the company’s future valuation. Simultaneously, evaluate mitigation plans, agency correspondences, and consider restricting or divestiture strategies, if necessary.
  • Scrutinize Intellectual Property and Data Rights: Analyze rights allocation clauses under FAR, Defense Federal Acquisition Regulation Supplement (), and applicable Cost Accounting Standards (CAS) to ensure the government hasn’t acquired unlimited rights that impact the value of the target’s proprietary technology.
  • Review Personnel and Facility Security Clearances: Verify the status of facility security clearances (FCL) and personnel security clearances (PCL), evaluate compliance with the National Industrial Security Program Operating Manual (NISPOM), and assess retention risks for cleared employees essential to contract performance. Prepare for mandatory notifications or approvals that may be triggered during the transaction.

A surface-level review is insufficient as effective diligence requires a full inventory of the target’s government contracts. The review may begin with identifying all prime and subcontracts, task orders, and modifications, while verifying contract performance periods, ceiling values, and option years, but must go further to understand and assess the items outlined above. Absent a detailed level of diligence, an acquirer may be unable to detect contract‑specific compliance failures in time to meet the DOJ’s six‑month voluntary disclosure deadline under its M&A Safe Harbor policy.

Parties must analyze any contract specific obligations, restrictions, or funding or termination risks. Based on these findings, the transaction should be structured to allocate risk appropriately. This often involves drafting detailed representations, warranties, and indemnification provisions, or structuring earn-outs or escrows. These mechanisms are critical for addressing potential novation delays or unresolved compliance issues discovered during the review.

While standard diligence looks at financial health, due diligence for government contractors also prioritizes regulatory diligence. Due diligence should include a rigorous review of the target’s internal compliance programs, ethics policies, and training procedures. Buyers must investigate any history of required disclosures, whistleblower complaints, or audits (see previous Fluet writings on audits and congressional oversight here). This review must extend to the performance history, specifically examining Contractor Performance Assessment Reports (CPARs), cure or show cause notices, or termination for cause or default letters. Legal review should also assess any claims, disputes, or litigation history, including Contracts Disputes Act (CDA) proceedings. Furthermore, with the increasing focus on cybersecurity, verifying compliance with the National Institute of Standards and Technology (NIST) standards and the Cybersecurity Maturity Model Certification (CMMC) framework can now a deal-breaker issue (see previous Fluet writings on CMMC 2.0 here).

Government contractor M&A requires a specialized lens to identify and mitigate risks that are overlooked in standard commercial transactions. By tailoring due diligence based on the particular deal and addressing the issues discussed here proactively, parties can structure transactions that protect value and ensure smooth integration. Whether considering a sale or looking to acquire, Fluet’s Government Contracts and Corporate + Transactional teams can assist to ensure due diligence is mission ready.