While the longstanding review by the United States of cross-border investments for national security implications might sound like the same old song, several important developments in recent years should give investors and targets reason to momentarily press “pause” before “play” when considering these transactions.
Two essential components critical to dealmaking across borders in today’s marketplace include conducting risk-based international compliance due diligence and clearing M&A transactions with the Committee on Foreign Investment in the United States (CFIUS). Below we discuss how to navigate both processes and get deals on the “greatest hits” list.
International Compliance Due Diligence
Before pressing “play” on cross-border investment, several key international compliance risk areas and associated liabilities should be taken into consideration. These include everything from anti-corruption, anti-boycott, and export and reexport laws to customs/import compliance and trade actions/remedies. Not to be forgotten are privacy and tax issues and successor liability concerns, with resulting liabilities across these areas ranging from a playlist of criminal and civil fines to blocked transactions.
For a deal to be a chart topper, a risk assessment should focus on not only the nature of the target’s business and reputation in the market, but the industry and the countries in which the target operates. The extent to which the target is exposed to certain international compliance risk areas and how it approaches compliance in these areas are also important considerations. Additionally, the target’s utilization of third parties, its interaction with government officials or government customers, and the strength of its existing compliance program and internal controls must not be overlooked.
Once a company is ready to move forward with due diligence, the following recommendations should be considered:
- Choose a team wisely: The international compliance due diligence team should include those subject matter experts (SME) best suited to address the specific issues involved in a transaction.
- Understand the timeline and what is needed to investigate or review: Determine the amount of time, scope of international compliance due diligence and allocation of responsibilities.
- Know what can be obtained through the data room: Because information concerning international compliance issues is rarely included in publicly available materials or in a data room, it is critical to create a separate work stream to conduct international compliance due diligence.
- Address violations or noncompliance up front and in the deal documents: If enforcement cases or internal investigations are discovered or disclosed, it may be necessary to bring in outside counsel skilled in the legal issues involved (i.e., an SME) to assess the potential impact on the target and its business/value pursuant to a common interest agreement to prevent waiver of the privilege.
- Appreciate the risks and where additional diligence is needed: One of the biggest challenges in conducting due diligence is determining when a desktop review or interview of target personnel may be insufficient and when certain potentially high-risk transactions should be audited in more detail.
- Prepare to deal with foreign affiliates or subsidiaries: Most transactions involve international activities or parties and may involve a target’s foreign subsidiaries, foreign suppliers or vendors, or foreign consultants and customers.
Following the conclusion of the risk-based international compliance due diligence, investors need to assess the effect of what has been uncovered on the overall transaction. Next steps include proceeding as planned or renegotiating to account for risks; delaying closing until further due diligence is done or active cases/investigations are resolved and then reassessing or renegotiating; or walking away from the opportunity if warranted.
Upon proceeding, be sure to determine if the identified risks can be addressed through contractual provisions or revaluation. If they are serious enough, they may require resolution (“pause”) prior to closing.
Additionally, these questions should be asked:
- How much of the target’s revenue stream/business model could be affected?
- How many key employees, intermediaries, or customers may be affected or need to be retrained or terminated?
- Is the target’s business model/culture so different that it will be difficult to integrate it into the compliance program without the business being materially affected?
- How much uncertainty is there around whether there is sufficient time to assess compliance risks or to resolve known compliance issues and quantify associated costs and liability?
Keep in mind that it is market practice to include specialized US Foreign Corrupt Practices Act and other international compliance representations and warranties in transactional documents. Don’t rely on general compliance with laws, representations, and warranties, which are often qualified with no material adverse effect language.
Before any fast forwarding, buyers and sellers have some final steps to take. For instance, sellers should prepare due diligence for buyers by completing a self-assessment of ongoing compliance issues, including hotline complaints, internal investigations, or external enforcement cases. Buyers should contemplate if forcing disclosure to enforcement authorities will lead to timely resolution of international compliance issues before closing.
From 8-Tracks to iTunes: A Brief CFIUS Overview
- Created in 1975 via executive order, CFIUS examines the implications of cross-border investment.
- Over more than 40 years, CFIUS’s jurisdiction has evolved to include mergers, acquisitions, and divestitures; transactions that are designed to evade (or avoid) CFIUS review; and minority and other investments that meet particular criteria.
- CFIUS comprises several US government offices, departments, and agencies. It is chaired by the US Department of Treasury.
- Outside the United States, national security review regimes exist in Japan, Australia, the United Kingdom, the European Union, Germany, France, Italy, China, and Russia. In concert with CFIUS, these regimes help protect national security interests of the United States and its allies and partners.
- In September 2022, President Joseph Biden issued an executive order (EO) that included insight which can better inform the risks associated with certain types of cross-border investments. The EO identifies key areas where further and more expansive activity should be expected—those in Section 1 of the EO, which are described as evidence of the “evolving national security landscape and the nature of the investments that pose related risks to national security.”
- Several factors determine whether CFIUS must approve a transaction or investment through a filing process. A voluntary or mandatory filing process is dependent on factors such as the involvement of critical or emerging technologies; supply chain; cybersecurity; “building block” products or technology; relationships with countries of concern (including, for example, the People’s Republic of China); government engagement; and multilateral jurisdiction.
- Reviews and investigations of filings can take up to 120 days, with an 10 additional days to review the “draft” filing. The initial process includes a 45-day review and, in select instances, can require a subsequent, second 45-day investigation.
- While CFIUS’ jurisdiction remains fluid, among its constraints is a lack of unilateral authority to define critical and emerging technologies. Presently, it covers existing and emerging technologies deemed “critical” to US interests that are broadly defined in some circumstances by US export control laws and regulations.
Watch our on-demand M&A Academy session for more information on key cross-border regulatory issues that may affect M&A transactions.