What businesses need to know about the 2021 national security review regime and how it affects M&A

Proposals to increase government powers to investigate mergers and acquisitions (M&A) are currently moving through Parliament. The bill is well-intentioned and necessary, although if its procedures are not rationalised there is risk of inefficient management that could cause uncertainty in deal management.

The National Security and Investment Bill (the NSI Bill) will introduce two significant changes to corporate deals.

Firstly, there will be a mandatory requirement to notify the Secretary of State for Business, Energy and Industrial Strategy (BEIS) if the transaction involves specified sectors. The notification will take place through the Investment Security Unit (ISU), a 100-strong department within BEIS.

Secondly, the government’s investigative powers will be extended, so that deals may be subject to review for up to five years after completion.

The NSI Bill is an attempt to regulate foreign investment in UK business, but it applies equally to domestic and international investors. The NSI Bill confers no power to interfere in commercial transactions for economic, anti-monopoly, consumer protection or industry protectionist reasons.

Playing catch-up

The UK is behind most other developed nations in this area and plans to modernise the current 20-year old regime have been in the pipeline since 2018. The NSI Bill will bring processes in line with other jurisdictions such as the US, Australia, France and Germany which already have similar, if not stricter, restrictions.

This is not the first national security review regime procedure in the UK. The current one was administered on an ad hoc basis by the Competition and Markets Authority (CMA), but it quickly became apparent that the CMA’s expertise lay elsewhere.

Political tensions

The government is at pains to state that the UK remains open for foreign investment, and the NSI Bill merely introduces an inevitable level of security that modern international investors should expect. Public statements claim that multinational deals are not expected to be significantly delayed as obtaining clearance from other jurisdictions is already factored into timescales. Yet there is an obvious tension between strands of government that promote openness to foreign countries (the DIT, the FCDO, HM Treasury) and those that do not (the Ministry of Defence, and the security and intelligence services). There are also political tensions between MPs desperate for investment and those wary of foreign interference.

Who will review risk?

The responsibility for assessing national security risk in corporate deals previously lay with the CMA. The responsibility will in future lie with the new Investment Security Unit’s 100 staff. The CMA may still have a role in assisting where, for example, the acquisition results in monopolisation of a critical supply chain.

Affected deals

A statement of policy intent will set out the factors to be considered in determining whether to call in a transaction and will be reviewed regularly.

Initially, the ISU will consider:

• the nature of the target and whether it is in a sector where risks are likely to arise
• the type and level of control being acquired and its practical effect
• the national security concerns raised by the acquirer.

These issues are currently dealt with by the intelligence services, who have little expertise in economic matters. BEIS, which will take this work over, does not have a history of expertise here.

Assessing risk and advising companies: potential pitfalls.

Assessing risk is the responsibility of the ISU, but parties to a transaction will be required to notify if the deal “could give rise to a national security risk”.

As currently drafted, the statement gives the government a wide discretion to assess which transactions present potential risks. The government has stated that it expects to intervene very rarely in asset transactions, and it does not expect national security risks to arise from routine provision of goods and services.

Companies will need to be extremely careful in procuring advice from law firms, and law firms will need to be careful in giving it. The type of self-protecting advice that some lawyers might give to try to ensure they can never be found wrong will be useless, since the legislation is so broad that almost any transaction could fall within it. A reality check, and the skill to balance the risk of notifying against the risk of not notifying will be extremely valuable.

Affected industries

The mandatory notification regime will apply to the 17 sectors considered to be vulnerable to national security risks:

• Advanced materials
• Artificial intelligence
• Autonomous robotics
• Civil nuclear
• Communications
• Computing hardware
• Critical suppliers to government
• Critical suppliers to the emergency services
• Cryptographic authentication
• Data infrastructure
• Defence
• Energy
• Engineering biology
• Military or dual-use technologies
• Quantum technologies
• Satellite and space technologies
• Transport.

If your transaction does not relate to any of these industries, notification will be voluntary. However, the government’s new retrospective power of review applies to any undeclared transaction which takes place on or after 12 November 2020, irrespective of the sector. Until the ISU is established, the government is encouraging businesses to contact BEIS directly if they have concerns that their transaction falls within the scope of the NSI regulations.

Affected investors

Much of the press attention on the NSI Bill has presented it as affecting foreign investors specifically. However, the NSI Bill makes no distinction between domestic and foreign investors, so it may affect your investments even if you are based in the UK. This may be partly because many foreign-controlled acquisitions take place using UK subsidiaries.

Neither the NSI Bill nor the policy statement attempts to address specific identified threats to UK national security. The statement says that the new regime:

“does not regard state-owned entities, sovereign wealth funds or other entities affiliated with foreign states as being inherently more likely to pose a national security risk.”

The risk to national security will be assessed on the practical effect of the deal. Parties should carry out due diligence and notify the ISU where they consider that the transaction may enable a hostile party to undermine national security. However, thorough due diligence will not uncover all national security risks, and the ultimate responsibility is with the Secretary of State for BEIS.

Despite the assurances that national security risks will be assessed based on the acquirer’s affiliations with hostile parties, rather than nationality, it is likely that the NSI Bill is intended to target Chinese investors. Since 2016, statements by politicians such as Theresa May (on Hinckley Point) and the increasingly influential China Research Group suggest that Chinese investment is considered a security risk. In 2014, the Ministry of Defence stated that “China and Europe are unlikely to view each other as threats and may become partners in managing future crises”. Yet by 2019, the European Commission (when the UK was an EU member) stated that China was a “systemic rival” of Europe.

We can take at face value the government’s claim that it will view each transaction on a case by case basis, but we can also assume an attempt by an Auckland-based company to buy strategic assets will generally be viewed more favourably than one by a Beijing company.

The government’s own actions confirm this point: since 2016 it has been at pains to assuage Chinese concerns that any foreign investment review regime is aimed at China, prompting one Chinese official to comment to this author that the British approach was one of “At this spot, we have not buried 300 pounds of silver,” an old Chinese saying which illustrates how one can inadvertently draw attention to something by denying it.

Obtaining clearance

If the deal relates to one of the sectors set out above, it will fall under the mandatory regime and you will need clearance. Without clearance, any transaction subject to the mandatory regime will be void but may still be ratified by BEIS.

You may nonetheless notify voluntarily if you have identified a national security risk outside of one of the identified sectors, or if you wish to seek reassurance that your deal will not be subject to review under the extended five year window.

The ISU can only call in a transaction within six months of becoming aware of it (within a maximum five years after completion), unless parties failed to notify under the mandatory regime. Due to the retrospective nature of the NSI Bill, ongoing negotiations and deals completed on or after 12 November 2020 could be subject to review.

The review period is thirty working days after notification, during which the ISU may give a call-in notice or confirm it will take no further action. It will be quicker than the current process for obtaining clearance from the CMA, giving parties more certainty than the current case-by-case approach.

Conclusions

Due to the wide discretion under the NSI Bill as to which deals will require review, it is difficult at this stage to be sure whether specific transactions will be affected. You may prefer to make a voluntary notification and wait for thirty working days for a decision rather than be open to review for five years.

One question is who can assist companies with such notifications. A national security review is, for UK lawyers, a new area of law. M&A lawyers will need to skill-up in this area, and it is even possible that a new legal discipline will emerge – that of the national security lawyer. This is because the relevant issues are not the usual commercial ones that M&A lawyers are used to.

Critics have warned that the regime will discourage investment into the UK. This seems unlikely, since so many other countries have similar review procedures. The real test will be whether the UK can run the process in a transparent and efficient way.