As the global economy gradually emerges from the pandemic and the growth outlook of many major economies is beginning to improve, the pace of global deal activity involving fintech companies is also accelerating. However, the marked rise in geopolitical tensions across the globe has increased protectionist and interventionist approaches to M&A activity. As many countries continue to introduce far-reaching foreign investment and public interest review regimes (or expand their current regimes), foreign investment has become central to M&A risk assessment.

This is increasingly true for fintech deals. The large amount of personal data that may be held by fintechs, the types of technologies they use, and their involvement in important financial infrastructure can often bring fintech deals within the scope of recently revamped foreign investment regimes. While most cases are not public, we have seen an increasing number of fintech deals being captured and investigated.  

This represents an additional hurdle to the heightened merger control scrutiny of fintech deals under competition laws (on which we reported last week). The deal risks are generally threefold: closing may be delayed due to potentially long and unpredictable review timelines, missing a filing can result in a transaction being void and trigger sanctions, and transactions may in certain circumstances be subject to remedies (or exceptionally blocked outright). However, forewarned is forearmed, and most of the deal risks can be pre‑empted or addressed if foreign investment reviews are factored into the deal planning process early on.

Why can fintech deals be caught by foreign investment rules?  

The scope of foreign investment rules continues to expand to include sectors that until now would not have traditionally featured, in line with an ever-broadening concept of what constitutes national security. For example, in reaction to the COVID-19 pandemic, many governments have rapidly revamped their existing foreign investment regimes to avoid national champions being scooped up at a discount by foreign investors.

As part of these protectionist drifts and a growing focus on developing national champions and maintaining strong capabilities in the technology sector, many countries have expanded their foreign investment regimes to capture companies that hold sensitive data, develop critical or emerging technologies (such as artificial intelligence and cryptographic authentication), or are active in data infrastructure activities, amongst others.

In addition, many foreign investment regimes have evolved to capture minority investments and, in some circumstances, the transfer of (tangible or intangible) assets. For example, the UK’s new national security regime (expected to come into force by the end of 2021) will require mandatory and suspensory notifications in a range of designated sectors for acquisitions of shares/voting rights from 25 per cent. Acquisitions of shares/voting rights below 25 per cent, while not subject to mandatory notification, could still be “called-in” by the UK government for national security review where the acquisition would enable the acquirer materially to influence the policy of the target. The UK Government will also have the power to call-in for review asset acquisitions (including source codes, algorithms and software).

As a result of these reforms, investments in fintech companies can trigger foreign investment reviews in a variety of countries, such as Austria, Australia, Germany, Italy, Japan, Spain, the UK and the US. 

The list of EU countries that have foreign investment regimes that could capture fintech deals is likely to lengthen following the entry into force, in October 2020, of the EU foreign investment screening regulation which encourages Member States to adopt foreign investment screening mechanisms. With the European Commission’s recent update of its industrial strategy, the pressure on Member States to protect assets identified as strategic by the Commission will only increase. These assets include, amongst others, cloud and edge technologies.

What are the deal risks?

The most common issue is a delay to closing of the transaction. If filings are thoroughly prepared and parties engage with the authorities constructively, the process can often be straightforward. However, if there are material national security concerns or the transaction is taking place against wider geopolitical tensions (e.g. a trade dispute), the timeline may extend beyond the anticipated transaction timetable. For example, the acquisition of Genworth Financial (a US company) by China Oceanwide took nearly two years to complete and involved significant remedies as part of the US CFIUS process. The main issue was around consumer data.

Missing a filing can also open up the transaction to nullity allegations. Authorities (and in some cases interested parties) can seek to have the transaction declared null and void. While it may be possible to mitigate this risk retrospectively in certain circumstances (for example by seeking an authorisation post-completion), merging parties can still be subject to significant fines and criminal sanctions in certain jurisdictions.

Authorities may require certain assurances or remedies before approving a transaction (and exceptionally block transactions). The most prominent fintech transaction that was publicly blocked is the $1.2bn sale of MoneyGram to Ant Financial, again a case involving a US target and a Chinese acquirer.

How to mitigate foreign investment risks in fintech transactions? 

Investors, or fintechs preparing for a sale, should identify early on in which countries their transaction may be subject to a foreign investment review. Given the increasing activity of governments and authorities across the globe on foreign investment issues, this is equally important as planning for other regulatory processes (including merger control reviews).

Information gathering to prepare for filings may be extensive because of ‘look through’ rules. Most authorities require details and disclosures not only from the acquiring entity, but also from the ultimate investors in the acquiring entity (including those with significant minority shareholdings). To ensure a smooth deal completion process, it is advisable to begin preparations for filings as early as possible.

Identifying and preparing filings - and including appropriate risk allocation measures in deal documents - is only the first step. It is also key to understand the sensitivities involved so that they can be mitigated if necessary, whether through transaction structuring (e.g. forming a consortium with investors from ‘friendlier’ countries) or identifying suitable assurances/remedies. A recurring concern, for example, is the buyer’s ability to access sensitive data. Even if the buyer comes from a ‘friendly’ country, an authority may still raise concerns due to the high sensitivity of the information and/or the risk of entities from high threat countries obtaining unlawful access to the information (e.g. due to inadequate data protection policies or a history of data breaches).

A considered (and global) engagement strategy with authorities is essential to successful deal execution. In this respect, care is needed when preparing internal documents early on in the process to ensure consistency with the engagement narrative. Authorities will often request documents commenting on the transaction rationale and post-closing plans for the target business.

In short, fintech transactions are increasingly subject to foreign investment reviews. But with good preparation, setbacks can be avoided.

To read more about these issues and developments globally, please see our Global antitrust in 2021: 10 key themes report – politics and antitrust.