Proposed UK National Security and Investment Controls - A Note for the Infrastructure and Energy Sectors

August.16.2018

Amongst the flurry of ministerial assignments issued on the last day of a rather turbulent political term, was the Government’s White Paper on national security investment controls and the accompanying Statement of Policy Intent.   

An Uncertain World

Whilst the prospect of a Russian Spybot lurking in all our smart devices is a step too far just yet, the White Paper has been released against the backdrop of a global resurgence of activist industrial policies and hostile actors. One couldn’t resist a wry smile last month at the image of Putin turning down the White House’s dimmer switch whilst The Donald was addressing why ‘yes meant no’ and that he still had full faith in the US intelligence services. Fake news, but not unbelievable. The need, then, for the Government to enhance its powers over transactions affecting national security is, as the responses to the (prior) Green Paper indicate, broadly accepted by UK industry and its investors. For its part, the Government argues it is doing little more than bringing the UK into line with equivalent national security investment controls in Australia, Germany and France; it is an exercise in alignment. 

However, there is a need to tread carefully. The UK’s reputation as the world’s third biggest recipient of FDI is hard-won, and will be ever more important in our brave, new, post-Brexit world. Further the UK’s infrastructure and energy sectors, with their pressing need for investment over the coming decades (and an area in which national security concerns are often at the fore - think Hinkley Point C), are particularly exposed to any uncertainty created by an increase in the Government’s national security blocking powers. And, as we all know, uncertainty is investment’s enemy. 

Certainty, in this context, must be assessed against a number of key criteria.

First, businesses need to be certain that they can go about their day to day activities without interference; the scope of the investment controls must not be so wide that business is forced to consider it at every turn. Second, the tests against which the Government will assess a national security risk must be objective. Third, the approach the Government will take in exercising its discretion must be framed by clear up-front guidance. (Absent the two forgoing criteria, an inevitable flood of precautionary notifications will follow.) Fourth, the process must be concluded in the most expedient time frame possible, and its ultimate duration certain. Finally, in the event that action is required, the Government must only intervene to the minimum extent necessary to achieve its limited aims.

Overall the policy in the White Paper scores relatively well: the substantive test of what constitutes a national security concern is objectively stated in familiar quasi-judicial language; the supporting draft Statement of Policy Intent contains helpful guidance as to how this test will be applied (and informal safe harbours); and a short initial screening period of no more than 30 (and typically 15) business days will apply to all transactions that are notified or called-in. 

Perhaps most importantly the Government has also stuck with a voluntary notification regime, in-line with existing UK merger control principles. Whilst this approach necessarily sacrifices an element of certainty for expediency, in not unnecessarily holding-up the progress of transactions (with the consequent deadweight loss to the economy) overall transaction costs are minimised. The Government's right to exercise retrospective call-in powers if a transaction is not notified is subject to a six month limit.

Equally there are elements of the proposed policy, particularly its potential scope (extending beyond mergers and acquisitions to commercial contracting, asset and land purchases, and potentially lenders) and aggregation effects for businesses who hold multiple interests in strategic sectors, where it could create material uncertainty in the economy. 

Trigger Events – A Broad Reach

For a transaction to potentially become subject to a call-in one of five Trigger Events must occur: (1) direct or indirect acquisition of over 25% of the shares (or equivalent) or voting power in an entity; (2) obtaining significant influence or control over an entity, by way of  legal rights or practical influence; (3) obtaining further significant influence or control over an entity; (4) acquiring over 50% of an asset; or (5) acquiring significant influence or control over an asset. In essence, these tests define the point at which a sufficient degree of control will be obtained over an entity or asset that it would be possible for a national security concern to arise. 

So far so familiar with Trigger Events (1) to (3). The 25% threshold with respect to share acquisitions is aligned with existing CMA guidance as to when two economic entities cease to be distinct, and in practice is where minority investors typically obtain material control in joint ventures. The concept of significant influence or control is also hardly new; in defining this the Government intends to adopt a more restrictive  version of Schedule 1A of the Companies Act 2006, but the Statement of Policy Intent tracks familiar lines on the distinction between key decision making powers (approving business plans, borrowing, key employees) - which do indicate significant influence or control - and minority protections (approving changes to constitutional documents, dilutive activities) - which do not. Nor is the ability to assess de facto as well as de jure control novel, for example where a state actor who can - through ‘other means’ - exercise coercive power over a domestically domiciled entity with UK strategic investments. And the right of the Government to revisit its position if further stake building occurs is hard to argue against if you accept the underlying principle (generally this will be triggered where an incremental stake acquisition is made for more than 50% or 75% of shares, or where a controller is granted additional board appointment rights). 

However, Trigger Events (4) and (5) do significantly expand on the Government’s existing reserved public interest powers, outside of mergers and acquisitions activity, to cover the establishment of control over assets (including legal rights) themselves. 

Further, unlike under the UK merger control regime, there are no statutory safe-harbours for activities below a prescribed turnover threshold (the current interim reduction of turnover threshold from £70m to £1m is strictly limited to the dual-use, computing hardware and quantum technology sectors). Whilst there is a logic to this – turnover is unlikely to be a good measure of strategic risk in the same way as it is of market concentration – it comes at the expense of a significant broadening of scope.

And on a more detailed read, further broadening of scope is apparent. 

The 25% share ownership threshold includes non-voting shares; it would, therefore, capture the scenario of passive investment partners such as pension and sovereign wealth funds (frequently direct infrastructure investors or limited partners in infrastructure investment funds). The Government’s ability to revisit its analysis on a later change in relative control could also mean that investors are subject to later review for reasons outwith their control, for example where in a 50:50 joint venture one investor divests a series of incremental stakes resulting in the remaining 50% partner having significant control (something advisers may want to guard against in investment documentation). Lenders must also tread carefully as they often have the right to exercise significant control over, and demand material information with respect to, the entities to which they lend, and inevitably have security over the shares of special purpose project companies. (The argument in the White Paper that this needn’t hinder lending because such transactions will only become reviewable when such rights or security are actually enforced ignores the rather obvious point that it is at precisely this moment that lenders would not want to have their actions subject to Government review.) The forgoing is all the more acute given the White Paper states that  it will not be possible to obtain formal clearance before a Trigger Event has actually occurred, only non-binding informal guidance. This is a position the Government may wish to reconsider, at least for lenders to strategic sectors where certainty as to their information and control rights and security is a crucial component of bankability assessments. 

Perhaps all of the above is just the unavoidable reality of concluding an effective framework to guard against national security concerns.  It is undoubtedly true (as the Government asserts) that, without an ability to control direct dealings in assets, those of a mind would inevitably structure around the controls through business sales, engaging in critical supply chain supply contracts, and  undertaking strategic land acquisitions. But, if that’s the case, businesses (and their advisers) need to be clear that these new controls potentially apply not only at the point of a major acquisition or disposal, but also at the development stage of strategic infrastructure projects; when concluding goods and services contracts with strategic economic actors; when licensing rights to give a person the right to use or manipulate a strategic asset; and when acquiring or disposing of land under which critical infrastructure runs or which overlooks sensitive sites.

When to Notify

Ultimately the uncertainty posed by the above broad scope will be mitigated if, without significant up-front analysis, businesses and their advisers can themselves effectively assess whether the Government would actually call-in a Trigger Event and conclude a national security concern. This is the key advantage of a voluntary regime.

The substantive tests to be met as to whether a transaction can be called–in are: (1) there are reasonable grounds that it is or may be the case that a Trigger Event has taken place or is in progress or is in contemplation; and (2) there is a reasonable suspicion that the Trigger Event may pose a risk to national security. The assessment of national security risk is then broken down into three further components: (1) Target Risk – could the entity or asset undermine national security; (2) Trigger Event Risk - does the trigger event give someone the means to use the entity or asset for such purpose (which appears a little synonymous with the assessment of control for the purposes of the Trigger Events); and (3) Acquirer Risk - might the acquirer exercise such means? 

First, an observation on timing. The peppering of ‘may’, ‘could’ and ‘might’, combined with the express right to exercise a call-in when something is merely in contemplation, means early notification will be required. Parties should not wait until the Project is financially closed, the contract concluded, or transaction binding (whether conditional or not), when considering whether to make a notification. By way of illustration, the White Paper states that something will typically be in contemplation where (for public transactions) a market announcement is required or (for private transactions) heads of terms are signed or exclusivity is granted. Given any exercise of call-in powers will be made public, for private transactions this means that a transaction’s existence may be notified to the market significantly ahead of when the parties would otherwise wish this to be the case (a maximum of 5 days discretionary preparatory time can be given before publication). This could, of itself, encourage early notifications where such would not otherwise be the case. It would be helpful if some limits – perhaps the interim redaction of uniquely identifying information – were considered on this disclosure power, so as not to compromise negotiating parties’ commercial positions or create uncertainty in any workforce that is subject to the transaction.  

National Security Risk 

On the actual assessment of national security risk the accompanying Statement of Policy Intent, which details the factors the Government must have regard to in undertaking any national security assessment, does give some meaningful comfort as to the ultimate effect of the proposed policy. It tends towards a narrow interpretation of what constitutes a national security risk, and the guidance and thresholds it contains are positive both in their specificity and the materiality of suggested gating thresholds. 

It is, however, important to note that this Statement of Policy Intent is ultimately guidance and not an exhaustive limit on the exercise of the Government’s discretion; it does not contain formal safe harbours as to when a relevant transaction, asset, entity or acquirer will never pose a national security risk, and it does not prevent a future Government introducing more spurious national security concerns (albeit any actual review of the policy will require parliamentary approval). It will be very important to the success of the policy, or at least to realising the Government’s repeated assertion in the White Paper that based on its initial analysis (never revealed) it only expects a maximum of 200 notifications per year, that in practice it sticks closely within the Statement of Policy Intent.

Core Areas

There are four Core Areas of the economy that the Statement of Policy Intent identifies as where Target Risk is most likely to arise: (1) some national infrastructure sectors (civil nuclear, communications, defence, energy and transport); (2) some advanced technologies (advanced materials science, AI, autonomous robotics, computing hardware, nanotech, data networks, quantum technology and synthetic biology); (3) critical direct suppliers to the Government and emergency services; and (4) military or dual-use technology. The paper also makes it clear that suppliers of critical goods and services to the Core Areas will be of greater focus than the general economy (the real test here seems to be the ease of substitutability of the particular supplier).  

The Statement of Policy Intent goes on, for each of the Core Areas, to give positive examples of what type and scale of activity will likely give rise to a Target Risk.  In the energy sector the gating thresholds are very high, for example: power generators with an aggregate capacity in excess of 2GW; upstream petroleum infrastructure with a throughput in excess of 3m toe per year (petroleum) or 40m cubic metres per day (gas); and gas and electricity interconnectors and gas storage that contribute to security of supply. The approach for the other Core Areas, whilst not in this writer’s direct knowledge, in most cases do not appear dissimilar. Whilst the Government’s desire to retain flexibility means that the forgoing examples are unlikely to gain the status of formal statutory safe-harbours, they are nonetheless instructive and (if followed over time) will allow for a material degree of reliance by affected parties.

The guidance in the Statement of Policy Intent on Acquirer Risk is also helpful, and makes it clear that the Government’s working assumption will be that parties generally acquire control over entities or assets for legitimate commercial and financial reasons and, in the case of investors, often deliberately adopt a passive role (for example, pension funds). Contra indicators, in decreasing order of probability, are economic agents who are controlled by hostile states or hostile state actors, foreign nationals, or UK citizens with a known hostility to our national interest.

Assuming the policy implementation follows the above guidance in the Statement of Policy Intent it would seem that the vast majority of transactions, at least in the energy sector, will likely to fall outside of the bounds of where the call-in power will be exercised. Those who will need to be more careful will be investors or lenders who have portfolio-wide exposure within or across any Core Areas (to avoid aggregation effects) or whose source of funds is principally from overseas, and those who are exclusive or monopolistic suppliers of critical goods or services within or across any Core Areas.

Timing, Remedies and Enforcement

Turning to the expediency of any review, the 15 business days’ (or maximum 30 business days’) period following any notification or call-in to undertake an initial screening assessment is helpfully short. If such screening concludes a full national security assessment is required, then this must be conducted within a further 30 business days’ (or maximum 75 business days’) period. And in the event parties have decided not to notify a transaction, the Government has a maximum of 6 months from the relevant Trigger Event to exercise its call-in powers (noting that this is longer than the equivalent time period under current UK merger controls). Overall these time frames seem sensible, with the short initial screening period particularly helpful. The only caveat is that, to the extent the Government requires further information to conduct an assessment (which information notices may be served on third parties who may or may not have an incentive to cooperate and not helped by the relatively low civil sanctions for failure to comply) the clock is stopped; this has the potential to add uncertainty to the overall duration of any assessment, and the Government should consider imposing maximum time limits within which parties served with an information notice must respond. 

If, in the end, the Government concludes that remedial action is reasonably necessary it must be proportionate; there must be no other more adequate or proportionate power available; and all representations of the affected parties must be considered. Further, the remedy will generally be imposed only on the acquiring party and blocking decisions will be a last resort (and, even then, the aim would be to apply such only to the minimum possible extent not absolutely). UK Businesses can also put some store behind the requirement for the Government to consider how it could utilise its existing wide ambit of powers within which they already operate – licencing, permitting, regulatory oversight, export controls (and which are particularly prevalent in the infrastructure and energy sectors) – to achieve its aim of protecting national security, before imposing specific additional controls. Judicial review, based on existing well understood principles, will also be available to parties. 

Finally, and predictably given the greater public harm posed by national security than is the case for market concentrations, breach of the legislation or any remedy imposed thereunder is to be backed by both criminal and civil sanctions. For summary offences the maximum sentence will be 6 months or Level 5 on the statutory scale, and for indictable offences 5 years and an unlimited fine (lower thresholds apply for breach of information gathering requirements). Civil sanctions are consistent with the existing EU merger-control regime (fines of up to 10% of worldwide turnover). Directors and other ‘senior officers’ who authorised any breach may also be disqualified for up to 15 years, as can those who knew or ought to have known of such breach and failed to take action to prevent it (a potentially onerous extension). 

In Conclusion

So, on paper, the assignment scores a solid B; it's broadly sensible and (in its ultimate effect) shouldn’t capture the vast majority of legitimate economic activity.

In practice, investors, businesses and lenders transacting in Core Areas such as energy and infrastructure will undoubtedly need to be cognisant of the policy’s much broader reach than existing reserved public interest powers, and keep a close eye on any aggregation of controlling interests, their ultimate source of funds, and any critical supply contracts. It’s also hard to avoid the conclusion that, in the near-term, there will be a significant incentive to notify given the relatively short initial screening period, lack of formal safe-harbours and the fact that definitive advice or precedent as to the policy’s operation will not be available. However, provided that the Government demonstrates over time that it acts within the Statement of Policy Intent (and that such policy is itself stable), then the uncertainty and consequent volume of notifications and increase in transaction costs should significantly lessen over the medium- to long-term.

The Government is consulting on the White Paper through 16 October 2018. Mark Nash or your usual Orrick contact are available to provide further information or assistance on the matters covered in this article.