Globally, there has been a significant uptick in regulatory mandates and enforcement. These developments have presented challenges for businesses, while also creating opportunities for strategic M&A. Attorneys Ayşe Yüksel Mahfoud and Aara Tomar of Norton Rose Fulbright explore regulatory trends applying pressure to global markets.
With the surge in innovative technologies and emerging issues like climate change, there are several recent and upcoming regulations globally impacting businesses. These regulations also shape dealmaking. While the uptick in regulatory and enforcement actions may have slowed down deals, recent regulatory changes, especially in the ESG area, have led to M&A opportunities.
Norton Rose Fulbright recently released the Global M&A Trends and Risks Report in collaboration with Mergermarket. This report outlines the findings of a survey conducted among top-level executives from multinational corporations, private equity firms and major investment banks. In the report, regulatory and compliance risks came up as a major consideration complicating M&A across different markets.
Increasingly aggressive antitrust regimes across the globe
Antitrust in the U.S.
Almost all respondents in the report (94%) identified the U.S. as the jurisdiction believed to see the highest level of antitrust scrutiny. Meanwhile, other jurisdictions are also witnessing recent developments aimed at strengthening the respective antitrust regimes.
The FTC and DOJ released updated merger guidelines in July, paving the way for stricter thresholds and new structural presumptions in determining transactions that may be viewed as illegal. These merger guidelines also include new factors the agencies might consider in evaluating the competitive effects of the proposed transaction, for example, the impacts of the transaction on the relevant labor markets and the parties’ history of acquisitiveness. Further, the U.S. recently introduced the Merger Filing Fee Modernization Act, which raises the merger filing fees for large deals. Finally, the FTC and DOJ recently proposed changes to the Hart-Scott-Rodino (HSR) notification and report form that would require the production of additional documents and information, including detailed narratives, as part of a currently less burdensome pre-merger filing. These changes will result in more rigorous antitrust enforcement in the M&A space and significantly increase burdens on merging parties.
The developments in the antitrust regime in the U.S., however, are not limited to merger control. In a recent, unprecedented case (United States v. Zito), the DOJ brought criminal charges against the defendant for attempted territorial market allocation.
Anti-competition regime of Canada
Half of the respondents in the report note that antitrust regulations are a significant hurdle for deal activity in Canada. The uptick in antitrust scrutiny has become typical for Canada and the U.S. For example, in June 2023, Canada removed the limit on penalties for anti-competitive practices, leaving the determination of penalties solely up to the courts’ discretion. And, by the look of the ongoing consultations, such change will follow more significant changes in Canada’s competition law and enforcement.
EU’s approach to antitrust
The EU is also making strides toward more rigorous antitrust enforcement. Regulated by the European Commission and the authorities of the respective member states, businesses are facing myriad regulatory and enforcement changes.
The European Commission recently released new guidance regarding the referral mechanism under Article 22 of the EU merger regulation. Regardless of whether the merger is meeting the national filing thresholds, the member states can now refer any merger to the European Commission for review if the deal would affect trade between member states and threaten to affect competition within such state(s) significantly.
Earlier this year, the EU introduced a new regime to address anti-competition risks from foreign subsidies. Another recent, critical law addresses the dangers posed by the digital transformation era. Called the EU Digital Markets Act (DMA), this law involves guidelines targeted for “gatekeeper” digital platforms to maintain fair and competitive digital markets.
In addition to the measures taken by the commission, member states have recently witnessed a range of national antitrust laws. Some have expanded the agenda of antitrust by protecting consumers from injustices. Germany is an example of this. The laws in Germany allow the investigation of deals that do not show a case of antitrust infringement if they pose any risks to consumers’ interests.
Increased scrutiny in other jurisdictions
Other jurisdictions have seen similar measures promoting fair and competitive markets. For example, Australia has increased the limit on its penalties. In addition, if there are multiple contraventions, the authorities can aggregate the fines. Conversely, China broadened the enforcement powers of the State Administration for Market Regulation. The recently revised Chinese anti-monopoly law now imposes fines against individuals also.
Cybersecurity is now a major focus for regulators
Cybersecurity regulations have become a dominant theme for businesses. The recent updates call for a re-focusing of business priorities. Higher regulatory scrutiny in data protection and privacy looms over businesses struggling to keep up with the ever-changing legal landscape.
Cybersecurity has become a crucial consideration for a target’s valuation. Target businesses need to have foolproof cybersecurity systems in place. Not doing so will bring the risk of organizational disruption and severely affect the valuation. With digital transformation and a prevalent remote workforce, businesses are now more prone to cyber threats. It is common for such threats to reveal technical vulnerabilities during deals, especially during integration phase. Given the expansive level of the fallout from cyber threats, authorities have ramped up efforts to have stricter regimes.
While antitrust regulations have increased globally, there has been an uptick in cybersecurity regulatory landscape, which is most prominent in developed economies. As per the report, released before the SEC finalized its new cybersecurity rules for public companies, such laws received the largest share of votes from the respondents (55%) when asked to identify the biggest hurdle to dealmaking in the U.S. and Canada.
Cybersecurity regime in the U.S.
In addition to the SEC’s new cybersecurity reporting rules, there will soon be stricter requirements to report specific cyber threats for companies operating in the “critical infrastructure sectors.” The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) recently introduced such requirements. It will take two years until the law is in effect, giving companies in the covered sectors (including healthcare, energy and information technology) some time to build a resilient system compliant with the requirements.
Some states in the U.S. have also stepped up their scrutiny. For example, laws in New York will soon require financial institutions to bolster their cybersecurity compliance programs. Other states like California have developed their own set of privacy policies targeting data controllers and processors.
Developments in Canada
Canada expects to have a new privacy law with the introduction of the Consumer Privacy Protection Act (CPPA). This law brings new compliance requirements, including the mandate for privacy management program. Further, a new law — the Artificial Intelligence and Data Act — will soon be in place to regulate the creation and use of artificial intelligence.
EU response to cybersecurity challenges
With the unprecedented level of compliance introduced under the GDPR, Europe has set the stage for other countries (such as Japan and China) to adopt similar regulations. GDPR has been in the news due to harsher enforcement actions. EU’s scrutiny has even reached data transfer outside its region with the introduction of the EU-U.S. Data Privacy Framework. This step is an extension of GDPR standards to the U.S. The EU has also proposed the Cyber Resilience Act to keep up with innovative technology. This law will focus on products with digital features and mandate steps for data protection.
ESG shaping the M&A landscape
After antitrust and cybersecurity regulations, the regulatory framework revolving around ESG has been setting the pace. As per the report, such ESG regimes have become a key factor shaping M&A, especially in Europe and the Middle East. At least 54% of respondents to the report’s survey shared this view. ESG issues have become more relevant than ever, and regulators are not the only ones to thank for it. There has been a growing level of corporate pressure, much of it backed by investors.
ESG is a priority in investor decision-making, as the issues it captures are often correlated to long-term viability. As a result, businesses are getting more conscious about their impact. There is a growing pressure to bring in institutional changes to address ESG considerations and integrate them into corporate metrics. As noted in the report, ESG will most significantly impact the energy, infrastructure and industrial sectors.
EU leading ESG-motivated efforts
Globally, regulators have introduced laws requiring businesses to disclose ESG-related information and consider the costs of ESG-related issues in their decision-making. It is not surprising that the EU has been leading such efforts. The newly introduced Corporate Sustainability Due Diligence Directive sets out requirements for large enterprises. It mandates climate plans and requires companies to identify their contributions in ESG space. With the proposed Corporate Sustainability Reporting Directive, the EU also mandates requirements for its member states.
Rise of ESG-related compliance in the U.S.
While the U.S. has not yet matched the EU’s pace, recent developments suggest it is trying to catch up. The SEC is working on proposed rules requiring public companies to track their impact on the climate, and the federal supplier climate risks and resilience rule will require federal government contractors to disclose their emissions and climate-related financial risks. Meanwhile, the implementation of the Uyghur Forced Labor Prevention Act has resulted in increased enforcement actions regarding the import of goods alleged to be tied to forced labor.
International standards for sustainability and greenwashing
To synchronize the standards of sustainability disclosures in an effort to address greenwashing, the International Sustainability Standards Board issued inaugural standards in June. These standards create a common model that jurisdictions can adopt. There is also an upward trend of greenwashing disputes claiming that businesses have embellished the ESG benefits of the business, services or products.
Regulators are also taking a hard look at ways to address greenwashing. In the U.S., for example, the FTC is updating its “Green Guides,” which set out when environmental benefits and sustainability claims are misleading or deceptive. Similarly, the SEC has proposed rules setting parameters for identification and marketing of ESG funds.
The increased pace in regulatory framework calls for businesses to keep up
It is becoming increasingly crucial for businesses to be fully informed about the regulations impacting them. In the context of M&A, the new regulatory framework requires buyers to be equipped with tools to address any surprising turns during deals. These tools include tactical contractual terms and strategic handling of regulators. Businesses with global presence need to be wary of the occasionally inconsistent approaches by the regulators in different regions.