Mergers & Acquisitions

Overview

• In Australia, takeovers are regulated by legislation (namely the Corporations Act 2001 (Cth)) and regulatory policy. Takeover rules apply to acquisitions of ASX-listed Australian companies, ASX-listed Australian managed investment schemes (i.e. investment trusts), and unlisted Australian companies with more than 50 shareholders.
• Cyber security issues are intertwined with merger and acquisition (M&A) activity, particularly with respect to the effectiveness of cyber risk due diligence practices, post-merger processes and data transmission procedures.

Background

• M&A and Cyber Security: Key considerations for buyers and sellers, Corrs Chambers Westgarth (December 2019)
• Dealing with Data: Emerging trends in M&A transactions, Allens Linklaters (November 2019)
• The world of digital M&A, Freshfields Bruckhaus Deringer (November 2018)
• Cybersecurity: Threats, Challenges and Opportunities, Australian Computer Society (November 2016)
• The role of cyber security in mergers and acquisitions diligence, Forescout Technologies (2019)

Legal Framework

• The Corporations Act 2001 (Cth) contains key rules relating to takeovers in Australia (namely, acquisitions of more than 20% of the target listed entity or trust):
  • Part 2D.1, together with case law, regulates directors' duties and powers, especially relevant for the target entity’s directors
  • Chapter 5 regulates schemes of arrangement as alternatives to takeover bids
  • Chapter 6 regulates the acquisition of direct and indirect interests in a target entity
  • Chapter 6A regulates compulsory acquisitions
  • Chapters 6C and 6CA regulate shareholding disclosure requirements and continuous disclosure obligations
  • Part 7.10 regulates insider trading and other conduct relating to securities
  • Chapter 6D regulates fundraising, which is relevant for scrip bids
• ASX Listing Rules and related market operating rules.
• Competition/anti-trust legislation contained in the Competition and Consumer Act 2010 (Cth) designed to prohibit mergers that have the effect, or are likely to have the effect, of substantially lessening competition in a market.
• Foreign investment legislation contained in the Foreign Acquisitions and Takeovers Act 1975 (Cth).
  • The Foreign Investment Reform (Protecting Australia’s National Security) Act 2020 (Cth) amended the Foreign Acquisitions and Takeovers Act 1975 (Cth) (FATA) so that definitions associated with critical infrastructure in SOCI are now included in the FATA. This change may have implications for cloud service providers, including Software as a Service (SaaS), with foreign ownership, or who are subject to an acquisition or takeover by a foreign entity. Foreign investment in a responsible entity or a direct interest in a critical infrastructure asset is now subject to notification to the Foreign Investment Review Board (FIRB). FIRB can undertake ‘own motion’ review of transactions if it has national security concerns. Changes in ownership and control, including changes in personnel, may impact a SaaS provider’s authority to operate in an assessment and authorisation context.
• Industry-specific statutory frameworks, such as the Banking Act 1959 (Cth), Financial Sector (Shareholdings) Act 1998 (Cth), Insurance Acquisitions and Takeovers Act 1991 (Cth), etc.

Regulatory & Policy Framework

Relevant Organisations

• Australian Securities & Investments Commission
  • Regulatory Guides, Class Orders and ASIC Instruments
• Takeovers Panel
  • Guidance Notes
  • Reasons for Decisions
• Australian Competition and Consumer Comission
• Foreign Investment Review Board
• ASX

Inquiries & Consultations

• Parliamentary Joint Committee on Corporations and Financial Services, Inquiry into Oversight of ASIC, the Takeovers Panel and the Corporations Legislation No.1 of the 46th Parliament (current)
• Senate Standing Committee on Economics, Inquiry into Foreign Investment Reform (Protecting Australia's National Security) Bill 2020 and Foreign Acquisitions and Takeovers Fees Imposition Amendment Bill 2020 (current)

Industry Materials

• The Allens handbook on takeovers in Australia, Allens Linklaters (2020)
• Takeovers in Australia, Ashurst (2020)
• Mergers, Acquisitions and Machinery of Government Changes, Australian Cyber Security Centre (June 2020)
• Cyber Perils in a Growing Market, Aon, where it is reported that cyber insurance may only cover 'named perils' not all cyber risks that arise in an M&A deal.
• Data Privacy and Cybersecurity Issues in Mergers and Acquisitions, Forbes Magazine (November 2018), which explains that a bidder should identify cyber security or due diligence issues through a comprehensive cyber risk assessment conducted by a third party, as the target may not know about a vulnerability or problem with their own data.
• Don’t drop the ball: Identify and reduce cyber risks during M&A, Deloitte (2016), which notes that a complete asset inventory and device assessment can help reduce operational risks in an M&A deal.
• Cybersecurity risks in mergers and acquisitions transactions, King & Wood Mallesons (September 2018), which explains that cyber risks can be managed using warranties, specific indemnities, closing conditions and pre-closing covenants.

Related Topics

• Directors' Duties