This article was co-produced with Owen Dacey, Head of Claims at Rising Edge. Rising Edge is a boutique, innovative and client-focused underwriting agency expert on directors' and officers' liability insurance and risk management.
Download this article (PDF, 837 KB)
When it comes to the top concerns for today’s directors and officers, regulations and investigations appear consistently, and for good reason. First, compliance can of course require additional resource and operational cost. Second, when investigations occur, they are time consuming, stressful, costly to defend, and can result in significant reputational damage (both in respect of the company and individuals concerned).
Regulatory investigations and D&O exposure
When it comes to the top concerns for today’s directors and officers, regulations and investigations appear consistently, and for good reason. First, compliance can of course require additional resource and operational cost. Second, when investigations occur, they are time consuming, stressful, costly to defend, and can result in significant reputational damage (both in respect of the company and individuals concerned).
With the seemingly ever-increasing myriad of regulatory bodies and laws to contend with, even those companies that place great importance on planning and implementation of good corporate governance are not immune from being targeted. More regulators, more regulation, in one sense provides a framework and opportunity for improved corporate governance, protection of consumers or national interests (who can argue with that?). In another sense, this trend creates a heightened risk of errors being made and directors being targeted.
For D&O underwriters, regulatory investigations and enforcement actions also come top of the list of categories of claim that cause concern (when considering potential financial exposure in isolation). Whilst not common, there are multiple examples of significant portions of, or entire towers of insurance, being eroded on defence costs alone. What we see in these extreme examples are multiple individual targets, cross-border collaboration between regulators, wide ranging disclosure requests, and conflicts of interest (sometimes necessitating the instruction of multiple defence firms). Adding all of these factors together can feel comparable to the concept of compounding interest.
In the post-pandemic world, the UK Government quite understandably wants to bring high growth and innovation to the fore as one of many levers being engaged to re-energise the economy. Music to an entrepreneur’s ears? Well yes, but what normally follows innovation? Government intervention.
The National Security and Investment Act 2021 (NSI Act) and the Digital Markets Unit (DMU) are two examples of a UK Government trend towards taking a more interventionalist approach to markets. They are also indicative of a wider interventionalist approach being adopted by regulators worldwide in relation to new technologies.
The NSI Act
The NSI Act received Royal Assent in April 2021. Once fully commenced by January 2022, the NSI Act will establish a new regime for government scrutiny of, and intervention in, acquisitions and investments for the purposes of protecting national security. The new regime will replace the national security aspects of the government's current powers of intervention under the Enterprise Act 2002 and run parallel to the Competition & Markets Authority’s (CMA) existing merger regime (which will only apply to competition, media plurality, financial stability and public health emergency considerations).
In summary, the NSI Act introduces mandatory notification of the proposed acquisition of certain shares or voting rights in a qualifying entity where that entity carries on activities in the UK in one of 17 "sensitive sectors". Transactions subject to mandatory notification cannot be completed until clearance is granted and transactions that take place without clearance will be void.
The call-in power
The core power under the new rules is for the Business Secretary to ‘call-in’ acquisitions (that is, undertake a full national security review on them), and if necessary, impose restrictions on the parties or even block the transaction.
The call-in power arises if certain ‘trigger events’ occur or are in progress or contemplation where that event may give rise to national security risks. The trigger events include, for example, the acquisition of the votes and shares in a qualifying entity that go through thresholds of more than 25%, more than 50% or 75% or more; the acquisition of voting rights that enable or prevent the passage of any class of resolution governing the affairs of the entity; or the acquisition of material influence over a qualifying entity’s policy (a familiar concept in existing UK competition law).
How will the call-in power be used?
The government has published a draft Statement of Policy Intent on how the business secretary expects to use the call-in powers. Broadly speaking, they will consider each of:
- The target risk – the nature of the target and whether it is in an area of the economy where the government considers risks more likely to arise.
- The trigger event risk – the type and level of control being acquired and how this could be used in practice.
- The acquirer risk – the extent to which the acquirer raises national security concerns. The rules are not targeted at any jurisdiction and there is no list of safe/hostile states or organisations.
Sanctions, remedies and scope
The government will have powers to impose remedies where deals are found to create national security risks and to administer sanctions for noncompliance with the regime. Sanctions for non-compliance include fines of up to 5% of worldwide turnover for a company, and for individuals, fines of up to £10 million and imprisonment.
The NSI Act puts the UK on a par with other countries around the world which have similar rules - including the USA, Australia, Germany and France, and represents a substantial change in the UK's merger control laws where only about a dozen transactions have been reviewed on national security grounds in nearly 20 years.
The government's own figures estimate that over 2,200 acquisitions a year will need to have some early dialogue with government and 1,800 acquisitions a year will need to be notified - though only 70-95 acquisitions will be called-in for a formal national security assessment and only around 10 will have any remedies imposed.
The Digital Markets Unit
The DMU is a new tech regulator intended to oversee plans to promote greater competition in digital markets, give consumers more choice and control over their data, and protect online consumers and businesses from unfair practices.
In August 2021, the government opened a consultation on the operation of the DMU. Under the proposals, the DMU (which will be put on a statutory footing, having operated in shadow form since April 2021) will be able to designate tech companies with substantial and entrenched market power as having 'Strategic Market Status', or 'SMS'. Such companies will have to comply with a mandatory code of conduct, backed up by robust enforcement powers.
The consultation
The consultation sets out a number of proposals for the new pro-competition regime.
There will be a focus on companies designated as having SMS and the government is consulting on the SMS criteria and test (substantial and entrenched market power in at least one activity and this market power must provide the firm with a strategic position).
Code of conduct
In order to manage the SMS company’s conduct, the company will need to comply with the code of conduct which will be based on three core objectives (fair trading, open choices and trust and transparency) combined with a set of legally binding principles supported by guidance. The government considers that the high-level principles together with the objectives should be enshrined in legislation with the DMU having the ability to develop firm specific legally binding requirements based on the legislative principles. The DMU will also have the ability to issue both final and interim code enforcement orders (with a possible procedural deadline of six months).
Pro-competitive interventions
The government is proposing that the DMU will have the ability to impose pro-competitive interventions (PCIs) which will sit alongside the code of conduct. This will provide flexibility for the DMU to implement remedies in an incremental, proportionate, and coherent way (different from the current market investigation (MI) process in the UK which allows for one-off intervention). The legal standard for intervention will be whether there exists an “adverse effect on competition” – the same standard as under the existing MI regime. The DMU will enforce the regime and the government proposes a short time frame for intervention (possibly nine months).
Regulatory framework
There will be a robust enforcement regime with the DMU at its core. It will have strong investigatory powers and enforcement powers with fines of up to 10% of worldwide revenues (and fines of up to 1% of worldwide revenues for failing to respond to information requests supported by further daily penalties of 5% of worldwide revenues for continued non-compliance). The government is also considering further measures including court order and senior management liability. The final element is the new merger control regime for mergers involving SMS firms.
Interested parties had until 1 October 2021 to respond to the consultation and we can then expect a government response before introducing legislation to put the regime on a statutory footing (expected 2022).
Conclusion
Both the NSI Act and the DMU are examples of an increased interventionalist approach from the UK government in ‘strategic’ sectors. This approach is mirrored by other countries in the EU and globally.
It remains to be seen how the government will go about enforcement. However, much like any other regulatory risk, it is important for companies to take a pro-active approach to dealing with these new regulations. Reading and understanding the government guidance, seeking specialist legal advice if appropriate, and taking a pro-active, transparent approach with regulators. Approaching these regulatory risks in this manner will avoid business disruption and, in the case of the NSI Act, transactional delays.
Read other items in Professions and Financial Lines Brief - December 2021