Q36 Members can sit in any seat where there is not a “Do not sit here” sign. Any Member sitting in the Public Gallery should stand by the microphone when they wish to speak.
First, let me thank the Committee for including me in today’s evidence-gathering session. My name is Dr Ashley Lenihan and I am a fellow at the Centre for International Studies at the London School of Economics, as well as an associate at LSE IDEAS. My research for almost 20 years now has focused on foreign direct investment and national security.
Thank you very much, Dr Lenihan, for putting your expertise at the disposal of the Committee. I am particularly interested in your expertise in the international aspects of the debate. As you are aware—the Bill responds to this—a number of the UK’s allies have national security and investment screening regimes, and almost all of them have updated their regimes in the light of the changing geopolitical and technological contexts. From your comparative work, what governance and decision-making structures have you found others adopting to ensure that all relevant Government expertise shapes national security and investment decisions? Are they appropriately reflected or considered in the Bill?Q
That is an excellent question. To answer it, I will first step back for a second and say that the Bill is a very important step in the UK’s alignment with its closest allies on this issue, and especially the Five Eyes, because there is clear evidence that states are trying to use the market and companies over which they have control and influence to gain economic, technological and even military power in foreign investment. During times of economic downturn and crisis when asset prices are low, the opportunities for that type of behaviour increase. Hence, we have seen these modifications to regimes not only in the West, but outside the West as well.
I think one of the most important elements of regimes as they have evolved—especially among the Five Eyes, but among our NATO allies and even in Russia and China—is the move to ensure that review mechanisms have the institutional capacity and resources that they really need behind them. Part of this institutional capacity usually involves a multi-agency review body of some type.
There is always a lead organisation, and in the West—especially in the US, Germany and France—these tend to be in Treasury or in business or trade Ministries, and that lead body, like the Department for Business, Energy and Industrial Strategy in the Bill, receives the information and handles the day-to-day activity. However, in the US with the Committee on Foreign Investment in the United States, the idea behind having a multi-agency review body with multiple agencies and Departments across vast areas of Government is that you have the ability for regularised monitoring and feed-in from these agencies across the spectrum of possible threats, and you have dedicated staff within those agencies who have the necessary security clearances, training and specialised knowledge over time to keep an eye on potentially risky transactions and bring them to the awareness of the lead agency.
One of the key elements of CFIUS that has been very positive is that, as it has evolved, it has brought in more agencies, not less, so you have multiple opinions on the same potential transaction being brought to light and discussed before any decision needs to be taken by a Secretary or Head of State, depending on the question. In CFIUS, that responsibility ultimately lies with the President, but the idea is that you have had a multiplicity of views and, under the Foreign Investment Risk Review Modernisation Act—the most recent update of US legislation—you have an ensured national security risk assessment made by the head of intelligence on detailed investigations of certain transactions.
The idea behind this is that—hopefully—any decision made will be viewed by the public as one that is truly based on national security concerns because of the debate that had to take place behind the scenes. That lowers the risk of politicisation and intervention, and again heightens the possibility of actually catching risky transactions in a way that otherwise can be difficult.
One of the great examples of transactions in the US caught not originally in the regularised monitoring process, but by a CFIUS employee in one of the agencies, was the unwinding in 2011 of Huawei’s purchase of 3Leaf, which was a US-based cloud computing technology company that had gone bankrupt. The assets, employees and patents had been purchased by Huawei—bankruptcy assets were not consistently monitored by the regime at that time. The purchase was caught by a Government staffer who happened to notice on his LinkedIn account that somebody whom he knew, who had partially run 3Leaf, was now listed as a consultant for Huawei. That transaction had to be reviewed and retroactively unwound. At that point, of course, one must assume that the bulk of the damage had been done, but it goes to show the importance of having not just one agency looking at these cases and being responsible; a multiplicity is needed across the piece. If I have any concerns with the Bill, my primary concern would be that the institutional capacity and resources behind the review regime are not made clear.
Q Thank you, Dr Lenihan. That is absolutely fascinating. The need for different agencies to be involved needs to be recognised.
In terms of your work on investments, and the investment regime, is there not a risk that it ends up capturing a host of investment transactions? I am particularly thinking of the burden and impact on our innovative tech start-ups. The likely definitions of the sectors to be involved include artificial intelligence and data infrastructure. Based on your experience of other countries’ introduction of new investment screening rules, have you found patterns in how similar changes have affected foreign direct investment, and potential trade deals, which is a topical subject? Do you have any thoughts on ways to mitigate the burden and impact, particularly on start-ups?
The Bill is arguably broader in scope on call-in powers than some other foreign direct investment regimes—I would argue that these perhaps even include the US regime—because it does leave wide latitude for call-in powers. The Bill also covers trigger events that are initiated by all investors, both domestic and foreign, and that is truly rare among Western FDI review regimes that are focused on national security. Usually, the concern is to focus the regime on investments from foreign-owned, controlled or influenced entities. Domestic entities and acquirers that have, for example, ultimate foreign ownership or influence in some ways should be able to be caught by any well-institutionalised and resourced regime. I am not sure why it is that we do not actually see the word “foreign” in the Bill, even though it is supposed to be based on foreign direct investment. Perhaps that is a concern about potential domestic threats down the road, but either way, it will lead to a much larger volume of mandatory notifications than most other national security FDI regimes—the US, Germany, Australia and other countries. Almost 17 have made changes in the past couple of years, and these have increased and been modified since the covid pandemic.
I understand that the legislation may be written as it is to include domestic investors, perhaps to avoid appearing to discriminate against foreign investors. I would suggest that that is probably too broad a formulation for focusing on and identifying real risk. The EU framework for FDI screening encourages its EU members to adopt mechanisms that do not discriminate between third-party countries, but that does not mean that it takes the word “foreign” out of its legislation to target foreign investments as opposed to domestic ones. Part of that is about the volume of transactions.
One thing I would highlight is that FIRRMA expanded the scope of covered transactions to include non-controlling investments of potential concern, as well as any other transaction or arrangement intended to circumvent CFIUS’s jurisdiction. But because it has had more cases to review on a detailed level in the past two or three years than in its history, since 1975, a major element of that Act is, again, around staffing and resources. There is a specific provision in FIRRMA, which is very clear that each of its agencies needs to hire under-secretaries in each agency just to be dedicated to this task.
There are two elements. An inter-agency review team is needed. You need enough staff to actually handle and catch all the risks. You the need the proper resources to do so—the right access to the databases, the right security clearances, the right training. On top of that, the volume of mandatory notifications will be increased by the fact that this is not just focused on foreign investment. I do not think there is much you can do about the foreign cases that you will get. There will be a high volume of those, and you need to be ready for them, but it is an important national security risk that needs to be dealt with.
Q It is a pleasure to serve under your chairmanship, Sir Graham. Dr Ashley, considering your experience of other countries—we talked about the US at length in the first couple of questions—such as Japan and Germany, what are your views on the retrospective powers under our Bill?
Personally, I think they are fine. I know that might not be a popular answer with some. Germany, France and even parts of the EU framework set up this five-year retroactive for cases. I think that that is at minimum important. Other countries, such as China, Russia and the US, do not place any limit on retroactivity. I would have to check up on Australia and Canada, but there have been cases that have gone beyond a year there. Under the original Government White Paper, the idea of having only a six-month period, whether or not you have been notified, is quite dangerous, because there have been cases that were well known where they have been caught after that point.
Some of my examples are from the US. The reason for that is that it is one of the longest-standing and most institutionalised regimes. It is also one of the most transparent, from which we know most about the cases that have gone through it. I have looked at over 200 cases of this type of investment over a seven-year period in the US, UK, Europe, China and Russia. One case that stands out in the US is the 3Leaf acquisition by Huawei, which was caught almost at the year mark. Another good example that went over the one-year mark would be the review in 2005 retroactively of Smartmatic, which was a Venezuelan software company, and its purchase of Sequoia Voting Systems, which was a US voting machines firm. Smartmatic was believed to have ties to Chavez. However, that acquisition completed without knowledge of CFIUS and it was not actually able to be unwound until 2007. At that point, you worry about what has happened, but at least you do not have the ongoing concern.
You do need flexibility. With the volume of notifications and the learning curve that the investment security unit will have to undergo, or whatever the final regime truly looks like, it will take time to get the team in place and get the knowledge and systems down, to accurately catch even the most obvious investments that are of concern. Dealing with the kind of evolving and emerging threats we see in terms of novel investments from countries such as China, Russia and Venezuela needs the flexibility to look at retroactively and potentially unwind transactions that the Secretary of State and the investment security unit were not even aware of.
One thing is that for mergers and acquisitions transactions, which are historically what have been covered under these regimes, across Europe, Australia, Canada, Russia, China and the US, all the systems that have been used—the M and A databases: Thomson ONE, Zephyr, Orbis—take training, but they only cover certain types of transaction. They do not cover asset transactions; they do not cover real estate transactions, which are of increasing concern, especially for espionage purposes.
It is going to take time, and I believe that flexibility really needs to be there. It can always be reviewed in the future, but I do not think that so far foreign investment has been deterred in any way in countries that have that retroactive capability. To limit the UK’s capacity to protect itself for some kind of strange feeling that we need to be perceived as being even more open than everybody else when under threat is not really wise at this time.
It is a pleasure to serve under your chairmanship, Sir Graham. Dr Lenihan, I am keen to know more about whether, other than in the US, you have seen good exemplar approaches to screening investments into these sectors; we spoke about Japan and Germany a moment ago. Can you give examples which we might learn from?Q
I do think the US system is the most institutionalised that we have, and the best at the moment. That being said, Germany’s system is very good; it has caught quite a bit. The German system has also been very good about regularly updating, changing and adapting its regulations as it sees new emerging threats to itself. They seem to have good feed-in across Government and they are exceptionally good at co-ordinating with other states in terms of information of concern.
In terms of national security review, Canadian and Australian systems are quite good. The problem with those systems is that they tend to do national interest reviews at the same time or in tandem with their national security reviews. Over the long term, including national interest in the regime has had an impact on how they are perceived in terms of their openness to foreign direct investment abroad. In the OECD’s FDI restrictedness index, Canada and Australia rank far lower than the US, the UK, Germany and France, and I think this is because of their inclusion of national interest concerns. Similarly, on the World Economic Forum’s global competitiveness index, they rank far lower. That does not provide investors with the type of clarity that they need. In general, we see that investors tend not to be dissuaded from investing just because there is a new foreign direct investment regime, as long as that regime is seen to have clear regulatory guidance, is transparent, and is applied consistently over time.
France sometimes gets quite a bad reputation for economic nationalism, but its review mechanism is also quite good at catching potential threats to national security. Japan is an interesting case. It has been so restrictive for so long that it is a little harder to compare with the other western countries. Its system has been tied in again to an overarching inward investment regime that has been restrictive towards foreign investment for other means beyond national security, so I find that country to be less of a comparator for these purposes. I hope that answers the question.
It is a pleasure to serve under your chairmanship, Sir Graham.Q
I have found your comments particularly interesting, Dr Lenihan. My own background is in the financial world, where I was involved in cross-border M and A and quoted equity transactions. I fully accept the premise of the Bill, which I think is important and has to be put into effect, and I draw encouragement from what you are saying about other regimes, but I am still left wondering a little bit whether, in practice, it will be really quite difficult for us to put into effect. Your point about the necessity of expertise among staff is crucial. Having sat at the centre of the process, I recognise that the point you make about a huge amount of information flowing across, especially in respect of unquoted companies, is very important; often, there is not much established information in the public domain. That first point is very important. The second point is that there is a very complex mechanism of market sensitivity as well. I do not quite know how this system intervenes with that. Also, within the UK itself there is a culture of openness, which has been touched on before, and in some respects we are a very different country from the others, particularly given the strength of the City of London. We therefore have the ability to transact in a way that some other countries do not, and a different culture.
The other point I wanted to raise and to hear your comments on is that there is a danger of political interference. I know that that is not the intention, but it must be a hazard in this process. What happens if the Government get it wrong about a company? Could not that be interpreted as political interference rather than seeking to establish a security risk?
I started my career in mergers and acquisitions in aerospace and defence M and A, in London. I think you make an important point: the UK has historically been the most open country to foreign direct investment on most indices and indicators. That perception is strong, and I do not think that that culture of open investment will or should change with the introduction of the regime. To the contrary, it actually gives you one of the best starting points that any country has to do this.
As I said, on the whole, in the Bill as written, and in the statement of policy intent behind it, it is very clear that the powers for review and intervention should be used only for an identified risk of national security, and not on the grounds of national interest. Regimes that are based only on national security, like that in the US but also Germany and France—even with a very different culture in many ways—have not seen a lowering of levels of foreign direct investment over time, because they have introduced, modified or kept these regimes up to date. It is because, on the one hand, the stable environment that they provide and that the UK will definitely provide for foreign investors, is far more attractive than any uptick in cost from having to get up to speed on a new regime; also, they are able to retain these global perceptions of openness to foreign investment and ease of doing business because of the way in which the rules are applied. As long as the rules are applied consistently, and with clear reasons behind their use, and applied consistently and transparently over time, it should be okay.
The Bill provides for a lot of regulatory guidance, which needs to come forward in a clear and very easily comprehensible and understandable manner. As long as that happens, it should be okay. Global Britain should still be the proponent of liberal economic values that it always will be, while also being able to demonstrate to itself and to its allies that it is able to protect itself from this type of investment.
Going forward, Britain’s relationship with many of its Five Eyes allies is going to depend on having a comprehensive regime of this nature that is used well. Under FIRRMA, under US law, for example, the UK is an exempt foreign investor in certain categories—one of three with Canada and Australia. It has been stated that for that to continue––it is going to be reviewed––it needs to have a regime to protect itself. We can talk about this later, but part of that is about the potential concern about not just the ability to share intelligence on these issues, but about acquisition laundering, export controls and all these issues that tumble on behind that can affect investment, trade and intelligence-sharing relationships over time. That is important.
The research evidence shows that foreign investment is not deterred unless there is a problem in how this is applied. There has been politicisation of cases; demonstrated proportionality of response is also extremely important. There are many cases in which a threat to national security can be mitigated by agreements and undertakings without needing to block a deal. When you look at the modern history of foreign direct investment intervention across Europe and the US––even if you look at Russia and China and how they behave––the preference is, where possible, to mitigate national security concerns through comprehensive agreements, and that can be done in a host of ways. It can be that you have a board of directors that is only UK nationals, or that you require divestment of a certain black box technology company to another UK company or a friendly allied country. Whatever it may be, historically, there has been a preference for that type of action to be taken. Vetoes of cases are actually quite rare since world war one, when we first really saw this type of issue pop up.
The concern is if we see the UK blocking deals where it could mitigate because a deal has become a political hockey puck. In today’s world, where this is something that is constantly discussed in the Financial Times and The New York Times, whereas it was not 15 years ago, any case has the potential to be discussed widely in the political debate. The question is how it is treated by Government and how other countries perceive that treatment. I know that I have used US examples quite a bit, but if you look at US-China investment, China still invests a lot in the US, even though it complains every time a deal is blocked or mitigated. The reason behind that is because this is a sovereign right under customary international law, and China does the same thing when it has the same concerns. It is only if a case becomes truly politicised that there is an issue.
To give you an example, in 2005 in the US, the case of Dubai Ports World and P&O, which was a takeover of a UK company, became overly politicised in the US system. It is one of the only real examples where it has happened, and that was because there were a few US lawmakers who had a completely different view of the risk and relationship of the US vis-à-vis the United Arab Emirates than the Department of State or the Department of Defence. That is quite rare but what ended up happening was US lawmakers seeking to block a deal when most reasoned professionals in the industry and in various Government Departments thought that any risk could be mitigated simply in a host of other ways.
In the case of overuse, overbalancing, misuse, politicisation, whatever you want to call this tool of economic statecraft, there was a momentary blip in relations between the US and the UAE. There was a momentary stalling of trade talks, change in the currency basket and some uncomfortable months, but the relationship was strong enough to survive and it usually is. This is not really an aspect of going to war. I think the key is proportionality in response, how it is applied, and it is about consistency and transparency. The Bill is well written in many ways, but how it is used can go any number of ways, so it is about how the UK uses it going forward.
Thank you, Dr Lenihan. There are lots of Members wanting to speak and we have limited time, so I will try to get through some quickly. I will call Stephen Flynn, Mark Garnier, then Stephen Kinnock.
Thank you for your comprehensive and helpful answers, Dr Lenihan. I would like to divert back to some of the comments that were made about the Bill on Second Reading, particularly relating to definitions, or a lack thereof, in relation to national security. I would welcome your thoughts as to whether the Bill should or should not have a definition.
My second question relates to the scope of the Bill, which you mentioned earlier. In terms of the consultation going on, 17 sectors have been identified. The glaring omission seems to be social media, but I would appreciate your view on whether artificial intelligence would cover off social media to a level that you would be comfortable with.
Those are both really good questions that I hoped would be asked. If national security is that which seeks to maintain the survival of the state and preserve its autonomy of action within the international system, unfortunately that means that you cannot necessarily define national security in law without binding yourself in an inflexible way. What we have seen is that most foreign direct investment regimes of this nature all refer to national security. I do not know of a single one that actually defines it or limits itself to a particular definition. I could be recalling incorrectly but I have looked at over 18 of them and I have never seen a particular definition.
What you do see in regulations is guidance as to how national security risk might be assessed or examples of what could be considered a threat to national security. US guidance is helpful on this, in terms of how they put their regulations together. Some have argued that it is too comprehensive—it is a lot to read and provides the lawyers with a lot to do—but it is useful and has meant that the process of knowing when you might be triggering concerns is easy to navigate. I really do not think that the UK wants to define it in the Bill.
There was a US Government Accountability Office report in 2008 examining the foreign direct investment restrictions in 11 countries at that time. Each was determined to have its own concept of national security but none of them actually defined it. In 2016 the OECD did a similar report after a new resurgence of changes in laws, and it looked at 17 countries including Lithuania, Korea, Mexico and Japan, and they came to the same conclusion. The OECD has quite good guidance in general on this and they have not recommended that their countries define national security risk, but they have recommended regulations to help increase transparency around what could be considered a risk.
Regarding the sectors for mandatory notification, I think that is a very good question and one that it is difficult to grapple with in many ways, because the threat is emerging and changing at the very same time that technology is emerging, changing and interacting with our society in various ways. Various countries have been trying to deal with this. In the US, a final rule was just put out in relation to non-controlling investments and situations where you have certain mandatory notifications. A pilot programme was initiated in 2018 to try to define—as your consultation will, in many ways—the proper sectors using North American industry classification system codes, instead of standard industrial classification codes as the UK regulation does.
Whatever codes you use, though, the US found that they had an incredibly high volume of mandatory notifications and were not necessarily getting to the issue that they wanted to. They have changed that under the final rule, and now mandatory notifications in that classification are going to be defined [Inaudible.] and would come under certain US export control regimes. The idea behind that is that the US is doing a review of export control regimes, which will try to get to what foundational technologies might be of concern. I think that applies to your question about social media.
Social media is of concern because of the data, and data retention, involved in most social media. As I understand it, the sectors in the Bill will be kept under constant review and can be changed and updated as needed. That is important, and it might be worth doing a pilot programme.
Thank you, Sir Graham. Dr Lenihan, my questions refer back to points you made in response to the first batch of questions. You spoke of the review regime not being quite up to full standard. It is an interesting dichotomy that the Bill sets up a new review regime in BEIS, but there is an export control unit in the Department for International Trade that already looks at arms control, as well as intellectually sensitive exports. I would be interested to hear your comments about how those two play together.Q
Secondly, it is worth bearing in mind that the Minister, Lord Grimstone, sits in both the DIT and BEIS. He is responsible for investment promotion. We are talking about more acquisitive types of investment, but do you see a potential conflict of interest between the ambitions of the Government to secure more investment into the UK and potentially having the wrong kind of investment?
I would suggest that the investment security unit and the unit that will handle the processing of this regime remain in BEIS. That is fine; however, it would be useful to set up in the Bill some sort of multi-departmental review body that contributes regularly, and that has staff in those Departments who monitor the risks in relation to this concern. As you say, the Department for International Trade will be able to monitor, find and catch risk that others—such as the Foreign, Commonwealth and Development Office, GCHQ and its new cyber unit—cannot.
It would seem very strange to not have a feed-in from intelligence agencies and the Ministry of Defence on a regular basis. If you set that up in an institution that is clear, at least to the outside world, about its composition and makeup, as opposed to having ad hoc feed-in over time, it would help with the perception of openness from the outside. It would also help to counter any claims of an individual or place being politicised or used for some other purpose by a particular Minister, because then they could give a balanced opinion for the Secretary of State in charge to make a final decision.
Thank you very much, Dr Lenihan. That brings us to the end of the time allotted to the Committee for asking you questions. We are grateful to you for your time. Where members of the Committee wanted to ask questions and were not able to, I will try to give them a bit of priority on the next panel—or in another, if that is helpful.