We come to our fourth panel of witnesses. We will hear oral evidence from Skadden, Arps, Slate, Meagher and Flom LLP and Affiliates. For this panel we have until 3.30 pm. Mr Leiter, I welcome you, and ask you to introduce yourself for the record.
Good afternoon. My name is Michael Leiter, and I head the national security and Committee on Foreign Investment in the United States practice at Skadden Arps. It is a pleasure to be with you this afternoon.
Q Thank you, Mr Leiter, for joining us and sharing your extensive expertise with the Committee. I wanted to look at strategic and critical industry. There are a series of cases where nascent or strategically important industries might become critical to national security in the future, but they are important to industrial and economic strategy now. For example, it was not clear that there was a direct national security threat from Deep Mind’s artificial intelligence algorithms in 2014, but it is clear that the company was important for the UK then, and it is clear that artificial intelligence is important for national security now. That is reflected in the Bill. Based on other countries, how do you think the Bill can capture these forward-looking public interest or industrial strategy concerns within national security grounds for acting?
Thank you for the question; it is quite a good one. It is one that the United States has struggled with, as have other countries and their regimes. We suggest a couple of approaches. First, one piece that I think the Bill does quite well—although there is a countervailing concern that has to be addressed—is not having a de minimis threshold, in terms of dollars. The Bill is quite strong in that regard, because as you note in your question, just because someone acquires a start-up company for a relatively modest amount—a few million pounds—it does not mean that that company and that technology does not have, or will not have, very significant national security implications.
The flipside of that is, of course, that without the de minimis threshold, it becomes a far more difficult regime to manage. The volume can be much higher. It can potentially poison venture capital innovation. This is best balanced by not having a threshold for dollars, as you do with the no de minimis threshold, but then making sure that regulators have the ability to review these matters extremely quickly. The pace of investment in emerging technologies requires a very short timeframe. It is not like a large public company transaction, which has extended timelines. As long as one implements a very rapid review process and has the officials in Government to keep up with that potential backlog, I think those two interests can be effectively balanced.
Q To follow up on your point about notifications, the Government impact assessment for the Bill suggests that up to 1,830 notifications might come in each year under this new regime. I am concerned that they look at the impact on the acquirer, and they do not capture the fact that almost every start-up seeks capital investment at some point. What impact do you foresee on the overall UK investment climate, and what might FIRRMA and CFIUS changes lead us to expect in our case?
This is very important. I was rather taken aback by two things about the Bill. The first is the projection of over 1,000 matters, going from the very, very few that the UK has traditionally had; this is an explosive increase in matters. I am concerned that no Government are ready for that rate of change. Even in CFIUS under FIRRMA, although there is not an increase in the overall number of long-form notices, in the short-form declaration process, there was an increase. That was relatively modest, an increase of about one third, so the US now reviews approximately 240 full cases, and about another 100 short-form.
When you talk about going from a few dozen to 1,000, you have to be very sure that you have both the resources and the expertise to process that. I would be concerned by that. Another case where your Bill goes much farther than anything I have seen, and certainly much farther than anything in the United States, is in encompassing not just acquisition and investment in businesses but acquisition and investment in supplies, goods, trade secrets, databases, source code and algorithms, so it is tangible and intangible objects, rather than businesses. That scale is very difficult to predict, and if one is more in the mood for incremental change, so as to see how a Government can handle change, including those elements poses some real risk for management.
Q Thank you, Mr Leiter. That is really good feedback. Building on the point made by my colleague the shadow Minister, the CFIUS regime in the US obviously operates successfully, in the sense that the US remains an incredibly attractive place for inward investment. How have the US regulators balanced those two things? Does the Bill as drafted provide us with a similar opportunity to strike that balance?
I am honoured to have worked with the UK Government for 20-plus years on security issues, and over the past 10 years on economic issues. I certainly think you have the potential to strike that balance. In the US, traditionally, the CFIUS structure was a balance between the security agencies, which tended to want to restrict investment, and the economic and commerce agencies, which tended to want to encourage that investment. Certainly, in the case of China, we have seen massive decline in direct investment because of both Chinese controls and US controls: a tenfold decrease from 2016 to 2018. But as you said, the scale and strength of the US economy mean that global investors look to the United States no matter what.
I do not mean to make less of the UK in any way but, from a UK perspective, one has to be a bit more careful, because you simply do not have the scale that inevitably will attract investment. The US could be a rather poor place to invest, with lots of regulation, but people would still come because of the scale of the market. You don’t have quite that luxury. That is not to say that the UK has not for generations been an incredibly attractive magnet for investment, but whereas the US can err on the side of security, from my perspective, admittedly an American one, the UK might want to be a bit more careful about restrictive measures, because the size of the market is not in and of itself so inherently attractive that companies and investors must be in it. We have a bit of an advantage over you on this one.
Good afternoon. I do not know whether your saw much of the previous witness’s evidence, but she commented on how countries such as the United States have a limited number of excluded or exempt countries—including the United Kingdom—that are not covered by their equivalent legislation. What are your thoughts on how the Bill does not have any provision to exempt entire countries from its scopeQ ?
I was able to see part of Dr Lenihan’s excellent testimony, which was quite informative and good. First, to clarify, although the US does make distinctions for exempted countries—obviously those are the UK, Australia and Canada right now—that exemption is extremely narrow. It limits those countries only on mandatory filings, and only if investors from those countries fulfil a fairly rigorous set of requirements. So, although Canadian, UK and Australian investors were quite excited before CFIUS reform, when the regulations about excepted investors were promulgated, that has had a minimal effect on those countries. It is not a significant advantage. Those countries are still subject to CFIUS review in the vast majority of investments they make. Now, that gives only half the story, because clearly investments from those nations go through a much less rigorous review, and come out with much better results than those from countries where the US has a more strained security relationship.
On what I see in the Bill, I would say a couple of pieces about the excepted possibility. First, as I read the Bill right now, it covers investments from other UK investors—not even simply those outside the UK. If my reading is correct on that front, I have to say that is probably not wise. We have already talked about the significant increase you could have, based to some extent on mandatory transactions as well as some other factors, and I think trying to take a slightly smaller bite of the apple and not including current UK businesses in the scheme would be well advised.
To the extent one has open trade and security relationships with certain countries, lowering the bar for review to exempt them, or including things such as dollar limits and getting rid of the de minimis exemption, might well make sense. That is another way of making sure that the Secretary of State can focus on those areas you think are the most sensitive from a security perspective. Whether we like to do so or not, that can be aligned to some extent with the country of origin of the investor. It is not always perfect—one must often look below that, especially when dealing with limited partners and private equity—but it is a relatively easy way to reduce the load you may experience if all these measures were implemented.
Right now, it is a very robust list. In fact, I would probably err on the side of going in the other direction. I think this is a good list of 17, but what is critical is that these sectors gain further definition about what this actually means. Let me give you a quick example: artificial intelligence. I invite you to go online and try to find more than 10 companies in the world right now who are doing well and do not advertise their use of artificial intelligence in one way or another. It is one of the most commonly used marketing terms there is: artificial intelligence and machine learning, all to serve you in your area of work. If one interprets artificial intelligence as encompassing all those businesses, there will be a flood of reviews. Now, if one focuses on those companies not using artificial intelligence but actually developing artificial intelligence, I think the definition of the mandatory sector will make much more sense. That is an area where I think the US is still finding its way. As Dr Lenihan noted, the US began with a set of listed sectors where transactions were more likely to be mandatory. They eliminated that and now focus purely on export controls, but again, it is not that a company uses export control technology; it is that it produces export control technology.
That may be too narrow for your liking, but if one mapped out your 17 sectors as currently described to their widest description, I think there would be very little left in the UK economy, except for some very basic manufacturing and some other services that would not be encompassed. This is a very broad list and, again, I think it will take some time to tune those definitions so they are not overly encompassing. Again, if you look at data infrastructure, communications, transportation —at their extreme, that is quite a broad set of industry descriptions.
Just thinking and reflecting on a few of your comments, Mr Leiter, if we are given the timescale that you have had at CFIUS—it has a long history, it has been here a long time and you have brought in a new and updated regime to meet the threats that the US Government see are coming towards us—how could we translate that to our context as we put together this regime here? Are there any particular lessons that we could use? Are there new threats that have been captured by the new regime that you now have in placeQ ?
Thank you for your question. I will do my best to provide some advice. I do so with some hesitation, because I readily accept from my experience working with the US and the UK that although we are related, we have two very different systems. The scale of our Governments and the scale of our private sectors are different, so one should always be very careful of trying to learn lessons from any other single country.
First, I would try to take this incrementally. This is a very big step and in trying to predict second-order and third-order effects of this—both the security effects, which may be positive, and the economic effects, which may not be as positive—I would tread carefully. I would start narrowly, then open up the aperture as necessary, rather than opening up quite wide and then narrowing it down.
Secondly, I think it will take some time, and not only to develop the administrative capabilities to handle this volume within the Government. I think you would have a significant amount of learning to do within your private Bar as to how this works, but also how to manage those voluntary filings. You are talking about including voluntary notifications across the economy, which I think is quite a sensible approach, but that requires a degree of collaboration between the UK security sector and the Secretary of State and the UK private legal Bar and commercial sector to understand where those national security threats and risks may lie. This is something that has developed in the United States over the past 20 years, but does not, in my view, yet exist fully in the UK.
Next, I would say that it is very important to consider how this should be applied for limited partners in private equity. Private equity plays a massive role both in UK and US investment and having clear rules about limited partners and the rights that may or may not implicate non-British ownership in those private equity funds is a very important step to take and one that should be clarified up front. It should not be approached without further clarification.
Lastly, I think it is important to build into the scheme the ability to evolve as technology evolves. I heard some of the questions about social media during the previous panel and it would have been very difficult to understand the sensitivities that are implicated by social media 10 years ago, or perhaps even five years ago. The ability for the review and notification to evolve with changing technology, access to data and new national security threats is critically important. The regime should be a living one that will evolve with those changed political or technological circumstances, not one that keeps still.
Q Following on from that, given the scale and breadth of the challenge you have outlined, covering so many areas, including private equity, how do you think we would best resource and staff this arrangement? Clearly this will be a potentially large undertaking for the Department as it stands at the moment.
Having worked with some of them, I think you have some outstanding individuals in some of the relevant Departments who can look at this matter. I believe that they will have to increase their interaction with the security elements of Her Majesty’s Government in a way that does not perhaps yet fully exist. The departments and agencies that I worked with while I was in the US Government were generally fairly separate from these sorts of investment review, and it will be necessary for training among those agencies to ensure that there is an understanding of the nature of acquisitions and investments in the private sectors in a way that security agencies do not yet fully understand it. Teaching the economic agencies about those security concerns will also be necessary. I think that the Government will need an initiative to make sure that there is a degree of integration across Her Majesty’s Government based on an understanding of those cross-fertilisations, which will take some period to take hold.
It is a pleasure to serve under your chairmanship, Sir Graham.Q
Thank you for joining us, Mr Leiter. It is invaluable to have a practitioner’s perspective as we make legislation; that is something I would like us to do more often. I wanted to ask about your practitioner experience with respect to two things: first, the inclusion in the Bill of personal criminal sanctions and, secondly, its behavioural impact, from the point of view of attorneys and lawyers advising clients, on the likelihood of notification.
Let me answer that with two points. First, there is clearly an educational process when such a new regime comes into place for bankers, attorneys and business people. This regime will take some time for them to understand as well, but I think that the UK, like the US—I have already drawn some distinctions about the risk of reducing investment in both countries—remains overall one of the most attractive places to invest in the world. One of the reasons it is so attractive is that it has a strong rule of law and courts system, and clear legislation. In that regard, those who would come and invest in the UK very much understand the need to comply with these regulations, and criminal and civil penalties.
What we have seen in the United States is an appreciation, even if there was some initial shock at the scope of the review and what might be considered a national security concern, and a very robust understanding that we at the Bar and our clients have developed about the importance of these reviews and compliance with the legal regime that applies. I do not see any likelihood of, or reason for, the same not taking hold in the UK. I find that my clients are quite appreciative of the counsel we give them, whether it is related to the US or a UK foreign investment. Overall, I think that the concern tends be less about personal criminal liability, although such concern undoubtedly inspires some, and more about the ability to continue to have good, strong, open relations with regulators in the country in which business is being done. That is critical.
The second piece I would commend you on, which is much better than the US system, is that the Bill provides for a very full and complete review by your courts. That is quite positive, especially with the change that will have to be implemented by the Government. The fact that there is an ability to turn to the courts for review is central and important. As you may know, that is not nearly equivalent in the United States. The ability to pursue remedies in the courts in the context of CFIUS is actually quite narrow. On behalf of my clients, and for improvement of the system, I am quite jealous of your approach on this front.
Q Thank you for your comprehensive answers, Mr Leiter. I am afraid that I have crossed out many of the questions that I had because your answers have been so comprehensive. To go back a couple of steps, you have referenced the structure and understanding of the regulations, and the challenges posed by that, as well as the understandable challenges posed by the creation of a new body to oversee the call-in process. That, understandably, will take time to implement. Do you think that lag and uncertainty might put off investors? On a similar line, in terms of the timeframe for call-in, there is the five-year retrospective, the six months for the Secretary of State to act, and the potential for up to 75 days or more to act. Is any of that likely to put off investors?
I will take those in reverse order. You are absolutely right: the timing is often central to much of what goes on in the world of mergers and acquisitions. With respect to the effective five-year look-back with six months of notification, that is not dissimilar to what we have in the United States. It serves a very useful purpose in that it certainly incentivises parties to file voluntarily.
To the extent that one includes a voluntary notification regime, I think that it is very important to have some period of look-back. I do not have a strong view whether that should be four or five years, but I do think that look-back is important in a voluntary regime. Of course, in CFIUS, there is no statute of limitations at all, but in reality, we rarely see CFIUS going back more than one year, at most two or three. Again, I think that if everything were mandatory, this would not be required, because to the extent that one has a voluntary regime, it is perfectly reasonable to give the Government an opportunity to look back. Doing so also provides an important incentive for parties, because they will often calculate the likelihood of the Government coming and knocking on their door one or two years down the line. I think that a general approach makes sense.
With respect to the specific timeline for the reviews, your Bill mirrors not perfectly, but closely, the CFIUS approach. In most cases, that timeline works relatively well, but there are a few exceptions. First, in public company mergers and acquisitions, this is no problem. The period between signing and closing tends to be quite long, so the idea of 75 days is not problematic. Similarly, whenever you have a matter where there is a competition review, which of course encompasses many things—on our side, Antitrust and Hart-Scott-Rodino, and in the UK and EU there are separate regimes—that 75 day-period seems to fit relatively well, provides sufficient time for the Government do their review, and will not be problematic.
The place where I think this is more problematic—I apologise that I cannot recall the Member who asked the question—is in smaller-scale, early-stage venture investments. That is where deals can go signed to close within hours or days, and having that longer period could be quite disruptive. In that sense, to the extent that one is concerned with early-stage technology investment, these timelines can be problematic, and finding a window to get through that quickly is quite important.
Finally, with respect to the timing of implementation and the time that it will take to get up to speed, I think it is important to have this effectively phased. I know I have said this several times, but I think this is a rather seismic shift in the UK’s approach to review of investment. I am not saying it is a bad shift. I think it is a shift that is consistent with the United States and other allies in Europe, and Australia. I think it is going in the right direction, but it is very significant, so having some opportunity to make sure that both the private sector and the public sector are ready for that and understand the rules—that the sectors are defined in a clear way and that parties understand, especially in the realm of having criminal penalties—I think it is particularly important to do that.
I think there are probably ways, to the extent you are worried about a risk during that interim period that things are not being reviewed, of addressing that as well, with the look-back provision, or initially implementing things in a narrower or separate sense, but I would be a bit careful about not having some transition period, which allows, again, both the public and private sectors to adjust to this very significant change.
Q Obviously, the consultation in relation to the 17 sectors, which was mentioned earlier by a colleague, is going to run beyond the end of the Bill—perhaps, I imagine, of its being implemented. The Government may well just get it through the House, but were that to happen the consultation would still be ongoing, so, again, I am sorry to try to pin you down on this, but do you think that would create a level of uncertainty that investors simply would not be comfortable with, and that they might well look elsewhere unless the Government were clear about having a system in place that makes things more flexible for business?
I am sorry to flip back again, but on smaller-scale early-stage ventures, we said this could be an issue, and again, I am sorry to pin you down: could it, or will it, be an issue? Where would you lean in that regard? Will we find that investors seek to go elsewhere with this a little bit more, where the timing is a little easier?
I think it will be an issue unless you are confident that small-scale, early-stage investors can have their transactions quickly reviewed within roughly 30 to 45 days. If it is longer than that, that will make the investment climate, I think, worse than other competing markets. I think that could have an impact.
On your first point, let’s face it, business always likes predictability, so you always want certainty, but deal makers have to understand risk and understand some uncertainty. That is inherent. I will say, it is not that the US has done this remotely perfectly. The US announced almost two years ago now that it was going to further define foundational and emerging technology that would then be subject to different levels of review under CFIUS. Here we are, almost two years later, and we still do not have that. The fact is that there has been uncertainty, and there will be uncertainty on your side as well. Having those definitions clarified as quickly as possible is good.
Do I think that a lack of clarity for three, four or five months about these sectors will suddenly stop investment in the UK? No. I don’t want to exaggerate it to that degree. You can try to pin me down, but the fact is this is all a matter of balancing, and there is no clear answer about when people will stop or start investing. More clarity is better. The faster there is clarity, the better, and to some extent, a lack of clarity will push people to look at other markets.
It is a pleasure to serve under your chairmanship, Sir Graham, and thank you very much, Mr Leiter, for your insightful evidence. I was wondering about the acquirer definitions, which are an important part of the equation, and the Q extent to which the legal structure and ownership base of the acquirer should play a role and, perhaps, be more clearly defined in the Bill, in terms, also, of what the triggers are for the screening process. If the acquirer is a state-owned enterprise or a state-backed investment vehicle, should that trigger a, for want of a better word, tougher or more robust screening process? If so, what might that look like in practice, and do other regimes contain that differentiation between a private sector acquirer and a state-backed acquirer?
Thank you for the question. The answer is that many regimes do draw such a distinction, which is generally a good thing, but there is an exception to that as well. This is important on two points, one of which I have already raised so I will not belabour. Understanding the ownership structure of private equity to understand how the Bill will or will not handle limited partners who are managed by a general partner at a fund is very important. That is a significant amount of investment, and clarity on that point is critical.
In the United States, for example, foreign limited partners in US private equity are fundamentally, overall, not considered for CFIUS. For foreign private equity investing in the United States, foreign limited partners are considered. Again, that is broad brush, but that is fundamentally how it works. With respect to sovereign wealth funds or state-controlled investments, there is a perfectly good argument that yes, the standard of review might be a bit more rigorous. In the United States, the way that works is that if a foreign Government-controlled entity invests in what is known as a TID business—one that that deals with critical technology, critical infrastructure or sensitive data—in the United States, and if they own more than 25% equity, that is a mandatory filing. So, it is increasing the likelihood of a mandatory filing if you are controlled by a partner.
Using such a standard makes sense. Right now, I do not believe the Bill provides many opportunities for that. You are already saying that, in the 17 sectors, all will be mandatory and there is no de minimis threshold. From that perspective, whether you are a sovereign wealth fund or not, it will be mandatory in a large scale of matters. You could of course say, with a dollar threshold such as you have now, that in the voluntary sector, if it was a state-sponsored entity, that would also be mandatory. I think there is some sense to that, but I would move slowly on that because, as I have noted several times, you are going to have a relatively high number of mandatory filings in the first place.
There is a second important piece to this, though, about whether you actually want to change it for Government-controlled entities. That is, especially in the case of China, but other countries as well, the distinction between state controlled and not state controlled is becoming less and less. Again, in some western democracies, it is quite clear whether it is a state-controlled entity, but to the extent a foreign Government can influence a private sector actor, that distinction starts to fade away, at least partially. Under your regime, it is not clear to me, other than expanding some voluntary into mandatory, how that will apply, and I think, to some extent, the distinction is losing some of its fineness.
Q I have a small follow-up question. The points that you have been making about private equity are very interesting. Large swathes of our social care system in this country, particularly residential care homes, are owned by private equity companies. Do you think it would have a material impact on the assessment of a private equity company if it was looking to invest in the social care sector, which one could argue is critical national infrastructure?
That raises two excellent points. First, yes, I think private equity is quite methodical about thinking of those restrictions. Whenever I deal with private equity in the Unites States, whether it is US private equity, foreign private equity or sovereign wealth funds, there is always a consideration of the way in which the business in which they are investing may be subject to a national security review and whether or not they will, even if approved, lose access to critical information, technology or other management control of the business in a way that would make it a less attractive option. From a US Government perspective, I think that is entirely appropriate; it is the entire purpose of the national security reviews.
It could affect the choices of private equity in the UK, but one still has to identify what the national security risk would be—and not just what the national security risk might be, but the extent to which, if the investment was allowed, the Government could still put in place restrictions that would eliminate or mitigate that national security risk. That leads me to make two very quick points.
First, there has been much commentary about defining what national security means. I would not welcome to go down that path; frankly, I think it is a bit of a fool’s errand. The Government will define national security as they may. Certainly, they should not overreach in extreme ways, but this is not one that I think legislative language is well tuned to trying to capture. That is not to say that it should not be limited in practice, but trying to capture it in legislative language is, I think, exceedingly hard. Again, it changes over time, depending on technology, access to data and other factors. One can imagine certain things that, before covid, we never would have considered to be issues of national security, but that are today. Capturing language for that is quite challenging.
The second piece is making sure that you have a good regime. We have been talking so much about screening, punishment and what falls into the bucket of review. There has been much less discussion here, and there is much less discussion in the law, about what mitigation and rules and enforcement there will be. If you permit a foreign investor to invest in one of these sectors and you put in place certain protections to protect British national security, how will you actually make sure that that occurs? It is wonderful to have these rules, but unless you actually have the regime and follow these things and ensure that there is enforcement and monitoring of them, you will have spent an enormous amount of time and money but actually not protected national security, so I think we should not give short shrift—[Inaudible]—deal is closed and approved but still being monitored by the Government for the very national security risk we are trying to protect against.
Q Thank you, Sir Graham. Mr Leiter, I would like clarification on the point about disguised takeovers, and perhaps you can use CFIUS as an example. What happens if a benign country or an organisation in a benign country, such as Canada or wherever, takes over a business and then that gets sold on to a state actor or a non-obviously state actor? How does CFIUS respond to that, and do you think that this Bill covers it?
I think your Bill does cover it. CFIUS would cover it in two ways. First, to the extent that a non-benign actor was behind the first transaction, CFIUS looks at the ultimate parent and whether it has been structured to evade review, so I think there is robust authority there. Secondly, the follow-on transaction itself would of course also be subject to CFIUS review, so I think you could catch it in the first instance or the second instance.
I think your Bill covers that. I will say also that I think the Bill is quite expansive and potentially problematically so. The US regime looks to see if there is a US business that is being acquired or invested in. That is a broad definition, but it still requires, generally, some physical presence, some people or the like. Your Bill does not seem to contemplate that, and specifically it says, “If the business simply provides supplies and goods to the UK or from the UK”. That is a very broad definition. It fundamentally means that if someone in London is buying something from a US business and it sends that to London—well, I read that as being covered by the Bill. That would actually be more expansive than CFIUS. It might, in that sense, give you greater national security protection, but I think it also may implicate a far more significant scale of transactions.