INTRODUCTION
Mergers and Acquisitions (M&A) transactions are on the rise in Nigeria, particularly in the technology startups space. The acquisition of Paystack by Stripe in 2020 in a deal worth $200 million increased interests in M&A activities in the tech space in Nigeria. Subsequently, Equinix, an America's digital infrastructure firm, completed the acquisition of MainOne, a West African data center and connectivity solutions provider in 2021 in a deal valued at $320 million. In January 2023, DriveMe, a Nigerian mobility startup acquired a 100% stake in Go!TwentySix, a Lagos-based provider of valet services. M&As are becoming common exit strategy for founders of tech startups as they look to profit from leading these startups to become recognizable brands and profitable ventures.
Acquiring tech companies like M&As in other sectorsis one way to upscale business operations, acquire tech/intellectual property, acquire more customers and hopefully increase revenue. Importantly, M&A is usually an entry strategy for foreign firms into the Nigeria market. Most foreign firms will prefer to acquire an already existing business with existing operations and customer base as opposed to starting their operations from scratch in Nigeria. This was the case with Blockfinex, a UEA-based crypto exchange in its acquisition of 100% stake in Fluidcoins, a Nigerian crypto payment gateway.
This article sets out the fundamental legal issues underpinning a successful M&A deal which investors must consider before acquiring any tech company in Nigeria. Investors are selective about the investments they are willing to make. Tech startups seeking investment will therefore face more competition for funding and should be prepared to respond to a prospective investor's legal due diligence requests to avoid delays or missing out on investment altogether.
LEGAL AND REGULATORY FRAMEWORK GOVERNING M&A ACTIVITIES
The laws that govern M&A activity in Nigeria are as follows:
- Federal Competition and Consumer Protection Act 2019(FCCPA);
- Merger Review Regulations, 2021;
- Merger Review Guidelines, 2019;
- Companies and Allied Matters Act 2020 (CAMA);
- Companies Regulations 2021;
- Investments and Securities Act (ISA) 2007;
- Rules and Regulations of the Securities and Exchange Commission (SEC);
- Nigerian Exchange Rulebook.
The FCCPA is the primary legislation governing M&As in Nigeria. It establishes both the Federal Competition and Consumer Protection Commission (FCCPC) and the Competition and Consumer Protection Tribunal. The FCCPC is vested with the authority for overseeing and approving M&A transactions. To facilitate this, the FCCPC has introduced the Merger Review Regulations 2021, providing a regulatory framework for notification, specifying applicable fees, and guiding the review process for mergers in accordance with the provisions of the FCCPA. The CAMA governs companies in Nigeria and significantly influences M&A transactions by outlining provisions for share acquisitions and various merger schemes. The Nigerian Stock Exchange plays a crucial role in M&A involving publicly listed companies, enforcing compliance with its listing requirements.
Some sector-specific laws and regulations also apply to M&A transactions; these include: (i) the Banks and Other Financial Institutions Act and the Central Bank of Nigeria's Guidelines and Incentives on Consolidation in the Banking Industry are relevant to M&A deals in the banking sector. The Central Bank of Nigeria Act of 2007 provides that the prior approval of the Central Bank is required for any transaction involving the acquisition or takeover of an equity stake of 5% or more of a Nigerian bank; (ii) the Nigerian Communications Act of 2003 and the Nigerian Communications Commission Competition Practices Regulations are applicable to M&A transactions in the telecommunications sector. The Nigerian Communications Act requires the prior approval of the Nigerian Communications Commission to be obtained for transactions involving the acquisition or takeover of 10% or more of the shares of a licensed telecommunications company; (c) the National Insurance Commission Act will apply to M&A in the insurance industry. Under the National Insurance Commission Act, any transaction involving the acquisition or takeover of 25% or more of the shares of an insurance company requires the prior approval of National Insurance Commission. These sector-specific laws operate in addition to the provisions of the FCCP Act, the CAMA, the ISA, and the SEC Rules and Regulations.
WHAT IS LEGAL DUE DILIGENCE?
Legal due diligence is the process of collecting and assessing all of the legal documents and information relating to a company (a “target”) prior to making an investment in the target. It gives both the investor and the target the chance to scrutinize any legal risks, such as lawsuits or intellectual property issues, before closing the deal. By understanding the target company and any potential liabilities, both parties can make an informed decision in the M&A transaction. The investor does this primarily to confirm that the information provided by the target's management is accurate, to help support the investor's valuation, and to better understand any legal risk that may exist in the target. The outcome of legal due diligence will, to a great extent, affect the final decision to be made by an investor. Typically, an investor will send the target a list of documents and information that it expects to review, and the target will then make these documents and information available to the investor and its advisers via an online platform usually a virtual data room.
KEY AREAS OF FOCUS IN TECH LEGAL DUE DILIGENCE
Tech targets should be aware that investors can (and often do) identify potentially issues as part of legal due diligence, regardless of whether the relevant matter has been resolved. In addition to the usual considerations that would apply to any M&A transaction, tech targets should expect potential investors in the tech ecosystem to focus their legal due diligence on the following aspects:
- Regulatory Authorisation: Not all tech
companies carry on businesses which require regulatory
authorisation. For the tech companies operating in a regulated
space such as FinTech payment service providers, the investor will
want to confirm that the appropriate licence(s) have been obtained
and that the licence(s) are still valid and subsisting. In
particular, potential investors will want to understand which
regulatory frameworks may apply to the target's products and
services and whether any authorisations are required before such
product or service can be introduced to the market and if the
current products and services have been granted such approvals.
Other key regulatory risks for licensed tech companies which any
investor will need to consider include ongoing compliance with
regulatory requirements and a confirmation that the technologies or
processes utilised in the business aligns with regulations. It
is important for tech companies to have a solid understanding
of the regulatory frameworks applicable to their products and
services and to factor this into their product development plan. In
addition, if the target carries on regulated activities, one
question is whether the parties to the transaction are ready and
able to seek and obtain letter of no objection from the industry
regulator in respect of the proposed M&A transaction. There are
also instances where specific approval/consent of the regulator is
required for acquiring a specified percentage shareholding in the
target, the requirements and likelihood of receiving such approval
should be factored into the initial considerations. In addition, it
is important to get confirmation from the regulator that there are
no outstanding regulatory obligations including default or
non-payment of fees, existing sanctions, penalties or fines, among
others.
- Intellectual Property Rights: Potential
Investors will want to confirm that the tech company it seeks to
invest in owns all of the intellectual property rights embodied in
its product and brand or, if such rights are licensed from third
parties, that such licenses permit the target company to use these
rights, the duration and limits, if any, of such license. Potential
Investors will also want to ensure that the target does not
infringe any third-party rights and that it has a strategy for
keeping its intellectual property rights confidential. This is very
important as the valuation of almost every tech company is based on
the value of the company's technologies and intellectual
property portfolio.
- Data Protection: This is a central aspect of
the due diligence phase in every tech M&A. The potential
investor will need to verify if the target collects, processes, and
stores personal data in compliance with applicable laws and
that the tech startup has a suitable data privacy, protection and
cybersecurity plan, such as data breach incident response plan, in
place. This is particularly important given that the growth of tech
companies will often rely on its ability to successfully utilise
the data generated by its products or services. Consideration will
need to be given as to whether there have been any data breaches by
the tech target, how liability will be allocated on current
claims/incidents and action taken to ensure that there is no
reoccurrence. It is critical that the target provides evidence of
compliance with all applicable laws in this respect and also that
in its product development it has incorporated the principle of
data privacy by default.
- Employment: Investors will want to ensure that
the founder(s) and other senior management or other personnel of
the target have written employment agreements that contain suitable
non-compete and nonsolicitation clauses. Investors will also want
to confirm that key personnel of the target have entered into
effective confidentiality agreements and intellectual property
assignment agreements to ensure that any intellectual property
rights developed by such persons are solely owned by the tech
target. Tech companies can mitigate this risk by entering into
written employment agreements and intellectual property assignment
agreements with their employees from the outset.
- Identifying the sellers: Typically, a tech
startup will have been through multiple funding rounds (via friends
and family or angel investors) and, as a result, may have a complex
shareholding structure. This may become even more complicated if
the company has given some of its employees' stock options.
Consideration needs to be given to who the sellers are, and whether
they are able and willing to sell their shares to potential
investors. Tech startups can manage this risk by ensuring that
there is an effective shareholders agreement in place which
contains appropriate mechanisms such as drag along clauses to
enable potential investors obtain 100% control, if that is the
desired outcome.
- Quality Assurance Systems: Investors will want
to know that the target has an appropriate quality assurance system
in place, as this supports the company's effort to ensure
regulatory compliance. Companies should make sure they have a
quality assurance system that is appropriate in the context of
their business.
- Commercial Arrangements: Investors will review
the target's key commercial arrangements or contracts for a
number of reasons - for example, that the investment will not
trigger any adverse consequences for the target. Technology
companies seeking finance should ensure that prior to commencing
legal due diligence, their key commercial arrangements are well
documented. The targets should avoid entering into commercial
agreement containing the following clauses exclusivity,
change-of-control or joint ownership of intellectual property
rights unless there is a strong commercial rationale for doing so
and can show that such terms will not adversely affect the
company's business or a potential sale of the company.
- Pending Compliances: Tech companies engaging in M&A must conduct thorough legal due diligence on several critical fronts, including tax compliance, environmental regulations, insurance coverage, and antitrust laws. Firstly, scrutinizing tax compliance ensures that the target company is aligned with relevant tax regulations, mitigating the risk of unforeseen financial obligations. Secondly, assessing environmental compliance is crucial for identifying any liabilities related to environmental regulations, safeguarding the acquiring company from potential legal and financial ramifications. Thirdly, a comprehensive review of insurance policies and coverage is essential to understand the extent of protection against various risks, ensuring the acquiring tech company is adequately shielded post-M&A. Lastly, an evaluation of antitrust and competition laws helps in assessing the target's market position and identifying any potential legal issues pertaining to competition.
CONCLUSION
The due diligence process itself must be easy and seamless and this can be achieved if the target is able to provide the documentation and information required in a manner that the potential investor and its advisers can access in the most efficient manner. In the context of technology M&A, documentation and information provided in relation to the key focus areas highlighted above will help in swiftly moving the transaction to quick close. It is however important to note that it is not at the point where a potential M&A transaction is envisaged that the tech company starts to ensure compliance or availability of the information, a tech company that has ambitions should always be prepared and compliant with all its regulatory and contractual obligations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.