Advisory Board

  • Cai Hongbin
  • Peking University Guanghua School of Management
  • Peter Clarke
  • Barry Diller
  • IAC/InterActiveCorp
  • Fu Chengyu
  • China National Petrochemical Corporation (Sinopec Group)
  • Richard J. Gnodde
  • Goldman Sachs International
  • Lodewijk Hijmans van den Bergh
  • De Brauw Blackstone Westbroek N.V.
  • Jiang Jianqing
  • Industrial and Commercial Bank of China, Ltd. (ICBC)
  • Handel Lee
  • King & Wood Mallesons
  • Richard Li
  • PCCW Limited
  • Pacific Century Group
  • Liew Mun Leong
  • CapitaLand Limited
  • Martin Lipton
  • New York University
  • Wachtell, Lipton, Rosen & Katz
  • Liu Mingkang
  • China Banking Regulatory Commission (CBRC)
  • Dinesh C. Paliwal
  • Harman International Industries
  • Leon Pasternak
  • Bank of America Merrill Lynch
  • Tim Payne
  • Brunswick Group
  • Joseph R. Perella
  • Perella Weinberg Partners
  • Baron David de Rothschild
  • N M Rothschild & Sons Limited
  • Dilhan Pillay Sandrasegara
  • Temasek Holdings
  • Shao Ning
  • State-owned Assets Supervision and Administration Commission of the State Council of China (SASAC)
  • John W. Snow
  • Cerberus Capital Management, L.P.
  • Former U.S. Secretary of Treasury
  • Bharat Vasani
  • Tata Group
  • Wang Junfeng
  • King & Wood Mallesons
  • Wang Kejin
  • China Banking Regulatory Commission (CBRC)
  • Wei Jiafu
  • China Ocean Shipping Group Company (COSCO)
  • Yang Chao
  • China Life Insurance Co. Ltd.
  • Zhu Min
  • International Monetary Fund

Legal Roundtable

  • Dimitry Afanasiev
  • Egorov Puginsky Afanasiev and Partners (Moscow)
  • William T. Allen
  • NYU Stern School of Business
  • Wachtell, Lipton, Rosen & Katz (New York)
  • Johan Aalto
  • Hannes Snellman Attorneys Ltd (Finland)
  • Nigel P. G. Boardman
  • Slaughter and May (London)
  • Willem J.L. Calkoen
  • NautaDutilh N.V. (Rotterdam)
  • Peter Callens
  • Loyens & Loeff (Brussels)
  • Bertrand Cardi
  • Darrois Villey Maillot & Brochier (Paris)
  • Santiago Carregal
  • Marval, O’Farrell & Mairal (Buenos Aires)
  • Martín Carrizosa
  • Philippi Prietocarrizosa & Uría (Bogotá)
  • Carlos G. Cordero G.
  • Aleman, Cordero, Galindo & Lee (Panama)
  • Ewen Crouch
  • Allens (Sydney)
  • Adam O. Emmerich
  • Wachtell, Lipton, Rosen & Katz (New York)
  • Rachel Eng
  • WongPartnership (Singapore)
  • Sergio Erede
  • BonelliErede (Milan)
  • Kenichi Fujinawa
  • Nagashima Ohno & Tsunematsu (Tokyo)
  • Manuel Galicia Romero
  • Galicia Abogados (Mexico City)
  • Danny Gilbert
  • Gilbert + Tobin (Sydney)
  • Vladimíra Glatzová
  • Glatzová & Co. (Prague)
  • Juan Miguel Goenechea
  • Uría Menéndez (Madrid)
  • Andrey A. Goltsblat
  • Goltsblat BLP (Moscow)
  • Juan Francisco Gutiérrez I.
  • Philippi Prietocarrizosa & Uría (Santiago)
  • Fang He
  • Jun He Law Offices (Beijing)
  • Christian Herbst
  • Schönherr (Vienna)
  • Lodewijk Hijmans van den Bergh
  • Royal Ahold (Amsterdam)
  • Hein Hooghoudt
  • NautaDutilh N.V. (Amsterdam)
  • Sameer Huda
  • Hadef & Partners (Dubai)
  • Masakazu Iwakura
  • Nishimura & Asahi (Tokyo)
  • Christof Jäckle
  • Hengeler Mueller (Frankfurt)
  • Michael Mervyn Katz
  • Edward Nathan Sonnenbergs (Johannesburg)
  • Handel Lee
  • King & Wood Mallesons (Beijing)
  • Martin Lipton
  • Wachtell, Lipton, Rosen & Katz (New York)
  • Alain Maillot
  • Darrois Villey Maillot Brochier (Paris)
  • Antônio Corrêa Meyer
  • Machado, Meyer, Sendacz e Opice (São Paulo)
  • Sergio Michelsen Jaramillo
  • Brigard & Urrutia (Bogotá)
  • Zia Mody
  • AZB & Partners (Mumbai)
  • Christopher Murray
  • Osler (Toronto)
  • Francisco Antunes Maciel Müssnich
  • Barbosa, Müssnich & Aragão (Rio de Janeiro)
  • I. Berl Nadler
  • Davies Ward Phillips & Vineberg LLP (Toronto)
  • Umberto Nicodano
  • BonelliErede (Milan)
  • Brian O'Gorman
  • Arthur Cox (Dublin)
  • Robin Panovka
  • Wachtell, Lipton, Rosen & Katz (New York)
  • Sang-Yeol Park
  • Park & Partners (Seoul)
  • José Antonio Payet Puccio
  • Payet Rey Cauvi (Lima)
  • Kees Peijster
  • COFRA Holding AG (Zug)
  • Juan Martín Perrotto
  • Uría & Menéndez (Madrid/Beijing)
  • Philip Podzebenko
  • Herbert Smith Freehills (Sydney)
  • Geert Potjewijd
  • De Brauw Blackstone Westbroek (Amsterdam/Beijing)
  • Qi Adam Li
  • Jun He Law Offices (Shanghai)
  • Biörn Riese
  • Mannheimer Swartling (Stockholm)
  • Mark Rigotti
  • Herbert Smith Freehills (Sydney)
  • Rafael Robles Miaja
  • Robles Miaja (Mexico City)
  • Alberto Saravalle
  • BonelliErede (Milan)
  • Maximilian Schiessl
  • Hengeler Mueller (Düsseldorf)
  • Cyril S. Shroff
  • Cyril Amarchand Mangaldas (Mumbai)
  • Shardul S. Shroff
  • Shardul Amarchand Mangaldas & Co.(New Delhi)
  • Klaus Søgaard
  • Gorrissen Federspiel (Denmark)
  • Ezekiel Solomon
  • Allens (Sydney)
  • Emanuel P. Strehle
  • Hengeler Mueller (Munich)
  • David E. Tadmor
  • Tadmor & Co. (Tel Aviv)
  • Kevin J. Thomson
  • Barrick Gold Corporation (Toronto)
  • Yu Wakae
  • Nagashima Ohno & Tsunematsu (Tokyo)
  • Wang Junfeng
  • King & Wood Mallesons (Beijing)
  • Tomasz Wardynski
  • Wardynski & Partners (Warsaw)
  • Rolf Watter
  • Bär & Karrer AG (Zürich)
  • Xiao Wei
  • Jun He Law Offices (Beijing)
  • Xu Ping
  • King & Wood Mallesons (Beijing)
  • Shuji Yanase
  • OK Corporation (Tokyo)
  • Alvin Yeo
  • WongPartnership LLP (Singapore)

Founding Directors

  • William T. Allen
  • NYU Stern School of Business
  • Wachtell, Lipton, Rosen & Katz
  • Nigel P.G. Boardman
  • Slaughter and May
  • Cai Hongbin
  • Peking University Guanghua School of Management
  • Adam O. Emmerich
  • Wachtell, Lipton, Rosen & Katz
  • Robin Panovka
  • Wachtell, Lipton, Rosen & Katz
  • Peter Williamson
  • Cambridge Judge Business School
  • Franny Yao
  • Ernst & Young

Regions

FRENCH UPDATE – Cross-Border Mergers Into and Out of France

Editors’ Note: Bertrand Cardi, a partner at Darrois Villey Maillot Brochier and a member of XBMA’s Legal Roundtable, contributed this article. Bertrand Cardi, Ben Burman, Forrest G. Alogna, partners, and Laurent Gautier and Damien Catoir, of counsel, of Darrois Villey Maillot Brochier, authored the following article. Darrois Villey Maillot Brochier is the leading firm in France in the practice of M&A and Takeovers.

Executive Summary/Highlights

This memorandum describes the procedure and effects of a cross-border merger pursuant to Directive 2005/56/EC of the European Parliament and of the Council of 26 October 2005 on cross-border mergers of limited liability companies (the “Cross-Border Merger Directive”), as transposed into French law.  We focus on the French corporate law aspects of such a transaction but refer to analogous principles in other European jurisdictions (in particular, the Netherlands and the United Kingdom).

This year will mark the official tenth anniversary of the transposition of the Cross-Border Merger Directive into the national law of most if not all Member States.

The Cross-Border Merger Directive has generally been regarded as a success, facilitating corporate mobility and permitting enterprises to more fully benefit from the right of free establishment and free movement throughout the EU.  This increased corporate mobility within Europe has promoted increased deal synergies, supporting regulatory competition among Member States and more generally reducing organizational costs.

As we describe below, implementing a cross-border merger under the Cross-Border Merger Directive remains complex and cumbersome even relative to other sophisticated transaction structures.  Reforms are currently under consideration to streamline the process, as well as to put in place a European regime for cross-border spin-offs, but remain at an early stage.

Despite uncertainties within the European Union, cross-border deal activity remains strong, including transactions structured as cross-border mergers.  For example, the TechnipFMC transaction which completed in January 2017 under a UK incorporated holding company represents the largest arm’s length cross-border merger under the Directive to date.  It remains to be seen whether Brexit-driven transactions will be a significant (although perhaps circumscribed) additional source of cross-border mergers in Europe in the coming years.

Click here to see the full article

The views expressed herein are solely those of the author and have not been endorsed, confirmed, or approved by XBMA or any of the editors of XBMA Forum, nor by XBMA’s founders, members, contributors, academic partners, advisory board members, or others. No inference to the contrary should be drawn.

CANADIAN UPDATE – If Pills Are Out, Are Private Placements In?

Editors’ Note: This article was co-authored by Poonam Puri, a professor of law at Osgoode Hall Law School, an affiliated scholar at Davies Ward Phillips & Vineberg LLP and a respected adviser on issues of corporate governance, corporate law and securities laws, and by Patricia Olasker a senior partner at Davies in the M&A, capital markets and mining practices. It was submitted to XBMA by Davies partner Berl Nadler who is a member of XBMA’s Legal Roundtable.

Executive Summary: Canada’s new takeover bid regime got its first serious test with Hecla Mining’s attempted hostile takeover of Dolly Varden Silver. Under the new takeover bid rules, poison pills as a bid defence may soon be a thing of the past, to be replaced by private placements as the defensive tactic of choice for many targets. The joint decision of the Ontario and British Columbia securities commissions in Hecla v Dolly Varden articulates the definitive code for determining when a target company’s private placement will be deemed an illegal defensive tactic.

Our article recently published in Listed magazine explains the four-stage analysis for determining whether your private placement will survive regulatory scrutiny and, more importantly, how to structure your private placement in a way that will protect it from a Dolly-Varden-type challenge.

Main Article:

A version of this article originally appeared in Listed Magazine.

Consider this: a cash-strapped junior resource company listed on the TSX Venture Exchange is looking for ways to continue its exploration program for the coming year. With only $200,000 in its bank account, a $2-million loan from a significant shareholder that’s coming due, and an expected burn of $4 to $5 million for its drilling plans for the next year, financing is top of the agenda for both the board and management. Sound familiar?

The company considers extending the existing loan, but the lender refuses to commit to an extension until closer to renewal. Wanting certainty, the company decides to pursue a $6-million private placement, which it plans to use to pay off the existing loan and continue drilling. However, immediately after talks break down with the lender over loan amendments, the lender announces its intention to launch a hostile bid at a 55% premium over the market price. A week later, the company announces a private placement that would dilute existing equity by 43%, and the lender runs to the securities regulators demanding that they intervene by cease-trading the private placement. Should the securities commissions intervene?

This is exactly what happened in Hecla Mining’s unsolicited takeover bid for Dolly Varden Silver Corp. (TSX-V:DV) in July 2016. The Ontario and B.C. securities commissions refused to intervene and in October released a rare joint decision, explaining why. Simply put, they found that the company made the private placement for non-defensive business purposes. They noted that the company was contemplating an equity financing well before the offer was announced, the size of the private placement was reasonable, and it had not changed in size or scope after the bid surfaced. The commissions also explicitly recognized the market reality in Canada that junior listed companies often have to engage in dilutive equity transactions for legitimate business purposes.

Dolly Varden was the first contested transaction since Canada’s new takeover bid regime came into effect in Canada in May 2016. Different from the principles underlying takeover legislation in the  United  States,  where  boards  can  “just  say  no,”  Canada’s  takeover  bid  framework  is premised on the principle that shareholders should ultimately decide whether to accept or reject a takeover bid. The new rules change the balance of power between target boards and target shareholders, and between target boards and hostile bidders. Here, we’ve compiled a list of six implications of the new takeover code and the new approach to the regulation of defensive tactics in the post-poison-pill era.

  1. Hostile bids will be more difficult to complete successfully. The 105-day time period that a bid must now remain open means that a hostile bidder will incur greater costs and uncertainty. It will bear the risk of changed market conditions, volatility in underlying prices and changes to the target’s business. Other competing bidders might step in, and the initial bidder’s efforts in uncovering the opportunity may be all for nothing. This will, no doubt, make some potential bidders pause and think twice about bidding at all.
  2. Target boards have more time. Target boards now have more time to evaluate a bid, look for white knights, pursue alternatives and/or make a strong case to shareholders to reject the bid. A target board and its advisers can establish a strategic process with some greater certainty on timing (as opposed to the shorter, more variable periods that securities commissions have historically allowed for poison pills).
  3. Target boards have more leverage. Interested bidders are more likely to negotiate directly with target boards. Bidders who negotiate a friendly deal directly with the target’s board can have the target reduce the 105-day bid period to 35 days. This clearly gives the target’s board some negotiating leverage.
  4. Bids cannot succeed without the support of a majority of shareholders. The new requirement for a 50% minimum tender means that shareholders won’t be able to tender their shares to the bidder if the bid isn’t supported by a majority of the target’s shareholders. Under the old regime, bidders would often reserve the right to waive their own self-imposed minimum tender condition. This meant that even if a bidder was unsuccessful in achieving a majority of the target’s shares, it might have seized the opportunity to become a significant minority shareholder (e.g., 30% owner) by waiving its minimum tender condition and achieving a blocking position. Not possible anymore.
  1. Poison pills as a bid defence will be a thing of the past. The new regime is silent on shareholder rights plans but, given the significant extension of the minimum bid period and the codification of the minimum tender condition and 10-day bid extension typically required by rights plans, we see fewer companies adopting rights plans. And we don’t expect that regulators will allow issuers to use rights plans to further postpone takeup by hostile bidders beyond the 105 days.

That said, depending on their circumstances, some issuers may want to maintain rights plans so that they can have some protection against “creeping bids.” Creeping bids involve the practice of assembling positions over time greater than 20% of a company’s outstanding shares through acquisitions (like private placements and market purchases) that are exempt from the takeover bid rules.

  1. Other defence tactics will emerge and be scrutinized by regulators. Although poison pills (and the usual pill hearings at which they were challenged as an  illegal  defensive  tactic)  are likely a thing of the past, target boards are going to  be  more  carefully scrutinized  on  other defensive tactics, including private placements. This is where the fine print of the commissions’ decision in Dolly Varden is important.

Here’s their analysis in four simple stages (see accompanying diagram).

A: Threshold Question. Can the bidder show that the private placement has a material impact on the bid? For example, is there significant dilution?  Or  will  it  make  it  impossible  for  the bidder to satisfy the mandatory 50% tender condition?  If  yes,  then  go  to  stage  B.  If  the answer is no, the commission won’t intervene.

B: Preliminary Analysis. Can the target board show that the private placement was not a defensive tactic designed to alter the dynamics of the bid process? This question looks at intention and purpose, not effect. At this step, the target is responsible to provide evidence of the following:

  • it had a serious and immediate need for the financing;
  • it had a bona fide business strategy involving equity financing by way of private placement;
  • the private placement was not planned or modified in response to, or in anticipation of, a bid.

If the answer is yes, then the commission won’t intervene. If the answer is no or maybe, then go to the next stage.

C: Full-Blown Analysis. If the private placement is (or might be) a defensive tactic, then securities commissions must do a more extensive analysis to decide if they should intervene, focusing on their investor protection mandate but taking into account that corporate law defers to a large extent to board decision-making. In addition to the factors set out in the previous step, they’ll also consider the following:

  • Does the private placement benefit shareholders by, for example, allowing the target to continue its operations through the term of the bid? Or in allowing the board to engage in an auction process without unduly impairing the bid?
  • To what extent does the private placement alter the preexisting bid dynamics, for example, by depriving shareholders of the ability to tender to the bid?
  • Are investors in the private placement related parties to the target? Or is there other evidence that some or all of them will act in such a way as to enable the target’s board to “just say no” to the bid or a competing bid?
  • Is there is any information available that indicates the views of the target shareholders with respect to the takeover bid and/or the private placement?
  • Did the target’s board appropriately consider the interplay between the private placement and the bid, including the effect of the resulting dilution on the bid and the need for financing?

D: Final Stage. Is there any other policy reason to interfere with the private placement under the commissions’ public interest power?

In the 105 days it will now take to consummate a hostile bid, target boards will likely struggle more with how to meet their financing needs during that lengthy period. This will be especially true for junior resource companies whose only source of financing is typically equity. Hostile bidders can be expected to heavily scrutinize these financing transactions and challenge them routinely.

Takeaways: For companies contemplating a financing and wanting to protect it from a Dolly- Varden-like challenge, here are some things to think about:

  • Make sure you document in board minutes your earliest considerations of a possible financing, plus the need for and the intended use of proceeds, so that the record establishes that your plan was under consideration before any bid was announced.
  • Make sure the private placement is “right-sized,” i.e., no bigger than necessary to meet the demonstrable financing need.
  • Don’t increase or otherwise tinker with a private placement in the face of or in anticipation of a bid.
  • Make sure board minutes reflect the board’s consideration of the impact of the private placement on the bid.
  • Ensure that some of your key shareholders are supportive of the private placement in case you need their support at a defensive tactics hearing.
  • Avoid placing the securities in the hands of related parties or others known to be supportive of the target and likely opposed to the bid.
  • Consider offering the bidder the opportunity to participate in the private placement.
  • Avoid structuring the private placement so that the bidder’s failure to meet the required 50% minimum condition is inevitable.
  • Consider pre-emptively applying to the securities commission for an order excluding the newly issued securities from the required minimum tender condition.
The views expressed herein are solely those of the author and have not been endorsed, confirmed, or approved by XBMA or any of the editors of XBMA Forum, nor by XBMA’s founders, members, contributors, academic partners, advisory board members, or others. No inference to the contrary should be drawn.

CHINESE UPDATE — SASAC to Strengthen Supervision on Outbound Investment of Central Enterprises

Editors’ Note: Contributed by Mr. Adam Li, a partner at JunHe, and member of XBMA’s Legal Roundtable. Mr. Li is a leading expert in international mergers & acquisitions, capital markets and international financial transactions involving Chinese companies.  Authored by Ms. Fang He, a partner at JunHe and a member of XBMA’s Legal Roundtable.  Ms. He has broad experience in M&A, outbound investment, foreign direct investment, and private equity.  Ms. Qingxin Yang, an associate at JunHe, helped preparing the article.

Highlights:

SASAC issued new regulations recently, under which SASAC has adopted the concept of Negative List, and further strengthened its supervision of outbound investment by central enterprises.

Main Article

The State-owned Asset Supervision & Administration Commission of the State Council (“SASAC”) published the Measures for the Supervision and Administration of Outbound Investment of Central Enterprises (“Measures”) on January 7, 2017, which replaced the Interim Measures for the Supervision and Administration of Outbound Investment of Central Enterprises (“Interim Measures”) issued by SASAC in 2012.

Negative List

The biggest difference between the Measures and the Interim Measures is the introduction of Negative List of Outbound Investment Projects by Central Enterprises. There are two categories on the Negative List: Prohibited Category and Specially Supervised Category. Central enterprises are prohibited from investing in outbound investment projects in Prohibited Category, and should submit investment plan to SASAC to go through investor examination procedure before investing in projects in Specially Supervised Category on the Negative List. A central enterprise can make its own decision to invest in projects outside the Negative List according to its development strategies and plans. Central enterprises are also asked to make a more specific and stricter Outbound Investment Negative List for themselves based on the Outbound Investment Negative List issued by SASAC.

To invest in projects in Specially Supervised Category on the Negative List, a central enterprise shall submit investment plan to SASAC to go through investor examination procedure before submitting filings to the authorities in charge of outbound investment such as National Development and Reform Commission (“NDRC”) and Ministry of Commerce (“MOC”). In the previous Interim Measures, a central enterprise just needs to submit a filing to SASAC if it intends to invest in an overseas project falling into its principal business.  Filing procedure is relatively simpler compared to the examination procedure, and normally SASAC will not conduct substantial examination and review in the filing procedure. After the introduction of the Negative List, central enterprises have to submit investment plan to SASAC for examination before submitting to NDRC and MOC for filing when investing in projects in Specially Supervised Category on the Negative List. SASAC will conduct a full and substantial examination of the projects from different aspects such as risk of the project, ownership structure, capital strength, profitability level, as well as competition and exit conditions. Besides, when necessary, SASAC may entrust third-party advisors to give advice on the project. Thus, to invest in projects in the Specially Supervised Category on the Negative List would be more difficult and take much longer time.

In addition, the Measures continues the principle in the Interim Measures that a central enterprise shall not make outbound investment in projects beyond its principal business, otherwise, approval from SASAC shall be required.

Important Concepts Clarified

Two concepts are made clear in Measures: Major Outbound Investment Project and Principal Business of central enterprise. Major Outbound Investment Project means the investment project of a central enterprise decided by its board of directors after consideration in accordance with its bylaw and investment management system. Principal Business is the main business of a central enterprise decided by its development strategies and plans and confirmed and published by SASAC. Non-Principal business is the other business. With a clear definition, a central enterprise is able to decide if a project is a Major Outbound Investment Project and/or falls into its principal business in order to go through different decision-making and examination/filing procedures.

In summary, the Measures have introduced the concept of Negative List, and strengthened the examination and supervision on outbound investment by central enterprises. We will keep a close watch on the Negative List to be published by SASAC and may further comment.

The views expressed herein are solely those of the author and have not been endorsed, confirmed, or approved by XBMA or any of the editors of XBMA Forum, nor by XBMA’s founders, members, contributors, academic partners, advisory board members, or others. No inference to the contrary should be drawn.

Promoting Long-Term Value Creation – The Launch of the Investor Stewardship Group (ISG) and ISG’s Framework for U.S. Stewardship and Governance

Editors’ Note: This article was co-authored by Martin Lipton, Steven A. Rosenblum, Karessa L. Cain, Sabastian V. Niles and Sara J. Lewis of Wachtell, Lipton, Rosen & Katz.


Executive Summary/Highlights:

A long-running, two-year effort by the senior corporate governance heads of major U.S. investors to develop the first stewardship code for the U.S. market culminated today in the launch of the Investor Stewardship Group (ISG) and ISG’s associated Framework for U.S. Stewardship and Governance. Investor co-founders and signatories include U.S. Asset Managers (BlackRock; MFS; State Street Global Advisors; TIAA Investments; T. Rowe Price; Vanguard; ValueAct Capital; Wellington Management); U.S. Asset Owners (CalSTRS; Florida State Board of Administration (SBA); Washington State Investment Board); and non-U.S. Asset Owners/Managers (GIC Private Limited (Singapore’s Sovereign Wealth Fund); Legal and General Investment Management; MN Netherlands; PGGM; Royal Bank of Canada (Asset Management)).

Focused explicitly on combating short-termism, providing a “framework for promoting long-term value creation for U.S. companies and the broader U.S. economy” and promoting “responsible” engagement, the principles are designed to be independent of proxy advisory firm guidelines and may help disintermediate the proxy advisory firms, traditional activist hedge funds and short-term pressures from dictating corporate governance and corporate strategy.

Importantly, the ISG Framework would operate to hold investors, and not just public companies, to a higher standard, rejecting the scorched-earth activist pressure tactics to which public companies have often been subject, and instead requiring investors to “address and attempt to resolve differences with companies in a constructive and pragmatic manner.” In addition, the ISG Framework emphasizes that asset managers and owners are responsible to their ultimate long-term beneficiaries, especially the millions of individual investors whose retirement and long-term savings are held by these funds, and that proxy voting and engagement guidelines of investors should be designed to protect the interests of these long-term clients and beneficiaries. While the ISG Framework is not intended to be prescriptive or comprehensive in nature, with companies and investors being free to apply it in a manner they deem appropriate, it is intended to provide guidance and clarity as to the expectations that an increasingly large number of investors will have not only of public companies, but also of each other.

Click here to read the full article.

The views expressed herein are solely those of the author and have not been endorsed, confirmed, or approved by XBMA or any of the editors of XBMA Forum, nor by XBMA’s founders, members, contributors, academic partners, advisory board members, or others. No inference to the contrary should be drawn.

CHINESE UPDATE — China Adopted Cybersecurity Law

Editors’ Note: Contributed by Fang He, a partner at JunHe’s Beijing headquarters, and by Adam Li, a partner at JunHe’s Shanghai office; both are members of XBMA’s Legal Roundtable. Ms. He specializes in M&A, foreign direct investment and outbound investment from China. Mr. Li is a leading expert in international mergers & acquisitions, capital markets and international financial transactions involving Chinese companies. This article was authored by Ms. Dong Xiao, a partner in JunHe’s Beijing headquarters who specializes in the areas of foreign direct investment, mergers and acquisitions, Internet, high-tech, and data privacy and information law.  Associates, Mr. Cai Kemeng and Ms. Guo Jinghe helped with this article.

Highlights:

After deliberations over more than a year’s time, the Standing Committee of the National People’s Congress (“NPC Standing Committee”) finally adopted the Cyber Security Law (“CSL”) on November 7, 2016.  The CSL is the first omnibus law in China governing cyber security issues and has incorporated a number of new legal concepts and requirements that may impact companies with business operations in China.

Main Article

Below we will briefly introduce the CLS in terms of its background, applicable scope and legislative purpose, major requirements, and potential practical impact.

Introduction

Background

This legislation includes provisions relating to information and technology security. Meanwhile, as China has not enacted a unified data protection law, the CSL also incorporates several provisions related to the protection of personal information, which is also an issue of wide concern.

Application Scope and Purpose

The CSL applies to the construction, operation, maintenance and use of networks as well as the supervision and administration of cyber security within the territory of the PRC. “Networks” include networks and systems that are composed of computers and other information terminals and the relevant facilities and used for purposes of collecting, storing, transmitting, exchanging and processing information in accordance with certain rules and procedures (Article 76).  “Network operators”, an important subject of legal obligations under the CSL, is broadly defined as “owners and administrator of networks and network service providers (Article 76)”.

The CSL provides for “safeguarding the national cyberspace sovereignty” as a fundamental principle, and, for that purpose, includes provisions on, inter alia, the strategy, plan and promotion of cyber security, network operation security, network information security, and alarm and emergency response systems.

Responsible Authority

The national cyberspace administration authority, namely the Cyberspace Administration of China (“CAC”), is responsible for the coordination of cyber security protection activities and the relevant supervision and administration activities on a national level.  It further provides that the Ministry of Industry and Information Technology, the Ministry of Public Security and other relevant government departments shall be responsible for the protection and supervision of cyber security within their respective authorities.

Transition Period

The CSL will become effective on June 1, 2017.  Therefore, nearly a half year is provided as a transition period before its implementation.

Major Legal Requirements

Strengthened Network Operation Security Obligations

The CSL provides various security protection obligations for network operators, including, inter alia:

  • the compliance with a series of requirements of tiered cyber protection systems (Article 21);
  • the verification of users’ real identity (an obligation for certain network operators) (Article 24);
  • the formulation of cyber security emergency response plans (Article 25); and
  • the assistance and support necessary to investigative authorities where necessary for protecting national security and investigating crimes (Article 28).

In addition, network products and service providers shall inform users about and report to the relevant authorities any known security defects and bugs, and furthermore shall provide constant security maintenance services for their products and services, not install malware with their products, and clearly inform users and obtain their consent if their products or services collect users’ information (Article 22).

Key network facilities and special products used for protecting network security shall comply with the relevant national standards and compulsory certification requirements, and may only be offered for sale after being certified by the qualified security certification organization or passing the relevant security tests (Article 23).

It is notable that some requirements for network operators, such as retention of user logs for at least six months (Article 21) and regulations on the publication of cyber security information regarding system loopholes, computer viruses, cyber-attacks, cyber invasions, etc. (Article 26), are prescribed for the first time under PRC laws.

Heightened Protection of Critical Information Infrastructure

The CSL, for the first time under PRC law, clearly imposes a series of heighted security obligations for operators of critical information infrastructure (“CII”), including:

  • internal organization, training, data backup and emergency response requirements (Article 34);
  • storage of personal information and other important data must in principle be secured within the PRC territory (Article 37);
  • procurement of network products and services which may affect national security shall pass the security inspection of the relevant authorities (Article 35); and
  • conducting annual assessments of cyber security risks and reporting the result of those assessments and improvement measures to the relevant authority (Article 38).

Protection of Personal Information

The CSL reiterates the obligations of network operators regarding the protection of personal information which appear across existing laws and regulations, including the mandate to observe the principle of lawfulness, necessity and appropriateness in the collection and use of personal information and to observe “the notification and consent requirements” (Article 41), to use personal information only for the purpose agreed upon by the relevant individual (Article 41), to adopt security protection measures for personal information (Article 42), and to protect the individual’s right to access and correct personal information (Article 43).  In addition, the CSL also incorporates some new rules on personal information protection, including data breach notification requirements (Article 42), and data anonymization as an exception for notification and consent requirements (Article 42), and the individual’s right to request the network operators make corrections to or delete their personal information in case the information is wrong or used beyond the agreed purpose (Article 43).

Practical Impacts

The CSL is the first law in the PRC specially focused on cyber security matters. When the CSL takes effect on June 1, 2017, internet companies and other industries in China will be subject to stricter and more comprehensive obligations and face more severe punishments for violations.  As an omnibus law on cyber security issues, many provisions of the CSL are still very general and abstract, and the detailed requirements for implementation and enforcement depend on subsequent and more specific implementation regulations as well as the opinion of the relevant authorities. We may expect that the relevant regulatory authorities may promulgate a series of implementation regulations to clarify certain requirements under the CSL, such as the regulations on tiered cyber security protection systems, the specific scope and protection measures of CII, the protection of minors on networks, the mandatory security certification and the test requirements for key network devices and special cyber security products, national security review on the network products and services procured by CII operators, etc.  For example, as for the protection of minors on the internet, the CAC published a draft of Regulations on Protection of Minors Online for public comment last month.

Nearly half a year remains before the formal implementation of the CSL and companies may use this transition period to improve their understanding of the potential impacts of the CSL on their business.  In particular, if companies are deemed operators of CII, the CSL may have a significant impact on its network security framework, procurement of security products, and data storage. Companies may consider whether they need to adjust their business and operation practices in these aforementioned aspects and enhance their cyber security protections so as to ensure fully compliance with the CSL.  Given the specific implementation of the requirements in the CSL are not entirely clear, companies will also need to closely follow any subsequently released regulations and opinions of the relevant governmental authorities.

The views expressed herein are solely those of the author and have not been endorsed, confirmed, or approved by XBMA or any of the editors of XBMA Forum, nor by XBMA’s founders, members, contributors, academic partners, advisory board members, or others. No inference to the contrary should be drawn.

Subscribe to Newsletter

Enter your Email

Preview Newsletter