In June, the Director of the SEC’s Division of Corporation Finance provided important but nonbinding guidance on the factors that are likely to be reviewed when determining whether a digital asset, such as a utility token, may be deemed a security. Ever since the DAO report issued in July 2017, the SEC has showed a slow evolution on its views on the approaches taken by some crypto and digital asset industry participants that have attempted to structure digital assets so that they are not securities in sales. In the DAO report, the SEC first officially applied the “Howey Test,” a test from a 1946 Supreme Court case regarding the sale of orange grove plots that to this day continues to be the primary guidance for when an instrument is an “investment contract” and thus a security. The Howey Test, generally, requires (i) an investment of money (which need not be in the form of cash), (ii) a reasonable expectation of profits, that are (iii) derived from the managerial efforts of others.
As noted by Director Hinman in his remarks, these are still the “early days” of crypto, but with this latest guidance, the SEC has provided more clarity around securities law compliant digital asset sales. That said, his guidance leaves a lot of questions unanswered. Hopefully, over time ambiguities will become clear as more no-action letters and other informal guidance are released. Until then, Director Hinman’s remarks can help us understand how the SEC will fit digital assets into its current framework, particularly since there have been public statements that the SEC has no intention of making new regulations tailored to these instruments. Certain key takeaways from this speech are as follows:
Digital assets that represent a set of rights giving the holder a financial interest in an enterprise likely are subject to US securities laws.
Referring to the digital asset as a “coin” or “token” will not impact the analysis regarding whether the digital asset is a security. Just because you patent a method as a currency, it doesn’t mean it’s a currency for securities law purposes—instead the economic substance governs. Although a digital asset may begin its life as a security, it may change character over time. For instance, a cryptocurrency that starts its life as a currency could subsequently become a commodity, particularly if the purchasers are not making an investment in the development of an enterprise. A digital asset that is (i) initially offered in a securities offering and is no longer connected to an investment in a central enterprise or (ii) is later sold only to be used to purchase goods or services available through the digital asset’s network might possibly lose its character as a security.
A number of factual circumstances surrounding the sale or offering of a digital asset will be important to the analysis under the Howey Test regarding whether the digital asset is a security:
Passivity of purchasers. It is more likely to be a security if purchasers are passive in nature and rely on the efforts of others to increase the value of the purchased digital asset.
Marketing efforts. It is more likely to be a security when the issuer solicits many types of investors, regardless of whether they intend to use the digital asset for its intended purposes or to resell it for a profit.
Network maturity. It is more likely to be a security if the digital asset is being sold at a time when the platform on which it will be used is largely undeveloped, as it looks more like a bet on the success of the enterprise through efforts of others than the purchase of something used to exchange for goods or services.
Network decentralization. It is less likely to be a security if the network is sufficiently decentralized, for instance where a person or group is no longer carrying out essential managerial or entrepreneurial efforts.
Central to determining whether a digital asset is a security is how the digital asset is being sold and what the purchaser expects when making the decision to purchase the digital asset.
While an asset may not be a security under certain circumstances—like if it is mined. Under different circumstances the same asset may be a security—like if it is sold to non-users for the purpose of developing an enterprise, by a person or coordinated group (including unincorporated organizations) where the value of the asset may be dependent on the success of the enterprise.
Bitcoin and Ether are sufficiently decentralized such that no central third party exists whose efforts are key determining factors in the enterprise, and therefore, the sale and resale of Bitcoin and Ether are not securities transactions.
That said, a cryptocurrency that isn’t a security could be packaged in a way that makes it a security. For example, if Bitcoin were placed in a fund or trust and interests in the fund or trust were sold, the interests would be a security even though the asset in the fund or trust is not. Further, a factor in determining whether a cryptocurrency might be a security is whether applying the disclosure regime of federal securities laws would add value to investors. It also appears based on this factor that a mined cryptocurrency would be less likely to be a digital asset.
Certain other factors will be considered, on a non-exclusive basis, in determining whether a digital asset is a security:
Did someone sponsor or propose the creation or sale of the digital asset where the efforts of others play a significant role in the development and maintenance of the asset and its potential increase in value?
Has the sponsor retained a stake in the digital asset so it can benefit from an increase in value?
Has the promoter raised more than it needs to establish a functional network, and, if so, has it disclosed the use of proceeds? Will the promoter continue to expend funds from proceeds or operations to enhance the functionality and/or value of the system within which the tokens operate?
Are purchasers seeking a return?
Would the application of the Securities Act provide additional protection to investors, and does that make sense?
Do persons or entities other than the promoter exercise governance rights or meaningful influence, or is governance based solely on consensus?
So how does this affect private equity and venture capital? The lack of specificity, and lack of knowledge on how much weight the SEC would provide to each of these factors, create a lot of uncertainty. Questions abound when looking at this guidance from an investment fund’s perspective:
If I manage or invest in a fund that invests in crypto assets, how can I be sure that the assets in which I invest are securities, commodities, currencies, or something else?
Securities, commodities, and currencies are subject to completely different regulatory regimes. Securities are governed by federal securities laws, SEC rules, and state Blue Sky laws. Commodities are governed by the Commodity Exchange Act and the rules of the CFTC, and additional local laws in some states. Currencies that are not federally issued currencies are still subject to state money transmitter laws. Navigating through this morass can be a daunting task. Furthermore, it’s still not clear whether a virtual asset could be both a security and a commodity at the same time, like certain types of swaps.
If you’re a venture capital firm, do you need to revisit agreements from prior rounds to ensure the portfolio company can’t have an initial coin offering without your consent or complying with pre-emptive rights?
While the latest round of NVCA forms contemplates digital assets, many older forms do not, and oftentimes there are only protective provisions with respect to the issuance of equity securities. Even if these rights are limited to securities, the SEC has left the door open for the issuance of certain types of utility tokens that might not be securities. While virtual assets generally don’t have an immediately dilutive effect, there may be significant effects on revenue streams down the line, and it might make it more difficult to exit the investment.
Are digital assets equity securities?
While most securities practitioners have long agreed that the Howey Test would determine whether a digital asset is a security, there’s no consensus on how to determine whether a security is an equity security or some other kind of security. This may add uncertainty to investors that do want a portfolio company to ICO, and if the securities are equity securities, registration under the Securities Exchange Act would be required, and thus the issuer would need to file burdensome periodic reports such as 10-Ks and proxy statements if there are more than 2,000 holders or more than 500 holders who aren’t themselves accredited investors.
Are you subject to limitations on compensation for developers, and can an instrument be both a security in the hands of some people and not a security in the hands of others?
A key component of the Howey Test is that the profits would come solely through the efforts of others. If you’re actually developing and inventing the security yourself and working on the development of the platform on which the token will be used, is it still a security in the hands of that developer? If it is, then issuers would still likely be confined by Rule 701 under the Securities Act, which may be very difficult to monitor since the coins can’t be granted, and the price can’t be determined, until after they exist.
Will a coin be a security when used in substitution for cash for an already-existing product and there’s already enough cash to incorporate the additional technology?
Some existing products and services are incorporating blockchain into their products and services, and having a blockchain nexus can make an ICO attractive as a bridge or pre-IPO round, or can help give the investor additional upside if it can exercise a right of first offer. Can the coin no longer be a security if it has a specific purpose and the point of the capital raise is to expand an existing offering rather than to create one?
What if a physical or software product is pre-loaded with a token and the token is required to use the product?
In this instance, a token may look a lot more like a license for use, but if there’s an ability to trade that token it might be an investment contract under the Howey Test, even if the end user has no intent to transfer the token because they want to continue using the product.
Does it make sense to move a capital raise offshore rather than to keep it in the U.S.?
If an ICO is solely outside of the United States (or some type of restricted instrument is sold in a Regulation D offering in the U.S. and the non-U.S. sale is compliant with Regulation S pertaining to offshore offerings) and the issuer is a non-U.S. subsidiary of the portfolio company, there still is the potential to ICO without significant U.S. regulation. That said, issuing instruments in foreign jurisdictions might create a number of regulatory issues for the portfolio company.
How will this guidance be applied at the state level?
Not every state has adopted the Howey Test. Thus, even if a virtual asset is not a security at the federal level, it still might be one at the state level, which could complicate the ability of issuers to sell in certain states.
Generally, Director Hinman’s remarks suggest a fairly major step forward in the SEC’s thinking regarding the regulation of virtual assets. The SEC has recently made a point of being more transparent than under prior administrations, but there are still significant questions left to be answered. While it is a very positive step that there is guidance that might help limit the securities laws’ recent chilling effect on token offerings and blockchain innovation in the U.S. markets, there is still a lot of uncertainty, which is something most fund managers are looking to mitigate.
The Securities and Exchange Commission (“SEC”) recently updated and expanded its guidance to public companies on cybersecurity risks and incidents in its "Commission Statement and Guidance on Public Company Cybersecurity Disclosures" (the “2018 Guidance”). The 2018 Guidance represents a broad recognition of the critical role that cybersecurity plays in the health of companies and the stability of markets.
“There is no doubt that the cybersecurity landscape and the risks associated with it continue to evolve,” said a statement released by SEC Chairman Jay Clayton. “Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion.”
To support this effort, the SEC has created a cybersecurity website with helpful alerts and bulletins, compliance toolkits, and educational resources. In addition, the SEC has constituted a Cyber Unit charged with targeting a wide range of cyber-related misconduct, such as market manipulation through the spread of false information, hacking, and intrusions and attacks on trading platforms and market infrastructure.
While a private company can be reassured that a member of the Cyber Unit will not show up at its door, the 2018 Guidance offers useful insights about the evolving risks in the digital marketplace, as well as effective controls and procedures to manage these risks—all of which can inform a private company that must navigate similar pitfalls in the modern e-commerce environment. Cybersecurity is, as the SEC’s website states, “a responsibility of every market participant.”
To that end, the following are some key takeaways for private companies from the 2018 Guidance:
- Disclosure is key. It is critical for companies to take appropriate action to inform investors about material cybersecurity risks and incidents in a timely fashion. Indeed, the SEC goes so far as to advise that a company may be obligated to make a disclosure even if it has not been the target of a cyberattack, but is merely subject to material cybersecurity risks.
Throughout the 2018 Guidance, the SEC stresses the importance of disclosure of all of the material facts of material cybersecurity risks and incidents. But, a company may ask, what is “material”?
- With regard to the materiality of facts, public companies follow the guideline disclosing facts that are required or necessary to make the disclosure and the statements therein not misleading. A company should disclose information if there is “a substantial likelihood that a reasonable investor would consider the information important in making an investment decision or that disclosure of the omitted information would have been viewed by the reasonable investor as having significantly altered the total mix of information available.” Measuring information to be disclosed against these standards will help a company avoid making a selective or partial disclosure.
- With regard to the materiality of cybersecurity risks and incidents, a company should generally weigh the nature, extent and potential magnitude of the risk or incident—particularly as they relate to the compromised information or the business and scope of company operations. The range of harm—including harm to the company’s reputation, financial performance, and customer and vendor relationships—as well as the possibility of litigation or regulatory investigations or actions—is also an important indicator of materiality.
- Bearing this in mind, a company might feel obligated to issue a tell-all statement to be sure to give a full disclosure. However, the 2018 Guidance clarifies that companies are not required to issue a “road-map” disclosure that might compromise cybersecurity efforts. Even so, while a company is not required to disclose so much information that it makes itself more vulnerable to a cyberattack, a company must be sure to disclose the risks and incidents that are material to investors, including the concomitant financial, legal or reputational consequences.
- Policies and procedures are must-haves. Disclosure controls and procedures are crucial to a company’s ability to discern the impact of cybersecurity risks and incidents, and to take appropriate action in a timely fashion.
- Effective controls and procedures should enable a company to identify cybersecurity risk and incidents, assess and analyze their impact and significance, provide for open communication with technical experts, and allow for timely disclosures. These procedures should include a protocol to determine the potential materiality of such risks and incidents.
- Companies should assess their compliance with these policies regularly, as well as assess whether they have sufficient disclosure controls and procedures to ensure that relevant information makes its way to appropriate personnel, including senior management.
- Management must be involved. A company’s directors, officers, and others responsible for developing and overseeing the controls and procedures must be informed about actual and potential cybersecurity risks and incidents in order to effectively develop and institute disclosure controls and procedures. Management has to remain informed of and engaged in cybersecurity efforts.
Ultimate responsibility, however, does not fall solely on management. The 2018 Guidance states that a company’s governing body (such as a board of directors) is also responsible for overseeing management of cybersecurity risk and engaging with management on cybersecurity issues.
- Companies must protect against cybersecurity-based insider trading. Knowledge regarding a significant cybersecurity incident may constitute material nonpublic information. Companies need to have policies and procedures in place to guard against insiders taking advantage of the period between discovery of a cybersecurity incident and disclosure to other investors.
Companies should consider how their code of ethics or conflict of interest policies take into account and prevent transfers of company securities on the basis of material nonpublic information related to cybersecurity risks and incidents. Furthermore, companies should specifically consider whether it would be appropriate to restrict transfers during an ongoing investigation of a cybersecurity incident.
Effective cyber governance is becoming an essential component of a well-managed business. While the 2018 Guidance from the SEC is aimed at public companies, it is also a useful tool for private companies to assess their cybersecurity protections and protocols to ensure that they are taking every reasonable step possible to adequately guard against, yet be prepared for, cybersecurity risks and incidents. After all, public and private companies face many of the same challenges when it comes to adapting to the evolving risks of an increasingly digital world. Private companies would do well to take note of the standards set for their public peers as they forge their own paths forward, grow the size and complexity of their businesses, and look for useful resources on how to deal with information security issues in the digital age.
As interest in emerging companies continues to rise, especially in up-and-coming tech companies, entrepreneurs and investors are coming up with new ways to structure their investments. Two such options are a convertible promissory note and a simple agreement for future equity (SAFEs).
A convertible promissory note is a debt obligation in which the company borrows money from an investor in exchange for a promise of repayment and an option to convert the outstanding principal into equity of the company upon some triggering event. Notes have a maturity date and bear interest. For earlier stage companies in particular, there should be little negotiation of the terms. They are quick, fairly simple and familiar to investors.
A SAFE is an agreement by the company to give an investor a future equity stake in the company if—and only if—certain trigger events occur. It is not a debt instrument; it does not have a maturity date, and it does not bear interest. It is also not an equity stake; unless and until a triggering event occurs, the investor is entitled to nothing. There are very few negotiated terms. The SAFE was designed to be quicker and simpler than notes, but they can be unfamiliar to investors.
The development and implementation of the documents cost about the same, although the SAFE may be slightly less expensive in that there is no need to re-negotiate a maturity date, as there may be if a company reaches the maturity date of its notes and is not ready to repay or convert.
Companies may prefer a SAFE because they find it more approachable and it puts more risk on the investor. Essentially, there is no need to repay if a triggering event does not occur.
However, investors are often resistant to the SAFE. Investors are more familiar with notes, a very popular instrument for seed investments. Because the value of the company is not assessed in connection with the SAFE, there is often confusion over the impact of the SAFE on the percentage of equity that the founders and the investors may eventually own, particularly when there are multiple rounds of SAFEs or different investors insist on tweaking the terms. Investors lose out on interest, cannot hold the company to a deadline and have no guarantee of repayment or ownership. SAFEs do not offer the same bankruptcy protection as notes. Finally, market participants are unsure about the proper tax treatment of SAFEs.
While industry participants should consider their options and select the best form of investment for the business in issue, the costs of a SAFE are often outweighed by its benefits, and we are likely to see the popularity of convertible promissory notes to remain steadfast.
On February 8, 2018, the Los Angeles office of Nixon Peabody LLP hosted a Hot Topics in the Middle Market event entitled Private Equity Outlook: What is Next for Investing in Health Care. NP partners Stephen Reil, Jill Gordon, and Matt Grazier moderated a discussion featuring the following speakers:
- Len Anderson, Managing Director, LHA Capital Partners
- Jonathan Bluth, Sr. Vice President & Head of the Healthcare Group, Intrepid Investment Bankers
- Steven Shill, Partner/National Leader, BDO Center for Healthcare Excellence & Innovation
- Srin Vishwanath, CEO and Co-Founder, GreenWave Health Technologies
A summary of the panelists’ observations on the current state of the health care industry and investment opportunities is as follows:
Trends and Opportunities: In today’s health care market, private equity investors increasingly have the option to invest in patient-centric, cash-pay companies rather than providers that primarily rely on government and third party reimbursement models. The panelists agreed that behavioral health, including the areas of addiction, autism, and other mental disorders, represents a new frontier in the health care industry and has become increasingly viewed as an exciting area of investment. Growth in the behavioral health industry is being driven by an increasing awareness of, and a lessening of the historical stigmas associated with, mental health issues. Coupled with the sense of urgency that often accompanies patients seeking behavioral health treatment (who are increasingly connected to behavioral health communities via the internet and social media), the industry has transformed into a high cash pay, high volume and high growth sector. In addition, the panel recognized that there has been a stratification of the behavioral health field, with certain areas migrating toward in-network coverage while others remain out-of-network and primarily cash-pay. This has created a dichotomy in the sector which presents opportunities for investors. Going forward the question of whether behavioral health will be able to demonstrate patient outcomes and value will remain the critical questions for the industry and its investors. Finally, the rise of digital health has led to an explosion of international investment and medical tourism, with international investors, often from China, exporting diagnostic and digital medicine models to their home countries.
Dedicated Health Care Funds: The panel discussed the recent rise of health care specific private equity funds that not only have a high level of understanding of the field’s regulatory concerns, but also strong relationships with regulatory agencies. In the past, less-sophisticated investors have had difficulty understanding health care business valuations and deal structures due to an inability to economically quantify the industry’s risks. Now, industry savvy investors are differentiating themselves through depth of reach and connectivity. Coupled with their newfound regulatory expertise, many health care-centric private equity investors are able to not only identify appropriate targets and close deals but, post-closing, they are able to fundamentally change the growth trajectory of the target business and drive the value needle.
Digital Apps and Devices: There was general consensus among the panelists that investors are increasingly looking outside of the four walls of the hospital to alternative investment opportunities in patient-centric care. Specifically, ancillary services have become a primary area of focus as a way to identify and eliminate adverse events, and ultimately as a means to reduce the overall costs of care. In particular, investment in companies providing health services digitally through digital apps and devices and through telehealth and telemedicine (the panel used the example of rural hospitals accessing physician specialists through web and phone conferencing applications). These companies are disrupting the industry, blurring the lines of how and where care is provided and effecting how providers are paid. This growing portfolio of health care / technology hybrids has created ample opportunity for private equity investors looking for targets and, ultimately, returns.
For how long have you read articles about industry waking up to the importance of cybersecurity as high-profile data breaches continue to make headlines and cost companies millions? The reputational and bottom line consequences of a security incident are by now well understood. What appears to be less clear to many executives is how to leverage insurance to mitigate potential impacts of cyber-related threats. This blind spot is likely to change in the months and years ahead as the cyber liability insurance market grows, matures and takes on a more prominent role in corporate risk mitigation strategy as well as in deal negotiations.
What is cyber liability insurance?
First-party coverage is intended to cover costs incurred by a company when responding to a cybersecurity incident, such as:
• Third-party expert fees (e.g., forensic specialists to identify root causes and vulnerabilities, crisis management, public relations)
• Legal costs related to compliance with post-breach regulatory requirements (e.g., notification to affected individuals and states’ attorneys general)
• Credit monitoring and identity theft protection services for affected individuals as required by certain state and federal laws
• Data recovery and hardware/network repair
Third-party coverage is used to mitigate costs associated with litigation and regulatory penalties resulting from a cybersecurity incident.
Some insurers also offer custom add-ons for companies susceptible to large or concentrated losses due to their unique business needs, such as coverage for:
• Business interruption
• Cyber extortion and terrorism
• Network security
• Lost or stolen data, laptops or other technology assets
The range of potential costs is staggering and for now remains difficult to quantify. As a result, there is still a good deal of variation across cyber liability products when compared to more traditional forms of commercial insurance. Companies can be selective when structuring their policy in order to manage their premium, but also need to make sure that the nature of their coverage is appropriate and that limits will provide adequate protection.
Who offers cyber liability insurance and what does it cost?
The cyber liability insurance market remains highly concentrated. According to reports by Fitch Ratings and A.M. Best
, the top 15 carriers controlled nearly 83% of the cyber market by the end of 2016, and American International Group, XL Group and Chubb alone wrote roughly 40% of cyber policies by the close of that year. Other prominent carriers
in the market are Travelers, Beazley, CNA, Liberty Mutual, BCS Insurance, AXIS Insurance Group and Allied World.
While the cyber liability insurance pool remains relatively small—only $1.35 billion in direct written premium was written in 2016
—there are many indicators that the market is growing. By the end of 2015 more than 130 insurance organizations had entered the market, and since that time the amount of direct written premium for cyber policies has been increasing year-over-year. Additionally, insurers are increasingly writing stand-alone cyber liability policies. In fact, more than two-thirds of cyber coverage
was written on a stand-alone basis during 2016. This trend is encouraging as it will allow insurers to refine actuarial modeling and stabilize pricing for many of their cyber products.
But presently, cyber liability insurance remains expensive. Industry commentators
surveying businesses about their coverage costs report that premiums range from $1,000 to $80,000. Of course, the amount of premium paid by a specific company will depend on a host of factors, including its risk profile, the scope of coverage selected and coverage limits for the policy. By way of example, the annual premium reported for a high risk SaaS provider was nearly $30,000 for a $10 million coverage limit, while a lower risk thermostat installation company paid only $8,000 for a $5 million policy. One industry commentator
suggests that businesses should expect to pay between $5,000 to $50,000 a year for policies offering $1–10 million in cyber-related coverage.
Is there a role for cyber liability insurance in connection with transactions?
Absolutely. Cybersecurity concerns identified in due diligence can erode a company’s valuation, and worse, a data breach during an ongoing deal process can significantly derail a transaction. Not long ago, Yahoo was forced to renegotiate terms with Verizon after reporting its data breaches and lost approximately $350 million in deal value
as a result.
Frequently, when obtaining cyber liability coverage, a company will upgrade security assets, audit IT procedures and update or create IT security policies in order to reduce its premium. A client preparing for a sale process might consider undertaking these steps in any event to appear more attractive to buyers, and securing cyber liability insurance can be an effective way to signal to prospective acquirers that the seller has a strong cybersecurity program in place.
During deal negotiations it might also be useful to consider using cyber liability insurance as a risk allocation tool where the parties are otherwise struggling to address cyber-related threats with representations and warranties or special indemnities.
One economic research organization recently estimated
that only 20–35% of U.S. companies have purchased a cyber liability policy, so there should be ample opportunities to have a discussion with your client about the possibility of obtaining coverage.
On May 3, 2017, Nixon Peabody LLP hosted a Hot Topics in the Middle Market event entitled Private Equity Investing Outlook: What is Next for Investing in Health Care in its Manchester office. NP partners Andrew Share and Allan Cohen moderated a discussion featuring the following speakers:
- Charles L. Anderson, MD, Co-Founder and Principal, Exaltare Capital Partners
- Gray Chynoweth, Advanced Regenerative Manufacturing Institute
- Troy Dayon, Senior Director, Marketing, Medtronic Advanced Energy
- Daniel Head, Senior Vice President, Corporate Advisory & Banking, Brown Brothers Harriman
A summary of the panelists’ observations on the current state of the health care industry and investment opportunities is as follows:
- Trends and Opportunities: The panelists agreed that, as in many industries, consumers are seeking lower costs and increase transparency in the way services are provided. As a result, services and technologies that drive value for consumers are ripe for investment. Examples of the push for lower cost care are the proliferation of urgent care centers, the number of which increased 10% over 2016. When compared to emergency room visits, urgent care centers can provide services at a lower cost and with quicker access to physicians. Similarly, patients are also turning to ambulatory surgical centers for procedures that once required hospital stays. Advances in technologies have allowed these centers to provide services once only available at hospitals, and at lower costs due to significantly lower overhead expenses.
On the provider side, panelists saw a need for services that decrease waste and the cost of patient care. Services that allow for the sharing of patient data between providers will lead to decreased costs of care. Investment opportunities also exist in companies offering genetic risk profiling, which in many cases allows providers to predict future illnesses, leading to a proactive approach to care.
- Data Sharing: As the value-based healthcare model expands, the need for more accurate patient data increases. Providers will need patient data to report performance metrics to payers in order to demonstrate patient improvement, and payers will require data to justify reimbursements to providers. As a result, data security issues will remain a key issue as data is shared between these parties. Organizations will need to determine the proper allocation of risk in sharing patient data and complying with data security laws. The use of devices and other new (and often unsecure) technologies that collect patient data also complicates things. Working through these issues, however, could lead to lower costs for patients, providers and payers.
- Health Care Reform: The panel agreed that healthcare is often not as patient-centric as it could be. An example provided is the high rate in which patients receive the wrong medication during hospital stays. An anomaly highlighted by the panel is that health care costs per capita in the US are 30% higher than those in Europe, but Americans are no healthier as a result. Bloated costs are often attributed to fraud, abuse and miscoding errors. In light of these issues, the panel agreed that there are a plethora of investment opportunities in patient-centric services in technologies that may lead to reduced costs and waste from a provider perspective.
President Trump recently issued an Executive Order called “Buy American and Hire American,” requiring certain federal agency heads to suggest reforms to the H-1B visa program including how - and to whom - these visas are awarded. (Additional coverage of this development is available here).
H-1B visas are offered to foreign workers who are coming to the United States temporarily to perform services in a “specialty occupation,” and typically require the applicants to have highly specific knowledge and a specialized degree. The White House has asserted that the H-1B program is harmful to Americans because companies routinely pay H-1B workers below-market rates, which makes it more likely that these visa holders will replace similarly qualified American workers.
Reaction to this Executive Order from the business community – and particularly the tech industry – has been cautious. The tech industry, which is the most reliant on the H-1B program, has contended that this order will impede their ability to attract and retain top talent. The industry has asserted that a visa program that favors higher-paid workers will give larger, more established companies an advantage. Silicon Valley leaders have pointed to the large number of employees that are foreign born, arguing that immigration is an economic benefit, not a burden. The industry has also asserted that the H-1B program is essential to their ability to keep foreign high-tech students with unique qualifications in the US after getting their degrees, and that there is a shortage of qualified Americans for these jobs.
Specific implications from this Executive Order remain to be seen, but it is fair to say that those companies that have traditionally benefited from the H-1B program will be paying close attention to the reforms recommended by federal agencies.
The Wall Street Journal recently reported that tech is private equity’s new favorite industry.
This conclusion is based on the fact that buyout firms are increasingly targeting technology companies as stable businesses that could outperform even in a recession. In fact, tech deals account for 46% of all U.S. buyouts so far this year, which is an all-time high since 1995.
While PE firms previously shied away from tech companies because of the staggering pace of technological advances, they have warmed up to the more stable sectors of the industry that general steady revenue, such as corporate software providers. Software businesses are particularly attractive because they have recurring revenue models and strong macro tailwinds and are cycle-resistance.
Tech deals have been the exception to the otherwise slow private equity deal market and recent aversion to megadeals. Indeed, half the last year’s 10 largest buyouts were for multibillion-dollar tech companies, and many more deals are in progress.
Some firms remain gun-shy because of the high prices paid in recent deals and the dangers associated with quickly changing tech trends. However, others are confident that the private equity model of managing cost and engaging in strategic behavior will increase the value of their investments and result in healthy gains in an otherwise reluctant market.
A recent study released last week from West Monroe Partners highlights the continued and increasing focus on data privacy and cyber-security issues in M&A transactions. While the report notes that compliance problems at target companies are the most common cyber-security issue uncovered during the due diligence process, the report also notes that 40% of acquirers had discovered a cyber-security issue after a deal had closed, thus suggesting that there is significant room for improvement on the level of due diligence focus given to cyber-security matters during the pre-closing period.
Taking that a step further, acquirers will want to consider implementing a comprehensive review of a target company’s data privacy matters, rather than merely including one or two "check the box" questions on a due diligence questionnaire. Given the ever changing sophistication of cybercriminals, let alone the fact that many companies provide employees with the ability to access IT systems through non-company owned equipment (ie. telecommuting from home computers and mobile devices), the risk of data being lost, stolen, misdirected or misappropriated is simply unavoidable. Just how quickly acquirers can come to terms with a target’s risks, however, will not only help mitigate data losses, but will also help acquirers quantify the inevitable costs that will be required to be incurred to address issues (which no doubt will affect company valuations and purchase price multiples).
2015 was a record year for M&A activity in the semiconductor sector, with semiconductor companies spending a record $113 billion on acquisitions in 2015. However, 2016 brought a slowdown in the chip space, partially due to digestion of the 2015 acquisitions. With that slowdown in semiconductor mergers, enterprise software transactions have been there to fill the void. For example, recently, Qlik Technologies Inc. agreed to be bought by private equity firm Thoma Bravo LLC for about $3 billion, Salesforce.com announced a $2.8 billion takeover of Demandware Inc., and Vista Equity Partners LLC’s announced a $1.8 billion acquisition of marketing-software firm Marketo Inc.While the cluster of software deals has not risen to the 2015 record level of chip transactions, it is a growing trend of which both strategic and private equity investors should take note. In February, valuations of software companies retreated to the point private equity buyers started expressing interest, which then increased interest in these assets from strategics. This competition, in turn, has led to the best start to enterprise software M&A in five years in terms of deal volume, and is a trend that is likely to continue when analyzing the assets that remain available for both strategic and private equity investors.