December 10, 2015
As we near the end of the calendar year, we take this opportunity to share with you our reflections on some of the key developments which have been in sharp focus of a number of our European financial sponsor clients in the second half of this year.
2014 saw a number of high profile landmark cartel cases involving private equity firms. The European Commission imposed a €302m fine for cartel activities undertaken by a group of high voltage cable power producers of which Goldman Sachs, through a prior portfolio entity, was involved. The Dutch Authority for Consumers and Markets imposed its first financial penalty against a financial sponsor, when it fined two private equity firms for conduct relating to their "decisive influence" over their portfolio company, flour producer Meneba, during their respective periods of ownership between 2001 and 2007.
Most recently, the UK’s Competition & Markets Authority (CMA) delivered a warning to the private equity industry about their compliance obligations. Examples included portfolio companies that engaged in cartel activities prior to their acquisition and retaining liability following and exit for portfolio companies activity during ownership. As seen in the examples above, liability can amount to hundreds of euro millions.
In the wake of these cases, the British Private Equity and Venture Capital Association (BVCA) teamed up with The Institute of Risk Management to produce a short guide on competition law risk for the industry and the advisory community. The BVCA is in dialogue with the CMA on the impact of competition law on portfolio companies and private equity firms and will report back to its membership on developments in this regard.
The desire for enhanced transparency on performance and fees has been a major focus in the industry in the second half of 2015, with fees being charged by private equity funds coming under unprecedented focus and scrutiny by investors and trade bodies this year. Limited Partners (LPs) have been in the press repeatedly this year publicly voicing their concerns.
In August, the California Public Employees Retirement System (CalPERS) said it would start requiring fund managers to disclose how much they are collecting in fees from their portfolio companies (whether by arrangement fees, monitoring agreement fees or otherwise). In the same month the Dutch pension fund manager PGGM stated it would cease to invest in private equity funds that did not provide full disclosure on their fees. The commercial pressure on enhanced disclosure on fees has been given teeth – CalPERS also announced its intention to reduce by half the number of private equity managers it works with. Following in the same path, the New York City Retirement System wrote to 200 investment firms to demand "full transparency" on a range of fees both on a historical and going forward basis and at the end of November, Railpen (one of the UK’s largest pension schemes overseeing circa $32 billion in assets) announced its intention to pull most of the $3 billion it has invested in private equity.
The Institutional Limited Partners Association (ILPA), a global 300+ member organisation committed to advancing the interests of private equity limited partners, launched an initiative to standardise the reporting of private equity managers’ fees. In late October, the ILPA issued a draft reporting template for fees as part of this Fee Transparency Initiative which, once finalised, will become part of the ILPA’s Private Equity Principles. The current 2011 version of these principles have been endorsed by over 200 firms. The proposed fee reporting template includes greater detail on fees, expenses and incentive compensation paid to GPs and their affiliates. GPs will be required to disclose specific fees received from portfolio companies and to report on how much of those fees were passed on to investors via reduced management fees. The draft recommendations proposed by the ILPA are broader than its original stated and also include recommendations to third parties such as administrators, auditors, consultants and lawyers and ensuring compliance with funds governing documents in pursuit of formal best practice standards in compliance, fees and expense reporting. Feedback on the draft reporting template is requested by 11 December and the final guidance is expected by 29 January 2016.
Invest Europe (the European private equity trade body with over 200 members) published on 24 November, an updated version of its Professional Standards Handbook. The Handbook, incorporating updated Reporting Guidelines for investors, encourages GPs to publish clear disclosures about carried interest that is earned and distributed, specific fees that are charged to their investors and fees charged to their portfolio companies. All fees and benefits paid directly or indirectly by portfolio companies to the PE firm (or its affiliates) should also be disclosed. The updated guidelines also encouraged managers to provide information on environmental, social and governance (ESG) issues and responsible investment.
As we have just seen fees charged by private equity funds has come under scrutiny by regulators both in Europe and the United States.
In the United States, the SEC started to apply greater scrutiny and pressure on private equity firms from October 2012 when it announced an initiative to examine newly registered investment advisors to be conducted over a two-year period. The series of initial examinations was designed to establish the SEC’s "presence" within the PE industry and particular risks and issues typically faced by managers and funds including fund marketing and client communications, allocation of fees, expenses and payments, security of assets and asset valuation practices. In 2014, the SEC created a special unit within its Office of Compliance Inspections and Examinations (OCIE) to lead these so-called "presence examinations". By May 2014, the SEC reported that the OCIE’s investigations revealed that, in more than 50% of cases looked at, there were "violations of law" or "material weaknesses in controls" regarding fees and expenses. In the wake of these findings, the SEC has taken enforcement action against fund managers and individual offices.
In June, a private equity firm reached a settlement with the SEC concerning the allocation of certain "broken deal" expenses to its flagship private equity funds. In October, another global private equity firm agreed to pay nearly $39 million in settlement monies arising out of alleged failure to inform investors about the benefits that the firm obtained from accelerated monitoring fees and discounts on legal fees. In November, Fenway Partners also agreed a settlement amount with the SEC with respect to disclosure to client and investors about transactions involving payments out of funds’ assets/portfolio companies to an affiliated entity and to former employees at the firm. The SEC also issued an administrative order relating to an enforcement action alleging misallocation of fees and expenses by private fund adviser Cherokee Investment Partners in November.
Impact for PE Firms Globally – The SEC’s Broader Focus
Whilst some industry participants may be forgiven for thinking that these cases and the investigation and enforcement trends are limited to US registered investment advisers, in fact, the impact of these actions and trends is broader in nature. The results in the recent fee-related cases noted above (which in each case was neither "admitted nor denied" by the firms involved) have hit the radar screen of investors and LPs globally for a number of reasons.
First, these cases will clearly be relevant to all SEC registered investment advisers (even with respect to the marketing of non-US funds and/or to non-US investors) but are also of relevance to non-US managers whose businesses have a US nexus (e.g. those involved in marketing a US domiciled fund and/or marketing funds to US investors) as the SEC will have jurisdiction in these cases as well.
Secondly, as the SEC flagged towards the end of 2014, it did not intend to limit its investigations to the five issues of emphasis in its initial presence exams but will instead examine a broad spectrum of compliance issues relating to PE firms and their internal controls. This is expected to be accompanied by more detailed and specific attention being given to PE firm’s international operations, dealings with SWFs and oversight of portfolio companies with material international operations. As we will see below, this already has had an impact in the area of sanctions and anti-corruption compliance.
Increasingly aggressive sanctions enforcement actions are being taken by regulatory bodies across the globe. In the US, recent actions have spanned across a diverse range of industries from oil services companies to financial institutions to online payment processors and fines have varied from under $1 million to over $150 million. In 2014, the UK’s Financial Conduct Authority (FCA) commenced an investigation against two banks regarding sanctions risks and earlier this year issued various public promises on its commitment to cracking down on sanctions violations. In line with this enhanced rigour, the UK Government announced in its summer budget the establishment of a new Office of Financial Sanctions Implementation which is set to launch in 2016.
New Areas in Scope – Cyber
In addition to the challenging jurisdictions of Iran, Russia and Cuba, in April of this year, a new executive Order was published by the US flagging a brand new "cyber-sanction" programme. This new programme is aimed at targeting significant malicious cyber-enabled activities with a view to listing persons of their activities had the purpose or effect of harming computer services, compromising services and critical infrastructure or causing misappropriation of funds, trade secrets or personal information.
Sanctions: Do your Funds or Portfolio Companies Deal With Sanctioned Customers or Suppliers?
First, it is important to note that the large number of enforcement agencies involved in the ever-growing number of blacklisted entities increase the likelihood of firms inadvertently engaging with sanctioned parties. A company that even accidentally engages with blacklisted parties can face reputational damage and potential several and criminal liability for itself and its officers. The impact of the US sanction regime is wide-ranging and severe. Parties sanctioned by the United States cover over 155 jurisdictions. Private equity firms need to remember that even non-US portfolio companies are required to comply with US sanctions if the firm or fund seem to control the management of the portfolio company.
It is essential therefore to ensure that any sanctions compliance programme also covers, where appropriate, non-US portfolio entities.
In this ever-changing landscape of global sanctions, laws, regulations and enforcement trends, due diligence is more important than ever. Pre-emptive sanctions-related due diligence alongside corruption, money laundering and other regulatory violations should be considered when new investment opportunities are add-on acquisitions are under contemplation. A key understanding of ownership structures of counterparties is also essential – under both US and EU sanctions regimes, prohibitions and restrictions apply not only to, for example, Russian companies and persons but also in many cases to entities that may be owned or controlled by such sanctioned persons. "Know your counterparty" takes on a new meaning in this context.
Private equity firms, as with other global corporations need to have a keen focus on effect compliance programmes, training and oversight. Risk-based sanctions compliance programmes, effective training on due diligence for new investment opportunities and investors and where appropriate requirements on portfolio companies to implement compliance programmes are some of the recommendations that we have been actively discussing with our clients.
In early 2015, the New York Post reported that while examining allegedly hidden fee practices during the "presence exams" SEC examiners identified possible Foreign Corrupt Practices Act (FCPA) violations and referred these for further investigation by the SEC’s Enforcement Division. It was only a matter of time for the SEC’s focus to shift from its initial areas of focus of the so-called "presence" exams to a wider focus on anti-corruption compliance within the financial industry more generally.
For European private equity firms it is of particular note that eight of the top ten monetary settlements ever imposed under the FCPA, related to non-US companies. Closer to home, the UK’s Serious Fraud Office have refreshed their public commitment of bringing effective enforcement actions under the new bribery legislation. The UK’s FCA has also been active in this area and whilst it is not the designated prosecutor under the Bribery Act 2010, the FCA has a range of disciplinary and enforcement powers available to it to use against firms that have breached its principals and rules, including those relating to bribery and corruption.
Last year for example, we saw the actions taken against Besso Limited (a Lloyds general insurance broker) for failure to take reasonable care to establish and maintain effective systems and controls for countering the risk of bribery and corruption. It is expected that further enforcement actions of this nature will be coming to light in the near future.
Reminder of the scope of US and UK Anti-bribery and Anti-Corruption Legislation
We have previously reported on the impact and the importance of understanding the scope of US anti-corruption legislation which can apply to non-US companies and citizens for conduct outside of the United States. Both the UK Bribery Act 2010 (Bribery Act) and US Foreign Corrupt Practices Act of 1977 have broadly similar territorial scope. Under US laws, parent companies are responsible for ensuring compliance with the FCPA of any overseas subsidiaries in which they own a controlling stake, one which they have a sufficient degree of control. This can clearly impact portfolio companies of funds in which such stakes or control exist. Under the Bribery Act, "relevant commercial organisations" may include foreign entities that do business in the UK and also "associated persons" wherever based worldwide, may be held responsible for breaches of the UK bribery laws.
For private equity firms, when considering compliance with sanctions regime and money laundering regulations, it is essential that the same level of care and diligence is also directed at bribery and corruption compliance both at new capital raising stages and with respect to portfolio companies and their substantive activities. It is key to ensure that firms and all their associated persons are aware of the relevant rules and regulations, that thorough due diligence is being undertaken with respect to possible acquisition targets and for managers themselves that effective systems and controls are in place to comply with the relevant regulatory regime.
The EU Data Protection Directive (DPD) only permits transfers from the EU to territories outside the EEA if adequate protection is ensure for that data in the territory to which it is transferred. The DPD provides that the European Commission may find that a third county ensures that an adequate level of data protection through its domestic laws or international commitments it has entered into. In July 2000, the European Commission issued a decision that it considered under the so-called "Safe Harbour Principles", the United States ensures an adequate level of protection and accordingly, transfers of personal data from the EEA to US undertakings who self-certify adherence to these principles would satisfy the DPD provisions.
In October 2015, the European Court of Justice made a ruling concerning the transfer of information from a US corporate’s Irish subsidiary to servers located in the United States, following a complaint by Austrian student M Schrems to the Irish Data Protection Commission (the Schrems Decision). The effect of the ruling is to declare invalid the European Commission’s decision on the efficacy of the US Safe Harbour Principles and hence impact the validity of historical transfers of data from the EU to the US which have relied upon the Safe Harbour as the bases of a lawful transfer of data.
Impact on PE Firms & Actions to Take
PE firms need to consider the impact of the decision in respect of their own operations and that of their portfolio companies firstly by asking themselves, where is data stored and transmitted and how is it used? In undertaking new acquisitions, due diligence on the same issues will be important in assessing the risk of prima facie violation of applicable EU rules on data transfers. Firms should not assume that there is no-US nexus particularly where cloud-based services are utilised as many of these are US-based. If data is sent from the EU to the United States, has this been reliant upon the self-certification regime?
If so, managers need to start to actively consider the viability of other bases of lawful transfer of data to the US. Both the ‘Article 29 Working Group‘ and the European Commission recently issued guidance on alternative bases for transfers of personal data such as embodying standard contractual clauses (SCCs) or Binding Corporate Rules (BCRs). There are also a series of derogations under the DPD which may be available including where the data subject has unambiguously given their consent to the proposed transfer or where the transfer is necessary for the performance of a contract between the data subject and controller. It is generally recognised however that in many cases, these alternative bases of transfer may in practice prove practicably difficult to implement the carry risks.
The huge upset in the data protection landscape arising out of the Schrems Decision was given immediate attention by all relevant regulators and authorities on both sides of the Atlantic. Pressure has been applied by the Article 29 Working Group who is pushing for a solution (possibly in the form of new valid safe harbour agreement between the EU and the US) by end January 2016. There are some who are hopeful in the emergence of new safe harbour agreement given the weight of political and corporate pressure that has resulted but others who are sceptical (due to the fundamentally different protections under US law couple with the powers of the National Security Agency). Whatever the outcome of the initiative being spear-headed by the Article 29 Working Group, what is clear is that firms need to start undertaking the diligence/ assessment outlined above with a view to be being ready to implement new/ additional measures and/or amending existing compliance strategies to comply with the DPD. What is more, indications from Europe are that once the Commission has "settled" the US position, the adequacy of other third party data protection measures will be coming under scrutiny – so watch this space. Data privacy and security at all levels is very much on the top of the agenda of European regulators – just this week, the three main EU institutions reached political agreement on Europe’s first cyber-security rules which, if implemented, will require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services like search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities or face sanctions for breach.
 G Rasmussen in discussion with ALT Assets (21 July 2015) – https://www.altassets.net/private-equity-news/by-region/europe-by-region/uks-competition-watchdog-in-reminder-to-pe-firms-about-their-compliance-obligations.html
 Competition Law Risk – A Short Guide http://www.bvca.co.uk/Portals/0/library/Files/StandardIndustryDocuments/CMA_Risk_Guide.pdf
 Preqin Investor Outlook: Alternative Assets H2 2015 – https://www.preqin.com/popupdownload.aspx?url=http://www.preqin.com/docs/reports/Preqin-Investor-Outlook-Alternative-Assets-H2-2015.pdf
 For a recent webcast overview by Gibson Dunn lawyers of developments in global sanctions rules and enforcement, click here – http://www.gibsondunn.com/wp-content/uploads/documents/publications/WebcastSlides-The-New-Era-of-Fluid-Global-Sanctions-10.21.15.pdf
 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such
 Commission Decision 2000/520/EC of 20 July 2000
 Safe Harbour Privacy Principles and Accompanying Frequently Asked Questions issued by the Department of Commerce of the United States, enforceable by the U.S. Federal Trade Commission
 Maximillian Schrems v Data Protection Commissioner (Case C-362/14)
 The independent advisory body comprising representatives of all EU member state national data protection authorities and the European Data Protection Supervisor
 Communication from the Commission to the European Parliament and the Council on the Transfer of Personal Data from the EU to the United States of America under Directive 95/46/EC following the Judgement by the Court of Justice in Case C-362/14 (Schrems)
 NB: See the Guidance from European Commission referenced above for a discussion of some of these limitations and challenges including the strict application of the derogations
 For further information on the agreement reached between the European Parliament, Council and Commission on 8 December 2015 on the Network and Information Services Directive – http://europa.eu/rapid/press-release_IP-15-6270_en.htm
Should you have any questions relating to this article or the matters mentioned, please feel free to contact the author of this article, Selina Sagayam, the Gibson Dunn lawyer with whom you normally work, or one of the lawyers listed below. We would be pleased to assist you.
Charlie Geffen – Chair, London Corporate (+44 (0) 20 7071 4225, email@example.com)
Mark Sperotto – London (+44 (0) 20 7071 4291, firstname.lastname@example.org)
Paul Harter – Dubai (+971 (0)4 318 4621, email@example.com)
Matthew H. Hurlock – New York (+1 212-351-2382, firstname.lastname@example.org)
Sean P. Griffiths – New York (+1 212-351-3872, email@example.com)
Steven R. Shoemate – New York (+1 212-351-3879, firstname.lastname@example.org)
Ari Lanin – Los Angeles (+1 310-552-8581, email@example.com)
Data Privacy and Security
Alexander H. Southwell – Litigation, New York (+1 212-351-3981, firstname.lastname@example.org)
James A. Cox – Litigation, London (+44 (0) 207 071 4250, email@example.com)
Penny Madden – Litigation, London (+44 (0) 20 7071 4226, firstname.lastname@example.org)
© 2015 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.