Sometimes You Have to “Destroy” Your Company in Order to Sell It
June 1, 2015
By: Eric Whytsell
As the Government’s interest in information security steadily grows, many contractors are learning to comply with a dizzying array of data security requirements. Contractors expect to see even more data security rules and are gearing up to respond to the expected challenges. But many contractors have not given much thought to how the Government’s information security requirements might affect them in other ways, such as in relation to merger or acquisition activities. The recent acquisition of a government contractor by a foreign company highlights one potential – and significant – impact.
Granted, last year’s $890 million acquisition of Maryland-based SafeNet by Dutch digital security firm Gemalto was not a routine transaction. SafeNet was in the business of providing data encryption equipment to the Department of Defense and intelligence agencies. Gemalto was interested in acquiring SafeNet in large part because it was well-positioned to capture more of the growing federal cybersecurity market. In other words, the deal involved companies directly involved in data security, not simply those forced to comply with government rules. More importantly, SafeNet’s portfolio included classified contracts, so it was subject to the National Industrial Security Program Operating Manual (NISPOM).
This distinction proved significant, as the NISPOM rules dictated the shape of Gemalto’s deal to acquire SafeNet. In general, those rules prohibit undue foreign ownership, control, or influence over U.S. companies like SafeNet that hold security clearances. But the NISPOM also recognizes the reality of globalization and international mergers and acquisitions and identifies recognized strategies for addressing national security concerns (where possible) instead of simply prohibiting all such transactions. In general, those strategies involve establishing a firewall between the foreign-owned or controlled shareholders and the U.S. company with the security clearance. When the U.S. company is being acquired by a foreign firm, the need for a firewall can have significant impacts on the ultimate relationship between the buyer and the company it acquires.
In this case, a six-month review by the Committee on Foreign Investment in the United States and the Defense Security Service determined that the only way to adequately protect U.S. national security interests was for Gemalto to spin off SafeNet’s government contracting division as an independent subsidiary that would operate entirely as a U.S. company and be overseen by a U.S. Government-approved board of directors. As a result, SafeNet’s acquisition involved the use of a proxy agreement, one of the potential strategies described in the NISPOM. As part of the transaction, SafeNet obtained a new subsidiary, SafeNet Assured Technologies (SAT). Under the proxy agreement, Gemalto vested its voting power over SAT’s shares with proxy holders, all of whom are security-cleared U.S. citizens with no prior ties to Gemalto. The proxy agreement requires the new subsidiary to not only run as an independent operation but to also maintain separate accounting systems, financial reporting, and sales and engineering workforces.
This approach allowed SafeNet to demonstrate that there would be no unauthorized foreign influence on the products sold to the Government, since the U.S. subsidiary, SAT, owns and controls the intellectual property of all such products. Importantly, the proxy barrier also allows SAT to sell Gemalto products to the Government while protecting the identity of the purchasing agency from the foreign firm.
As the defense and cyber industries become increasingly globalized, more and more government contractors operating in the data security area may become acquisition targets of multinational corporations. When they do, they should expect the U.S. Government to weigh the commercial interests of the firms involved against national security imperatives and, if the transaction is allowed at all, dictate specific requirements to protect national security. Companies should not be surprised if those requirements mean that the government contractor has to be broken into pieces before the deal can be consummated.
Eric Whytsell is responsible for the contents of this Article.
© Jackson Kelly PLLC 2015