Talking Business podcast: the UK Recovery Loan Scheme extended to June 2022

There are some other changes that have been made to this scheme. So from the 1st of January, that scheme is going to be open to small and medium sized businesses who can apply for a loan of up to £2 million per business. So that's come down quite a long way. The limit before was £10 million per business, but that's come down to two. And then also from the 1st of January, the guarantee coverage that the Government is going to provide to lenders under this scheme is going to be reduced. So the current cap for the guarantee is 80% of the loan, but again, that's coming down to 70% of the loan. So good news that the scheme is being continued, but just be aware of those changes to it. And I guess in relation to sort of COVID related support, the Government is continuing to pursue people who've made fraudulent claims under either one of the loan schemes or under the furlough scheme.

And there's a new team actually at HMRC that have been ordered to recover a billion pounds in fraudulent or mistaken claims. In particular, there was an example of this recently. So the director of three companies that were all registered to the same residential address in Rotherham, he's been banned from being a director for 13 years because those three companies each fraudulently obtained bounce back loans of £50,000 each. When the three companies were placed in voluntary liquidation in September, the insolvency service began an investigation, and they discovered that the director had only opened bank accounts in the name of each company in June solely for the purpose of fraudulently obtaining these £50,000 bounce back loans. And once the money was received into the bank accounts, the director basically just set about transferring it out either to himself or to companies controlled by a friend.

And there was no evidence that any of the companies had ever traded. So in fact, none of them were eligible for the loans because under this scheme, the loans have to be used for the benefit of the business and not for personal use. So the Government is pursuing those kind of fraudulent claims. I think there's a lot of concern that there's a lot of those claims out there, that a lot of the money under the schemes has been taken up fraudulently whilst also clearly a lot of it used by businesses who were really struggling. And in relation to the furlough scheme there was some analysis in the times recently that discovered that 7,000 companies registered to just five addresses in London had made claims in the furlough scheme and they'd claimed up £473 million between them, these 7,000 companies. And about 340 of the companies were actually created after the 1st of March when the furlough scheme began. And obviously the furlough scheme was set up to help save jobs. But these companies were only created after the 1st of March.

And three of the addresses most commonly used by the companies investigated by the times are linked to formation agents that set up and administer companies on behalf of directors. And I think those kind of companies providing those kind of services are going to come under pretty close scrutiny from this new team at HMRC. Okay. So moving on, I thought I'd mention a case about a data breach actually, because I think we're all aware that since the GDPR or the general data protection regulation came into force in 2018, organisations have faced an increased regulatory burden when it comes to the personal data that they possess and that they process, that they use. And any misstep now carries the threat of fines from the information commissioner and also claims by the affected data subjects. And also, there are reputational issues for businesses. We've all seen those cases of people leaving discs on trains with bank details on them and things.

So I think there's a perception perhaps that the legislation was aimed at those kind of serious or maybe persistent breaches involving that kind of sensitive personal data, which could cause significant loss or distress to the individuals involved. But there've been relatively few cases before the court to explain how lesser breaches will be assessed and treated. And actually, probably the majority of the breaches that are occurring are of a much more insignificant nature whilst obviously still potentially being able to cause the relevant individuals significant distress. So what happened in this case was that a school had instructed solicitors to write to the parents of a pupil to demand payment of outstanding school fees. So the solicitors prepared a letter and it was sent out by email with a statement of account.

But unfortunately, due to a typing error, the email was not sent to the parents, but was sent to another email address which was identical, but for just one single character, but the recipient of the email realized it wasn't intended for her. So she contacted the solicitors the same day. The solicitors asked her to delete the email. She confirmed that she'd done that. And also the recipient, the mistaken recipient was completely unconnected with the parents, didn't know the parents at all. But the parents weren't happy about this, that their personal data had been improperly disclosed by the solicitors. So you can tell how unhappy they were by the number of claims that they issued. So they issued a claim which was for damages for misuse of confidential information, for breach of confidence, for negligence, for damages under the GDPR and the data protection act, and a declaration and an injunction with interest and further or other relief.

So given the number of claims there you would, or heads of claims, you would think this was a significant breach and a significant event which had caused significant distress. Well, the solicitors didn't really agree and they applied for the claim to be summarily dismissed. And the test for that by the way, is if there's no realistic prospect of the claim succeeding a trial. So basically, if there's no likelihood that the claim's ever going to get to succeed at a trial, then you can get the claim dismissed summarily without having to go through a trial. So when it came before the court, the court looked at various different factors. So firstly, it looked at the nature of the information that had been disclosed. And here, this was basically the parents' names and addresses, the invoice for the fees, and the statement of the account. But in particular, no phone numbers or bank details or information about the parents' finances or their home life, none of that had been disclosed.

And in fact, obviously the level of the fees was something that was publicly available from the school's website anyway. So the court also looked at the circumstances of the disclosure. So here it took into account the fact that the information had been accidentally disclosed to just one recipient who'd then promptly contacted the sender and had confirmed that they deleted that email, the information. And there was no reason to think that the mistaken recipient hadn't acted in good faith, or actually even that they'd bothered to read all the documents that had been inadvertently sent to them, because they were quick off the mark in contacting the solicitors. And then also the court looked at the harm done or the lost caused to the parents. And here the parties had agreed that damages could be recovered for data protection breaches, including for distressed caused even actually where there was no financial loss suffered.

So the parents didn't have to show that they'd suffered a financial loss as a result of the data breach. But the court said, "Well, there does need to be damage of some kind and a claim can't succeed where any possible loss or distress was only trivial." So taking all of those factors into account, the court found that the parents' claim that the minimal data breach had caused them significant distress and worry and even made them feel ill, they said, was according to the court, inherently implausible. The case involved a minimally significant information, a rapid set of steps were taken to remedy the breach. And there was no evidence of further transmission or information misuse. And the judge said, lovely quote, "No person of ordinary fortitude would reasonably suffer the distress claimed arising in these circumstances in the 21st century, in a case where a single breach was quickly remedied."

So basically, the judge gave short shrift there to the parents' claims and indeed granted summary judgment for the solicitors and dismissed the case. So as I said, it is quite an interesting one because there have been a number of high value cases involving disclosures of highly sensitive personal data that have been reported. But the majority of the breaches really that we see day to day are far less significant, and with far less significant information being disclosed in the first place, but also in far less damaging ways. But as I said, there haven't actually been that many cases that have come before the courts involving these more trivial breaches. And so there's not been very much guidance as to the approach that the courts might take. So I think the decision is probably good news for those organisations that find themselves on the receiving end of those kind of speculative or maybe exaggerated claims and gives a pretty clear indication that the courts aren't going to look very favorably on people making those kind of claims.

Okay. Next, we are hurtling towards not only Christmas, but the 4th of January implementation date for the new national security screening regime. So we've talked about this before, but as a bit reminder, that new regime is going to require mandatory notification of certain transactions within 17 specified sectors. On the grounds that those transactions could potentially pose a risk to national security and therefore, the Government wants to be able to screen those transactions before they go ahead. So if you have a qualifying transaction within one of those sectors, which completes without getting clearance from the new investment security unit, then your transaction is going to be void. And as well as that mandatory notification regime, there's a voluntary notification regime for transactions which are outside those 17 specified sectors, but which otherwise give rise to national security concerns. And then also, there's new call-in powers for the Government so they can review transactions which should or could have been notified under either one of those regimes.

So as I said, we are getting close to that implementation date of the 4th of January. And as a result, we've had various new bits and bobs published. So we've got some new guidance and various secondary regulations. So in relation to the guidance, one of the things that the Government's done is publish the final version of a statement that it has to give, which explains how it expects to exercise its power to call in a transaction for review. So in the statement, it's largely in the format that it was before, but there've been a couple of little tweaks. So one of those is that the statement now confirms that the new powers under the act exists solely to safeguard the UK's national security and not to promote any other objectives. So the reason for that amendment was because when the Government consulted on the original statement, there were some concerns that it actually went beyond purely national security concerns and into other areas such as economic prosperity.

But the Government has said no, the power is only there to safeguard the UK's national security. And then the other sort of tweak is that the original version of the statement said that the Government's call-in powers could be exercised where only one of three identified risk factors was present. So those risk factors are the target risk. So the nature of the target's activities, the acquirer's risk, so that the nature of the person acquiring control, and then the control risk. So the sort of the degree of influence or control that's being acquired. So as I said, originally, the statement said, "Well, if only one of those risk factors is present, sorry, then the transaction could be called into review. The updated statement says that actually the Government now expects all three factors will generally be present in order for a transaction to be subject to calling.

But it doesn't rule out the possibility of calling where fewer risk factors are present. So the general rule is you're going to have to trigger all three of them, but, and if perhaps one of them is particularly significant, maybe the acquirer is based in what the UK Government considers to be a hostile state. Then perhaps there's still a risk there that a transaction could be called in, in that situation. And then at the same time, the guidance, sorry, the Government has also published guidance for businesses to help them assess whether their activities are within the scope of those mandatory notification regime, and in particular, those 17 specified sectors. So it's quite a useful guide that's been published there on gov.uk, which takes you through the trigger factors in the various different sectors so that you can analyze whether a particular business is operating within one of those sectors and therefore likely to trigger the requirements.

And then, as I said, the other thing that's been published, various different sets of secondary regulations. So we've got regulations that set out descriptions of the qualifying entities and their activities in the UK that will mean a proposed acquisition falls within the mandatory notification regime. We've got another set of regulations that set out how the turnover of a business will be calculated for the purpose of the fines, which can be imposed under the act. So the maximum fine that can be imposed for breach of these new requirements is whichever is the higher of 5% of the total value of the turnover of the business and £10 million. So whichever is higher, and we've got some guidance on how turnover will be calculated in those situations. Then we've also got regulations that set out the form and content of the various notices that have to be submitted under the new act.

So things like that mandatory notice, if your transaction is within one of the sectors or a voluntary notice, if another reason your transaction gives rise to natural, sorry, national security concern. So for example, you are buying a piece of land that happens to be adjacent to a civil nuclear site, for example. So we've been told the contents and form of those various notices, and then the final set of regulations just sets out how the Government will send and receive documents. So those notices, for example. So those notices have to be given via a new electronic portal that's been set up for that purpose. And in terms of information that's going to be given by the Government. So that's for notices being sent to the Government. Information given by the government, then basically they're going to use email or post, and there are detailed provisions in the regulations for establishing the relevant email or posted addresses that they will use.

So, as I said, all of that new regime is going to come into force from the 4th of January, but obviously, people will be looking at transactions now are starting to think about acquisitions, which may well complete after that 4th of January implementation date. So you need to be thinking now and assessing whether your transaction falls within the requirements of the new regime, whether you're going to have to make that mandatory notification. And remember, if you do, if it is a mandatory notification transaction, then you can't complete until you get clearance from the ISU. So you're going to have to think about things like building in conditions precedent into your acquisition agreement so that you are... To wait for that confirmation. Obviously we're waiting to see how it all pans out, but it is anticipated that the new requirements are going to have quite a significant effect on the M&A transaction process.

And in particular, I think until we really get to grips with it and understand exactly the approach that's going to be taken by the ISU, then I think it's likely we're going to see quite a few sort of precautionary notifications. So voluntary notifications, or sort of just in case notifications being made because the consequences are so drastic if you get it wrong. So you, your transaction could potentially be void. And obviously people want to avoid that. And I think because of those precautionary notifications, we're probably going to see things like deal timetables being extended because of either making those voluntary notifications or perhaps just approaching the ISU for some informal guidance. Okay. Then the final thing that I just thought I'd mentioned this month is another case. This one's called Butcher versus Pike, which related to those disclosures that could qualify a warranty in a share purchase agreement.

So if you've ever been involved in buying or selling a company or a business, you'll be familiar with the idea that the seller is asked to give a number of warranties to the buyer. So these are basically a series of statements about the target being sold. So for example, that it owns its assets, that it's not involved in any litigation, that it's not in breach of any contracts. So there'll be a whole host of statements. And if one of those statements or warranties turns out to be untrue, for example, because the target is actually involved in a piece of litigation, then the buyer will be able to recover its losses resulting from that breach from the seller. But it is accepted that there may well be some exceptions to the warranties. So the seller is allowed to disclose to the buyer any matters that make the warranties untrue. So for example, we've got that warranty that says the target company is not involved in any litigation, but actually there is one piece of litigation, perhaps a dispute with a supplier of something.

So what we do is allow the seller to disclose that particular matter to the buyer and then the buyer can't bring a claim for those things that have been disclosed to it. So the logic there is that, well, the buyer knows about that thing that's been disclosed to it and yet it was still happy to go ahead with acquiring the target for the price that it paid. So it shouldn't be able to bring a claim against the seller because it's effectively priced those things into the acquisition, or at least it had the opportunity to do so. It had the opportunity to say, "Well actually, given that there's this piece of litigation that you never told me about, I want to reduce the purchase price." So the seller makes these disclosures in what's known as a disclosure letter. And typically, the sale agreement will say that the warranties are subject to matters disclosed in the disclosure letter.

So that was the case here in this Butcher versus Pike case, where after the buyer had acquired a company, it was a company that operated an online lettings agency. The buyer effectively wanted to make a claim for breach of warranty against the seller. But the quirk here was that the sellers, in defending this claim, relied on the fact that the relevant matter giving rise to the breach of warranty had been disclosed to the buyer, not in the formal disclosure letter, but in other communications that had been made outside that letter and before the parties entered into the sale agreement. So the issue was that the buyer had served its notice of warranty claim outside the deadline set out in the agreement. But there was a clause in the agreement, which said that the various limitations on the seller's liability under the warranties. So for example, that it has to notify its claim within a certain period, well they don't apply where there has been negligent nondisclosure by the sellers.

And the buyers said that the sellers had negligently not disclosed the relevant matter in the disclosure letter and therefore the time limit for serving its claim didn't apply. But the court disagreed and the court said, "No, the sellers can rely on disclosures made outside the disclosure letter." Meaning that actually they had not negligently failed to disclose the relevant matter and so the time limit applied and therefore the buyer was out of time to make a claim. So the court of appeal said that the sellers could rely on that disclosure outside the disclosure letter, because the reference to nondisclosure in the relevant pro provision, didn't specifically refer to disclosure set out in the disclosure letter. And the court held that that emission was intentional. And given that the disclosure letter was specifically referenced elsewhere in the agreement, then it construed that particular clause as intending to emit a reference to the disclosure letter and therefore permit disclosures made outside the disclosure letter to be taken into account. So the court dismissed the buyer's claim in this case.

Which may be worrying for buyers who will generally want the disclosure letter to be a complete record of the only matters which will qualify the warranties, and allowing it to claim for anything which is a breach of warranty, and which is not set out in that specific letter. But obviously for sellers, they're probably likely to be quite relieved that they avoided the claim in this case, certainly, given that they had actually told the buyer about it, albeit just not in the relevant disclosure letter. So that's it for this month. Next month, we're going to do a roundup of some of the more significant things that have happened in the course of the year. So we'll have a look back at 2021. I will try to keep references to COVID and the pandemic to a minimum and try and pick up on some other interesting things that perhaps have happened during the year, see you then.

Thank you for listening to Talking Business. To find out more about the series, please visit gateleyplc.com/podcast/talkingbusiness. From there, you can subscribe for all updates, meet our speakers and get more information on all of the topics being discussed.