In depth

NSIA risks on banking transactions: an update

Gateley Legal

Article by

The National Security and Investment Act 2021 (NSIA) came into force at the beginning of this year, containing sweeping powers for the Government to block and unwind transactions which pose a threat to national security.

NSIA caused concern amongst lenders and their lawyers due to a lack of clarity about how those powers might be applied in practice. Nine months on, confusion still abounds in the market about how NSIA can affect banking transactions. In this article we seek to address some of the common misconceptions and provide some clarity on some of the less obvious aspects of transactions that may be caught by NSIA.

NSIA – a recap

There are two main tools under NSIA which could impact upon banking transactions.

1. The mandatory notification requirement

  • A person proposing to gain “control” (within the meaning of s8(2), 8(5) or 8(6) NSIA) of a “qualifying entity” (usually either a UK company or an overseas company carrying on activities in or supplying goods and services to the UK) which carries on certain activities in one or more of 17 specified sectors, must notify and receive clearance from the Secretary of State prior to making that acquisition.
  • The 17 sectors in question are advanced materials, critical suppliers to Government, military and dual use technologies, advanced robotics, critical suppliers to the emergency services, quantum technologies, artificial intelligence, cryptographic authentication, satellite and space technologies, civil nuclear, data infrastructure, synthetic biology, communications, defence, transport, computing hardware and energy.
  • The mandatory notification requirement came into effect on 4 January 2022. Failure to comply with the mandatory notification requirement will render the acquisition void. In addition, the parties may be subject to civil and criminal penalties.

2. The call-in power

  • The Secretary of State may issue a call-in notice under NSIA where someone has gained (or proposes to gain) “control” (within the meaning of s8 or s9 NSIA) of a “qualifying entity” (see above) or “qualifying asset” (land, tangible property and IP either situated in the UK or used in connection with activities carried on in the UK or the supply of goods or services to the UK), and such acquisition gives rise or could give rise to a risk to national security.
  • “Control” in the context of the call-in power has a wider definition than in relation to the mandatory regime, as it includes the acquisitions of rights or interests that enable someone to "materially influence” the policy of an entity, or to use an asset or direct or control how it is used.
  • A call-in notice can be issued retrospectively up to five years after the acquisition completed, except that it cannot apply to acquisitions that occurred prior to 12 November 2020, and the notice must be issued within 6 months of the Secretary of State becoming aware of it (note that different time limits apply for acquisitions that completed between 12 November 2020 and 4 January 2022).
  • Following a review after the issue of a call-in notice, if the Secretary of State determines that a risk to national security has arisen or would arise they can impose proportionate remedies to prevent, remedy or mitigate the risk.
  • Given the broad nature of the call-in regime, in November 2021 the Government issued a statutory statement in an effort to provide some clarity as to how it intends to use the call-in power. This statement confirmed that the Government will take into account three key risk factors when deciding whether and how to exercise the call-in powers: (i) target risk (what the entity or asset does and whether it could be used in a way that would pose a risk to national security); (ii) control risk (how much control the acquirer will obtain); (iii) acquirer risk (whether the acquirer poses a risk to national security, for example because they have links to a hostile state or organisation).

The statement confirmed that acquisitions of entities which operate in the 17 sectors (and of entities which undertake activities closely linked to those sectors) are more likely to be called-in than acquisitions of entities outside the specified sectors, and that acquisitions of assets connected to the 17 sectors are more likely to be called in but that overall acquisitions of assets are likely to be rarely called in. The statement says that loans are unlikely to pose a risk to national security and so are unlikely to be called in.

There are a number of ways in which the mandatory regime and call-in power could affect banking transactions. The acquisition of shares or assets being funded by a lender could be subject to the mandatory regime or a call-in notice in certain circumstances. In addition, the taking or enforcement of security could be impacted by NSIA. For a fuller overview of the implications of NSIA for banking transactions, please see our previous insight.

Common misconceptions

NSIA can only affect acquisitions

Where an acquisition is being funded, NSIA can impact the transaction in two ways. Both the acquisition by the borrower of the assets being funded, and the taking or enforcement of security by the lender, could be susceptible to challenge under NSIA and could fall foul of the mandatory or call-in regimes.

Where there is no acquisition, NSIA remains relevant because the taking or enforcement of security by the lender could be deemed to be “gaining control” for the purposes of NSIA.

It is also important to bear in mind that the call-in power can operate retrospectively. This means that even if entities or assets are not being acquired as part of the current transaction, if they have been acquired at any time since 12 November 2020 then that acquisition could be the subject of a call-in notice under NSIA. There may even have been multiple acquisitions during that period.

NSIA is only relevant to share security

The mandatory regime, which carries with it the most draconian consequence under NSIA, whereby failure to comply renders the transaction automatically void, would only apply to share security and not to asset security. This is because the mandatory regime only applies to the acquisition of control of entities and not assets.

However, taking or enforcing security over other assets, including real estate or intellectual property, could be the subject of a call-in notice. Whilst this would not result in the transaction being void, the call-in power is wide, allowing the Secretary of State to impose “proportionate remedies”. In principle this could be used to unwind the security or any enforcement action.

A call-in notice would only be issued where such taking or enforcement of security gave rise, or could give rise, to a risk to national security. This may not always be immediately obvious to lenders or their lawyers, however. For example, on a real estate finance transaction, the site over which security is being taken may be adjacent to a sensitive location, but this would not necessarily be revealed by the bank’s due diligence.

NSIA is only a concern for businesses operating in the “17 sectors”

As stated above, the mandatory regime, which can render a transaction void, only applies to acquisitions of control over entities within the 17 sectors. However, the call-in regime could apply to an acquisition of control over any entity (whether or not within the 17 sectors) if it could result in a risk to national security.

It is also important to stress that determining whether a business is operating in one of the 17 sectors is a complicated exercise, and it may not be immediately apparent that a borrower is caught. For example, the list of sectors includes “critical suppliers to government”. Determining whether a business falls within this category could entail a review of its key contracts to determine whether it has contracted with any public bodies. Likewise, on a real estate transaction, even a property-holding SPV might fall within the 17 sectors, for example if its tenant was a government body dealing with sensitive information.

NSIA will only be relevant if a bank takes possession of shares or an asset on enforcement

Taking security: in terms of the taking of security, it seems fairly clear that the taking of legal (as opposed to equitable) share security could trigger a risk of challenge under NSIA. This has been confirmed by the Government’s market guidance notes issued in July 2022.  English law security over shares is typically taken by way of an equitable share charge and therefore should not be caught (although see further below in relation to voting rights). However, in the case of a legal charge over real estate or other legal security over assets, the taking of the security itself could potentially be caught by NSIA. It is important to note though that the mandatory regime only applies to shares. Where we are talking about real estate or other assets other than shares, the risk would be the issue of a call-in notice, which would only happen if the taking of that security was or could give rise to a risk to national security.

Taking possession or selling on enforcement: it also seems fairly settled that a lender taking possession of or selling shares or assets on enforcement would be deemed to be an acquisition of “control” for the purposes of NSIA, and could be the subject of the mandatory notification requirement (in the case of shares) or a call-in notice (in the case of shares or assets). Lenders therefore need to consider NSIA when taking any action to enforce their security.

Voting rights: one issue that has caused some confusion is whether the exercise, or ability to exercise, voting rights by a lender under share security could constitute an acquisition of control for the purposes of NSIA thus triggering the mandatory or call-in regimes. Schedule 1 paragraph 5 of NSIA states that rights are to be treated as held by the person who controls them, and section 10 NSIA states that a person will be treated as acquiring an interest or right where they control it.

This means that the acquisition of control required to trigger the mandatory or call-in regimes could occur when a lender gains control of voting rights. Therefore the exercise by a lender of voting rights following an event of default, or even the ability for a lender to exercise voting rights following such an event, could result in a requirement for a mandatory notification (if the secured shares were in a company active in one of the 17 sectors), or a call-in notice (whether or not the secured shares were in a company active in one of the 17 sectors, if such action resulted in a risk to national security). Lenders may therefore need to take advice on NSIA before calling an event of default, even if they do not intend to exercise voting rights.

Schedule 1 paragraph 7 of NSIA may provide some help to lenders. This deals specifically with rights attached to shares held by way of security and provides that such rights are to be treated as held by the chargor where: (i) apart from the right to exercise them for the purpose of preserving the value of the security, or of realising it, the rights are exercisable only in accordance with the chargor's instructions, and (ii) where the shares are held in connection with the granting of loans as part of normal business activities and apart from the right to exercise them for the purpose of preserving the value of the security, or of realising it, the rights are exercisable only in the chargor's interests. This suggests that provided the security document only allows for voting rights to be exercised in this way (which will normally be the case), holding such security will not be caught by NSIA even after a default, however the position if such voting rights were in fact exercised is still not clear.

Practical tips for lenders

Although it is still early days and it remains unclear how NSIA will be applied in practice to banking transactions, there are a number of steps lenders can take to mitigate against the potential effects of the regime. Some suggestions are set out below.

Internal screening processes and due diligence

As discussed above, NSIA risk is to some extent a factual matter, and can depend on factors such as proximity of secured land to sensitive sites or threats of a transaction to national security, which may not be apparent from publicly available information. Lenders may wish to review their own internal processes to try and identify those categories of transactions which pose the greatest risks, for example acquisition finance transactions involving businesses active in the 17 sectors. For such transactions, lenders may wish to obtain additional legal due diligence similar to that undertaken by a purchaser’s lawyers on a share acquisition. It may be more cost effective for lenders to rely on the buyer’s due diligence as opposed to separately instructing their own lawyers to carry out this exercise, but where this approach is taken thought will need to be given to reliance arrangements and any liability caps.

Drafting of security documents

Security documents may need to be reviewed to ensure that they reflect the Schedule 1 paragraph 7 requirements – that voting rights can only be exercised by the lender for the purpose of preserving the value of the security or realising it – as closely as possible.

Wording may also be included preventing the automatic transfer of voting rights if this would amount to a notifiable acquisition under NSIA (see, for example, the most recent versions of the LMA’s real estate finance security agreement). However, it should be noted that this wording only addresses the risk of the mandatory notification requirement and would not prevent a call-in notice being issued. The effect of this wording if voting rights have in fact been exercised is also unclear. A requirement for the lender to serve notice prior to exercising voting rights should also prevent such an automatic transfer of rights.

Voluntary notifications

Finally, lenders should consider the possibility of utilising the voluntary notification process under NSIA to obtain pre-clearance of transactions. However, as this will add delays and costs to transactions, lenders may want to limit this requirement to transactions which appear to be higher risk via their internal screening and due diligence processes. It is worth bearing in mind that there is a limit to the extent to which NSIA risk is able to be ruled out, as matters such as proximity to sensitive sites may not be capable of being ascertained. Another possible option would be to seek informal guidance from the Investment Security Unit on the proposed transaction.

Gateley Plc is authorised and regulated by the SRA (Solicitors' Regulation Authority). Please visit the SRA website for details of the professional conduct rules which Gateley Legal must comply with.