Mitigating M&A risks in Africa
Mitigating M&A risks in Africa
African M&A volumes slowed down in 2014, but investors are showing a high level of confidence in many markets in African countries. The bulk of African M&A took place in Nigeria and South Africa, with a combined M&A value of $7.88bn, according to a recent report, 'Deal Drivers Africa' . Mining industries still attracted the most M&A activity, while financial services overtook energy, mining and utilities as the sector with the highest grossing inbound value. Rapid economic growth and economic diversification in many countries supported by a growing middle class should propel M&A activities in other sectors such as banking, retail, telecom and pharmaceutical.
However, Africa presents some very specific challenges when it comes to M&A activity. For instance, there are fewer sources of auditable public records available to support the due diligence process. Instead, the process is complemented with more intelligence-led information gathering.
This ties up with the survey findings. Thirty-three percent of respondents to 'Deal Drivers Africa', a report based on interviews with 100 M&A practitioners operating in Africa, including corporate executives, private equity investors, legal advisers and investment bankers, note the reliability and completeness of information as a principal obstacle to M&A. Transparency concerns (36%) and changes in the regulatory environment (48%) ranked highest among survey participants as risk that might prevent a deal from proceeding.
One of the key challenges for M&A in Africa is the uncertainty around emerging rules and regulations. One of the major concerns expressed by 'Deal Drivers Africa' survey respondents was about transparency. As well as the usual aspects of an M&A due diligence process, in Africa this might include understanding the political context and getting an independent third party assessment of contractor licence revocation risks.
This would demand an assessment of the circumstances under which the target's original licences or authorisations were granted and whether there are any risks associated with that. Might the circumstances under which they were awarded or any political change make them vulnerable to review?
Mining and big infrastructure and construction deals, which are growing in importance, have very specific risk tied to issues such as land acquisition and local political support.
The technology, media and telecommunications (TMT) and construction sectors are seeing consolidation in Africa, creating a more competitive environment, which in turn increases risks to data. As particularly IP-driven sectors, these are also at heightened risk of data-leakage and cyber threat.
Changing rules and regulations are relevant also in terms of data protection legislation. If an organisation covered by strict data protection laws such as those in Switzerland or France invests in an African country then where it stores its data becomes an issue. It needs to be certain, too, that it will be able to access its data if local laws or international regulations change.
Data risk is not just an IT issue
The intersection of M&A and risk is critical at every stage of the transaction cycle and securing data is an absolute necessity to protect value and negotiation advantages. This is key in all M&A, but in light of the multiple information-sources in African deals, this should be especially tightly managed. This is not simply an IT issue but a broader business risk – sensitive data in the wrong hands can directly affect a target's share price.
This is true of transaction-related data, but also ensuring the target's own information security measures are up to scratch. Cyber due diligence is a key part of an M&A deal. Levels of cyber security have a direct impact on the valuation of the target entity. The first step is to assess which are the most critical assets and how these assets are protected. If they are not sufficiently protected, what would be the required investment to bring cyber security up to scratch? Cyber due diligence is necessary not just on the target entity but also on connected parties and stakeholders as it may be necessary to invest significantly to bring cyber security up to minimum requirements for external parties too.
The biggest cyber attacks of 2014 were perpetrated on large organisations with good cyber security through a weakness in the supply chain and human factors. Some companies have thousands of suppliers so it may not be possible to do due diligence on them all. Instead it would be advisable to spend time and effort identifying those that pose the highest level of risk, particularly those that have an IT system such as a CRM or order purchasing system that is linked to the target organisation and may become the weakest link.
The integration phase after M&A is also crucial. There is a need to be aware of how far it will be necessary to integrate target systems with core business systems and what structures to embed within the target organisation to monitor and respond to breaches in future.
How to mitigate the risks
In M&A activity, there is a strong focus on the financial aspects and the legal due diligence. There is a widespread failure to take an overarching approach to risk and that is more important than ever in Africa. Successful M&A activity will result from addressing the myriad risks in a holistic manner, including cyber risk as part of a broad risk based agenda that will also take account of human factors and cultural differences.
In any M&A deal, there is the challenge of tackling differing corporate cultures but add to that the African business and personal use of technology, which is very different from in Europe, and this may increase exposure to risk. In Africa it is not unusual for people to use multiple mobile devices for work; the need for training or education on data security is crucial in any market but probably more so in Africa. Although this is a complex issue, there are three factors to consider:
1. Information in Africa is less available and less reliable than in Europe or the US. Go beyond the disclosure element when doing M&A deals in Africa and use independent intelligence to assess the data available.
2. Emerging legislation can have wide ranging implications. Prepare to be flexible to adjust to new data protection laws and emerging anti-corruption legislation.
3. Cyber risk. In Africa, technology development has leapfrogged many of the stages of development in Europe and the US but cyber security has not kept pace.
They key is to take a strategic global approach to all risks. A combination of tackling information flow exposure with an intelligence led approach to assessing the degree of risk exposure of each of the assets will offer the best protection to any organisation considering M&A involvement in Africa.