Navigating change: H1 in review
First-half activity remains on par with 2016, as strong fundamentals continue to drive M&A
An impressive first half of the year for US dealmaking reflects M&A's enduring value in an uncertain market
After a very strong 2017—when M&A in the US reached its third-highest overall deal value since the financial crisis—deal value grew again in the first half of 2018. Compared to H1 2017, value rose 30.5 percent to US$794.8 billion when compared to the same period in 2017, while deal volumes held steady.
Activity has been brisk despite increasing macro-economic headwinds. The Federal Reserve recently raised interest rates and signaled its intention to do so again twice more before the year is out. Threats of a bourgeoning global trade war are intensifying after the imposition of tariffs by the US and other large economies. And the US stock market has experienced significantly higher volatility this year than it did last.
One could reasonably expect that M&A would cool against this backdrop, but the fact that it has not suggests that deals are going ahead for essential strategic reasons rather than opportunistic ones.
Technology and its disruptive impact across all sectors is one of the main factors that has made M&A a necessity. The impact has been most apparent in sectors such as retail and healthcare, where digital platforms are ideally placed to disrupt established service and distribution channels. No sector has been untouched, however. Unless non-tech companies have the resources in-house to write their own software and algorithms—and most do not—M&A may be the best option to keep pace with dynamic change.
We expect the second half of the year to be busy, but no one can afford to ignore the threats posed by rising interest rates, increasing protectionism, an incipient trade war that could increase tariffs, a potentially inverting yield curve, unsustainable pricing demands and a volatile stock market. Companies will need to navigate these dynamics if M&A's bull run is to continue.
John Reiss
Global Head of M&A
White & Case
Gregory Pryor
Head of Americas M&A
White & Case
First-half activity remains on par with 2016, as strong fundamentals continue to drive M&A
Despite intensifying competition within the market, US private equity activity is yet to show signs of a downturn
Bulky oil & gas deals pushed energy, mining & utilities close to the top spot in H1, while digital disruption ensured a steady flow of tech deals
Dealmakers across all industries are looking to secure US tech assets in order to keep up with the technological changes disrupting their industries
Despite a drop in headline figures, M&A within the US consumer sector remains an important method to secure long-term growth
A steadying oil price signals a brighter future for oil & gas M&A, yet market caution remains
Activity in the sector is fueled by the need to refill product pipelines and navigate convergence between health and tech firms
Corporate repositioning and tax reform are two key trends driving M&A in the sector
US dealmakers are learning to navigate the complex world of blockchain M&A, but they will have to proceed with care in heavily regulated sectors
An overview of the financial regulatory landscape and key trends to watch
Noteworthy rulings out of the Delaware Supreme Court and the Court of Chancery in the past six months are already having consequences for M&A activity
The number and severity of cybersecurity incidents at major companies has increased, causing regulators to take a tougher approach. We look at five practical steps companies can take to manage these risks
Acquirers shrugged off macro-economic uncertainty in the first half of the year to secure deals of strategic necessity
The number and severity of cybersecurity incidents at major companies has increased, causing regulators to take a tougher approach. We look at five practical steps companies can take to manage these risks
Stay current on global M&A activity
Explore the data
Regulators, including the Securities and Exchange Commission, have increased their focus on the growing threat of cybersecurity. This trend underscores the fact that cybersecurity is not merely an IT issue, but an integral component of a company's broader enterprise-wide risk management structure, necessitating board oversight of cybersecurity risk.
And of course, cybersecurity is a critical consideration in M&A transactions. The risk profile, security protocols and cybersecurity preparedness of any possible target should be carefully evaluated when considering potential business combinations.
Proper board oversight requires the board to be fully informed about both the effectiveness of existing cybersecurity measures and the importance of any cyber incidents that have occurred. Companies must assess whether they have adequate processes in place to ensure that cybersecurity risks and incidents are identified, evaluated and reported to the board in a timely manner.
To manage the risks posed by cybersecurity, companies should focus on five main areas:
Cybersecurity risks vary by company. Companies should tailor their approach, taking into account the data for which they are responsible and the types of risks they may face. This is especially the case for personally identifiable information, such as payment or health data, as well as proprietary data and third-party data.
Board oversight of cybersecurity can be achieved in a variety of ways. In many companies, the audit committee retains primary oversight of cybersecurity risks, consistent with its role overseeing enterprise risks generally. However, in some companies it may make sense to assign primary cybersecurity oversight to a risk committee that oversees a range of the company's enterprise risks, or a technology committee focused on oversight of technology-related risks.
Any oversight structure should include regular meetings with the company's chief information security officer (or equivalent). In addition, there should be appropriate protocols for elevating information about significant cybersecurity risks and incidents that arise between those meetings.
Cybersecurity is a critical consideration in M&A transactions.
The board (or relevant committee) should evaluate the company's cybersecurity risks and the effectiveness of its controls. To do this, it should use appropriate benchmarks to industry standards and regulatory requirements and maintain an awareness of ever-evolving state-of-the-art cybersecurity technologies and best practices. Directors will need to decide who should make those evaluations (management, internal audit, an external advisor or some combination thereof) and should have a "dashboard" to look at critical issues, monitor the progress of the company and watch for trends.
An effective cybersecurity strategy requires expediency in responding to a breach and resilience in addressing and recovering from such a breach. Having a crisis management team in place, including representatives from investor relations, IT, legal and management, allows the company to: (i) respond quickly and effectively to a cyber incident; (ii) gather information in order to craft accurate disclosure; (iii) address shareholder concerns when information is released to the market; and (iv) understand the role of outside counsel in leading forensic investigations and maintaining privilege.
Companies should consider conducting cyber breach simulations to test for weaknesses and prepare personnel for a true incident.
Directors should be on alert for red flags that might indicate that cybersecurity resources are insufficient and, if appropriate, request an independent assessment of the company's cybersecurity programs. Directors should be mindful of cyber incidents at peer companies and critical vendors, which can provide insight into the types of attack the company might be subject to and highlight potential systems and supply chain vulnerabilities that should be addressed.
While board oversight of cybersecurity is critical, the directors' role is to oversee companies' risk management, not to manage those risks themselves. Directors do not need to know how specific cyber protection and detection technologies work. The board should focus on ensuring that the company identifies and assesses its key risks through adequate policies, procedures, technical resources, personnel and organizational structures. It should also ensure that the company tracks and manages those risks effectively over time, keeps leadership fully informed and discloses incidents and other material cybersecurity risks to the full extent required.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2018 White & Case LLP