New foreign investment rules proposed by the U.S. Treasury Department are compounding regulatory risks for mergers and acquisitions in the global financial technology market, analysts say.

The proposed rules, which are expected to be finalized and in force by early 2020, expand the types of transactions that come under the jurisdiction of the Committee on Foreign Investment in the United States, a Treasury-led interagency panel that probes national security issues in cross-border deals.

CFIUS’ jurisdiction will include non-controlling investments in which a foreign person would gain access to U.S. critical infrastructure or the sensitive personal data of U.S. citizens, including financial information.

While the rules aren’t yet in effect, they’re already gaining importance in the due diligence assessments that deal lawyers use to advise clients on the risks of fintech transactions.

“The need for a robust front-end analysis is greater than ever,” Farhad Jalinous, a partner at White & Case, told CQ Roll Call.

The proposed rules implement legislation signed into law last year. It was enacted because of concern that China was using foreign investments to vacuum up U.S. technologies.

Jalinous said his firm has been flooded in recent months with CFIUS-related inquiries from companies weighing potential cross-border deals. “It includes all sorts of industries, and fintech M&A is not underrepresented by any means,” he said.

The rules will strengthen a government panel that had already enjoyed broad powers. CFIUS can seek to impose conditions on a deal that raises national security issues or advise the president to block it. The committee can also force deals to be unwound.

Several global merger deals have been blocked or abandoned in recent years after CFIUS objections, including China-based Ant Financial Services Group’s failed bid to acquire MoneyGram International Inc.

“CFIUS is assuming a more prominent role in M&A deals,” Dario de Martino, M&A partner and co-chairman of the blockchain practice at Morrison & Foerster LLP, said in an interview.

Interest in minority stakes

CFIUS traditionally focused on investments in which the foreign acquirer sought full control of a U.S. business. The new rules are largely focused on non-controlling investments, but issues like critical technology and personal data are expected to receive greater scrutiny in controlling investments as well.

All of this potentially means increased regulatory risks for fintech deals, according to Harry Clark, chairman of the international trade group at Orrick Herrington & Sutcliffe LLP.

“It’s becoming more and more likely that deals involving the fintech industry will be scrutinized by CFIUS,” Clark told CQ Roll Call.

This could make cross-border fintech deals far more complex, uncertain, costly, and time-consuming, particularly if a country like China is involved, he said. 

Besides CFIUS, there are many other regulatory issues that need to be factored into a fintech merger analysis, deal lawyers say.

Fintech is a term that can cover different types of services, including digital currencies, mobile payments and money transfers. It’s an area that potentially involves various regulators within the U.S. and abroad who are concerned about issues ranging from money laundering to data security and privacy.

Despite the potential regulatory pitfalls, fintech has become one of the hottest markets for investment.

The aggregate value of fintech deals skyrocketed from $76.6 billion in 2018 to $125.7 billion so far this year, according to financial data firm S&P Global Inc. The biggest fintech deals in 2019 include Global Payments Inc.’s $22.2 billion planned acquisition of Total System Services Inc. and Fidelity National Information Services Inc.’s $35.4 billion purchase of Worldpay Inc.

The market is poised for further expansion, according to a recent report from Ropes & Gray LLP and Mergermarket Ltd. Of 100 senior financial industry executives surveyed by Mergermarket in the second quarter, 90 percent said their company purchased a fintech company or business in the past two years and will likely buy another one in the next two years. Nearly 85 percent said fintech was very important to their overall business strategy, with the remaining 15 percent saying it was critical or transformative.

Since fintech is still an emerging sector, it’s not always clear which rules apply, according to deal attorneys.

“The U.S. fintech regulatory landscape is in flux,” de Martino said. “There are no bright lines or clear rules. It’s just one of the growing pains that historically come with the quick development of new industries.”

Generally, it’s important for companies thinking about an acquisition to first conduct a thorough risk analysis that includes looking at the target’s regulatory position, according to Dan Friedberg, a fintech lawyer at Fenwick & West LLP.

Given the regulatory complexities of the fintech market, the process can be exceptionally difficult, he said. The acquirer may need to look at potential regulatory risks in the U.S. under a wide range of federal and state consumer protection laws, for example.

“It involves a state-by-state analysis,” and states may have conflicting regulations, Friedberg said in an interview. “That makes it more expensive to look at and more difficult to understand your risks. It also creates a longer due diligence period.”

Many fintech products are used across borders, adding another layer of complexity.

Data security is high on the list of issues that require scrutiny in a global risk assessment, Friedberg said. The EU General Data Protection Regulation in particular has raised the stakes, he said.

According to the Mergermarket data, 91 percent of financial institutions said that conducting thorough due diligence with respect to data protection in a fintech acquisition was “very” or “quite” difficult. More than three-quarters worried about the potential for a fintech company to become less attractive in the future due to activities or technologies being targeted by regulators.

In the future, companies may encounter new challenges while trying to secure regulatory approvals for their fintech deals, particularly as technologies continue to take center stage in international trade disputes between the U.S. and China and are increasingly scrutinized by some governments as a national security matter, the report said.