INTRODUCTION

Mergers and Acquisitions (M&A) transactions are on the rise in Nigeria, particularly in the technology startups space. The acquisition of Paystack by Stripe in 2020 in a deal worth $200 million increased interests in M&A activities in the tech space in Nigeria. Subsequently, Equinix, an America's digital infrastructure firm, completed the acquisition of MainOne, a West African data center and connectivity solutions provider in 2021 in a deal valued at $320 million. In January 2023, DriveMe, a Nigerian mobility startup acquired a 100% stake in Go!TwentySix, a Lagos-based provider of valet services. M&As are becoming common exit strategy for founders of tech startups as they look to profit from leading these startups to become recognizable brands and profitable ventures.

Acquiring tech companies like M&As in other sectorsis one way to upscale business operations, acquire tech/intellectual property, acquire more customers and hopefully increase revenue. Importantly, M&A is usually an entry strategy for foreign firms into the Nigeria market. Most foreign firms will prefer to acquire an already existing business with existing operations and customer base as opposed to starting their operations from scratch in Nigeria. This was the case with Blockfinex, a UEA-based crypto exchange in its acquisition of 100% stake in Fluidcoins, a Nigerian crypto payment gateway.

This article sets out the fundamental legal issues underpinning a successful M&A deal which investors must consider before acquiring any tech company in Nigeria. Investors are selective about the investments they are willing to make. Tech startups seeking investment will therefore face more competition for funding and should be prepared to respond to a prospective investor's legal due diligence requests to avoid delays or missing out on investment altogether.

LEGAL AND REGULATORY FRAMEWORK GOVERNING M&A ACTIVITIES

The laws that govern M&A activity in Nigeria are as follows:

  1. Federal Competition and Consumer Protection Act 2019(FCCPA);
  2. Merger Review Regulations, 2021;
  3. Merger Review Guidelines, 2019;
  4. Companies and Allied Matters Act 2020 (CAMA);
  5. Companies Regulations 2021;
  6. Investments and Securities Act (ISA) 2007;
  7. Rules and Regulations of the Securities and Exchange Commission (SEC);
  8. Nigerian Exchange Rulebook.

The FCCPA is the primary legislation governing M&As in Nigeria. It establishes both the Federal Competition and Consumer Protection Commission (FCCPC) and the Competition and Consumer Protection Tribunal. The FCCPC is vested with the authority for overseeing and approving M&A transactions. To facilitate this, the FCCPC has introduced the Merger Review Regulations 2021, providing a regulatory framework for notification, specifying applicable fees, and guiding the review process for mergers in accordance with the provisions of the FCCPA. The CAMA governs companies in Nigeria and significantly influences M&A transactions by outlining provisions for share acquisitions and various merger schemes. The Nigerian Stock Exchange plays a crucial role in M&A involving publicly listed companies, enforcing compliance with its listing requirements.

Some sector-specific laws and regulations also apply to M&A transactions; these include: (i) the Banks and Other Financial Institutions Act and the Central Bank of Nigeria's Guidelines and Incentives on Consolidation in the Banking Industry are relevant to M&A deals in the banking sector. The Central Bank of Nigeria Act of 2007 provides that the prior approval of the Central Bank is required for any transaction involving the acquisition or takeover of an equity stake of 5% or more of a Nigerian bank; (ii) the Nigerian Communications Act of 2003 and the Nigerian Communications Commission Competition Practices Regulations are applicable to M&A transactions in the telecommunications sector. The Nigerian Communications Act requires the prior approval of the Nigerian Communications Commission to be obtained for transactions involving the acquisition or takeover of 10% or more of the shares of a licensed telecommunications company; (c) the National Insurance Commission Act will apply to M&A in the insurance industry. Under the National Insurance Commission Act, any transaction involving the acquisition or takeover of 25% or more of the shares of an insurance company requires the prior approval of National Insurance Commission. These sector-specific laws operate in addition to the provisions of the FCCP Act, the CAMA, the ISA, and the SEC Rules and Regulations.

WHAT IS LEGAL DUE DILIGENCE?

Legal due diligence is the process of collecting and assessing all of the legal documents and information relating to a company (a “target”) prior to making an investment in the target. It gives both the investor and the target the chance to scrutinize any legal risks, such as lawsuits or intellectual property issues, before closing the deal. By understanding the target company and any potential liabilities, both parties can make an informed decision in the M&A transaction. The investor does this primarily to confirm that the information provided by the target's management is accurate, to help support the investor's valuation, and to better understand any legal risk that may exist in the target. The outcome of legal due diligence will, to a great extent, affect the final decision to be made by an investor. Typically, an investor will send the target a list of documents and information that it expects to review, and the target will then make these documents and information available to the investor and its advisers via an online platform usually a virtual data room.

KEY AREAS OF FOCUS IN TECH LEGAL DUE DILIGENCE

Tech targets should be aware that investors can (and often do) identify potentially issues as part of legal due diligence, regardless of whether the relevant matter has been resolved. In addition to the usual considerations that would apply to any M&A transaction, tech targets should expect potential investors in the tech ecosystem to focus their legal due diligence on the following aspects:

  1. Regulatory Authorisation: Not all tech companies carry on businesses which require regulatory authorisation. For the tech companies operating in a regulated space such as FinTech payment service providers, the investor will want to confirm that the appropriate licence(s) have been obtained and that the licence(s) are still valid and subsisting. In particular, potential investors will want to understand which regulatory frameworks may apply to the target's products and services and whether any authorisations are required before such product or service can be introduced to the market and if the current products and services have been granted such approvals. Other key regulatory risks for licensed tech companies which any investor will need to consider include ongoing compliance with regulatory requirements and a confirmation that the technologies or processes utilised in the business aligns with regulations. It is important for tech companies to have a solid understanding of the regulatory frameworks applicable to their products and services and to factor this into their product development plan. In addition, if the target carries on regulated activities, one question is whether the parties to the transaction are ready and able to seek and obtain letter of no objection from the industry regulator in respect of the proposed M&A transaction. There are also instances where specific approval/consent of the regulator is required for acquiring a specified percentage shareholding in the target, the requirements and likelihood of receiving such approval should be factored into the initial considerations. In addition, it is important to get confirmation from the regulator that there are no outstanding regulatory obligations including default or non-payment of fees, existing sanctions, penalties or fines, among others.

  2. Intellectual Property Rights: Potential Investors will want to confirm that the tech company it seeks to invest in owns all of the intellectual property rights embodied in its product and brand or, if such rights are licensed from third parties, that such licenses permit the target company to use these rights, the duration and limits, if any, of such license. Potential Investors will also want to ensure that the target does not infringe any third-party rights and that it has a strategy for keeping its intellectual property rights confidential. This is very important as the valuation of almost every tech company is based on the value of the company's technologies and intellectual property portfolio.

  3. Data Protection: This is a central aspect of the due diligence phase in every tech M&A. The potential investor will need to verify if the target collects, processes, and stores personal data in compliance with applicable laws and that the tech startup has a suitable data privacy, protection and cybersecurity plan, such as data breach incident response plan, in place. This is particularly important given that the growth of tech companies will often rely on its ability to successfully utilise the data generated by its products or services. Consideration will need to be given as to whether there have been any data breaches by the tech target, how liability will be allocated on current claims/incidents and action taken to ensure that there is no reoccurrence. It is critical that the target provides evidence of compliance with all applicable laws in this respect and also that in its product development it has incorporated the principle of data privacy by default.

  4. Employment: Investors will want to ensure that the founder(s) and other senior management or other personnel of the target have written employment agreements that contain suitable non-compete and nonsolicitation clauses. Investors will also want to confirm that key personnel of the target have entered into effective confidentiality agreements and intellectual property assignment agreements to ensure that any intellectual property rights developed by such persons are solely owned by the tech target. Tech companies can mitigate this risk by entering into written employment agreements and intellectual property assignment agreements with their employees from the outset.

  5. Identifying the sellers: Typically, a tech startup will have been through multiple funding rounds (via friends and family or angel investors) and, as a result, may have a complex shareholding structure. This may become even more complicated if the company has given some of its employees' stock options. Consideration needs to be given to who the sellers are, and whether they are able and willing to sell their shares to potential investors. Tech startups can manage this risk by ensuring that there is an effective shareholders agreement in place which contains appropriate mechanisms such as drag along clauses to enable potential investors obtain 100% control, if that is the desired outcome.

  6. Quality Assurance Systems: Investors will want to know that the target has an appropriate quality assurance system in place, as this supports the company's effort to ensure regulatory compliance. Companies should make sure they have a quality assurance system that is appropriate in the context of their business.

  7. Commercial Arrangements: Investors will review the target's key commercial arrangements or contracts for a number of reasons - for example, that the investment will not trigger any adverse consequences for the target. Technology companies seeking finance should ensure that prior to commencing legal due diligence, their key commercial arrangements are well documented. The targets should avoid entering into commercial agreement containing the following clauses exclusivity, change-of-control or joint ownership of intellectual property rights unless there is a strong commercial rationale for doing so and can show that such terms will not adversely affect the company's business or a potential sale of the company.

  8. Pending Compliances: Tech companies engaging in M&A must conduct thorough legal due diligence on several critical fronts, including tax compliance, environmental regulations, insurance coverage, and antitrust laws. Firstly, scrutinizing tax compliance ensures that the target company is aligned with relevant tax regulations, mitigating the risk of unforeseen financial obligations. Secondly, assessing environmental compliance is crucial for identifying any liabilities related to environmental regulations, safeguarding the acquiring company from potential legal and financial ramifications. Thirdly, a comprehensive review of insurance policies and coverage is essential to understand the extent of protection against various risks, ensuring the acquiring tech company is adequately shielded post-M&A. Lastly, an evaluation of antitrust and competition laws helps in assessing the target's market position and identifying any potential legal issues pertaining to competition.

CONCLUSION

The due diligence process itself must be easy and seamless and this can be achieved if the target is able to provide the documentation and information required in a manner that the potential investor and its advisers can access in the most efficient manner. In the context of technology M&A, documentation and information provided in relation to the key focus areas highlighted above will help in swiftly moving the transaction to quick close. It is however important to note that it is not at the point where a potential M&A transaction is envisaged that the tech company starts to ensure compliance or availability of the information, a tech company that has ambitions should always be prepared and compliant with all its regulatory and contractual obligations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.