Articles Tagged with Venture Capital

Published on:

The relentless attention being paid to cyber-attacks is driving companies to increase cyber security budgets and purchases. In turn, this has led institutional investors and asset managers to see potentially massive returns associated with companies in the cyber security market. Indeed a number of companies that have gone public have had phenomenal success, and the constantly morphing nature of cyber-attacks means that purchasing trends are not likely to slow down any time soon.

However, it is critical to keep in mind that just as cyber security capabilities can be a very attractive component in evaluating a potential investment; it also could lead to potentially negative consequences. Ignorance of some key legal and policy considerations could lead to an improper assessment of the value/future earnings potential of technology investments. These considerations are true regardless of whether or not the technology or service has a core “security” component.

Below are some key issues to consider when making cyber security investment decisions:

  • Cyber security matters in every investment
    • It is a simple fact that every company faces cyber threats. Multiple studies have  demonstrated that essentially every company has been or is currently subject to cyber-attack and that most if not all have already been successfully penetrated at least once. This leads to a key consideration: every company’s cyber security posture should be considered when making investment decisions. For example, a company selling information technology that is less prone to cyber-attacks should be viewed as a better investment than competitors who pay little to no attention to how their products can be breached.
  • Cybercrime is cheap
    • The cost of conducting cyber-attacks is depressingly cheap: $2/hour to overload and shutdown websites, $30 to test whether malware will penetrate standard anti-virus systems, and $5,000 for an attack using newly designed methods to exploit previously undiscovered flaws. Indeed it is now so cheap to create malware that the majority of malicious programs are only used once – thereby defeating many existing cyber security systems which are designed to recognize existing threats. This all adds up to a cost/benefit analysis that is irresistible for cyber-attackers, and essentially guarantees that the pace and sophistication of attacks will not let up any time soon.
  • Cyber security should be in the company’s DNA
    • Whether a company is offering a service or a technology, a critical factor to consider is its approach to security. Companies that consider security a key functionality that needs to be integrated from the start of the design process are far more likely to go to market with an offering that has higher degree of security. Security as an afterthought is just that – an afterthought. Weaving security into the DNA of a service or technology will be extremely helpful in decreasing security risks. Just remember though that no security program or process is flawless, and no one should expect perfection.
  • Is there a nation-state problem?
    • An R&D or manufacturing connection to countries known for conducting large-scale cyber espionage causes heartburn for companies and governments alike. Too many instances have occurred where buying items from companies owned by or operated in problem nation states have resulted in cyber-attacks. In some cases, Federal agencies are prohibited from buying IT systems from companies with connections to specific governments. Investors and managers need to stay abreast of problem countries, and also examine whether the product or service has a connection to such countries. Failure to do so can lead to investments in companies that have limited market potential.
  • Do your homework and forensic analyses
    • There’s nothing like buying a trade secret only to find out it really isn’t a secret. Before investing in any company, conduct due diligence to determine how good the security of the company is and whether IP or trade secret information has been compromised.
  • If the government cares, so should you
    • The Federal government is stepping up its requirements regarding cyber security in procurements. That means that all federal contractors (not just defense contractors) are going to have to increase their internal cyber security programs if they want to win government contracts. Failure to have a good cyber security program could lead to lost contracts, and thus decreased growth. 
  • Words matter
    • Companies have been too lax in negotiating terms that explicitly set forth security expectations for IT products as well as who will be liable should there be a breach/attack. Judicious reviews of terms and conditions can help avoid liability following a cyber-attack. For example, companies should not accept boilerplate language regarding the following of “industry standards” or “best practices” with respect to cyber security. Instead, specific obligations and benchmarks need to be agreed upon before signing any agreement. Further agreements should be drafted to that make clear that security measures are the obligation of the other party. That way the investor has set up a stronger argument for recovering losses as well as shifting liability away from itself.
  • Insurance isn’t everything
    • Companies may be tempted to think that if a company has a cyber-insurance policy, they are protected in the event of a cyber-attack. The reality is that there is an enormous chasm between buying coverage and having claims paid. Cyber policies are increasingly being written and interpreted to cover fewer types of attacks, and so do not be tempted to think that cyber insurance can fully protect an investment.
  • SAFETY Act
    • Under the Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act), cyber security services, policies, and technology providers are all eligible to receive either a damages cap or immunity from liability claims. The SAFETY Act also protects cyber security buyers, as they cannot be sued for using SAFETY Act approved items. Possessing SAFETY Act protections should be considered a positive sign and indicative of potential earnings growth.

There is no doubt about it; cyber risks are here to stay. Addressing those risks should be a core component of any business or investment strategy, because even if “today’s problem” is solved the introduction of new technologies will just mean a new threat vector for adversaries to exploit.

It is not all doom and gloom, however. Paying attention to cyber security trends and doing some simple due diligence will go far in minimizing digital risks. Make no mistake: defenses will always be incomplete and successful attacks will happen. However, with the right processes and approach, the bad outcomes can be minimized and investments will be protected.

Published on:

This article was published by The FCPA Report and is reprinted here with permission.

More and more, venture capital firms are investing in start-ups seeking to expand internationally or with nascent cross-border operations in place.  Such investments offer opportunities for lucrative returns but also carry significant anti-corruption risk that VC firms are often ill-equipped to manage.  For many businesses, managing anti-corruption risk is a necessary cost center.  But VC firms are uniquely positioned to use that risk to drive a better deal and gain greater control over management and direction of the business.

The overlapping and increasingly aggressive anti-corruption regimes, including the FCPA, the U.K. Bribery Act, the anti-bribery laws in China, Germany and the newly enacted law in Brazil, coupled with the heightened risk of corruption in emerging economies, can quickly derail an otherwise strong investment.  Not only are VC firms subject to fines, penalties and reputational harm through the conduct of the start-up, but the conduct itself may have occurred before the VC firm even considered taking a stake.

This article offers an assessment of the opportunities and risks that VC firms should consider, and concludes with four strategies for maximizing returns while limiting anti-corruption risks.


Published on:

Written by Michael Wu and Judy Deng

The Year of Rabbit continued to see the proliferation of RMB funds and portfolio investments made by RMB funds. As of Q3 of 2011, 63 RMB funds were raised in mainland China and the total capital raised for investments in mainland China was estimated to be RMB4.2 billion (Source: Zero2IPO). Perhaps no longer a new term, “RMB funds” generally refer to the investment funds organized as corporations, limited partnerships or other unincorporated forms in China that invest in non-public companies primarily located in China. Over the past five years, RMB funds have become the investment vehicle of choice for many non-Chinese fund managers, as they have certain advantages over non-Chinese funds investing into China, including: (1) access to domestic Chinese investors (i.e., limited partners), which generally are more inclined to invest through a China-registered fund, than a non-Chinese fund; and (2) the ability to permit large non-Chinese institutional investors, which only have non-Chinese currencies, to capitalize on the regulations designed to attract foreign investment into China (e.g., the “Qualified Foreign Limited Partnership” or “QFLP” regime in Shanghai, Beijing and other RMB fund hubs).

Yet, it is notable that less than half of the capital raised in RMB funds from domestic Chinese investors has come from state owned institutional investors.  To date, due to regulatory reasons, state-owned institutional investors, particularly government institutions, government-funded guidance funds and universities, have been playing a very limited role as limited partners in private equity and venture capital funds in China (Source: First Financial Daily).  Over the past couple years, China’s regulators, including the National Reform and Development Commission (NDRC), China Securities Regulatory Commission (CSRC), China Banking Regulatory Commission (CBRC), China Insurance Regulatory Commission (CIRC) and People’s Bank of China (PBOC), have implemented legislation designed to allow certain institutions greater flexibility to make equity investments in private companies.  However, much of this legislation has yet to be implemented and official guidance thus far has been limited.  Thus, we haven’t seen a significant increase in investments into RMB funds by state-owned institutional investors.

The following lists certain of the key state-owned institutional investors and the regulatory developments in 2011 that have impacted or will impact their equity investment capabilities.

  • Securities Companies.   Securities companies are now officially permitted to make direct equity investments in Chinese companies pursuant to a set of guidelines issued by the CSRC in July 2011.  The guidelines permit securities companies to directly invest in Chinese entities or form “direct investment funds” (“DIF”) to raise and manage capital for equity investment into such companies, provided that (i) a securities company must form an intermediary known as a “direct investment subsidiary”; (ii) the aggregate capital employed by a securities company in its direct investment business may not exceed 15% of its net assets; and (iii) the securities companies abide by certain restrictions regarding fund raising (e.g., they can only raise capital in a private offering from institutional investors and may not have more than 50 investors).  Prior to the issuance of the guidelines, the CSRC only approved the direct investment of securities companies on a special approval or case-by-case basis.  Reportedly, China International Capital Corporation Limited (CICC) became the first securities company to raise an equity investment fund approved pursuant to the guidelines.
  • Pension Funds.  The Administrative Measures on Enterprise Pension Funds (“Measures”) were amended early this year and went into effect on May 1, 2011. The amended Measures removed the previous investment limit regarding the capital that may be used in “stock investments” by a pension fund, which had been 20% of its net assets.  However, the Measures still require that no more than 30% of a pension fund’s net assets be invested in “rights instruments such as stock and investment-nature insurance products, and stock funds.”  Apparently, there is still some uncertainty regarding whether the terms “stock” and “rights instruments” were intended to include private equity investments. As such, many industry experts believe that it would be some time before pension funds are officially permitted to make private equity investments.
  • Commercial Banks.  Under the Commercial Banks Law (amended in 2003), commercial banks are restricted from making equity investments in “domestic” enterprises. Although this restriction is currently still in place, some commercial banks reportedly seek to make indirect investments into domestic equity investment projects, such as investing through an offshore intermediary.
  • Insurance Companies. There was no new guidance in 2011 regarding whether Chinese insurance companies may make outbound private equity investments. In addition, many industry experts have concluded that an insurance company may not act as a limited partner in an equity investment fund unless it is managed by the insurance company.  In 2011, China Life reportedly became the first insurance company to obtain a private equity investment license under the 2010 regulation.  For a discussion on the 2010 regulation, please see our blog post titled “China Permits Insurance Companies to Invest in Private Equity.”

Over the past several years, non-Chinese fund managers have shown great interest in raising capital from Chinese limited partners.  However, for regulatory and practical reasons, the fund raising efforts of non-Chinese fund managers have not been as successful as hoped.  In addition to the regulatory restrictions specifically affecting state-owned institutional investors, as discussed above, there are a number of other hurdles that must be overcome before a limited partner may or will invest in a RMB fund.  The following are two examples of the hurdles non-Chinese fund managers currently face when attempting to fund raise from domestic Chinese investors.

  • NDRC Recordation.  In early 2011, the NDRC issued a Notice to reinforce the “recordation” requirement applicable to equity investment enterprises (“EIEs”) primarily in six provinces/municipalities. Institutional EIEs with investment capital of more than RMB500 million are required to obtain a recordation with the national office of NDRC, while other EIEs need to be recorded with the regional offices of NDRC.  Currently, there is no explicit requirement or process for recording a foreign-invested EIE with NDRC, which would pose a hurdle on such EIEs’ efforts  to raise capital from the National Social Security Foundation. However, some of the larger, foreign-invested RMB funds have been successful in obtaining recordation with NDRC on a case-by-case basis.
  • Structuring.  How a fund is structured is critical to fund raising.  A fund with any foreign equity investment will be considered as a foreign-invested enterprise (with limited exceptions, such as certain funds blessed by the QFLP regime), and thus restricted from investing in various industrial sectors, such as internet, automobile, certain energy industries and certain real estate developments.  Domestic Chinese investors often prefer to invest in a purely domestic fund, which does not have the same restrictions as foreign-invested funds.  To address this issue, some fund managers have structured their funds as “parallel funds,” which is accomplished through a contractual arrangement between two separate funds to share management, deal sourcing and exit opportunities. 

The industry is hoping that the regulators will enact an Amended Securities Investment Fund Law (SIFL), which many believe will include guidance on private equity investment. However, even if private equity investment is thoroughly covered in the SIFL, we speculate that the provisions will be focused on investor protections, rather than on clarifying the investment capabilities of various investor groups. 

As always, we will continue to provide timely updates on new developments affecting private equity and venture capital investment in China, as they occur, in 2012.