The original version of this article was published in the GLI Blockchain & Cryptocurrency Regulation 2021 Guide, by Global Legal Group, Ltd.
Blockchain M&A: the Next Link in the Chain
An overview of key drivers and unique valuation, due diligence, and integration hurdles for the current wave of blockchain M&A.
Despite having experienced the “crypto winter” and being in the middle of a rare combination of public health, political, social, and economic uncertainties plaguing the global business landscape, blockchain market participants have remained steadfast and are continuing to ride the wave of M&A[i].
While most transactions in this space are private, and their terms are confidential or otherwise not material enough to be publicly disclosed, the data available indicates that there have been approximately 400 blockchain-related M&A transactions globally since 2013, with about 40 in the first half of 2020, for a total estimated value of approximately $5 billion.[ii]
If current deal flow holds steady, blockchain M&A will likely match or exceed the deal volume levels of 2019 at valuations that have already come close to, or exceeded, those of 2019, illustrating the industry’s resilience.
In this age of remote work with no clear silver lining in sight, businesses will likely be looking farther afield for enterprise technologies that facilitate remote trading, collaboration among disparate stakeholders, network decentralization, and data securitization—preferably all in one service package. Moreover, as they grow more comfortable with digital assets[iii] and blockchain more generally, larger public institutions and their investors may find that a diverse industry still largely composed of startups makes for an increasingly attractive environment for deal-making.
As blockchain technology continues to mature, digital assets shine in their hedging role against the many current uncertainties, and regulatory frameworks evolve towards establishing more discernible parameters, we believe there is enough stability to support blockchain M&A, including cross-border M&A, through the end of the year and beyond.
i. Key Drivers of Blockchain M&A
In addition to a desire to drive growth, diversify the range of existing blockchain-related offerings, or pivot toward new business lines, many blockchain M&A transactions are being pursued to gain access to skilled talent as well as address a rapidly evolving regulation of digital assets.
A. Driving Growth
After the whipsaw frenzy of 2017, the luster faded and crypto winter washed out those companies unprepared for longer-term stabilization. Many of the companies that weathered the storm have favored M&A as a growth driver.
For example, despite a regulatory framework in flux, Coinbase has thrived and expanded through 16 acquisitions across diverse industries, from digital wallet services to data and analytics (application programming interface) API development. This ingathering of different services and business solutions under a single umbrella has enabled the exchange to tap diverse revenue streams to support its growth into arguably the largest U.S. cryptocurrency exchange, a business scaled up to handle $500 million in trade volume daily. Other major exchanges worldwide, including Kraken and Binance, have taken similar approaches and reaped similar rewards.
B. Broadening the Range of Existing Blockchain-Related Offerings
Despite being a nascent industry, the number of blockchain offerings available for trading and enterprise implementation is manifold. Focusing on digital assets alone, estimates suggest there are anywhere from 6,000 to 9,000 different varieties in circulation at any given time, even excluding crypto derivatives and other more sophisticated instruments.
On the one hand, this demonstrates the relatively short lifecycle of many digital assets. On the other hand, the high volume of new offerings represents a unique opportunity for companies to acquire promising blockchain technology and other intellectual property (IP) that would otherwise be cost‑prohibitive to develop in-house.
Acquisitions by larger players focused on absorbing smaller startups to integrate IP and know‑how into their own platform, known as “bolt-on” or “tuck-in” acquisitions, have become a key part of the playbook in blockchain M&A.
For example, in November 2019, Gemini Trust Company acquired non-fungible token developer Nifty Gateway as a shortcut to developing its own native non-fungible protocols.
C. Pivoting Toward New Business Lines
For most of blockchain’s history, the key players driving its development have not been legacy financial institutions or the tech giants of Silicon Valley.
The froth of the digital asset market in the run up to 2018 and the U.S. federal agencies’ subsequent crack-down spooked many high-end market participants. However, blockchain market participants have since made a concerted effort to comply with often restrictive U.S. federal rules and regulations to normalize this industry. Most significantly, vindication of the industry’s progress came this past July with the decision by the Office of the Comptroller of the Currency to allow national banks and savings associations to hold select digital assets on behalf of their clients. The greenlight for these services may finally allow legacy financial institutions to close their innovation gaps with moves into blockchain M&A.
Outside of the United States, there was some movement in this direction. In August 2018, the Japanese e-commerce giant Rakuten, Inc. acquired the crypto exchange platform Everybody’s Bitcoin for $2.4 million. Rakuten then used that acquisition as its on-ramp for further blockchain partnerships and spot trading services through the end of 2019.
According to a recent market analysis,[iv] the jobs that keep seeing the most demand are for software developers and engineers, and the most in-demand hard skill is blockchain.
However, while it is possible to rely on traditional hiring methods and fill key positions in this market, some companies do not have the luxury of waiting or the patience to wait to assemble a team with a hard-to-find skill set in a piecemeal fashion. Instead, market participants often find that the most expedient solution to staff a specialized team is to “acqui-hire,” i.e., to acquire a company’s shares or assets primarily for its pool of talent, often software developers and engineers who are leaders in their respective areas of expertise and can fast-track the acquirer’s blockchain-enabled applications.
Facebook, for example, made headlines by acqui-hiring Chainspace and Servicefriend in 2019; without the specialized talent influx, the ensuing development of Libra and Calibra (now Novi) may have been significantly delayed.
E. Regulatory‑Driven M&A
As is characteristic in regulated industries, there are a host of registrations, licenses, no-action relief, and other approvals that may need to be obtained prior to expanding operations in new jurisdictions or rolling out a new regulated blockchain-enabled product.
As a result, both U.S. and non-U.S. market participants consider M&A as a tool that enables them to attain advisory and broker-dealer capabilities, offer blockchain-enabled securities, or create an entry point to service U.S. investors seeking to participate in non-U.S. markets, or non‑U.S. investors seeking to participate in the U.S. market, in each case, under the oversight of the relevant regulators.
Coinbase, for example, obtained a broker-dealer license, an alternative trading system license, and a registered investment adviser license through its simultaneously announced acquisitions of Keystone Capital Corp., Venovate Marketplace, Inc., and Digital Wealth LLC in 2018. Similarly, Kraken acquired UK-based Crypto Facilities Ltd, an entity registered with the UK’s Financial Conduct Authority, which allowed Kraken to offer its customers the ability to trade digital asset derivative products beyond the U.S.’s trading‑hour limits and expand its European customer base.
ii. Issues Unique to Blockchain M&A
Structuring and executing an M&A transaction in this highly competitive space can be complex. A combination of challenging valuation, due diligence, and integration hurdles has the potential to put a new spin on what would otherwise be a traditional M&A transaction. As a result, it is critical for market participants to factor into deal analysis and planning the unique issues surrounding a blockchain M&A transaction.
A. Valuation Issues
- Traditional Valuation MethodsValuation of a blockchain target presents a few hurdles that require a nuanced approach.Although an in-depth analysis of issues involving valuation of blockchain companies is beyond the scope of this article, at a high level, investment bankers typically summarize the range of values for a prospective target by drawing on three primary valuation methods: (i) discounted cash flow (DCF) analysis; (ii) comparable companies analysis; and (iii) comparable transactions analysis.Under the DCF analysis method, the theoretical value of a target is the sum of the future stream of free cash flow it is expected to generate, discounted by its cost of capital. However, regardless of the current uncertainties caused by the pandemic, a DCF analysis is generally not recommended for emerging blockchain companies, for there is likely limited predictability of future cash flows and therefore it may be challenging to prepare projections that owe more to hope than reason.A comparable companies analysis (also called “trading multiples,” “peer group analysis,” “equity comps,” or “public market multiples”) compares the target against selected similarly situated companies by looking at multiples of each company against selected benchmarks, typically EBITDA (which is often used for established companies with earnings), and revenues (which is often used for companies that have been able to generate sales, but have not yet reached profitability). Using trailing 12 months of EBITDA or of revenues is generally a reasonable way for acquirers to try to predict future financial performance of a prospective target. However, regardless of the current uncertainties caused by the pandemic, this method may be inadequate where it’s difficult to assess actual comparability or there aren’t enough comparable companies in the same industry or stage of their growth cycle.A comparable transactions analysis is similar to the comparable companies analysis, but the companies used as models are recently acquired companies. However, this method may also be inadequate where there are simply not enough comparables in the data set.As noted above, most transactions in this space are private, and their terms have been kept confidential or are otherwise not material enough to be publicly disclosed; in addition, only a few blockchain targets are public. Therefore, none of the traditional comparable valuation methods may be adequate, helpful, or reliable.
- Alternative Valuation Methods
When traditional avenues of valuation are unreliable, market participants may consider other analyses or metrics. For example, employing the “build v. buy” analysis, under which an acquirer would evaluate the cost and time required to build the target’s technology stack in-house, versus the cost and time to buy the target and employ its skilled employees.
To make things more interesting, several blockchain targets have developed, or in some cases are still developing, novel technologies that are not proven or have not yet been commercialized on a large scale; therefore, a much deeper dive into the underlying technology stack is required. Blockchain, in and of itself, is an umbrella term used to describe a variety of technologies that typically include distributed ledgers, cryptography, and smart contracts. As noted above, the expertise required to evaluate each of these technologies, including, for example, the scalability requirements of a given blockchain-enabled platform, how they interact with one another, or how they could be integrated, is a scarce commodity, and in some cases, finding a pool of talent with the right skill set is the main driver of an acquisition in this space, which makes this process challenging, and potentially quite circular.
Acquiring a blockchain target that also holds digital assets, or paying part or all of the consideration for a target with digital assets, presents additional challenges.
Again, although an in-depth analysis of issues involving valuation of digital assets, including the effects of volatility, market manipulation, forks, and drops, is beyond the scope of this article, at a high level, it is worth noting that, unlike traditional debt and equity securities or commodities, there is not a generally accepted industry method, principle, or guideline for valuing digital assets.
In addition, digital assets are not a homogeneous asset class; they may feature characteristics of securities, commodities, currency units, or a combination thereof. As a result, the valuation analysis applicable to a particular digital asset may involve multiple methods.
Generally, digital assets that have sufficient liquidity and are tradeable on major regulated exchanges may be valued on the basis of the average of the closing day’s spot rate for a given digital asset, as reported by major exchanges and/or industry data sources.
Where no secondary trade pricing exists or liquidity is too low, the valuation of digital assets may be uncertain and influenced by additional factors, such as adoption, market perception, scarcity, expectations of future demand, supply and utility, the results of operations of the issuer, and other macro-economic factors.
While lawyers should understand the foundational concepts of valuation in this space, market participants understand that investment bankers typically perform this work. Even though most investment bankers tend to focus on later-stage companies, where the deal size is generally larger to justify their fees, there are a host of experienced financial professionals who can assist with the valuation process and the negotiation of many other financial terms, which can increase the chances of a successful deal.
B. Due Diligence
Blockchain targets often present a host of complex legal issues. Accordingly, legal due diligence has taken on increased importance in this space.
In addition, blockchain companies often operate in markets that span national borders. Therefore, due diligence investigations should take into account the target’s potential plurality of legal regimes, local norms, and practices applicable to it.
While this article is not meant to address all of the legal due diligence issues that may arise in a blockchain M&A transaction, the following are key issues worth considering in this space.[v]
- U.S. Federal Securities Laws ConsiderationsWith over $31 billion raised via sales of digital assets since 2013, and over 6,678 digital assets in circulation with a combined market capitalization of approximately $360 billion,[vi] it should not be surprising that offerings of digital assets (also known as “token offerings,” “initial token offerings,” “token launches,” “token sales,” “initial coin offerings,” or “ICOs”) have become a popular fundraising tool for blockchain companies.Many blockchain startups launched these offerings from both U.S. and non-U.S. jurisdictions, with some taking the ill-advised position that, for as long as the digital assets being offered were not securities under the laws of the jurisdiction of issuance, there was no need to consider whether such assets constituted securities in the jurisdiction(s) in which they were purchased or may have been purchased.However, in 2017, the U.S. Securities and Exchange Commission (SEC) clarified that U.S. securities laws do apply when digital assets that qualify as securities are marketed or sold to U.S. persons, regardless of the issuer’s location.[vii]As a result, in order for most, if not all, blockchain companies to offer digital assets to U.S. investors in capital‑raising transactions, issuers should have, and still should, either: (i) register(ed) the sale of their tokens under Section 5 of the Securities Act of 1933 (the “Securities Act”) by filing a registration statement, such as on Form S-1 or F-1, with the SEC; or (ii) rely(ied) on an exemption from the registration requirements of the Securities Act, such as Regulation CF, Regulation A and Regulation D. When a target relied on such an exemption, review of the documentation of the target’s efforts to comply with the exemption can prove useful in the event of later SEC scrutiny.In addition, some market participants may have not immediately realized that only digital assets that are not treated as securities—such as bitcoin and ether—can trade freely on cryptocurrency exchanges; however, to the extent it is treated as a security, and is not registered under the Securities Act, a digital asset would be treated as a restricted security, and therefore any sale of such digital asset (i.e., any “secondary sale”) must also be in compliance with similar securities laws and regulations and be transferred from the holder to another person pursuant to an exception or exemption.Although this basic requirement for secondary sales is similar to the requirement applicable to the initial issuer—i.e., the sale must either be registered or made pursuant to an exemption—the exemptions available for secondary sales and primary sales differ.
In the context of offerings of stock and other traditional securities, these rules tend to be well understood and have been systematized, but they have not been always adequately implemented and respected by many market participants. [viii]
Issuers of digital assets who have either engaged in what could be deemed to be an unregistered offering, including by virtue of failing to qualify for an exemption from registration, can consider self-reporting to the SEC, cooperating with the SEC staff during any inquiry or investigation, and the voluntary adoption of remedial measures. Outside the digital asset space, the SEC has settled matters in which cooperation substantially mitigated the sanctions, including that civil penalties were not imposed.
If a blockchain target failed to comply with securities rules and regulations that apply to initial and secondary sales of digital assets, the target may be subject to private securities class actions seeking rescission and damages as well as enforcement actions by U.S. federal and state and/or non-U.S. securities regulators, which may result, and in some cases have resulted, in fines, injunctions, and jail time in connection with potential related criminal proceedings.
- Commodities Regulation ConsiderationsDigital assets are not a homogeneous asset class; they may feature characteristics of securities, but also commodities, currency units, or a combination thereof. As a result, the legal analysis relating to a particular digital asset should not be limited to whether securities law are applicable, but instead include multiple regulatory regimes.Indeed, a potential acquirer should be mindful that cryptocurrencies, whether or not determined to be securities, are treated as commodities (akin to precious metals or physical assets) by the U.S. Commodity Futures Trading Commission (CFTC), which takes the position that all varieties of cryptocurrencies are commodities for purposes of the Commodity Exchange Act.[ix]Since cryptocurrencies are deemed to be commodities, the CFTC has jurisdiction over margined or leveraged transactions in cryptocurrencies that involve “retail” investors (called non-eligible contract participants). Perhaps more importantly, however, by virtue of being deemed a commodity, cryptocurrency transactions imbue the CFTC with anti-fraud and anti-manipulation authority.As a result, even when securities law anti-fraud and anti-manipulation authority does not reach a particular transaction, commodities law authority does, and a potential acquirer should make sure to conduct a thorough analysis to avoid inheriting potential liabilities or having to address potential pitfalls post-closing.
- Federal and State Money Transmission ConsiderationsIn general, unless otherwise exempt, a license is required to engage in the “business of money transmission”—i.e., to receive and transmit money—under the money transmission laws of each U.S. state in which a person has customers. Separately, a person who is engaged in money transmission activity will generally also be deemed a “money services business” (MSB) under the federal Bank Secrecy Act (BSA), and, as a result, is subject to a registration requirement and related anti-money laundering (AML) compliance program requirements, which are further addressed below.The Financial Crimes Enforcement Network (“FinCEN”), which implements the BSA, has affirmed through guidance that certain activities involving virtual currency—including receiving and transmitting the same—are subject to the BSA requirements (even in cases in which the activity may not be subject to money transmission licensing in a particular state or states). The BSA also operates to reinforce compliance with state money transmission laws by making it a federal felony to engage in money transmission in a state without a required state money transmission license in that state.[x]FinCEN has issued extensive guidance on virtual currency activities that constitute MSB activities subjecting a person to the BSA. This guidance establishes that FinCEN interprets its regulations to apply to persons that are administrators or exchangers of virtual currency, as “money transmitters.” An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency. An administrator is a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency. An administrator or exchanger that (1) accepts and transmits a convertible virtual currency or (2) buys or sells convertible virtual currency for any reason would be a money transmitter under FinCEN’s regulations, unless a limitation to or exemption from the definition applies to the person.[xi] Accordingly, the applicability of the BSA to a person’s activities involving virtual currency is a fact specific inquiry that must be addressed on a case-by-case basis.Acquirers should be mindful of the fact that some states have interpreted their money transmitter licensing regimes as being applicable to certain activities involving virtual currency, and a number of state money transmission statutes and regulations have been amended to address the regulation of virtual currency. Furthermore, even a state that has not established a formal, public position could conclude that virtual currency activity is covered by the money transmission law. While a state-by-state analysis is beyond the scope of this article, market participants should analyze the potential applicability to any particular virtual currency activity of state money transmission licensing laws, as well any guidance, interpretations, enforcement actions or other rulings pertaining to state regulatory approaches to virtual currency activity in order to assess whether the current or contemplated activity of the target would constitute regulated money transmission activity, or require licenses under such laws. [xii]What constitutes unlicensed state money transmission activity involving bitcoin was at the heart of a recent federal district court ruling in a criminal AML case suggesting that the transmission of virtual currency on behalf of another person requires a state money transmission license—even if the state’s money transmission law does not expressly address the regulation of virtual currency.[xiii]Even though this case arises out of significant allegations of criminal AML activity, the court’s interpretation of relevant laws appears to suggest a default assumption that money transmission licenses are required to receive and transmit virtual currency. In addition, the ruling appears to suggest that other activity involving receiving and transmitting money—even if not historically subject to regulation under state money transmitter licensing laws—could be deemed to constitute engaging in unlicensed money transmission activity in the absence of a formal state interpretation to the contrary.
This interpretation has the potential to significantly disrupt current compliance approaches taken by some organizations engaging in virtual currency activity and could make challenging regulatory due diligence even tougher to perform.
Acquirers should be mindful of the fact that, under federal laws, anyone who knowingly conducts, controls, manages, supervises, directs, or owns all or part of an unlicensed money transmitting business could be fined or imprisoned for up to five years.
Finally, it is worth noting that, contrary to the approach suggested by some market participants, it is not sufficient to locate a business offshore in order to avoid U.S. federal registration and related requirements or U.S. state licensing requirements. In particular, with regard to the registration requirement and related AML compliance program requirements, the FinCEN regulations apply to an MSB “wherever located doing business, whether or not on a regular basis or as an organized or licensed business concern, wholly or in substantial part within the United States” and “includes but is not limited to maintenance of any agent, agency, branch, or office within the United States.”[xiv] On July 26, 2017, FinCEN, working in coordination with the U.S. Attorney’s Office for the Northern District of California, found that BTC-e, also known as Canton Business Corporation, an Internet-based, Russian-located money transmitter that facilitates the purchase and sale of fiat currency and convertible virtual currency, willfully violated U.S. AML laws.[xv] As a result, FinCEN assessed (1) a $110,003,314 civil money penalty against BTC-e and (2) a $12 million civil monetary penalty against BTC-e’s owner and operator, Alexander Vinnik, a Russian national, who was arrested in Greece on July 25, 2017. It is worth noting that this was the first time FinCEN had conducted an action against a foreign money transmitter that is doing business in the United States. FinCEN asserted jurisdiction over BTC-e because a substantial part of its business was with customers in the United States, and some of the servers that participated in the processing of BTC-e’s transactions were located in the United States.
- U.S. Anti-money Laundering ConsiderationsUnder the BSA and its implementing regulations issued by FinCEN, a money transmitter engaging in virtual currency activity (or any other activity) that is deemed to be an MSB is required to (a) register as an MSB with FinCEN; (b) establish and maintain an effective AML program that is “reasonably designed to prevent the [MSB] from being used to facilitate money laundering and the financing of terrorist activities”; and (c) comply with certain recordkeeping and reporting requirements—including suspicious activity reports (SARs) and currency transaction reports (CTRs).Generally, an MSB’s BSA/AML program must be in writing and commensurate with the company’s specific risk profile, i.e., the program must be risk-based and cannot be an off‑the‑shelf solution. At a minimum, an MSB’s BSA/AML program must have the following four components or pillars:
- Policies, procedures, and internal controls that are reasonably designed to assure ongoing compliance with the BSA, in particular with regard to: (a) verifying customer identification; (b) filing reports; (c) creating and retaining records; and (d) responding to law enforcement requests;
- Designation of a person that is responsible for the MSB’s BSA/AML program (a “BSA Officer”);
- Provide adequate BSA/AML-related training to all appropriate personnel; and
- Conduct independent (internal or external) testing.
Although not (yet) required by law (but often requested by their banks), many MSBs also establish and implement policies and procedures specifically addressing the identification and verification of beneficial owners of legal entity customers.
An MSB that violates the registration requirement and BSA/AML program requirements can face enforcement actions from regulators or law enforcement agencies, which may include severe monetary penalties. In addition, engaging in, or aiding and abetting, money laundering is a criminal offense under the U.S. Money Laundering Control Act (MLCA) that is punishable by a maximum of 20 years in prison and fines up to $500,000 or twice the amount of the transaction involved, whichever is greater. The MLCA applies to all persons and businesses in the United States as well as to persons and businesses in other countries if at least one part of a transaction is executed in the United States.
It is therefore of utmost importance for an acquirer of a business with virtual currency activities to conduct a thorough AML due diligence in order to determine (a) whether the target is an MSB that is required to register with FinCEN and have an BSA/AML program; and, if yes, (b) whether such program is effective, adequate, and appropriate. We note that there may be additional state legal requirements with regard to an MSB’s BSA/AML compliance program. For example, the New York State Department of Financial Services’ (NYDFS) so-called Part 504 requirements, which provide for minimum standards for transaction monitoring and filtering programs and an annual compliance certification requirement for money transmitters that are licensed by the NYDFS.
Although the above addresses the U.S. legal requirements, many jurisdictions have similar statutory and regulatory frameworks in place, and the following principles generally apply, and should be considered, for transactions involving foreign virtual money transmitters as well.
As with any due diligence, the scope and thoroughness of an AML due diligence should be risk‑based. However, at a minimum, an acquirer should review, assess, and understand:
- The target’s risk assessment, in particular the specific risks with regard to customers and clients, products and services, and geographic locations;
- All AML-related policies and procedures, including with regard to “know your customer” (KYC), customer due diligence/enhanced due diligence, transaction monitoring and SAR filings, other reporting and recordkeeping requirements, and others;
- Independent testing reports and related management responses;
- Training materials; and
- Structure of the target’s BSA/AML compliance department and the BSA Officer’s roles and responsibilities.
Further, an acquirer should be mindful to include strong AML-related representations and warranties in any agreement. For effectiveness and efficiency’s sake, an acquirer may want to consider combining the AML and sanctions due diligences and closely coordinating these activities.
Considering the legal and reputational risks for being associated with, or being involved in, (alleged) money laundering and terrorist financing activities, an acquirer should also strongly consider conducting at least a limited AML due diligence for any blockchain M&A transaction, even if the target is not directly involved in virtual currency and/or money transmitter activities.
5. Sanctions Considerations
Sanctions refer to legal restrictions governments impose on transactions with specific persons or entire jurisdictions (i.e., embargos). U.S. sanctions are generally strict liability and carry steep fines (for most violations, the greater of approximately $300,000 or twice the value of the transaction). This creates significant risk for companies that operate in the blockchain space since digital assets may facilitate anonymous or pseudonymous transactions such that blockchain participants could unwittingly engage in transactions prohibited by sanctions.
A number of U.S. sanctions targets, most notably, Iran, North Korea, Russia, and Venezuela, have attempted to use blockchain technology to either circumvent U.S. sanctions or engage in malign activity that U.S. sanctions target.
It is then no surprise that the Office of Foreign Assets Control (OFAC), the U.S. agency primarily responsible for implementing and enforcing U.S. sanctions, has taken an interest in blockchain-related transactions. In November 2018, OFAC sanctioned two Iranian individuals who helped exchange ransom payments from bitcoin to Iranian rials. As part of this action, and for the first time, OFAC added bitcoin wallet addresses to its List of Specially Designated Nationals and Blocked Persons (the “SDN List”). OFAC has since taken other blockchain‑related actions against sanctions targets in Russia and Venezuela who attempted to use a Venezuelan state-sponsored cryptocurrency to circumvent U.S. sanctions against Venezuela.
To avoid the steep fines that come with sanctions violations (and potential reputational risk), acquirer due diligence on targets that develop or use blockchain technology should include a close review of any sanctions controls the target has in place. At a minimum, these should include a process to collect identifying information on blockchain participants, which could include IP address country and screening that information against the SDN List. The target should have IP blocking in place to automatically prevent blockchain participants from facilitating transactions whose IP addresses identify them as located in sanctioned jurisdictions. Additional controls to look for include permissioned blockchains that condition participation on users providing information about their off-chain identities (that can then be screened against the SDN List), or smart contracts that halt transactions when users add sanctions keywords to transaction data such as “Iran” or “Cuba.”
When targets lack appropriate controls to mitigate sanctions risk, acquirers should add indemnifications to purchase agreements that last at least five years to mitigate the risk of undiscovered sanctions violations cropping up after purchase.
6. 1940 Act Considerations
The Investment Company Act of 1940, as amended (the “1940 Act”), imposes a strict regulatory regime on investment companies that are required to register under the 1940 Act.
An investment company is defined in Section 3 of the 1940 Act, in relevant part, as an issuer primarily engaged in investing in securities or as an issuer that invests or holds 40% or more of its total assets (excluding cash and U.S. government securities) in “investment securities.”
Since many blockchain companies hold digital assets that likely would be deemed securities, it is critical to conduct an investment company analysis to determine whether the proposed target is subject to regulation under the 1940 Act.
To operate in the United States, an investment company must either register as such with the SEC, or fall within an exception or exemption from registration. A non-U.S. investment company cannot register with the SEC without obtaining exemptive relief, which the SEC infrequently provides.
Nevertheless, a non-U.S. investment company could issue securities tokens pursuant to investment company exceptions for issuers that engage in private offerings in the United States either (1) to fewer than 100 U.S. “accredited investors” or (2) solely to U.S. investors that are “qualified purchasers.”
It is important to remember that an entity that illegally operates as an investment company in the United States is subject to draconian penalties, including the voidability of all contracts.
7. IP Rights Considerations
While blockchain-related M&A transactions are relatively new in the M&A landscape, IP rights considerations are simply variations on standard themes. An acquirer of a blockchain target may, however, find additional potential risks, including those related to a more pronounced reliance on open source software, and a greater likelihood of a target being subject to patent litigation claims. The following are a sampling of IP rights considerations that should be kept in mind when performing IP due diligence of a blockchain target.
A threshold concern when acquiring any IP right is ownership. An acquirer should consider conducting searches of registered IP to establish ownership, applicable jurisdictions in which registrations have been secured, and the periods during which such registrations will remain in effect.
As blockchain technology often includes open source software, the license terms of such software may impact an acquirer’s assessed value of, and ability to exploit, the technology. An acquirer may wish to assess whether open source software is included in the target’s software. A careful review of applicable license terms may be warranted, since open source licenses vary from permitting licensees a broad right to use, modify, and distribute software that is based on open source software, to a more restrictive “copyleft” license that requires the source code of any software based on open source software to be redistributed at no cost.
Acquirers should also confirm chain of title with respect to IP rights, whether registered or not, by confirming that the target has put in place a practice of having all employees, independent contractors, and consultants enter into robust proprietary information and inventions assignment agreements whereby the employees, independent contractors, and consultants are not only obligated to keep all company proprietary information confidential, but agree that whatever they develop, invent, discover, or create during the course of their employment or engagement is owned by the target. Acquirers should also consider whether the target has followed best practices such as fairly compensating patent owners for their innovations or entering into such arrangements as a patent pool.
Lastly, blockchain-related patents are on the rise not only due to companies investing in their own blockchain-related solutions, but also due to non-practicing entities acquiring blockchain‑related patents; as a result, companies developing blockchain technology may face a greater number of patent infringement claims than other targets engaged in more conventional businesses. Accordingly, extensive patent due diligence and freedom-to-operate analyses may be advisable.
8. Privacy and Cybersecurity Considerations
Unlike IP considerations, using a blockchain in a business model presents novel privacy issues. This is certainly the case when personal information about natural persons is processed on the blockchain, but it is also the case when personal information is stored off‑chain but associated with, or linked to from, the chain and even when the information on the chain is not about consumers, but rather about individual business users who are using the blockchain application for business use. Even a user’s public-private encryption key associated with their identity is covered by many data protection laws.
Data protection laws around the globe impose requirements and restrictions on processing personal information about individuals, whether they are acting as retail consumers or representatives of businesses. For example, under some laws, called data export restrictions, personal information may only be exported from one country to another if certain conditions are met. This is a challenge for a global blockchain application in which the data is housed and duplicated all over the world. If the blockchain application is private, the data export requirement can be met by including certain terms in the contract between the participants. Similar laws, called data location laws, require that the “master” copy of data be housed in a particular country, even if it may also be stored elsewhere. This poses another challenge for a blockchain application where there is no one true “master” copy.
Data protection laws often also give individuals various rights with regard to companies’ use of their data. Sometimes, laws require that individual consent be obtained in order for their data to be used. In a blockchain model, this would require the individual to agree, electronically, to a data agreement before their personal information can be processed on the chain. In some cases, there is no opportunity to obtain this consent directly from the individual, so the participants in the blockchain have to rely on a contractual representation from other participants that they obtained the required consents.
These laws also give individuals the right to request that businesses delete or correct their personal information. Due to the immutable nature of blockchain data, deleting and making changes to data that is stored on the chain is impossible or practically impossible. Therefore, business models that use blockchain must find other ways to honor these requests, such as, possibly, by all participants disposing of a decryption key or by adding a corrective annotation to the data that the individual requested to correct.
Many of these challenges can be avoided by storing personal information off-chain instead of on‑chain, and some can be managed by using a private blockchain instead of a public blockchain, so that all participants can agree contractually to the rules of the road for the use of personal information in the blockchain businesses.
9. CFIUS Considerations
An increasingly powerful force that non-U.S. acquirers and U.S. targets (including U.S. subsidiaries and branches of non-U.S. companies) ignore at their peril is the U.S. Committee on Foreign Investment in the United States (CFIUS).
CFIUS is an interagency committee of the U.S. government that reviews certain prospective transactions involving a U.S. businesses by a non-U.S. person to determine, and potentially mitigate, the effect of such transactions on the national security of the United States, including by addressing any risks associated with the transfer of technology, sensitive personal data, and other resources outside of the United States.
Under the recent regulations implementing the Foreign Investment Risk Review Modernization Act of 2018, CFIUS has the authority to review not only transactions through which a non-U.S. person could gain “control” of a U.S. business, but also certain non-controlling investments in U.S. businesses involving critical technologies, critical infrastructure, or sensitive personal data (so‑called TID businesses).
The definition of “critical technologies” includes, among other things, the currently undefined category of “emerging technologies,” which likely will comprise blockchain technology, among others (other examples include artificial intelligence, quantum computing, robotics, and data analytics).
In addition, a U.S. blockchain target that performs critical infrastructure functions, including by providing Internet protocol networks and exchange points, data centers, and core processing services for financial institutions, telecom, energy, or utility companies, may also fall within CFIUS’s heightened scrutiny on non-controlling investments.
Finally, CFIUS may also review certain transactions involving a U.S. blockchain target to the extent it maintains or collects sensitive personal data of U.S. citizens, including financial, geolocation, and health data.
Under relevant statutes and regulations,[xvi] the president of the United States is authorized to block or unwind acquisitions of, or investments in, U.S. companies by non-U.S. persons when, in the president’s view, such transactions threaten the national security of the United States and the threat cannot otherwise be mitigated. In addition, contrary to CFIUS’s long-standing history as a purely voluntary process, certain transactions by non-U.S. persons involving a U.S. TID business are now subject to a mandatory review by CFIUS.
Failure to notify CFIUS of a transaction subject to mandatory filing can result in civil penalties up to the value of the transaction.
In recent years, CFIUS has focused on a substantial number of deals involving non-U.S. acquirers, including British, Canadian, Chinese, and Japanese acquirers. This activity included forcing post-consummation divestitures of Grindr and PatientsLikeMe by two Chinese companies, due to concerns regarding alleged vulnerabilities in cybersecurity and access to sensitive personal data, blocking the takeover of Qualcomm by a Singapore company (before the deal was actually signed), allegedly due to concerns regarding the Singapore company’s potential ability to limit Qualcomm’s participation and continued advancement of the 5G market, and causing parties to abandon the acquisition of another large U.S. company by a Chinese acquirer, allegedly due to concerns over money laundering and potential threats to the U.S. financial system.
As a result, it is more critical than ever for deal‑makers to closely assess the CFIUS risk profile of a blockchain target, and consider whether they must notify CFIUS or, if not, whether they should voluntarily notify CFIUS and to seek pre-closing “clearance,” i.e., formal confirmation that there are no unresolved national security concerns.
CFIUS-related risk is generally addressed by requiring representations, covenants and a closing condition tied to a successful outcome of the CFIUS review process, and sometimes by including a reverse break fee in the event that the outcome of the CFIUS review process prevents completion of the transaction. Moreover, where the CFIUS risk is high, U.S. targets may consider requesting that the non-U.S. acquirer deposit the amount of the reverse break fee into a U.S. escrow account in U.S. dollars. Non-U.S. acquirers may also consider purchasing CFIUS-risk insurance to cover payment of the reverse break fee, plus other broken deal costs, such as attorneys’ fees, investment banking fees, financing costs, and other due diligence expenses, at a cost of approximately 10% to 15% of the reverse break fee.
10. Tax Considerations
Tax due diligence is an important aspect of every M&A deal. All M&A deals should include an analysis of the tax implications at the U.S. federal, U.S. state and local, and international levels. M&A deals involving targets with digital assets require the same due diligence considerations as deals involving targets with more traditional assets. However, M&A deals involving targets with digital assets may have another level of complexity and require additional scrutiny due to the fast moving pace of the industry. As new and innovative digital assets continue to emerge, taxing authorities have struggled to keep up, which has resulted in a lack of uniformity in reporting and record keeping.
For example, for U.S. tax purposes, the Internal Revenue Service has taken the general position that digital assets are treated as property (and, specifically, not as currency, regardless of how the assets may be treated by other governmental authorities). Therefore, tax due diligence applicable to property may broadly be applied and should include an analysis to confirm that the target has been properly reporting and sourcing receipts arising from the digital assets in all jurisdictions (U.S. and international) that may assert taxing nexus.
However, there are often gaps in record keeping of digital assets that may result in difficulties about determining even threshold considerations, such as the property’s basis. Digital assets are also notoriously difficult to value. Further, it is often difficult to classify the receipts generated from the holding and selling of digital assets. Typically, attempts to classify such receipts require an analogy to more traditional intangible property. But digital assets do not always have straightforward analogous traditional counterparts. Digital assets may have characteristics of several categories of traditional intangible property, or may have no analogous counterpart at all.
Depending on how a particular digital asset is classified, consideration should also be given to potential depreciation and if the target has been properly depreciating the asset and in the appropriate jurisdiction. For example, under the 2017 Tax Cuts and Jobs Act, tech companies have generally not been able to obtain the benefits of the 100% expensing in connection with asset acquisitions, given that qualifying assets generally include only tangible asset classes and do not include intangible assets. Also, if one or more of the target’s digital assets may be considered a capital asset, attention should be given to the holding period of that asset(s), which, along with other considerations, may inform if the transaction should be structured as an asset purchase (which generally would start new holding periods) or a stock purchase (which generally would preserve the holding periods).
Finally, depending on the structure of the transaction and the classification of the digital assets, acquirers should be aware of potential transfer tax liabilities that may arise as a result of the deal.
III. Blockchain Integration
Unique hurdles relate not only to valuation and due diligence but also to the post-closing integration phase, which is often the most critical measure of long-term M&A success, so critical that acquirers often consider the first quarter(s) after closing a predictor of the likelihood of success of the overall transaction.
Serial acquirers often have a well-established integration process; however, no two integration programs are exactly alike, and the integration of fast-growing blockchain companies often requires reshaping traditional strategies that allow the target to maintain some autonomy but also actively participate in the integration process.
Integration planning should be carefully analyzed ahead of time since its implementation may require time-consuming tasks, including addressing multiple cultures, languages, business practices, and processes, social and political landscapes, legal frameworks, and approvals of local regulatory authorities.
In practice, we note that parties to a blockchain-related M&A transaction often meticulously focus on three main integration-related hurdles: the technology stack, culture, and legal compliance.
A. Hurdles to Technological Integration
Typically, technology integration is the most challenging and costly element of any blockchain M&A deal.
As a relatively novel technology, blockchain has not undergone the standardization procedures that might lead to widespread adoption of one or two universal technical standards. Currently, several developers are competing for their blockchain standard to come out on top; in the meantime, virtually none of the blockchains or services built on top of them are able to communicate with one another. Decentralized and public blockchains are particularly vulnerable, and developers often have to expend valuable resources to make their services accessible across different blockchains.
For companies considering a blockchain enterprise solution, these different technologies’ inability to communicate with one another or with more centralized legacy software could significantly diminish a transaction’s long term value and overall success. Until the blockchain industry (and its many consortia) settle on a single technical standard or interoperability solution, careful consideration of how a newly acquired blockchain technology will integrate into an existing technology stack may remain a significant hurdle, particularly for new entrants into the blockchain market.
Therefore, both acquirers and targets should consider including their respective IT experts in the due diligence process and make sure they analyze the costs and practical realities related to effectively retrofitting a blockchain-enabled technology into the acquirer’s IT infrastructure. At least at some level, while developers work with operations and finance experts to develop a long term, comprehensive integration plan, maintaining separate operating systems might be the preferable choice.
In addition, in anticipation of a blockchain acquisition, acquirers should consider developing a flexible IT infrastructure that allows, among other things, to effortlessly migrate new data gained from the target. However, there may still be incompatibilities between the existing IT systems or back-office support systems that adversely impact data migration. Adopting temporary workarounds, including operating duplicate systems during a transitional period, may make good business sense, at least in the beginning. Finally, existing servers may not have the capacity to handle the combined businesses, and upgrades or additional investment in relevant equipment may be required.
B. Hurdles to Cultural Integration
Navigating the issues surrounding compensation and benefits is always a sensitive consideration in any M&A deal. However, while parties tend to see value in capitalizing on each other’s strengths, what they often overlook, to their detriment, is to what extent there is cultural compatibility or lack thereof, which is especially critical when they operate in different industries (i.e., tech and non-tech). What at first glance may often appear to be cultural alignment in mission can quickly devolve into profound operational and ideological clashes that can affect the abilities of the different stakeholders to efficiently collaborate post-closing and the overall success of the integration strategy.
As an example, acquirers not familiar with the unique history of blockchain should be aware that many blockchain startups, particularly those working closer to decentralized public blockchains, feature an agile culture where employees are encouraged to put forward new ideas and are generally accustomed to rapid change, ambiguities, and risk in order to drive innovation. Most blockchain teams do not necessarily view the top-down decision making, structural controls, discipline, well-defined processes, or the reassuring predictability of legacy companies as ideal or consistent with their ethos. Moreover, it is no secret that skilled employees are in demand; most of them are often millennials who are passionate about creating technology with social impact and expect to continue learning “on the job” in a collaborative environment while retaining autonomy and access to the latest tools and technologies. Eliminating seemingly unnecessary perks, such as a token incentive plan, ample bandwidth to choose non-traditional titles, or even unlimited kombucha on tap, or adding an additional layer of bureaucracy could negatively impact the employees’ morale and overall productivity, disrupt the creative spirit that made the target succeed, and, in the worst but not uncommon scenario, push talented people to look for greener pastures.
While the intention of making changes is often meant to create uniformity and reconcile cultural differences, the integration team should consider leaving certain customs intact or staggering the timing of any changes while providing clear communication, i.e., explain why some changes are necessary and ought to be implemented (as opposed to just saying “this is the way we do things around here”) and allow employees to voice any concerns or suggestions.
Most importantly, both acquirers and targets should conduct a cultural assessment as part of their due diligence ahead of time; it is crucial to identify any potential threats posed by differing cultures. Parties should also be prepared to negotiate certain aspects of their culture by identifying areas where a bit more structure would likely not hurt, and somewhat looser features may likely be welcome, and then continually reevaluate their original integration strategy.
C. Hurdles to Legal Compliance
While many critical issues regarding the integration of blockchain technology are often left to IT, HR, and business specialists, outside legal counsel should add value with respect to a few critical issues and otherwise oversee the integration process alongside in-house counsel.
Successful integration begins with legal due diligence. While outside counsel is often asked to focus on certain substantive areas that may affect valuation or the negotiation of the representations and warranties set forth in the purchase or merger agreement, counsel should also evaluate the integration plan from a legal compliance perspective in order to address any needs for remediation post closing. Particularly in cross-border transactions, parties to a blockchain M&A deal should involve appropriate specialists as early in the process as possible to ensure compliance with all applicable laws and regulations.
For example, according to the Federal Trade Commission, “one company’s purchase of another doesn’t nullify the privacy promises made when the data was first collected”.[xvii] As a result, in the event a blockchain target’s privacy and data security policies exceed or are otherwise more robust than the acquirer’s, then the acquirer may need to: (i) comply with the target’s applicable policies and continue to handle data as promised when the target collected it; or (ii) segregate the data.
In addition, data migration plans may be affected by a myriad of applicable laws, particularly in cross-border deals; therefore, counsel should analyze any privacy restrictions that may limit the sharing or transfer of data and work with local counsel.
Acquirers should also keep in mind that software licenses may include provisions that limit the number of users, which could be breached due to the transaction or by increased users after the transaction.
Finally, depending on the nature of the blockchain target, and whether any aspects of its business are regulated, the acquirer and the target may be required to obtain, renew, or modify permits or licenses in various jurisdictions. Therefore, details of any activities that may be limited or restricted pending receipt of such regulatory permits or licenses should also be included in the integration plan and closely monitored.
Reaping the Rewards
2020 has been the year of normalization for blockchain technology: the valuations have generally stabilized, the deal flow has remained virtually steady, and the enterprise use cases have become more apposite than ever.
For deal makers seeking to create synergies, drive growth, or enter new markets in uncertain times, blockchain M&A may be the answer; with expert deal analysis and proper planning, any strategic and financial acquirer has the opportunity to employ M&A and become the next link in the evolution of blockchain.
The views expressed in this article are solely of the author and do not necessarily represent the policies or views of Morrison & Foerster LLP or any of its partners.
The author would like to thank the invaluable contributions of Susan Gault-Brown, Michael G. O’Bryan, Charles L. Capito, Marc-Alain Galeazzi, Vivian L. Hanson, Kristen J. Mathews, Sean Ruff, John E. Smith, Rebecca M. Balinskas, Panagiotis (Aki) C. Bayz, Edward L. Froelich, Adam J. Fleisher, Joan Kim, Lee Adam Nisson and Kristofer G. Readling. It takes a village!
[i] In this article, we generally refer to “M&A” to include partnerships, joint ventures, mergers and acquisitions, and other strategic and private equity transactions.
[ii] See Research.Tokendata.io.
[iii] In this article, we generally refer to “digital assets” to include cryptocurrencies, security tokens, decentralized application tokens, protocol tokens, and other similar blockchain-enabled instruments, the ownership and/or transmission of which is recorded or verified by a distributed ledger (including a “blockchain” or directed acyclic graph) or other similar technology. We note, however, that market participants generally refer to: (i) “cryptocurrencies” to mean a digital representation of value that functions as a medium of exchange, a unit of account, or a store of value, which is generally used as a substitute for fiat currencies as a means of paying for goods or services or transferring value, and is not meant to be a “security,” as such term is defined under U.S. federal securities laws (bitcoin and ether are examples of such cryptocurrencies); and (ii) “security tokens” to mean broadly blockchain-enabled assets that fall within the definition of a security under U.S. federal securities laws.
[iv] See The Most In-demand Jobs: Where the Opportunity Is Now, available at https://blog.linkedin.com/2020/may/june/18/the-most-in-demand-jobs-where-the-opportunity-is-now.
[v] Here, we focus on diligence of legal issues more prominent among blockchain companies generally; however, acquirers will also need to consider more company-specific issues, including issues relating to specific assets and actual or potential liabilities, including stockholder issues and employment and contractor related liabilities, employee benefits, and the blockchain company’s contracts.
[vi] See ConMarketCap.com.
[vii] In addition, in April 2019, the SEC’s Strategic Hub for Innovation and Financial Technology (FinHub) published additional informal guidance, titled “Framework for ‘Investment Contract’ Analysis of Digital Assets,” which provides analytical tools for determining whether a digital asset is a security based on an analysis of whether the asset is an “investment contract,” as that term was first used by the Supreme Court of the United States in SEC v. Howey, 328 U.S. 293 (1946).
[viii] In addition, in April 2019, the SEC’s Strategic Hub for Innovation and Financial Technology (FinHub) published additional informal guidance, titled “Framework for ‘Investment Contract’ Analysis of Digital Assets”, which provides analytical tools for determining whether a digital asset is a security based on an analysis of whether the asset is an “investment contract”, as that term was first used by the Supreme Court of the United States in SEC v. Howey, 328 U.S. 293 (1946).
[ix] The term “commodity,” defined in Section 1a(9) of the Commodity Exchange Act, is extremely broad, covering everything from physical commodities to “services, rights, and interests,” which the CFTC believes includes cryptocurrencies, and are therefore subject to the CFTC’s jurisdiction.
[x] See 18 U.S.C. § 1960(b)(1)(B).
[xi] See FIN-2013-G001, Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (March 18, 2013).
[xii] State money transmission licensing laws generally define regulated activity broadly to include “receiving money for transmission” and many state statutes define “money” to include “monetary value.” Any state that has to date not established a formal position with respect to the regulation of virtual currency activity could: (1) deem the receipt, holding, or transfer of fiat currency in connection with virtual currency activity (such as facilitating a virtual currency exchange platform) to constitute money transmission subject to regulation in its own right; and (2) deem virtual currency activity itself to be subject to regulation in a manner similar to activity involving fiat currency, such as receiving and transmitting virtual currency.
[xiii] See U.S. v. Harmon, Case 1:19-cr-00395-BAH (D.D.C. Jul. 24, 2020).
[xiv] See 31 CFR § 1010.100(ff)(5).
[xv] See In the Matter of BTC-E, NO. 2017-3, at 2 (Jul. 27, 2017), available at https://www.fincen.gov/sites/default/files/enforcement_action/2017-07-26/Assessment%20for%20BTCeVinnik%20FINAL%20SignDate%2007.26.17.pdf.
[xvi] See 31 CFR Part 800.
[xvii] See Mergers and privacy promises, available at https://www.ftc.gov/news-events/blogs/business-blog/2015/03/mergers-privacy-promises.