On Sept. 1, 2011, one week after being released by the Ministry of Commerce (“MOFCOM”), the Provisions of the Ministry of Commerce on the Implementation of the Security Review System for Mergers and Acquisitions of Domestic Enterprises by Foreign Investors (“Security Review Provisions”) took effect. The Security Review Provisions replace the Interim Provisions of the Ministry of Commerce on Issues Related to the Implementation of the Security Review System for Mergers and Acquisitions of Domestic Enterprises by Foreign Investors (“Interim Security Review Provisions”), issued by MOFCOM on March 4, 2011 and effective during the period from March 5, 2011 to Aug. 31, 2011.

The Interim Security Review Provisions were issued to provide implementing rules for the Notice of the General Office of the State Council on Launching the Security Review System for Mergers and Acquisitions of Domestic Enterprises by Foreign Investors (“Security Review Notice”), which was promulgated by the General Office of the State Council on Feb. 3, 2011, and became effective on March 3, 2011. The Security Review Notice defined the scope and content of security review, and provided general procedures for security review.

While most of the provisions (e.g. security review procedures and the required documents, etc.) in the Security Review Provisions remain the same as those in the Interim Security Review Provisions, some provisions regarding pre-review consultation, prohibition of avoidance of the security review, post-transaction review, and confidentiality, etc., are new.

1. Procedures of Security Review

An applicant can directly apply to the MOFCOM for security review. In addition, when a local commerce authority deems a potential M&A transaction to be within the scope of security review, but the applicant does not apply for such a review, the commerce authority can request the applicant to apply to the MOFCOM for security review. The MOFCOM should decide whether a security review is needed within 15 working days of the receipt of such application. The security review is carried out by a ministerial panel led by the National Development and Reform Commission (“NDRC”) and the MOFCOM, according to the Security Review Notice.

In addition, the relevant departments under the State Council, national industrial associations, enterprises in the same trade, and other enterprises on the upstream and downstream sides (“related parties”) may make proposals to the MOFCOM of conducting security review on an M&A transaction, and submit a statement on the relevant information (including the basic information of the M&A transaction, the specific influence on national security, etc.). However, it seems to be difficult for the related parties (other than the relevant departments under the State Council) to obtain necessary information to file such proposals, since the M&A transaction usually will be kept confidential before its completion (the relevant departments under the State Council usually can be notified by the MOFCOM of the details of the M&A transaction). Consequently, it seems that the related parties (other than the relevant departments under the State Council) can only make proposals to the MOFCOM after the completion of the M&A transaction.

2. Pre-review Consultation

Before filing an official application with the MOFCOM for security review, an applicant may consult the MOFCOM on the procedural issues concerning its merger with or acquisition of a domestic enterprise. The pre-review consultation is not a mandatory procedure, and the consultation result has no legal effect. It is noteworthy that such a consultation is limited to procedural issues only. It is not clear whether the MOFCOM will evaluate the potential impact to national security in this stage.

3. Prohibition of the Avoidance of the Security Review

No foreign investor is allowed to avoid the security review in any way, including but not limited to, holding shares on behalf of others, trust, multi-level reinvestment, leasing, loans, variable interest entities (“VIE”), or overseas transactions.

The VIE mode is widely adopted by foreign investors to invest in restricted industries, such as the telecommunications industry. Under the VIE mode, foreign investors set up a company in China and use it to control a domestic company engaged in restricted industries. Foreign investors now are concerned that the security review will make VIE mode infeasible in China afterwards. The Chinese government argues that security review only focuses on industries relating to national security. However, without a specific and clear scope of these industries, the concern of foreign investors will remain. 

4. Post-transaction Review

If there is any adjustment to an M&A transaction, modification of a relevant agreement or document, change of operating activities, or other changes (including change of the actual overseas controller) causing the transaction that has been exempted from the security review to fall within the scope of security review, the parties concerned must suspend the relevant transaction and activities, and the foreign investor must file an application for the security review. In addition, the related parties are entitled to make proposals to the MOFCOM after the completion of an M&A transaction. Therefore, a completed M&A transaction may be subject to the security review.

If an M&A transaction has already caused serious impact on national security, the MOFCOM should, in cooperation with the relevant departments, terminate the transaction, or adopt equity/asset transfers or other effective measures to eliminate the influence of the said M&A transaction on national security.

The post-transaction review brings uncertainty to M&A transactions. Some related parties may abuse their proposal rights to bar any M&A transactions that may impact their business, regardless whether such transactions will harm national security or not.

5. Confidentiality

The commerce authorities, relevant entities, and personnel participating in the M&A security review must keep confidential the state secrets, trade secrets, and other information involved in the M&A security review. However, it is not specified whether the authority, entity, or person that violates the confidentiality obligation should be liable for compensation.