Contemporary approaches to cross-border M&A and rapid new innovations in technology-based services make Indonesia a catalyst for change
|Mergers & acquisitions | Technology
Innovative approaches to cross-border M&A
According to the data of the Indonesian Business Competition Supervisory Commission (Komisi Pengawas Persaingan Usaha, or KPPU), Indonesia’s M&A market in 2018-2019 seems to be focusing more on private rather than public M&A.
KPPU’s website registered 69 M&A deals in 2018 that are subject to the merger notification, with a total value of approximately IDR150 trillion (about US$10 billion). The Indonesia Investment Co-ordinating Board’s (Badan Koordinasi Penanaman Modal, or BKPM) data on the other hand show investments of IDR721.3 trillion from January to December 2018, and IDR195.1 trillion for January to March 2019. One of the reasons of concentration on private M&A is the complex regulatory framework and procedures for public M&A, which often leads to lengthier deal times and costlier transactions.
In terms of the national legal framework for investments, the Indonesian government has taken great efforts to create a more transparent environment by implementing the Online Single Submission (OSS) system, which allows companies to obtain their various business licences electronically and through an online system.
Another highlight of Indonesian M&A transactions is that M&A deals involving financial investors tend to have a quicker decision-making process compared to those involving traditional companies, and the short-term investment/portfolio investment nature of financial investors has made Indonesian M&A more dynamic.
Recent notable transactions
One notable M&A transaction in the Indonesian market was the acquisition by Hokkan Holdings Corporation (Hokkan), one of the largest Japanese bottling and packaging companies, of the beverage packaging manufacturing business from seven companies belonging to Deltapack Industri (DPI Group) for IDR1.26 trillion. The transaction included the transfer and assignment of a substantial portion of DPI Group’s moveable and immovable assets, as well as business portfolios, which involved complex structuring and sophisticated multi-layered transfers of assets.
Other notable M&A transactions in 2018 were the acquisition of Freeport Indonesia by Indonesia Asahan Aluminium for IDR54 trillion, and the acquisition of Bank Danamon Tbk (Danamon) by Bank of Tokyo-Mitsubishi UFJ Financial Group (MUFG). MUFG successfully purchased 20.1% of the shares in Danamon for IDR17.18 trillion to secure control of 40% of the shares.
The acquisition of Prima Top Boga by Nippon Indosari Corpindo Tbk (Sari Roti) also made an impact on the Indonesian market because the KPPU imposed a fine of IDR2.8 billion on Sari Roti due to its negligence to submit the mandatory merger report to the KPPU.
Political and regulatory environment
As typically found in developing countries (commonly set as the target M&A market), a sudden change in government policy and/or regulation have the most crucial influence on M&A deals. These factors have a direct impact on financing strategies and how a deal should be structured.
Indonesia has quite a unique and complex regulatory and government monitoring system. There are many layers of regulations depending on the type of business, nature of investment, company status (private or public), and geographical location (central or regional). The government supervisory authorities are also divided, depending on the business characteristics. For example, foreign investment in Indonesia is subject to the BKPM’s regime, while other specific types of businesses, particularly in the banking and non-bank financial institution sectors, as well as public companies, fall within the authority of the Financial Services Authority of Indonesia (Otoritas Jasa Keuangan, or OJK).
In addition, regional governments also have specific authorizations for specific activities. One issue that has been a classic issue in many sectors is the multi-interpretation on regulatory requirements. Therefore, it is very important for investors to have full support from the relevant local counsel (both financial/tax and legal) who understand the practical policy beyond the literal text of the regulation, which in turn will enable the counsel to bridge the communication and advise clients of the reality in practice, and ultimately the most appropriate and legally doable structure for the contemplated M&A transaction.
The key regulation applicable to all M&A transactions involving limited liability companies, regardless of the type of business, is Law No. 40 of 2007 (and its implementing regulations) concerning limited liability companies. Specifically for M&A relating to foreign investment/foreign investment companies, they are also subject to the rules and regulations of Law No. 25 of 2007 (and its implementing regulations) concerning investments, as well as the rules and regulations issued by the BKPM, while public companies, bank and non-bank financial institutions are subject to the specific OJK regulations, depending on the type of activities.
Recent regulatory updates
There are two significant regulatory updates that have had an impact on M&A transactions, namely the new Government Regulation No. 24 of 2018 on Electronically Integrated Licensing Services, and BKPM Regulation No. 6. Since the issuance of these regulations, investment and business licences are now obtained electronically and integrated through the OSS System, rather than through manual applications as in the past.
It has been reported that the government of Indonesia is also looking at amending the current Indonesian Investment Negative List to allow full foreign ownership in a greater number of business sectors.
Finally, practitioners are now expecting the new Anti-Trust Law to be enacted in 2019 (after several years of postponement). Two significant changes in this law would be: (1) the amendment of the merger notification requirement from post-notification to prior approval; and (2) the introduction of a leniency programme. It would be interesting to see how the KPPU enhances its infrastructure to accommodate the applicability of pre-M&A approval requirements.
Pricing, closing structure of private M&A
The tools and techniques used in private M&A really depend on the characteristics of the business of the target, and the negotiating circumstances of the parties.
A locked-box mechanism is more common for transactions that involve companies with dynamic business activities and a wide range of customer portfolios, such as banks or multi-finance companies.
An escrow is common for specific deals where certain conditions or procedures are to be fulfilled by the buyer and seller within the same timeframe, or in interconnected deals that require payment to be fully paid up/made before the other connected deal is completed, or where there is a price adjustment agreed by the parties after the completion.
Another alternative is a price adjustment mechanism, which allows the parties to adjust the purchase price after completion (if, for example, the valuation of the assets/shares decreases).
Fundamental pre-closing conditions, depending on the characteristics of the deal and business line, are: government approvals (if required by specific regulations); the internal corporate approval of the parties and acquired company; creditors’ consent; and announcements to the creditors and employees.
Post-closing conditions are more administrative requirements by nature and include, for example, a notification to the authorized government and the creditors, and a newspaper announcement. This includes a merger notification report to the KPPU when the threshold set under the regulation is met. Other contractual conditions between shareholders include non-competition clause (between the business of the shareholders and the acquired company) and price adjustment conditions. It is common to include foreign jurisdiction in the conditional share purchase agreement, although for the deed of transfer it must be governed by Indonesian law.
Keeping up with latest technologies
With the fast advancement of technology across the world, Indonesia has found itself with quite a number of the “hottest and most funded” Asian tech companies, such as Go-Jek, Tokopedia, Traveloka and Bukalapak. Looking at how technology transformation trends are growing, Indonesia has entered a new phase by enacting regulations and guidelines for financial technology (fintech) and cryptocurrencies. There has also been a spurt of impending new regulations or amendments on cybersecurity, data protection, internet of things (IoT) and Over the Top (OTT) services.
Under Indonesia’s legal framework, there are no specific regulations on cybersecurity. This issue is, however, implicitly addressed mainly in Law No. 11 of 2008 regarding Information and Electronic Transactions, as last amended by Law No. 19 of 2016 (EIT Law), which came into force on 21 April 2018. While the EIT Law does not provide a specific definition on cybersecurity, there are several cyber activities that are considered a criminal offence in Indonesia, such as hacking, system interference, phishing, infection of IT systems with malware, possession or use of hacking tools, and identity and electronic theft.
Cybersecurity is explained further in Government Regulation 82/2012 regarding Implementation of Electronic Systems and Transactions, in which it has classified certain levels of protection for electronic systems. For instance, electronic systems for public services will be subject to various regulations including: (1) registration to the Ministry of Communication and Informatics (MCI); (2) obtaining information electronic system certification; and (3) data localization requirements within the territory of Indonesia. In addition to that, personal data is protected by MCI Regulation No. 20 of 2016 regarding personal data protection (PDP). The PDP regulation covers various aspects including an internal policy requirement in managing personal data, a notification requirement on a data breach, and reporting obligations for cross-border personal data transfer.
There is flurry of regulatory discussion regarding the current legal framework for cybersecurity and PDP. The lack of comprehensive regulation and missing provisions in relation with classification of data, electronic system certification, cross-border transfer, right to be forgotten mechanism, etc., has hindered certain companies in starting their business in Indonesia. Clarifications are needed in this absence of information. For instance, currently all data that are collected and processed by electronic systems for public services must be stored within Indonesian territory, which can create obstacles for cloud companies in Indonesia.
The MCI has come up with drafts of regulations including the draft of Personal Data Protection Law and an amendment to the GR 82/2012 in order to keep up with the rapid development of tech-based business activities. Based on the current drafts, the MCI proposed to enhance the scope of protection in regard to cyber threats by providing further definition and guidance on novel compliance provisions for Electronic System Operators (ESO). The draft framework is expected to focus on a definition of data, internal governance and criminal sanctions related to personal data collection. While the draft may only provide general information and guidelines, it is likely that future regulations will be referenced in the draft.
Fintech activities are regulated by either Otoritas Jasa Keuangan (OJK) or Bank Indonesia (BI) . There are several varieties of fintech services including settlement of transactions, accumulation of capital, investment management, market supporter, peer-to-peer (P2P) lending, crowdfunding and other financial services activity including fintech companies where services are related to payment systems. The most popular form of fintech companies in Indonesia is P2P lenders. As of February 2019, OJK had registered over 99 P2P lending companies.
Regarding lending activities, OJK has issued two regulations. The first one is POJK 77 on Money Lending Services Based on Information Technology, which accommodates P2P lending activities. Recently, OJK issued a more advanced regulation, i.e. POJK 37, which accommodates equity crowdfunding activities in Indonesia. These regulations have clearly set out the scope of lending activities, registration and/or licensing procedures, minimum foreign investment, capital requirements, change of ownership, information technology system requirements, mitigation risk, data localization and agreements between service provider-lender and lender-borrower. In respect to security measures for electronic systems of fintech companies, OJK expects fintech companies to follow the general requirement on cybersecurity. The increasing use of P2P lending as one way to obtain funding by individuals has led to certain illegal activities.
Recently, the authors understand that illegal P2P companies have been able to collect personal data of users and process it for unlawful purposes. In response, the MCI has blocked certain illegal P2P apps and websites. The authors believe the absence of heavy sanctions in the PDP regulations may affect these issues since the regulations only have administrative sanctions.
BI has an important role in regulating fintech that may affect payment systems. For instance, electronic money that has been an integral part of several fintech companies has been regulated under BI Regulation 20. Electronic money is issued based on a certain value of money that is deposited in advance to the electronic money service provider and stored electronically through server or chip-based media, and will not be seen as saving under banking laws.
Aside from that, relevant provisions regarding the licensing of electronic money issuers, composition of shareholdings, the organization of electronic money, risk management, standard security of electronic information, consumer protection principles and anti-money laundering principles have been adopted within the regulation. Finally, BI also accommodates the business activity of payment system service providers including switching providers, payment gateway, clearing, settlement organizer, fund transfer provider, and electronic wallet provider under BI Regulation 18.
Finally, in order to accommodate the innovative product provided by fintech companies, which may have not been specifically regulated and covered by the above regulations, both OJK and BI have their own regulatory sandbox in which fintech start-ups are able to operate under special exemptions for a limited time determined in the absence of regulation. With the sandbox, the authorities can monitor the product and provide comprehensive regulations based on this. Based on our practice, the authors understand that all innovative products that are connected to payment systems are under BI’s jurisdiction, while others such as robot advisory and credit scoring activities will be under OJK jurisdiction.
IoT and OTT
In relation to the development of IoT, the MCI has just issued MCI Regulation No. 1 of 2019 on Utilization of Radio Frequency Spectrum Based on Class License. MCI Regulation No.1 accommodates the operation of IoT services by providing class license where users and/or providers are able to operate devices by using certain radio frequency spectrums. Class License is being given to the usage of hardware and/or telecoms devices of WLAN, SRD, DSRC, LAA, LWA non-cellular, and any other devices operated on a radio frequency and utilized based on similar class license in accordance with its level of technology and characteristics. Any IoT device that seeks to be commercialized in Indonesia must fulfil certain technical requirements and obtain certification.
For OTT services, the MCI has issued a Circular Letter No. 3 of 2016 regarding Provision of Application and/or Content Services through Internet. Within the circular letter, the MCI attempts to stretch the applicability of upcoming regulations to apply to foreign OTT services providers. Although not binding in nature, under the circular letter, any foreign OTT service providers who want to provide their services in Indonesia are required to have a permanent establishment. OTT service providers also have to comply with the regulations in Indonesia, including but not limited to tax, competition, intellectual property, broadcasting, film, advertisement, pornography, and anti-terrorism. An OTT service provider is required to conduct proper data protection, content filtering and censoring mechanisms in accordance with regulations.
Indonesia has vast potential to attract tech companies and investors and there will be the rise of new tech business models. While the regulatory framework may not completely accommodate various business models, it is likely in the future that relevant authorities will issue more regulations.
BAGUS ENRICO & PARTNERS
DBS Bank Tower, 17th floor
Jl Prof Dr Satrio Kav 3-5 , Jakarta 12940, Indonesia
Tel: +62 21 2988 5959
Fax: +62 21 2988 5958