Site down – 5 “comfort letters in 5 months – Guidelines revision by June
In an almost farcical repetition of its information-technology woes, the COMESA Competition Commission’s web site (http://www.comesacompetition.org/) is off-line, yet again, after having been successfully hacked multiple times. Whether the latest outage is due to a similar attack or simply (and hopefully) due to its webmaster’s shoring up the competition enforcer’s IT security measures remains to be seen. (We have not yet heard back from the agency’s leadership on our request for information on the online data safety of parties’ submissions.)
In more substantive news, IFLR reports that the CCC has issued five so-called “Comfort Letters” since December 2013, exempting otherwise notifiable transactions from the duty to file (as well as the concomitant payment of the (high) filing fees), where the actual nexus to the COMESA region was negligible or non-existent. This may help explain some of the lackluster filing statistics on which we reported previously.
The report also quotes the CCC’s head of mergers, Mr. Willard Mwemba, as saying that the revision of the Competition Guidelines should be finalised by the end of June 2014.
According to the report, CAK Director General Francis Wang’ombe Kariuki said that “investigations are already being conducted in [the] transport, insurance, shipping, milling, banking, cement, sugar, health care and tea” sectors, pursuant to purported consumer complaints.
For the third time in a month, the fledgling pan-African antitrust enforcer’s web site has been disabled by hackers
As competition-law attorneys counseling clients on the necessity of notifying mergers in the COMESA jurisdiction, we view these developments with – put mildly – shock. This is especially true as confidential party data and documents would appear to be at risk of involuntary and malicious disclosure to third, unauthorized parties. As reported at AfricanAntitrust.com, the COMESA enforcement agency’s web site has previously been hacked and later simply disabled.
COMESA leadership non-responsive
On both prior occasions, AAT’s editors wrote to the COMESA Competition Commission‘s webmaster, as well as the agency’s leadership (Messrs. George Lipimile and Willard Mwemba), to seek an explanation of the attacks. We also asked them about the safety of data and other confidential party information submitted to the CCC via its extranet & online document repository.
Not only have we not received any response to date. What’s more, in a – perhaps unsurprising, at this stage – turn of events, the Commission has now been subjected to its third hacking attack.
Hackers boast of achieving successful attack
This latest episode also embodies the most disconcerting hack, as it appears visually and substantively more malicious than the prior attacks (one of which featured an Indonesian love poem, whilst the second rendered the CCC’s page simply blank). A visual example of the latest attack can be found below. The hackers (identified as “Kinal Undetected” from SerdaduPerangCrew and SPCSO) [note: prior and subsequent links open hacker-related pages] acknowledge – for the first time – that it is an intentional event and not merely an accidental outage or otherwise unintended gaffe of the CCC’s webmaster. Moreover, the perpetrators even submitted a screenshot of the intrusion to “Zone H“, a clearing-house of hackers, as evidence of the attack on Monday. This means that the CCC’s site has been disabled for at least two full days (through 14 May — UPDATE: the regular COMESA site is back up and running at 16:00 CET, 14th May). On the prior occasions, the site likewise remained compromised for several days in a row.
Logo of the successful COMESA hackers displayed on CCC’s web site (May 12-13, 2014)
High risk of data security breach & next steps
We are in the process of sending yet another follow-up e-mail to the CCC’s executives to obtain further information about this unsettling and embarrassing security breach/failure, including: (1) risks to confidential corporate information, (2) the impact on the private deliberative process of the Commission, as well as (3) steps the CCC intends to take to prevent future replication of these embarrassing and dangerous attacks, including (we propose) the retention of a professional data-security firm for advice and potentially management of the web interface.
Call for parties to CCC proceedings to take action
Especially in light of COMESA staff’s unsettling silence in response to alerts to these attacks, and as we have done before, we are notifying our readership (and particularly current or potential future parties to CCC merger reviews) regarding the deficiencies in the competition enforcer’s electronic systems. These may impact the timetable and resulting deadlines of pending merger investigations, and it is advisable that all such interested parties enquire with the Competition Commission about the procedural effect of the outage.
Questioning African antitrust growth prospects: Slowdown in economic investment (both organic and outside investment) may affect functioning of competition law on the continent
Recent developments in Africa have many scratching their heads and wondering whether the formerly wondrous economic-growth engine of the vastly resource-rich and otherwise economically still undervalued continent will soon experience a slowdown, if not come to a halt altogether.
For one, in April 2014, Nigeria surpassed South Africa as the continent’s largest economy (see Economist Apr. 12, 2014: “Africa’s New Number One“). This is a significant milestone for the former, and a setback for the latter — an economy that was 8 times the size of the Nigerian economy only 20 years ago, yet is now suffering from stagnating GDP, reeling from corruption allegations amongst its current leadership, undergoing a closely-watched presidential election process, and whose ruling ANC party is facing a heretofore unprecedented backlash and torrent of criticism.
Source: The Economist
Not only South Africa has weakened, politically and economically, however. Events such as the Northern Nigerian wave of violence – with sectarian Boko Haram forcefully displaying the impotence of the central Nigerian government of a weakened president Goodluck Jonathan – fuel the fire of outside investors’ mistrust of African stability and their concomitant reluctance to make good on prior investment promises. As The Economist notes in the article quoted above: “it is not a place for the faint-hearted” to invest, even though it highlights the successful Nigerian business ventures of outsiders such as Shoprite, SABMiller, and Nestlé. Bloomberg BusinessWeek quotes Thabo Dloti, chief executive officer of South Africa’s fourth-largest insurer Liberty Holdings Ltd. (LBH), as saying: “It does slow down the plans that we have, it does put out the projections that we have by a year or two.”
The upshot for competition-law practitioners and enforcers alike is rather straightforward, AAT predicts: more hesitation around African deals being done means fewer notifications, less enforcement, and overall lower billings for firms.
The flip side of the coin – as is usually the case in the economic sine curve of growth and slowdowns – is the commonly-observed inverse relationship of M&A and criminal antitrust: while we may see fewer transactions in the short term, the incidence of cartel behaviour and commercial bribery & government-contract fraud cases will likely increase.
After posting a record three merger notifications in January, the COMESA Competition Commission has seen its M&A filing statistics decline to zero in February and merely one in March.
As we have reported here (optimistic for 2014) and here (pessimistic on 2013 statistics), COMESA’s notified M&A deals have seen erratic ups & downs. Not surprising, perhaps, if one considers the exquisite confusion that has reigned since the inception of the young antitrust authority about filing thresholds and fees.
The current ebb in notified deals (despite the record set in January) reflects, in our view, the impending end of the current “zero-threshold” regime in COMESA, which was foreshadowed by The CCC’s head of mergers, Willard Mwemba, back in late February 2014. Quite understandably, parties to ongoing transactions are willing to risk “flying under the radar” if the agency has de facto admitted that the zero-dollar filing threshold is unworkable in practice.
We are curious to see what impact the vacuum of the pending revision to the COMESA merger rules will have on filing statistics going forward, until a more sensible threshold is set by the agency. For now, with the latest notification #4/2014 (fertilizer and industrial products acquisition by Yara International ASA of OFD Holdings Inc.*) the stats look like this:
* we note that in the notice, the CCC erroneously set the deadline for public comment prior to the notice date itself, namely as “Friday, 28th February, 2014.”
The COMESA Competition Commission’s web site (http://www.comesacompetition.org/) has suffered yet another setback, only a month after AAT’s prior investigation into the apparent hacking of its online resources — it has been out of service as of 23-April-2014 (through at least the 25th), showing up as a mere white blank page.
Subordinate pages, such as the extranet page containing sensitive party information from ongoing investigations or merger reviews (http://www.comesacompetition.org/documents/private), are likewise blank.
As before, where we pointed out that the Commission’s hacking event constituted “evidence of a real risk that highly confidential party information (stemming from COMESA merger reviews or other competition investigations) may be vulnerable to accidental or intentional disclosure to unauthorized third parties,” we are alerting current or potential future parties to CCC merger reviews regarding the deficiencies in the competition enforcer’s electronic systems. These may impact the timetable and resulting deadlines of pending merger investigations, and we advise all such interested parties to enquire with the Competition Commission about the procedural effect of the outage.
Attack shows risk of unauthorized disclosure of confidential commercial party information
COMESA site hacked with Indonesian love poem
It would appear that the young pan-African antitrust enforcement agency’s web site has been hacked. The headline on the COMESA Competition Commission’s (“CCC”) home page today seems to indicate a relationship with a web site bearing the Indonesian TLD (top-level domain) “.ID”, and looks like gibberish at first glance.
Then, after some digging, AAT’s editors believed that it might in fact be a tribute or memorial of sorts to the missing crew and passengers of flight MH 370, given the Indonesian language of the text and the disappearance of the jetliner in the Viet-Indo-Malaysian region’s equivalent of the Bermuda Triangle. The relationship with COMESA escaped us, however. Yet, upon a final review of the Google Translate result, we can confirm that this is unfortunately not the case. Instead, it appears to be a (fairly amateurish) love poem (full text in GoogleTranslate’s English below).
With all this wind-up, here comes the real point in the story. We perceive this hacking event as evidence of a real risk that highly confidential party information (stemming from COMESA merger reviews or other competition investigations) may be vulnerable to accidental or intentional disclosure to unauthorized third parties. In the United States, the agencies’ unwarranted disclosure of confidential data took center stage in the 2007 aftermath of the $1/2 billion Whole Foods / Wild Oats merger, during which the FTC had accidentally submitted an insufficiently redacted PDF document to the electronic U.S. court filing system ECF, spilling the secret data guts of the case. The Washington Post reported on the story here — just as we are now alerting current or potential future parties to CCC merger reviews regarding the apparently deficient safeguards in the competition enforcer’s electronic systems. We advise all such interested parties to enquire with the Competition Commission precisely which steps are being taken to ensure the safety of their confidential submissions to the agency.
We also note that the CCC’s site has a very publicly visible page for access to “PRIVATE” documents, protected only by (it would seem) a most simple username/password combination. The site even allows for a cookie-based “Remember Me” function. The privacy risks here are manifold,as any e-security expert worth her salt can attest to: Should this “private” document repository contain confidential party information, and if the main home page of the agency has already been subject to a (successful) attack, it is no stretch to imagine that access may have equally been gained to the purportedly private document storage folder on the site.
AAT has contacted the CCC’s web master and leadership, Messrs. George Lipimile and Willard Mwemba, to inquire further about the details of this apparent safety breach. We will report on their response here once we have heard back from them.
Should readers have any other information on the goings-on at the CCC or its web site, we always appreciate hearing from you, either by way of e-mail or in the comments section to this article.
Full text of COMESA site as of 17. March 2014 (all day) – (update 18. March: the text is still up on the site at 16:40 GMT):
Andika curhatan Dot ID
This heart is sick when you kianati
This heart is fragile when you leave
But this heart grateful you have introduced the meaning of a broken heart
I can still smile while getting bad grades
I can still smile when dropped
But I would not be smiling if it can not meet you
You introduced me to a love
But you were also introduced me to breakup
I’ve never know a woman like you
I also have never loved a woman like you
And I’ve never felt hurt because of you
None other than the beautiful scenery seen
None other than the beautiful singing heard
And no one has to know you regret
This heart will smile with you when both
And this will be a pensive moment waiting to hear from you
COMESA Competition Commission‘s head of mergers foreshadows end of zero-threshold regime
Will the Commission soon find a cure to the contagion that has made the agency’s merger control the subject of heavy criticism by antitrust practitioners and and even ridicule by fellow enforcers? Willard Mwemba claims the agency has – after over a year of operating under the zero-threshold rule – “set the wheels in motion for the threshold to be raised.” The Commission is reportedly working with the World Bank’s International Finance Corporation to determine what the proper notification thresholds should be.
We previously had this to say in November of last year:
Depending on how swiftly the agency and its advisors at the IFC get things done – and the amendments actually get approved – it appears that our timing forecast was fairly accurate (“COMESA merger rules to change in April 2014 at the earliest“).
Note to practitioners: filings due on these unique closure dates, set by the COMESA Competition Commission‘s registrar’s office for 2014, will be due on the subsequent working day:
1. 1st January 2014- New Years’s Day
2. 15th January 2014- John Chilembwe day
3. 3rd March 2014- Martyrs Day
4. 18th April 2014- Good Friday
5. 21st April 2014- Easter Monday
6. 1st May 2014- Labour Day
7. 14th May 2014- Kamuzu Day
8. 20th May, 2014- General Elections
9. 7th July 2014- Independence Day
10. 15th October 2014- Mothers Day
11. 25th December 2014- Christmas
After commenting on the rather lackluster statistics of the first 11 months A.D. 2013, we observed that some deal-making parties might be “flying under the radar” and asked the question:
Combine Point 4 above (low filing statistics) with the zero-threshold and low nexus requirements that trigger a COMESA merger notification, and the following question inevitably comes to mind: With such low thresholds, and the certain existence of commercial deal activity going on in the COMESA zone, why are there so few notifications?
Well, the young agency’s stats have picked up some steam in 2014, it would seem: based on a review of its online document repository, the CC has received a whopping three notifications in January alone. They are, in chronological order:
Mail & courier services: FedEx / SupaSwift– a transaction involving the acquisition of a South African courier with operations in multiple COMESA member states, Botswana, Malawi, Mozambique, Namibia, Swaziland and Zambia.
Agricultural distribution and financial services: AgriGroupe / AFGRI Ltd. – Mauritian SPV AgriGroupe seems to be taking AFGRI (listed on the JSE) private. The target has operations in multiple COMESA countries.
Generic pharmaceuticals: CFR Inversiones SPA / Adcock Ingram Holdings Ltd. – Chilean CFR is buying all of South African off-patent pharmaceuticals manufacturer Adcock’s shares. Notably, the buyer has no COMESA activities; target is active in Kenya, Malawi, Rwanda, Sudan, Swaziland, Uganda and Zimbabwe.
Merger notification stats for COMESA as of Feb. 2014
Take-aways:
Activity has increased dramatically. Is it a coincidence & a statistically irrelevant blip on the radar screen? This remains to be seen. The parties are – unlike last year’s – not “repeat parties” and therefore the increase in notifications seems to be natural/organic growth, if you will, rather than a case of the same bear falling into the same honey-trap multiple times…
The Competition Commission has listened to its critics (including this blog). Notably, the CC now clearly identifies the affected member-state jurisdictions in the published notice – a commendable practice that it did not follow in all previous instances, and which AAT welcomes.
Post-scriptum: Adding up the total 2013 tally of notifications, the Tractor & Grader Supplies Ltd / Torre Industrial Holdingstransaction (notified after our prior statistics post in November 2013) brought the sum-total of COMESA merger filings to 11 for FY2013.
African Antitrust & Competition Law 
