Enable breadcrumbs token at /includes/pageheader.html.twig

Hidden Threats: The Overlooked Risks in Defense Mergers and Acquisitions

Smaller businesses are offering easier targets, jeopardizing national security and supplier capabilities.

The Department of Defense (DoD) may be missing a piece of the puzzle when considering mergers and acquisitions (M&A) in the defense space.

“What we found is that there are hundreds of mergers and acquisitions in the defense space. When you look at it through the lens of how many are getting flagged through the regulatory process, it’s a small percentage,” said William Russel, a director at the Government Accountability Office (GAO).

According to a report by this agency, company transactions below the $111 million threshold receive less attention from authorities, and adversarial actors could participate in the DoD’s procurement processes through those participants.

The document has four recommendations for the DoD to assess the risks and benefits behind defense industrial base M&A:

  • Provide direction as to which defense suppliers should be prioritized to conduct M&A assessments.
  • Adequately resource the M&A.
  • Analyze the risks and benefits in DoD’s M&A policy.
  • Monitor the effects of concluded M&A.

The DoD still has time to address these issues, as the original material was published in late 2023, according to Russel, the author of the report and the GAO’s Contracting and National Security Acquisition team lead.

The impacts of M&A in the defense industrial base go beyond primes and reach suppliers of parts, materials and technologies essential for producing and maintaining military capabilities.

The DoD also views disruptions or risks within this base—such as those caused by industry consolidation—as potential threats to national security.

To manage and assess these risks, the DoD relies on the framework provided by antitrust laws like the Sherman Act, the Clayton Act and the Federal Trade Commission Act, which regulate competition and prohibit monopolistic practices. The enforcement of these laws involves scrutinizing proposed M&As to prevent reductions in competition. Special attention is given to the defense sector where the consolidation could limit competition or control over essential military supplies and technology.

The Hart-Scott-Rodino Act mandates that companies report certain large M&As before they are finalized, allowing federal antitrust agencies and the DoD to review potential impacts on competition and, by extension, national security. While these reviews are standard for large transactions, many smaller yet significant M&As may not receive the same level of scrutiny, potentially leaving gaps in oversight.

This complex regulatory environment calls for a nuanced understanding of both the commercial and security implications of M&As within the defense industry, the GAO document posits.

For some industry insiders, the first step should be taken by industry protagonists who want to know how companies and counterparts are funded.

“If we are being diligent as entrepreneurs, as companies, in terms of who we are interacting with and the financiers are being diligent in their vetting of potential transactions, I think it’s possible that we can have a—maybe—80 or 90% accuracy, but that’s still pretty good and de-risks considerably the challenges posed by this weaponization of M&A,” said Andrew Glenn, president of Aeromass Flight Systems.

In many cases, it is impossible to fully trace the sources of capital for some companies. For example, when a portion of the stock is traded in the stock market, it is almost impossible to control who holds shares. Still, a company can safeguard its data from foreign or unknown entities, regardless of their intentions.

“You can carve out what colloquially is known as enclaves within the larger network and within that enclave you limit who has the access it may require,” said Thomas Graham, vice president and chief information security officer at Redspin.

In this case, authorized personnel can maintain access to that data, while even their superiors elsewhere and under different security regulations can supervise those working in their respective teams but be kept away from the data that U.S.-based staff are allowed to manipulate.

“With that segmentation, there are limitations in place, and the smaller organization now has clearly defined what the larger organization has visibility into, but honestly, it just depends on the organization and their appetite for doing these things because now, yes, you have more overhead if you do that,” Graham told SIGNAL Media in an interview.

A likely scenario in these cases is that the smaller acquired organization will exit the defense business to save money, shrinking the supplier pool in the United States.

To successfully avoid the loss of capabilities and a supplier, all firewalls and internal processes must be established before acquisition contracts are signed, according to Graham, a governance and compliance expert.

Dual-use technologies pose another risk, especially when companies have succeeded in the consumer market and their capabilities have yet to reach the defense space.

“From the deal perspective, if we were working on a company that didn’t have security clearances, then that would never have become an issue for us because they just didn’t go through a disclosure process,” said Lee Priest, managing partner at Southwind Capital, a venture capital firm specializing in defense.

Priest explained how companies innovating, with potential applications in the defense space, receive minimal attention from authorities if acquired.

“If they had clearances, then a lot of that comes into play by virtue of having to tell who’s who in the board,” Priest added.