CMA Announces Fine for Breaching an Order To Hold Separate an Acquisition Target

Skadden Publication

Bill Batchelor Frederic Depoortere Aurora Luoma Hannah Street

The UK’s Competition and Markets Authority (CMA) fined Facebook £50.5 million for breaching an order to hold separate its acquisition target, Giphy, pending the CMA’s review of the merger.1


  • The U.K. merger control regime allows acquirers the flexibility to close prior to completion of a CMA review, but acquirers should carefully consider the impact of an expansive CMA initial enforcement order (IEO) to hold separate the target business. The CMA may issue an IEO to ensure competition is protected and to preserve the CMA’s ability to order remedies or unwinding of the deal. Any material changes to the merging businesses will be subject to a strict consent process, and each party must submit regular compliance reports to the CMA. This can delay realization of the deal’s synergies and integration benefits.
  • The penalty signals an aggressive stance on IEO breaches, even if nonsubstantive in nature. The CMA fined Facebook for noncompliance with reporting obligations, rather than for harming competition or scrambled assets, and the fine far exceeded any prior penalty even for substantive breaches. The CMA has the power to fine parties up to 5% of their combined turnover, but in the past has typically issued fines in the range of £100,000-£300,000. In contrast to the high fine for the procedural breach, the CMA fined the company £500,000 for another substantive breach (failure to obtain consent for a change in compliance officer).

The high fine follows Facebook’s challenge to the CMA’s right to order the company to provide a wide range of information relating to its businesses globally, regardless of relevance to Giphy’s activities. Facebook lost its challenge before the U.K. Competition Appeal Tribunal (CAT) and the U.K.’s Court of Appeal (CofA). Both forums were critical of the company’s lack of cooperation.

The UK Merger Control Regime

Under the U.K.’s voluntary filing regime, parties undergoing a merger may choose to notify the CMA of the transaction at any stage of a deal’s life cycle. They may also choose to complete the transaction without engaging with the CMA or receiving clearance. However, until four months after the announcement of completion, parties run the risk of the deal being “called in” by the CMA. If the CMA takes jurisdiction and the deal is or has been closed, the authority will routinely impose an IEO on parties, which interim order prevents the merging businesses from integrating governance and operations functions.

This contrasts with most merger control regimes, which require mandatory filing and clearance prior to closing. The U.K.’s voluntary regime provides flexibility to complete deals quickly, although the purchaser takes the risk that the CMA identifies concerns and seeks remedies or to unwind the deal.

IEOs typically take the form of a standard template, which the CMA may permit the parties to customize or amend based on reasoned submissions. At minimum, each of the businesses will have to maintain separate brand identities, IT and operations systems and generally compete independently in the market. Key staff must remain in their posts, and existing contracts cannot be transferred or canceled. The parties will be required to maintain rigorous information barriers to ensure no confidential or proprietary information is shared (outside of pre-cleared “clean teams”). Parties must provide statements of compliance periodically, generally every fortnight, and inform the CMA of material changes to the parties’ businesses, even in business units with little or no connection to the merger.

In this case, Facebook objected to a particular IEO feature that the order in the Facebook/Giphy acquisition was global in scope. This can be the CMA’s starting point, though geographic carve-outs are possible, particularly where business units in other geographies are self-contained and/or have no meaningful crossover with the U.K. business or competition in the U.K.

In some cases, an independent monitoring trustee may be appointed where the CMA wants additional oversight (or if a merger is subject to a phase 2 inquiry). Where the CMA determines a high risk of asset integration (for example, because the target’s management has departed before the IEO was imposed), the authority may appoint a hold separate manager to run the target business.

Previous Breaches of IEOs

The CMA enforces IEOs strictly, even without evidence of prejudice or where the parties have taken prompt steps to restore the status quo. Since 2018, the CMA has, for example, fined merging parties for:

  • serving a lease break notice on a target’s leased premises (£100,000);2
  • making appointments to the target’s management (£200,000);3
  • selling discrete target business assets (£120,000);4
  • relocating the target’s staff (£146,000);5 and
  • exchanging commercially sensitive information about an upcoming customer opportunity (£300,000).6

The authority has the power to fine parties up to 5% of their combined global turnover, but prior to the Facebook/Giphy merger, penalties have not exceeded £300,000.

Background of the Facebook/Giphy Merger

Following Facebook’s completed purchase of Giphy, the CMA imposed an IEO on the parties on June 9, 2020, which required the companies to provide regular compliance updates. Facebook requested a derogation from the IEO in relation to ex-U.K. business activities, which would have allowed Facebook to start integration outside the U.K. while keeping the U.K. businesses separate. The CMA was unable to make a decision on whether to grant the derogation, stating that Facebook had provided insufficient information concerning the company’s global operations.

The CAT and the CofA upheld the CMA’s decision to reject the request for derogation, ruling that Facebook had “not properly engage[d] with the CMA” and the “central problem in this case was entirely of Facebook’s own making.” The CofA determined, as a necessary consequence of the U.K.’s prospective merger control regime, that the CMA must be permitted to take swift action where necessary to protect competition and that the CMA’s use of a broad template IEO was therefore driven by the need to “hold the ring” pending further investigation, noting that “this process breaks down if those against who [IEOs] are made refuse to cooperate … .”

The CMA’s £50.5 Million Fine

On October 20, 2021, the CMA fined Facebook £50 million for deliberate failure to comply with its obligations under the IEO to provide information on compliance, despite “repeated warnings” from the authority. While Facebook had submitted semimonthly compliance statements, these were accompanied by significant qualifications. The CMA’s press release noted that this case was the first time the authority had found a breach in the face of “conscious refus[al] to report all the required information,” and that Facebook’s conduct “fundamentally undermined its ability to prevent, monitor and put right any issues.”

The CMA fined Facebook an additional £500,000 for failing to seek consent to replace its chief compliance officer on two occasions. The £50.5 million fine was over 100 times any previous penalty, (although broadly similar to prior fines as a percentage of the recipient’s global revenue) and is equivalent to more than 20% of Giphy’s purchase price. In its response to the CMA’s fine, Facebook contested that the fine exceeded penalties imposed in prior cases, but the CMA explained that it will impose “proportionately larger penalties where necessary in the interests of deterrence,” and that “financial penalties perform an important function in signaling the unacceptability of commercial practices by merging parties.”

The CMA also found that Facebook’s failure to report a service outage of its own GIF provider, Tenor, should have been considered a material development and therefore reported to the CMA. The authority did not issue an additional fine for this third breach, however, as the failure to report was considered to be specific and limited, and not as “serious or flagrant” as deficient compliance statements.

The CMA states it will take aggressive action with companies who ignore their compliance obligations in the future. “Companies are not required to seek CMA approval before they complete a merger, but […] we can stop the companies from integrating further if we think consumers might be affected,” said the CMA’s senior director of mergers, Joel Bamford. “This should serve as a warning to any company that thinks it is above the law.”


The magnitude of the fine and the CMA’s commentary comes at a time when competition authorities appear to be taking an increasingly uncompromising stance on enforcement. On September 22, 2021, the European General Court affirmed the decision of the European Commission to find Altice €124.5 million for gun-jumping in the acquisition of Portugal Telecom.7  These fines signal a general trend of more rigorous enforcement among the competition authorities.8

In light of the CMA’s increased priority on compliance, where acquirers plan to close in advance of a merger clearance, they need to understand the full breadth of an IEO. The line between permitted integration planning and due diligence, on one hand, and early implementation on the other will not always be easy to draw, so early planning and preparation are important. To mitigate the risk of administrative fines, parties should seek practical guidance on what is permitted and restricted while the CMA’s review is ongoing.


1 See CMA press release, “CMA fines Facebook over enforcement order breach” (October 20, 2021) and Penalty Notice (October 28, 2021).

2 CMA Notice of Penalty addressed to Electro Rent Corporation (June 11, 2018)

3 CMA Notice of Penalty addressed to Electro Rent Corporation (February 12, 2019)

4 CMA Notice of Penalty addressed to JLA and Vanilla Group Limited (March 8, 2019)

5 CMA Notice of Penalty addressed to Nicholls’ (Fuel Oils) Limited (June 28, 2019)

6 CMA Notice of Penalty addressed to ION Trading Technologies (August 7, 2021)

7 See our October 1, 2021, client alert “European Court Confirms Commission’s Highest Fine to Date for Gun-Jumping.”

8 The Facebook penalty notice also indicates that the CMA is unwilling to be overlooked by global conglomerates: “Compliance with the CMA’s orders may require steps to be taken by individuals outside the United Kingdom. It is important, therefore, that the penalty is sufficiently high as to bring home to Facebook, as a global business, that it must take the CMA’s orders seriously…” (¶ 349).

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.