CFIUS: three trends to know | stone tower
The Committee on Foreign Investment in the United States (CFIUS) is a multi-agency branch of the United States government responsible for reviewing foreign investment in the United States and assessing the potential risk or threat that a given investment may pose. for national security. Given the inherent complexity of this charter, it should come as no surprise to learn that the powers and authorities of CFIUS have been redefined several times over the years – most recently in 2018 with the passing of the law on Foreign Investment Risk Review Modernization (FIRRMA), which further expanded the reach of CFIUS authorities to more industries and transaction types.
CFIUS representatives and industry experts recently gathered for ACI’s 8th Annual CFIUS Conference to discuss recent trends and future predictions. From these discussions, three critical points emerged that must be understood by anyone facing a transaction with foreign partners or an investment (and therefore potentially subject to CFIUS review).
1. Is national security…. ?
National Security is deliberately indefinite to give CFIUS the flexibility to deal with threats. When the CFIUS was first formed in the mid-1970s, there were concerns about Arab investments in the United States using their huge profits in the oil trade. Concerns then shifted to emerging economic powerhouse Japan, which began investing heavily in the United States. In the early years of CFIUS existence, China and Russia did not even participate in the global economic system, but today they represent the largest and most important focus of CFIUS.
The first president-killed deal under CFIUS authority was a Japanese attempt to buy a silicon chip maker. Foreign acquisition of chipmakers has been a constant concern of CFIUS throughout its existence. Today, CFIUS has identified new technologies, assets, and nationalities as threats to US national security, and the limits of its scope are not explicitly defined. According to FIRRMA, CFIUS’ authority has expanded to include reviews of non-monitored investments, as well as certain real estate transactions. In addition, FIRRMA has placed particular emphasis on reviewing transactions involving US critical technology companies – that is, by CFIUS standards, a US company involved in: critical technology; critical infrastructure; or Sensitive Personal Data (collectively referred to as US Business “TIDs”). Some of these technologies are more easily identified as sensitive because they may already be tied to existing US export controls. But CFIUS is also concerned with “emerging technologies,” and it’s a list that keeps growing as new products and capabilities are evaluated. Even if a transaction does not directly include a critical technology element, the target company’s connection to such technology, infrastructure or even supply chain may subject it to CFIUS restrictions.
Similarly, transactions can also be judged based on friends of your friends. That is, the foreign party to your transaction may not represent an opposing foreign nation – but if it has its own close economic relationship with it, that connection with a third party could jeopardize your transaction.
2. Personal data
Of all the assets a transaction can involve, CFIUS is increasingly concerned about access to personal data – especially that of US citizens and government employees. Regardless of the transaction company’s industry, products, or operations, if the proposed transaction has the potential to give a foreign entity direct access to sensitive information of U.S. persons, CFIUS will likely conduct a review of the proposed transaction and may impose mitigation requirements or reject the transaction altogether. Although CFIUS has not published a definition of sensitive personal data, CFIUS has determined in certain transaction reviews that sensitive personal data includes names, addresses, email addresses, telephone numbers, dates of birth and more obvious identifiers, such as social security numbers, financial records and registers. US companies involved in the collection, storage or sharing of personal data may be designated by CFIUS as a US company TID depending on the nature of the personal data and the volume with which they deal.
In many cases, transactions involving sensitive personal data have been successfully negotiated and approved with CFIUS agreeing to certain mitigating controls. These controls may include segregated US computer systems, enhanced data security, and limiting access to only US citizens based in the United States.
3. Non-notified transactions
FIRRMA not only increased the powers and reach of the CFIUS, but also increased its resources. Many of these resources are increasingly devoted to identifying unnotified transactions in which investors have not filed an application with CFIUS, but CFIUS believes that a national security risk is indeed presented by the transaction and therefore requires the parties to deposit. Most often this happens after the transaction is closed. The CFIUS has always had this power, but until now it lacked the resources to launch these large-scale investigations. According to the latest available report, in 2020 CFIUS identified 117 unnotified transactions for mandatory filing.
CFIUS officials present at the conference acknowledged that they were deliberately expanding this effort and allocating additional resources to obtain business intelligence and review an increased number of transactions. In fact, the Treasury Department’s Strategic Plan for 2022 – 2026 establishes a measure of success as “accelerated timelines for the identification and processing of covered transactions that have not been voluntarily filed with CFIUS (transactions “not notified”)”.
It is never advantageous for a foreign investor to be solicited by the CFIUS. First, the SUISC believes you were likely trying to circumvent the national security review process and their suspicions of malicious intent are greatly increased. It is highly likely that investors will be required to unwind the transaction and, if approved, will likely result in a mitigation agreement with much more restrictive terms than if investors had filed prior to closing the transaction.
It is far better to assess the potential need to file with CFIUS in the early stages of the transaction process, primarily through a thorough due diligence effort in the spirit of CFIUS. There are many expert resources in this industry that can effectively help you navigate this process and ensure you have a solid understanding of the following:
1. What constitutes a national security concern today? This is constantly changing and can be influenced by daily events around the world.
2. What elements of your agreement (assets, parties, technologies) may give CFIUS reason to further consider your proposal?
3. Mitigating conditions are likely in many transactions. Anticipate the specific mitigations CFIUS may impose on your transaction and assess the transaction in that context.