Well, you should probably care because CFIUS could have an immense impact on your investments in the United States. Dealing with CFIUS could delay, complicate, and even scupper your deal in its entirety and failing to make required filings could lead to substantial penalties.
But what is CFIUS? CFIUS stands for the “Committee on Foreign Investment in the United States”. It was established almost fifty years ago as an interagency committee, chaired by the U.S. Department of the Treasury and reporting directly to the President. The Committee is authorized to make recommendations to the President to block or limit certain foreign investments in U.S. businesses if the Committee determines that the transaction raises a national security risk. This is an extremely broad power.
To further demonstrate the Administration’s growing intent to regulate and protect the U.S. from foreign investments that it deems harmful to the U.S.’ national security interests, CFIUS released in October of this year a new set of Enforcement and Penalty Guidelines. The new guidelines make it clear that CFIUS intends to significantly increase its enforcement efforts and will pursue parties that fail to file mandatory declarations and those making material misstatements or omissions in their filings to CFIUS. Additionally, under the new guidelines, CFIUS, for the first time, is encouraging any party that may have engaged in conduct that constitutes a violation of the CFIUS regulations to self-disclose the potential violation. Such self-disclosure would be considered a mitigating factor when CFIUS considers the appropriate penalty for a violation.
Under the regulations, failure to file a mandatory declaration with CFIUS will be subject to a civil penalty of up to $250,000 or the total value of the transaction, whichever is greater.
According to the CFIUS annual report to Congress for 2021, a total of 164 declarations were made to CFIUS in 2021. Out of those, 47 declarations were subject to the mandatory filing requirements. Additionally, in that same year, 272 written notices of transactions, which are more detailed than declarations, were filed with CFIUS. CFIUS subsequently conducted 130 investigations of those 272 notices. Based on the data provided in the annual reports from the last few years, Chinese investments have garnered the most attention from CFIUS, although transactions from all over the world have been scrutinized, including at least 20 notices that have been filed by Israeli entities between 2019 and 2021.
CFIUS notices and declarations are not typically made public but on occasion, when CFIUS blocks a deal, it can make big headlines. In recent years, TikTok has found itself in the crosshairs of CFIUS, when in 2020 CFIUS ordered ByteDance, TikTok’s Chinese parent company to divest itself of TikTok, a decision which was later paused. However, it is believed that the ongoing CFIUS investigation of TikTok is ongoing.
A notable example of CFIUS aggressively wielding its broad power, which led to the prohibition of a U.S. business being acquired by a foreign person, involved an Executive Order issued in March 2020 requiring a Chinese company to divest its acquisition of StayNTouch, Inc., a U.S. hotel-software company. The Executive Order was issued 18 months after the acquisition closed in September 2018 because the U.S. had “credible evidence” that the transaction might threaten to “impair the national security of the United States” despite not providing a detailed account of such evidence.
When CFIUS was first created, its jurisdiction was limited to examining transactions involving a foreign entity’s acquisition of a U.S. business. It did not regulate non-controlling investments in U.S. businesses. There was also no mandatory requirement to file a notice with CFIUS before the consummation of the transaction. Rather, the entire process was voluntary.
This all changed in 2018 with the passage of a new law, the Foreign Investment Risk Review Modernization Act (FIRRMA) which significantly broadened the scope of transactions that fall under CFIUS’ jurisdiction. Subsequent regulations established the current framework in which CFIUS currently operates.
Under the most recent set of regulations, CFIUS may now review non-control transactions involving foreign investments in U.S. businesses that (i) produce, design, test, manufacture, fabricate, or develop a critical technology; (ii) operate, service, or manufacture any critical infrastructure; or (iii) maintain or collect sensitive personal data of U.S. citizens.
Furthermore, in addition to the voluntary notice system that previously existed, the new regulations implemented a system requiring parties to make a mandatory declaration to CFIUS under two sets of circumstances: (i) where a foreign person or entity in which a foreign government has a substantial interest makes an investment in a U.S. business that deals with critical infrastructure, sensitive personal data collection, or critical technologies; and (ii) where a foreign person or entity invests in a U.S. business making critical technologies and such a transaction could result in control over the U.S. business or could afford the foreign investor certain access to nonpublic technical information, a board seat, or involvement in the decision making over the use, development, acquisition, or release of critical technologies.
With the growing concern in the U.S. over the potential loss of its technological edge, the U.S. Administration has made it clear that it will do whatever it takes and use all available tools at its disposal to protect its national interest in preserving its leadership role in technology advancement and innovation on the global stage. To that end, in September of this year, President Biden issued an Executive Order directing CFIUS to consider additional national security factors when reviewing covered transactions to ensure that the foreign investment review process remains responsive to the evolving national security landscape.
Specifically, the President’s Executive Order directs CFIUS to consider and prioritize the following set of factors when reviewing covered transactions: (1) A transaction’s effect on the resilience of critical U.S. supply chains that may have national security implications, including those outside of the defence industrial base; (2) A transaction’s effect on U.S. technological leadership in areas affecting U.S. national security, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies; (3) Industry investment trends that may have consequences for a given transaction’s impact on U.S. national security; (4) Cybersecurity risks that threaten to impair national security; and risks to U.S. persons’ sensitive data.
We recommend examining transactions on a case-by-case basis by analyzing the different parameters of a deal and the parties involved to determine whether a mandatory declaration requirement exists or whether a voluntary declaration or notice to CFIUS is advisable.
Written by Oded Kadosh, Partner & Chair of the U.S. Corporate & Licensing Practice Group and Guy Milhalter, Partner in the Corporate Group, at Pearl Cohen Law Firm.
Austin Ochoa associate at Pearl Cohen assisted in writing the article.
