The CFIUS is a federal, interagency committee, and was established in 1975. Its role is to determine the effect of FDI on the national security of the US. CFIUS operates under the delegated authority of the president to review and to investigate FDI transactions. If after its review of the transaction CFIUS determines that the transaction threatens to impair the national security, the President may suspend or block the transaction or impose conditions.
Under the 1988 Exon-Florio Amendment to section 721 of the 1950 Defense Production Act, the US Congress transformed the country’s FDI controls. The amendment granted the president of the US the authority to block any merger or acquisition "by or with any foreign person which could result in foreign control of any person engaged in interstate commerce in the United States."
In August 2018, the Foreign Investment Risk Review Modernization Act (FIRRMA) became law. FIRRMA expands the scope of CFIUS' jurisdiction. Specifically, in addition to its existing authority to review transactions that could result in foreign control of a US business, CFIUS jurisdiction now extends to certain non-passive non-controlling investments in US businesses involved with critical technologies, critical infrastructure or sensitive personal data (technology, infrastructure and data businesses or ‘TID US businesses’), and certain real estate transactions.
On the passage of FIRRMA in August 2018, the Department of the Treasury was tasked with drafting the regulations that would implement the broad statutory mandates set by Congress. Final regulations implementing most of the provisions of FIRRMA took effect on 13 February 2020, with the exception of the regulations requiring filing fees for voluntary submissions to CFIUS, as well as a new rule pertaining to mandatory declaration requirements for certain foreign investments in critical technologies to replace those in the expired Pilot Program. On 29 April 2020, the Department of the Treasury announced an interim rule enacting CFIUS’ authority under FIRRMA to collect filing fees, effective 1 May 2020. The filing fees apply to joint voluntary notices submitted to CFIUS for "covered transactions" and "covered real estate transactions", both of which are CFIUS defined terms as described below. Filing fees do not apply to CFIUS declarations. The fee amount is based on a tiered scale based on the overall value of the transaction with filing fees ranging from zero fees owed for transactions valued under $500,000 up to a $300,000 filing fee for transactions valued at $750 million or more.
Considering CFIUS’s broad interpretation of what constitutes a “national security concern,” foreign investors and US companies contemplating foreign investors should carefully review whether their transaction is subject to CFIUS review.
According to its annual reports to Congress, CFIUS receives filings for transactions involving a variety of sectors including the publishing, telecommunications, data processing and hosting, real estate, insurance, securities and other investments, oil and gas, utilities, and the computer, electronics, machinery and chemical manufacturing sectors. In addition, CFIUS and the president also focus on whether a US business, irrespective of sector, has government contracts or deals in export-controlled goods, technologies or services.
CFIUS defines a “covered control transaction” to mean any transaction that is proposed or pending “by or with any foreign person that could result in foreign control of any US business, including such a transaction carried out through a joint venture.”
“Control” is a fluid concept, and liberally interpreted at times, defined by CFIUS to mean “the power, direct or indirect, whether or not exercised, through the ownership of a majority or a dominant minority of the total outstanding voting interest in an entity, board representation, proxy voting, a special share, contractual arrangements, formal or informal arrangements to act in concert, or other means, to determine, direct, or decide important matters affecting an entity.”
CFIUS can find control to exist where a foreign person holds a minority equity interest if the foreign person has the power to make decisions regarding the sale of intellectual property, corporate reorganisation, location of production facilities, issuance of debt, new business lines, significant contracts, release of proprietary information, appointment of officers, dismissal of employees with access to critical technology, amendment of corporate documents or similarly important matters.
CFIUS defines a “covered investment” to mean “an investment, direct or indirect, by a foreign person other than an excepted investor in an unaffiliated TID US business” that is not a covered control transaction and affords the foreign person:
A “TID US business” is defined by CFIUS as a US business that:
CFIUS defines “critical technologies” to mean hardware, materials, and other physical items, facilities, software, technology, and services subject to export controls administered by the US Departments of Commerce, State, Energy, and the Nuclear Regulatory Commission; select agents and toxins subject to restrictions administered by the US Departments of Agriculture and Health and Human Services; and emerging and foundational technologies subject to controls under Section 1758 of the 2018 Export Control Reform Act.
CFIUS defines the term “critical infrastructure” to mean “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security.” As noted above, for the purposes of determining whether a US business is a TID US business in the context of a covered investment, the scope of critical infrastructure is limited to the subset of covered investment critical infrastructure and related functions identified in Appendix A to part 800 of the regulations. It is important to note that the scope of critical infrastructure subject to CFIUS review in the context of covered control transactions is not limited by Appendix A to part 800.
CFIUS defines “sensitive personal data” as identifiable data that is maintained or collected by a US business:
Although CFIUS reviewed certain real estate transactions implicating national security concerns before FIRRMA, FIRRMA formally authorized CFIUS to review real estate transactions that involve the purchase or lease by, or a concession to, a foreign person of certain real estate in the United States.
Filings for covered real estate transactions remain voluntary, and covered real estate transactions are addressed in part 802, a separate part of the regulations from covered transactions. A covered transaction that involves covered real estate is considered a covered transaction subject to part 800 for the purposes of CFIUS jurisdiction.
CFIUS defines “covered real estate transactions” as purchases, leases or concessions to a foreign person of certain “covered real estate” that affords the foreign person at least three of the following rights, regardless of whether the person intends to exercise them:
Covered real estate transactions also include any purchase or lease by, or concession to, a foreign person of covered real estate, that, through a subsequent change in the rights that a foreign person has with respect to that covered real estate, results in the foreign person having at least three of the above-listed property rights. They also include any other transaction, transfer, agreement, or arrangement, the structure of which is designed or intended to evade or circumvent the application of section 721 as it relates to real estate transactions.
The foreign person must have at least three of the above-mentioned rights over “covered real estate,” which as listed in the regulations, includes airports, maritime ports, or real estate located within a particular distance of certain military installations or other listed government facilities or property. The relevant government property and military installations are provided by name and location in Appendix A to the regulations.
CFIUS also created a part 802 Geographic Reference Tool as a resource to locate and calculate distance from relevant military installations. However, the Department of Treasury has said that this tool should only be relied upon as a reference and does not constitute formal guidance or an advisory opinion.
FIRRMA also sets forth relevant exceptions and safe harbours regarding covered real estate transactions. These include:
Parties must submit a declaration or notice for a covered transaction that results in the acquisition of a substantial interest in a TID US business by a foreign person in which the national or subnational governments of a single foreign state have a substantial interest. For the purpose of this requirement, CFIUS defines a “substantial interest” as a voting interest, direct or indirect, of 25% or more by a foreign person where a national or subnational government of a single foreign state has an interest, direct or indirect, of 49 percent or more in the foreign person. In determining the presence of a substantial interest, any interest of a parent is deemed to be a 100% interest in any entity of which it is a parent.
Parties must also submit a declaration or notice for a covered transaction involving a TID US business that produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies for which a US regulatory authorisation would be required for the export, reexport, transfer (in-country), or retransfer of such critical technology to a person that:
There are various exceptions to CFIUS mandatory filing requirements. These include exceptions for transactions involving qualifying excepted investors, as defined in the regulations, associated with excepted foreign states, which presently consist of the same countries as excepted real estate states. There are also exceptions for investment funds meeting certain conditions where the general partner, managing member, or equivalent is not a foreign person.
Parties to a transaction can submit a voluntary declaration or notice to CFIUS for clearance of a covered transaction or covered real estate transaction. Regardless of whether information on a transaction is submitted, CFIUS has the power to investigate transactions subject to its jurisdiction, seek mitigation of national security concerns presented by transactions through agreements, conditions, and orders, or refer a transaction to the president to block or unwind a transaction. CFIUS can take these actions at any time, before or after a transaction has closed, unless the transaction was previously cleared by CFIUS though issuance of a safe harbour letter. Accordingly, parties should consult with counsel on the risk of CFIUS interest in a given transaction, and whether submission of a voluntary filing is appropriate.
FIRRMA introduced short form declarations, which offer an abbreviated form of filing without any filing fee. Declarations require less details than a notice and are subject to a shorter 30-day review process. Following its review of a declaration, CFIUS may inform parties that it is not able to conclude action on the basis of the declaration and that the parties may file a notice; may request that the parties file a full notice; or may issue a safe harbor letter notifying the parties that it has concluded all action with respect to the transaction.
Full notices are the traditional form of filing with CFIUS. They are subject to a filing fee and require more detailed information than a declaration. Filing fees for notices are based on the value of a transaction and range from $750 to $300,000. In most cases, value will be based on the consideration provided by the foreign investor. Where the consideration cannot be reasonably determined, value may be based on fair market value of the assets or other consideration being provided, as set forth in the regulations.
CFIUS has 45 days to complete its initial review of a notice. If it determines there are no unresolved national security concerns with respect to a transaction and not to undertake an investigation, CFIUS issues a safe harbour letter notifying the parties that it has concluded all action. Alternatively, CF IUS may initiate an investigation and extend the time for a review by an additional 45 days. In the course its investigation, CFIUS may resolve its concerns through mitigation measures or may request that parties withdraw a notice and refile to allow additional time to address national security concerns, or the parties may withdraw the notice and abandon the transaction. In extraordinary circumstances, CFIUS may further extend its time for review by an additional 15 days to refer a transaction to the president with a recommendation to suspend or block the transaction.
The regulations identify three primary violation types:
Penalties are assessed on a per violation basis and CFIUS may seek penalties and other remedies without prejudice to civil or criminal penalties that may be applicable under other authorities. CFIUS also may refer conduct to other government enforcement authorities where appropriate.
In addition to the 2022 presidential order elaborating on Section 721 national security considerations noted above, CFIUS added New Zealand as an excepted foreign state and excepted real estate foreign state and issued Enforcement and Penalty Guidelines in 2022 that provide detailed information on how CFIUS assesses violations. As explained in the guidelines, CFIUS performs a fact-based analysis to determine when a penalty is appropriate. This includes consideration of certain aggravating and mitigating factors. The guidance provides a non-exhaustive list of some of these factors, which include impact of the violation on US national security; whether the violation was negligent, intentional, or willful; and the violator’s compliance history, culture, and commitment to compliance.
Matthew A. Goldstein and Felicia Leborgne Nowels are international trade, export controls, and customs experts at Akerman.