How CFIUS Foreign Transaction Monitoring Broadened
2020 is a year we will not soon forget. 2020 was also a year full of dramatic changes for the Committee on Foreign Investment in the United States.
The committee’s mandate remained the same — review foreign investments in U.S. businesses to protect national security. When necessary, the president can prohibit a proposed transaction, or require a foreign person to divest their interest in a U.S. business on national security grounds.
However, important modifications to the CFIUS process were introduced in 2020. New regulations were issued, the mandatory notification process evolved, and for the first time companies are now required to assess whether they produce or manufacture so-called emerging technologies.
Additionally, the U.S. Department of the Treasury, which oversees the committee’s work, dedicated significant resources to its Office of Investment Security Monitoring & Enforcement. This office was formed to “protect the integrity of the United States’ open investment policy.” It has two primary objectives: (1) monitor transactions that were not voluntarily submitted to CFIUS for review, often referred to as nonnotified transactions; and (2) ensure that companies comply with CFIUS mitigation agreements, conditions, and orders.
CFIUS has always monitored nonnotified transactions and ensured compliance of mitigation agreements. However, with the implementation of Foreign Investment Risk Review Modernization Act (“FIRRMA”), CFIUS’s approach to nonnotified transactions is significantly more aggressive, and companies entering into mitigation agreements must be cognizant of greater compliance risks.
U.S. businesses taking foreign capital that elect not to file a voluntary notice should understand that the likelihood of CFIUS requesting additional information regarding an investment or acquisition has increased. Further, companies entering into mitigation agreements with CFIUS as a condition of CFIUS concluding its review of a transaction must ensure that they understand what is expected before agreeing to the terms, and should be prepared to comply with the terms of the agreement with exactness.
Information Requests Regarding Nonnotified Transactions
CFIUS has long held the authority to communicate with companies who did not file a voluntary notice in connection with a cross-border investment or acquisition, and to request additional information about that transaction. CFIUS can review transactions both pre- and post-closing. The president is also authorized to prohibit transactions or force companies to divest their interests in U.S. businesses post-closing if a national security concern is identified.
While serving as a senior Treasury official, one of my collateral duties included contacting U.S. companies, typically at the request of a CFIUS member agency, and determining whether the companies intended to make a CFIUS filing. In any given month, the committee would reach out to one or two companies requesting information. Often companies that had announced but not closed a transaction would inform the committee that, in fact, they did intend to file a voluntary notice and that the parties were in the process of compiling the necessary information.
With the passage of FIRRMA, Congress made it clear that nonnotified outreach should be a priority.
To accomplish this mandate, Treasury significantly increased the number of full-time professionals dedicated to monitoring and enforcement. In 2020, I observed the Monitoring & Enforcement Office reaching out to companies at a fevered pitch, discussing investments with dozens of U.S. companies. Outreach is not limited to investors from one particular country or region, as CFIUS is monitoring investments globally across various industry sectors.
In many cases, the Monitoring & Enforcement Office is requesting detailed information related to a transaction, including a transaction description, deal documents, and organizational charts. The office may also request information about how the transaction was catalyzed, as in which party first approached the other about the potential transaction.
The committee may even ask if the foreign person has made other investments in the U.S., which could lead to additional follow-up questions. Questions may come through multiple rounds and absent the parties submitting a formal filing, CFIUS may inquire about a particular transaction indefinitely.
Companies that receive a request from CFIUS for information related to a transaction should think carefully through the issues before responding to questions. Companies that have not interacted with the committee before may lack the context to determine what is important to CFIUS.
Everything you say matters. By carefully considering the committee’s questions, companies may be able to find ways to address CFIUS’s concerns without needing to submit a full joint voluntary notice or even substantively engage with CFIUS.
Required Mitigation as a Condition of Approval
CFIUS’s ability to require companies to enter into mitigation agreements as a condition of approving transactions is a powerful tool. According to the most recent CFIUS annual report, from 2008 through 2019, the latest year for which CFIUS issued statistics, CFIUS relied on its mitigation authority 170 times, with more than half of those agreements being required during 2017 through 2019. The committee notes it will consider mitigation only when it believes that the agreement will be effective, verifiable and monitorable to address its national security concerns.
Unfortunately, I am aware of multiple instances where companies realized that they did not fully appreciate the terms of the mitigation agreement until after it was signed. Agreements are often negotiated at the end of the CFIUS statutory timeline, leaving little room for companies to fully evaluate what is expected.
Sometimes requirements are straightforward, such as requiring a company to continue to provide goods or services to a U.S. government agency. Frequently, however, the requirements are complex, such as placing restrictions on the transfer of intellectual property, trade secrets, or know-how to the new owner, or requiring that only U.S. citizens handle certain products and services.
Companies should ensure that a meeting of the minds between the government and the companies occurs before agreeing to the final terms because failure to comply with mitigation terms could result in stiff penalties. The Monitoring & Enforcement Office plays a critical role in ensuring compliance with mitigation agreements. A centralized office should normalize the mitigation process with respect to on-site compliance reviews, third-party audits, and the use of third-party monitors.
These changes to the CFIUS process will endure. The U.S. government will aggressively evaluate past and future cross-border deals. CFIUS views its work as important and will continue relying on multiple sources of information, including tips and referrals, to identify transactions that may raise national security concerns. CFIUS has established a dedicated email address where members of the public can send the committee tips about transactions.
The committee will also continue to monitor mitigation agreements and, when necessary, issue penalties for noncompliance. Because of strict confidentiality requirements, CFIUS does not announce company names when imposing penalties. However, CFIUS disclosed that in 2018, the committee imposed a $1 million penalty on a company for repeated breaches of a 2016 mitigation agreement, and announced that in 2019, CFIUS imposed a $750,000 penalty for violations of a CFIUS interim order.
Additionally, CFIUS is authorized to penalize companies that fail to make a mandatory notification, though the Committee has not announced that it has penalized companies for failure to comply with this mandate. As the Monitoring & Enforcement Office identifies instances where companies failed to notify CFIUS when required, we should expect penalties will be issued.
A version of this post was originally published in Law360.