United States: National Security Review Of Foreign Investment In U.S. Business

Introduction

When representing a party in a transaction that involves a purchase of U.S. assets by a foreign national or a foreign entity, you must consider whether your cross-border transaction should be voluntarily submitted for review by the U.S. government based on concerns for national security. As recently articulated by the Bush administration, the longstanding position of the U.S. government is to encourage and support unequivocally international investment in the United States "consistent with the protection of the national security."¹ For decades, the executive branch of the U.S. government delegated to the Committee on Foreign Investment in the United States ("CFIUS") responsibility for the review of foreign investments in U.S. assets based on national security concerns.² Recently, the federal statutes and regulations governing the review of such transactions were revised in an attempt to provide increased clarity and transparency regarding the process by which the United States government reviews transactions involving foreign investments in U.S. assets.

Background

The Dubai Ports World ("DPW") controversy brought the CFIUS review process into the national spotlight and spurred a national security debate. In 2006, DPW, an entity owned by the government of the United Arab Emirates, acquired the London-based Peninsular & Oriental Steam Navigation Company ("P&O"). P&O had leases to operate six major American ports. CFIUS approved the sale. When the deal was made public, leaders of both political parties, members of Congress and the general public were vociferous in their objection based upon fears that DPW's operation of U.S. ports could compromise port security. Eventually, DPW defused the controversy by selling P&O's U.S. operations to a unit of American International Group. The DPW controversy lead to calls for Congress to legislate an overhaul of the CFIUS review process. The legislation resulting from these efforts is the Foreign Investment and National Security Act of 2007 ("FINSA"), which passed in Congress with strong bipartisan approval and was signed into law by President George W. Bush on July 26, 2007 and became effective on October 24, 2007.³ FINSA required the issuance of implementing regulations. The final rules (the "Final Rules") promulgated under FINSA were adopted on November 21, 2008 and became effective on December 22, 2008, amending Part 800 of Title 31 of the Code of Federal Regulations.⁴

The Foreign Investment and National Security Act of 2007

FINSA gives the president of the United States the authority to review mergers, acquisitions and takeovers by or with any "foreign person"⁵ in the interests of national security. In essence, FINSA grants the president the power to take such actions as he deems appropriate with respect to covered transactions, including to suspend or prohibit a pending transaction or to undo a completed transaction, that threaten to impair the national security of the United States and other provisions of law do not provide the president with adequate means to protect national security.⁶ The president's actions pursuant to FINSA are not subject to judicial review.⁷ The president has discretion to determine what constitutes "national security." Neither FINSA nor the final rules includes a precise definition of "national security," but FINSA indicates that the term includes "issues relating to 'homeland security,' including its application to critical infrastructure."⁸ "Critical infrastructure" is defined as "a system or asset, whether physical or virtual, so vital to the United States that the incapacity or destruction of the particular system or asset of the entity over which control is acquired pursuant to that covered transaction would have a debilitating impact on national security."⁹

Prior to the enactment of FINSA, CFIUS acted solely pursuant to Executive Order 11858. FINSA formally established CFIUS, codifying its role in the review of transactions for national security concerns. The members of CFIUS consist of the secretary of the treasury (serving as chairperson), the U.S. attorney general, and the secretaries of homeland security, commerce, defense, state and energy. The president has authority to appoint to CFIUS the heads of any other executive department, agency or office as he deems appropriate, on a case-by-case basis. FINSA adds the director of national intelligence and the secretary of labor as non-voting members of CFIUS. FINSA increases accountability within CFIUS by requiring that the department of the treasury designate a lead agency to negotiate with the parties to the transaction under review.¹⁰ CFIUS must provide Congress with annual reports regarding its work, including a list of transactions reviewed or investigated in the preceding 12 months and an analysis of foreign direct investment. An unclassified version of CFIUS's annual report to Congress is made available to the public.¹¹

Which Cross-Border Transactions are Reviewable by CFIUS?

The final rules clarify the types of transactions reviewable by CFIUS. CFIUS review is limited to "covered transactions," defined as "any transaction that is proposed or pending after August 23, 1988, by or with any foreign person, which could result in control of a U.S. business by a foreign person."¹² For purposes of FINSA, a "transaction" is a pending or completed acquisition of an ownership interest in an entity, a merger or consolidation, a transfer of assets, or the formation of a joint venture. A long term lease could also be a "transaction," provided the lessee makes substantially all business decisions concerning the operation of the leased entity as if it were the owner of the real property.¹³ Section 800.301 of the final rules sets forth four categories of covered transactions, providing illustrative examples of each type, namely:

(a) A transaction which ... results or could result in control of a U.S. business by a foreign person....

(b) A transaction in which a foreign person conveys its control of a U.S. business to another foreign person...

(c) A transaction that results or could result in control by a foreign person of any part of an entity or of assets, if such part of an entity or assets constitutes a U.S. business...

(d) A joint venture in which the parties enter into a contractual or other similar arrangement, including an agreement on the establishment of a new entity, but only if one or more of the parties contributes a U.S. business and a foreign person could control that U.S. business by means of the joint venture....¹⁴

Schemes used to deliberately avoid FINSA's applicability will be disregarded.¹⁵ For example, if Company X is organized under the laws of a foreign state and is wholly owned and controlled by a foreign national and Company X transfers money to a U.S. citizen who, pursuant to an arrangement with Company X and on its behalf, buys all outstanding shares of stock of Company Z, a U.S. business, the transaction is a covered transaction.

The transaction target must be a "U.S. business."

The transaction must involve a "U.S. business," defined as "any entity, irrespective of the nationality of the persons that control it, engaged in interstate commerce in the United States, but only to the extent of its activities in interstate commerce."¹⁶ (emphasis added). Thus, if Company X, a French company, buys Company A's empty warehouse located in the United States, the facility itself is not an entity and, therefore, not a U.S. business and the transaction is not covered by FINSA. But, if Company X also hires Company A's employees and acquires Company A's customer list, equipment and inventory used to operate the facility, Company X is acquiring a U.S. business and the transaction is a covered transaction.

The transaction must result in a transfer of "control" of the U.S. business.

The concept of "control" is a key element in determining whether a transaction is reviewable by CFIUS. The transaction must include a transfer of control of the U.S. business, such that the transaction must result in the foreign person having

The final rules include an illustrative list of these "important matters" relevant to a determination of the existence of foreign control. The inclusion in the transaction agreements of minority shareholder protections, such as an anti-dilutive preemptive right or negative covenants with respect to related party transactions and the sale or pledge of assets, are not considered to confer control over an entity.¹⁸

Cross-Border Transactions That Are Not Subject to Review by CFIUS

The final rules identify various types of cross-border transactions that do not fall within the scope of FINSA and, therefore, are not subject to review by CFIUS.¹⁹ Assuming no other relevant facts, a foreign person's start-up or "greenfield" investment in a U.S. business is not a covered transaction.²⁰ Generally, a loan from a foreign person is not a covered transaction; although, if the foreign person also acquires financial or governance rights characteristic of an equity investor (e.g., an interest in profits or the right to appoint board members), the loan transaction may constitute a covered transaction.²¹ A foreign person's acquisition of ten percent or less of the outstanding voting interest in a U.S. business is not a covered transaction as long as the investment is solely for the purpose of a passive investment. For example, if Company X, a foreign entity, agrees to buy five percent of the outstanding shares of stock of Company A, a U.S. corporation, but also negotiates the right to appoint one of Company A's eleven board members, the investment is not solely a passive investment and whether the transaction is a covered transaction will depend on whether Company X obtains control of Company A as a result of the transaction. The acquisition by a foreign person of additional shares of stock resulting from a stock split or pro rata stock dividend not involving a change of control is not a covered transaction. A foreign person's "acquisition of part of an entity or of assets, if such part of an entity or assets do not constitute a U.S. business" is not a covered transaction.²² For example, if Company X, a foreign entity, is buying from separate U.S. companies: (a) inventory, (b) land and (c) machinery for export, Company X is not buying a U.S. business and, assuming no other relevant facts, the transactions is not a covered transaction.

Transactions That Present National Security Concerns

If a transaction falls within the scope of FINSA, CFIUS will study the facts and circumstances and analyze and assess the transaction for national security risk concerns. The national security risk assessment is conducted using the information provided by the parties to the transaction, information publicly available and information obtained through government sources, including a classified national security threat assessment prepared by the director of national intelligence.²³ FINSA contains a non-exhaustive list of factors that may be considered by CFIUS in determining if a covered transaction poses national security risks.²⁴ CFIUS has the latitude to consider additional factors it deems appropriate for the particular transaction.

The Department of the Treasury, Office of Investment Security, has published guidance (the "CFIUS Guidance") concerning the CFIUS review process.²⁵ The unofficial version of the CFIUS Guidance is available on the website of the Treasury Department, Office of International Affairs, at http//www.treas.gov/offices/international-affairs/cfius. It contains useful information for parties considering whether to file a voluntary notice with CFIUS or preparing a notice for submission to CFIUS. The CFIUS Guidance indicates that, historically, national security concerns have been based on the nature of the targeted U.S. business and/or the nature of the foreign person^.26 A large number of transactions that presented national security concerns involved a U.S. business that was providing products and/or services to the U.S. government and state and local agencies. However, transactions involving U.S. businesses with no government contracts, operating in sectors as varied as information technology, telecommunications, energy, natural resources, transportation services, and financial services, have also raised national security risk issues. Transactions that posed national security considerations often involved U.S. businesses offering goods and/or services subject to U.S. export controls.²⁷

The CFIUS Review Process

The CFIUS review process is based on a voluntary notice system. Historically, less than ten percent of all foreign acquisitions of U.S. businesses are voluntarily submitted to CFIUS for review.²⁸ The voluntary submission of a transaction for review by CFIUS is advisable, however, since a concluded action by CFIUS that results in a determination that there are no unresolved national security concerns provides a safe harbor from subsequent review of the transaction. Moreover, CFIUS has the power to unilaterally initiate an agency review and require the parties to a cross-border transaction to submit information to CFIUS.²⁹ A covered transaction that has not been reviewed and cleared by CFIUS may be unilaterally reviewed and investigated by CFIUS long after the transaction has been concluded, a development sure to be unpleasant for everyone concerned, including the transaction lawyers who advised on the transaction. Informal, pre-notice consultations with CFIUS are encouraged and all submissions to CFIUS are confidential and exempted from disclosure requests under the Freedom of Information Act.³⁰ A notice is filed by submission of a paper copy of the notice to the Office of Investment Security and an electronic copy of the notice is submitted to CFIUS. The Treasury Department provides instructions for electronic submissions on its website.

When a transaction is voluntarily submitted to CFIUS, one of three things will happen. If, at the outset, CFIUS determines that the transaction is not a covered transaction, the parties to the transaction will be so advised in writing and no review of the transaction will be undertaken.³¹ The nonapplicability notice provides a safe harbor for the transaction barring all subsequent actions by the president or CFIUS under authority of FINSA to prohibit or undo the transaction.³² On the other hand, if CFIUS determines that the transaction is a covered transaction and initiates a review, the transaction will be reviewed by CFIUS for 30 days to determine its effect on national security and to address any national security risks it presents. For a great majority of the transactions, the review process will be completed within this 30-day review period.³³ When warranted by the circumstances of the particular transaction under review, however, CFIUS is authorized to commence a formal investigation of the transaction for 45 days beyond the initial 30-day review period.

The CFIUS review must be completed within 30 days of the staff chairperson's acceptance of the notice. The staff chairperson has authority to reject any submission deemed deficient and delay the commencement of the 30-day review period. In addition, an accepted notice may be subsequently rejected if the parties to the transaction do not provide adequate responses to the staff chairperson's request for follow-up information.³⁴ The 30-day review period will begin only when the staff chairperson is satisfied that the voluntary notice complies with Section 800.402 of the final rules. The staff chairperson will inform the parties in writing of the acceptance of the notice, the commencement date of the review period and the lead agency for the review.³⁵

Section 800.402 of the final fules sets forth in detail the information required to be included in the notice. The notice must contain a summary of the terms of the transaction, including the net value of the transaction in U.S. dollars and the expected date for its completion. If the transaction is an acquisition of assets, a detailed description of the assets and an approximate value of the assets in U.S. dollars must be provided. All financial institutions engaged with respect to the transaction must be disclosed. The name, address, principal place of business, nationality (or place of legal organization) of each party to the transaction and each party's parent entities must be provided. The owners of each entity must be identified. The notice must describe the activities of the U.S. business, including its licenses and permits, government contracts, and the classified materials and products or services it supplies under government contracts. Personal information regarding the members of the governing body and the senior officers of any foreign entity engaged in the transaction must be provided. If the foreign person is a party to any third party agreements with other foreign persons on matters affecting the U.S. business, the agreement must be disclosed and a copy of any such written agreement provided. Annual reports of the financial condition of each entity a party to the transaction must be provided. A copy of the most recent purchase agreement must be submitted with the notice.

FINSA holds the filing party's chief executive officer (or a person in an equivalent position) accountable for the accuracy and completeness of all submissions to CFIUS. The chief executive officer must certify in writing as to the accuracy, completeness and compliance with law of the filing party's submissions to CFIUS.³⁶ The final rules authorize the imposition of civil penalties of up to $250,000 per violation for persons who intentionally or due to gross negligence, submit material misstatements or omissions in a notice, or make a false certification in connection with a notice.³⁷ In addition, while the voluntary notice is pending before CFIUS, the parties to the transaction have a duty to promptly advise the CFIUS staff chairperson of any material changes in the matters contained in the notice and, if necessary, to file an amendment to the notice. FINSA authorizes CFIUS to reopen a review in the event of a material omission or misstatement.

If CFIUS determines to approve the transaction without a formal investigation, a Treasury Department official will notify the parties in writing of CFIUS's determination to conclude its action under FINSA.³⁸ The Treasury Department's notice with respect to the conclusion of the action provides a safe harbor for the transaction barring all subsequent actions by the president or CFIUS under authority of FINSA to prohibit or undo the transaction.³⁹ FINSA increases accountability by CFIUS for its actions by requiring that its leaders certify to Congress the results of each review undertaken by it. Upon completion of a review, the treasury secretary and the head of the lead agency for the particular transaction must certify to Congress that CFIUS has concluded there are no unresolved national security concerns with respect to the covered transaction.⁴⁰

A formal 45-day investigation of a transaction will be instituted by CFIUS upon the advice of any member of CFIUS who believes that the reviewed transaction presents an unmitigated threat to national security.⁴¹ In addition, FINSA mandates an investigation in two circumstances. CFIUS must conduct a full 45-day investigation of: (1) a "foreign government controlled transaction," defined as "any covered transaction that could result in control of a U.S. business by a foreign government or a person controlled by or acting on behalf of a foreign government"⁴² and (2) any transaction that "would result in control by a foreign person of critical infrastructure of or within the United States," if CFIUS has determined that the transaction poses an unmitigated risk to national security.^.43 The investigation must commence no later than the last day of the 30-day review period and a Treasury Department official must inform the parties in writing that the investigation has commenced.⁴⁴ The investigation must be concluded within 45 days of its commencement.⁴⁵ If CFIUS determines, based upon its investigation, that there are no unresolved national security risks present in the transaction, the parties to the transaction will be notified in writing by an official of the Treasury Department that CFIUS has determined to conclude action.⁴⁶

CFIUS (or the lead agency acting on its behalf) is authorized to enter into mitigation agreements with the parties to the transaction or to impose conditions on the transaction to address national security risks, provided that the mitigation agreement or condition has been justified based upon a written analysis by CFIUS of the national security risk.⁴⁷ An overwhelming majority of cases are concluded without need of a mitigation agreement.⁴⁸ If the parties do enter into a mitigation agreement, CFIUS has the duty to monitor and enforce compliance with the mitigation agreement. If a breach of a material provision of a mitigation agreement or a material condition imposed with respect to the covered transaction occurs, CFIUS has the power to reopen its review of the transaction. In addition, the violating person may be liable for a civil penalty of up to $250,000 per violation or the value of the transaction, whichever is greater. This civil penalty is in addition to any damages available to the U.S. government pursuant to the terms of the mitigation agreement.⁴⁹

Only the President has the power to suspend or prohibit a covered transaction. If CFIUS determines to recommend to the President that he suspend or prohibit a transaction or if, on a rare occasion, CFIUS is unable to reach a decision on a transaction, CFIUS will deliver its report to the president setting forth the issues and opposing views with respect to the particular transaction. The president will then make the decision as to the covered transaction.⁵⁰ The president must announce his decision publicly within 15 days of the completion of the investigation.⁵¹

Conclusion

In the aftermath of the DPW debacle, FINSA and the final rules are intended to impose greater accountability by parties who submit information to CFIUS and by CFIUS itself, to provide improved clarity and transparency with respect to the CFIUS review process, and to ensure efficiency in the review of foreign investment in U.S. businesses. As discussed above, some of these measures are: (1) requiring a written certification (a) to CFIUS by a senior officer of the filing party with respect to the filing party's submissions to CFIUS and (b) to Congress by the leaders of CFIUS with respect to completed reviews; (2) mandating that all mitigation agreements be based upon a written risk-based analysis by CFIUS; (3) requiring an extensive annual report to Congress by CFIUS; (4) improving CFIUS's ability to monitor and enforce mitigation agreements and reopen reviews in the event of material omissions or misstatements in submissions or the breach of a mitigation agreement; (5) improving definitions of certain key terms relevant to identifying transactions subject to CFIUS review; and (6) requiring that voluntary notices include the types of information CFIUS has historically requested.

Preparing a notice for submission to CFIUS is an extensive project, requiring cooperation and committed resources from each parties' senior management and business subject matter experts; Section 402 of the final rules and the CFIUS Guidance should be consulted. Since the 30-day review period does not start until the CFIUS Staff Chairperson is satisfied that the notice is complete, care should be taken to ensure that the notice complies with Section 402 of the final rules. Otherwise, the transaction may be unnecessarily delayed since it is likely that CFIUS approval will be a condition precedent to closing the transaction.

Section 402 requires that the notice include information with respect to products and services provided to the government, items subject to the Export Administration Regulations, and defense articles and defense services covered by the United States Munitions List in the international traffic in arms regulations. If these disclosure items are applicable to the U.S. business involved in the transaction, it is essential that the U.S. business's employees who are responsible for the government contracts, export controls and related matters be brought into the process early on and actively participate in preparing the notice and responding to follow up requests for information by CFIUS. Finally, an attorney with government contracts expertise should also be enlisted for the CFIUS review team.

Footnotes

1 Section 1 of Exec. Order 11858, as amended by Exec. Order 13456 of January 23, 2008, 73 Fed. Reg. 4675.

2 Exec. Order 11858 of May 7, 1975, 40 Fed. Reg. 20263, 3 C.F.R. 1971-1975 Compilation, p. 990.

3 Pub. L. No. 110-049, 121 Stat. 246 (July 26, 2007). FINSA amends Section 721 of the Defense Production Act of 1950, as amended, 50 U.S.C. App. § 2061, et seq.

4 73 Fed. Reg. 70702-70729 (Nov. 21, 2008).

5 A "foreign person" is defined as "a foreign national, foreign government or foreign entity ... or [a]ny entity over which control is exercised or exercisable by a foreign national, foreign government or foreign entity." C.F.R. § 800.216(a)-(b) (2008).

6 50 U.S. C. App. § 2170(d)(1), (4) (2008). Other laws that could provide the President with adequate authority to mitigate the security risks of a transaction and, therefore, negate the need for risk mitigation measures under the authority of FINSA include, for example, the International Traffic In Arms Regulation, 22 C.F.R. Part 120, the Export Administration Regulations, 15 C.F.R. Part 730, and the National Industrial Security Program Operating Manual, DoD 5220.22-M.

7 50 U.S. C. App. § 2170 (e) (2008).

8 50 U.S.C. App. § 2170 (a)(5).

9 C.F.R. § 800.208 (2008).

10 50 U.S.C. App. § 2170 (k).

11 50 U.S.C. App. § 2170 (m)(1)-(2).

12 C.F.R. § 800.207.

13 C.F.R. § 800.224.

14 C.F.R. § 800.301.

15 C.F.R. § 800.104.

16 C.F.R. § 800.226.

17 C.F.R. § 800.204(a).

18 C.F.R. § 800.204(c)

19 See § 800.302.

20 See C.F.R. § 800.301(c) at Example 3.

21 C.F.R. § 800.303.

22 C.F.R. § 800.302.

23 50 U.S.C. App. § 2170 (b)(4).

24 50 U.S.C. App. § 2170 (f) For example, CFIUS may consider (a) the potential effect of the transaction on domestic production needed for projected national defense requirements, (b) the potential effects of the transaction on U.S. international technological leadership in areas affecting U.S. national security, (c) whether the transaction could result in control of a U.S. business by a foreign government or by an entity controlled by or acting on behalf of a foreign government and, in such event, the relevant country's track record with respect to nonproliferation control regimes and counter-terrorism efforts, and (d) the effects of the transaction on U.S. critical infrastructure, including major energy assets.

25 Department of the Treasury, Office of Investment Security, Guidance Concerning the National Security Review

Conducted by the Committee on Foreign Investment in the United States, 73 Fed. Reg. 74567-74572 (Dec. 8, 2008).

26 73 Fed. Reg. at 74570.

27 73 Fed. Reg. at 74571.

28 73 Fed. Reg. at 70716.

29 C.F.R. § 800.401; C.F.R. § 502(d). Any member of CFIUS may file an agency notice with respect to pending or completed transactions, but only the Chairperson of CFIUS may file an agency notice more than three years after the transaction has been completed. See C.F.R. § 800.401(c).

30 C.F.R. § 800.802.

3 1 C.F.R. § 800.403(c).

32 C.F.R. § 800.601(a).

33 73 Fed. Reg. at 70714.

34 C.F.R. § 800.403(a).

35 C.F.R. § 800.502.

36 See C.F.R. § 800.202. The website of the Department of the Treasury, Office of International Affairs, at http//www.treas.gov/offices/international-affairs/cfius, contains a sample certification.

37 C.F.R. § 800.801(a).

38 C.F.R. § 800.504.

39 C.F.R. § 800.601(a).

40 50 U.S.C. App. § 2170 (b)(3).

41 C.F.R. § 800.503(a).

42 C.F.R. § 800.503(b); C.F.R. § 800.214.

43 C.F.R. § 800.503(b).

44 C.F.R. § 800.505.

45 C.F.R. § 800.506.

46 C.F.R. § 800.506(d).

47 50 U.S.C. App. § 2170 (l)(1)(A)-(B).

48 The government entered into 16 mitigation agreements in 2006, 14 in 2007 and, as of November 2008, less than five in 2008. 73 Fed. Reg. at 70716.

49 C.F.R. § 800.801(b)-(c).

50 C.F.R. § 800.506(b)-(c).

51 50 U.S.C. App. § 2170 (d)(2).

This article was originally published in the June 2009 issue of the Corporate and Business Law Section Newsletter, a publication of the New Jersey State Bar Association, and is reprinted here with permission.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.