On April 11, the US Department of the Treasury announced a Notice of Proposed Rulemaking (NPRM) amending the regulations that govern the operations of the Committee on Foreign Investment in the United States (CFIUS, or the Committee). CFIUS is the US government body that reviews potential national security concerns resulting from foreign investments in and acquisitions of US businesses and certain real estate.
Intended to demonstrate the Committee's "focus on monitoring, compliance, and enforcement," the NPRM proposes to increase penalty amounts, expand CFIUS's authority to request information, and tighten the time frame parties have to respond to mitigation agreement terms. (CFIUS sometimes conditions approval of a transaction on the parties accepting terms to mitigate perceived national security risk.)
The public comment period closed on May 15, and the proposed changes will not take effect until a final rule is issued. Regardless of the specifics of the final rule, the result will be a more robust CFIUS. US sellers, and foreign buyers and investors, need to plan accordingly.
Background on CFIUS
CFIUS is an interagency committee with the authority to review transactions involving foreign investment in the United States and in certain US real estate (covered transactions). Chaired by the Treasury Department Secretary, CFIUS includes representatives from the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and State; the Office of the US Trade Representative; and the Office of Science & Technology Policy. Several White House offices also participate in the Committee.
CFIUS reviews the national security implications of covered transactions and has the authority to impose conditions on transactions to mitigate associated national security risks. Most submissions to CFIUS are made on a voluntary basis; however, certain circumstances require parties to submit a mandatory declaration. The Committee may also investigate non-notified transactions, which remain subject to potential CFIUS review indefinitely.
Transactions notified to the Committee can take two forms: a formal notice subject to a review period of forty-five days, or a shorter-form declaration subject to a thirty-day review period (though at the end of this period, CFIUS may request submission of a formal notice). At the conclusion of the forty-five-day review period, CFIUS may initiate a further investigation of another forty-five days. In rare cases, CFIUS may recommend that the president block a transaction. Parties must respond to requests for information from the Committee at any point in this process.
Increased Penalties
As described in the NPRM, CFIUS determined that the current maximum penalty for violations of CFIUS regulations—$250,000 or the value of the transaction (whichever is greater)—does not sufficiently deter certain violations. Given that the median value of covered transactions reviewed by CFIUS was $170 million in recent years and that the definition of "transaction" within the regulations can lead to substantial undervaluation of transactions, the US government understandably believes penalties should be increased.
In particular, the NPRM would increase maximum monetary penalties as follows:
- For violations related to submitting a declaration or notice with a material misstatement or omission, or making a false certification: from $250,000 to $5 million per violation.
- For violations related to failure to comply with the mandatory declarations regulations: from $250,000 to $5 million or the value of the transaction, whichever is greater. Note that these requirements do not apply to covered real estate transactions.
- For violations of a material provision of a mitigation agreement, a material condition, or an order: from $250,000 to the greatest of (i) $5 million, (ii) the value of the transaction, or (iii) the value of the violating party's interest in the US business (or real estate) at the time of the transaction or violation. Because the value of the interest in the US business at the time of the transaction or violation may be greater than the value of the transaction itself, option (iii) provides enhanced deterrence for mitigation-related violations.
The NPRM also proposes that penalties may be imposed against a party that makes a material misstatement or omission to the Committee outside of a declaration or notice. Most notably, this would cover requests by CFIUS for information pertaining to non-notified transactions.
The maximum penalty will not be imposed in every case, and CFIUS maintains discretion to determine an appropriate penalty in accordance with the CFIUS Enforcement and Penalty Guidelines. Relatedly, the NPRM extends the deadlines from fifteen days to twenty days both for a party to submit a petition for reconsideration of a penalty and for the Committee to issue a final penalty determination.
Expansion of Authority to Request Information
The NPRM also proposes to expand CFIUS's authority to collect relevant information, including from nonparties (those not directly party to a transaction), to enforce its regulations.
First, the NPRM would grant CFIUS broader authority to investigate non-notified transactions. CFIUS is currently able to request information to determine whether a non-notified transaction is subject to CFIUS jurisdiction (i.e., "covered"). Under the proposed changes, CFIUS would be able to request information not only from parties to the transaction but also from nonparties to determine "whether [the non-notified] transaction may raise national security considerations . . . [or] meets the criteria for a mandatory declaration." Parties would be required to respond to such requests.
Second, the NPRM would require parties to respond when the Committee requests information to: (1) "monitor compliance with or enforce the terms of a mitigation agreement, order, or condition" and (2) determine whether a material misstatement or omission was made by a transaction party. The regulations currently do not require parties to respond to such requests, though in practice they are rarely ignored.
Finally, the NPRM relaxes the standard under which CFIUS may exercise its subpoena authority to compel information from parties.
CFIUS has increasingly prioritized the review of non-notified transactions. In September 2023, Assistant Secretary of the Treasury for Investment Security Paul Rosen called CFIUS's "non-notified work . . . one of [its] most important functions." According to CFIUS's latest annual report (the Annual Report), the Committee continues to hire dedicated staff and implement training for this purpose. As stated in the NPRM, expanding information gathering on non-notified transactions will promote "efficiency in connection with filings for transactions that may present an extant risk" by "allow[ing] the Committee to prioritize transactions that parties were required to submit . . . or that, in its view, otherwise warrant formal review."
Tightening Mitigation Negotiation Timelines
Where CFIUS identifies a national security concern in connection with a transaction, it can propose mitigation measures to address those concerns in exchange for allowing a transaction to proceed. Currently, there is no specified timeline for parties to respond to mitigation agreement terms proposed by CFIUS. The Department of the Treasury believes that this "can sometimes result in a protracted process where parties may take longer than is reasonable to respond to the Committee's proposed terms."
To address this concern, the NPRM would require a "substantive response" to any proposed mitigation agreement terms within three business days, absent an extension. (The NPRM does not detail how CFIUS will decide whether to grant an extension.) A "substantive response" is expected to consist of an acceptance, a counterproposal, or a "detailed statement of reasons" as to why the parties cannot comply with the terms.
Given the complexity and inherently international nature of a transaction subject to a mitigation agreement, three business days is a very short turnaround. Yet parties to a proposed mitigation agreement must understand the proposed terms and their impact on the business, including their ability to comply with the terms going forward. Most fundamentally, the parties need to understand the extent to which proposed mitigation terms change the underlying deal. Underlying agreements typically permit the buyer or investor to halt the transaction if CFIUS approval requires material changes to the terms of the transaction.
In addition, failure to appropriately shape and implement mitigation terms can lead to violations of the mitigation agreement itself.
The three-day timeline was the most frequently cited concern among the public comments to the NPRM. Several commenters recommended that the Committee instead impose an abbreviated timeline on a case-by-case basis. Commenters also proposed an extended general deadline of five business days.
While it remains to be seen how the final rule will address the three-day timeline, CFIUS has clearly signaled its focus on compliance with and enforcement of mitigation agreements. Parties must therefore have a well-defined strategy as to what remediation measures will be palatable. In this regard, the Annual Report's description of past mitigation measures and conditions is a helpful tool for considering potential measures.
New Tool for Countering China?
Some believe the changes proposed in the NPRM are primarily meant to create additional tools to counter China. In a September 2022 Executive Order, the "first-ever presidential directive" providing factors for CFIUS to consider in its reviews, the White House targeted areas seen as priorities of Chinese industrial development, including supply chains in the microelectronics, artificial intelligence (AI), quantum computing, and agricultural spaces. The Annual Report also notes that "economic, industrial, and cyber espionage by foreign actors like China . . . continues to represent a significant threat to US prosperity, security, and competitive advantage." The changes proposed by the NPRM come as ByteDance's ownership of TikTok is subject to increased congressional and regulatory scrutiny and as the Treasury issues new rules to limit US outbound investment into specific Chinese sectors.
Going Forward
The NPRM will establish a more muscular CFIUS, with further beefing up likely. There continue to be calls to broaden the scope of CFIUS jurisdiction. For example, the US-China Economic and Security Review Commission recently recommended in its 2023 Report to Congress that Congress pass legislation that would view foreign research contracts with universities as covered transactions subject to CFIUS review. Further, bipartisan concern over foreign investment in US agricultural land led to the March 2024 inclusion of the Department of Agriculture as a case-by-case member of the Committee for certain agriculture-related transactions. Proposed legislation also seeks to require that "detailed and timely . . . transaction data relevant to foreign investments in agricultural land" be provided to the Committee to ensure proper review of such transactions by CFIUS.
In an environment in which the scope of the Committee's review and enforcement efforts is expanding, nearly any transaction involving a foreign investor or acquirer should be reviewed for CFIUS implications. And in a transaction involving legitimate national security issues, the parties should proactively consider potential mitigation measures in light of a truncated timeline for reviewing and responding to proposed measures.
Originally Published by American Bar Association's (ABA) Business Law Today
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.