United States: The Expanding CFIUS Mandate For Review Of Foreign Investment In The United States

The U.S. Department of Treasury has released for comment proposed new regulations governing the Committee on Foreign Investment in the United States (CFIUS). New regulations were mandated by the Foreign Investment and National Security Act of 2007 (FINSA)¹. Still to come is the release of guidance on the types of transactions that CFIUS has reviewed and that have presented national security considerations.

Overview of the CFIUS Mandate and Process

CFIUS is charged with reviewing "any merger, acquisition, or takeover ... by or with any foreign person which could result in foreign control of any person engaged in interstate commerce in the United States." After CFIUS accepts written notification of a transaction, it begins a 30-day review of the transaction's potential effect on national security. Filing is voluntary, but if a party does not file, it risks later CFIUS review – even after the transaction is completed.

FINSA now defines "national security" as including the broad concept of "homeland security." It also expanded the factors that CFIUS must consider when reviewing a transaction. These factors now include the potential effect on "critical infrastructure" and "critical technologies," as well as whether the transaction could result in a foreign government–controlled person controlling a U.S. business.

If the 30-day review results in a determination that the transaction threatens to impair national security and that threat has not yet been mitigated by agreement or otherwise, a second-stage 45-day investigation is required. A second-stage investigation will also be triggered if the transaction involves a foreign government–controlled acquiror unless the Secretary of the Treasury and the head of the lead agency in the review jointly determine that the transaction will not impair the security of the United States.

Upon completing the second-stage investigation, CFIUS makes a recommendation to the President regarding further action. Within 15 days of that recommendation, the President must announce the decision whether or not to suspend or prohibit the transaction, a decision that is not reviewable by any court.

The Proposed Regulations

Although the proposed regulations largely formalize existing practice, there are important aspects to note, including the following:

Definition of "Control"

CFIUS has jurisdiction where a foreign person acquires "control" of a U.S. business. Although "control" for this purpose was previously defined and applied at a level below legal control, the proposed regulations lower the bar even further. Except for a safe harbor where a foreign person acquires 10% or less of outstanding voting interests solely for the purpose of investment, the proposed regulations make clear that an acquisition of control can take place at any ownership level. Control is conferred by the power "to determine, direct, or decide important matters affecting an entity." For example, the proposed regulations provide that a foreign person who acquires a 9% ownership interest in a U.S. business together with certain veto rights that determine important matters, including the right to veto the dismissal of senior executives, would acquire control.

Although the proposed regulations do provide that certain minority shareholder protections will not in themselves be deemed to confer control, the lowering of the bar for control will result in more transactions involving foreign minority investors being subject to CFIUS review.

Critical Infrastructure

The proposed regulations do little to clarify FINSA's potentially sweeping definition of "critical infrastructure." This term is defined in the proposed regulations as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of the particular systems or assets of the entity over which control is acquired ... would have a debilitating impact on national security." Because FINSA defines national security to include issues relating to homeland security, critical infrastructure risks being construed as encompassing a broad swath of the U.S. economy, far beyond the usual notions of businesses related to national defense and intelligence. The guidance that is still to come is expected to assist in the interpretation of this concept.

Critical Technologies

"Critical technologies" is defined in more absolute terms in the proposed regulations by reference to existing regulatory regimes that govern the export and handling of defense-related and other sensitive goods and services.

Penalties

The proposed regulations establish substantial civil penalties for intentional or grossly negligent material misstatement or omission in a notice or false certification, or for violation of a mitigation agreement.

Going Forward

The proposed regulations will be finalized after a comment period ending June 9, 2008.

The expanding mandate of CFIUS and the recent example of the proposed buyout by Bain Capital and China's Huawei Technologies of 3Com (the U.S. computer networking company) that has foundered under CFIUS review serve to emphasize the importance of early identification and management of national security considerations in any transaction involving a foreign investor in a U.S. business.

Footnote

^{1. Effective October 2007, FINSA amended the Exon-Florio legislative framework within which CFIUS reviews foreign investment in the United States for its effect on national security.}

The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.