The U.S. Department of the Treasury has built a new team whose only mission is to scour commercial databases, press releases, bankruptcy filings, and other sources, searching for transactions that were not filed with the Committee on Foreign Investment in the United States (CFIUS or the Committee). If Treasury's team identifies a non-notified transaction that may present a risk to U.S. national security, CFIUS has the authority to request a filing and perform a national security review of the transaction. As Treasury's team grows in size and capabilities, parties involved in business deals with national security implications will no longer be able to hide from the Committee by simply refusing to file a transaction with CFIUS.

Tyler McGaughey, a partner in Winston & Strawn LLP's Washington, D.C. office, served as the Deputy Assistant Secretary (DAS) for Investment Security at Treasury from 2019 to 2021. During his tenure, Tyler supervised the completion of national security reviews and investigations for hundreds of transactions. Tyler also helped build Treasury's non-notified team. In this article, Tyler provides clients with an overview of CFIUS's non-notified process and gives clients some tips/takeaways for how to respond if they find themselves in the crosshairs of Treasury's non‑notified team. 

What is CFIUS and how does it work?

CFIUS is a U.S. government interagency committee that reviews foreign investments in U.S. businesses for national security risks. The Committee has nine voting members, with Treasury serving as chair of the Committee. The Committee has been around since the 1970s, but it has become more prominent in recent years, particularly as the United States has placed greater scrutiny on Chinese investments in strategically important industries including semiconductors, artificial intelligence, quantum computing, biotechnology, telecommunications, and aerospace. 

A CFIUS case typically begins when parties to a transaction file a document called a joint voluntary notice (Notice). The Notice provides the Committee with important information about the transaction, the foreign acquirer, and the U.S. business. After the transaction parties file a Notice, the Committee typically has up to 90 days to conduct due diligence. At the end of 90 days, the Committee has three main options: (1) clear the transaction and send the transaction parties a “safe harbor” letter indicating that CFIUS has finished its review and did not identify any national security issues; (2) enter into a mitigation agreement with the transaction parties whereby the parties agree to take certain actions to mitigate risks to U.S. national security that arise from the transaction; or (3) refer the transaction to the President of the United States, who has the power to block the transaction.

What are non-notified transactions and why was a team created to find them?

Non-notified transactions are transactions that fall within CFIUS's jurisdiction (i.e., “covered transactions”) but are not filed with the Committee. Since the transaction parties choose not to “notify” the Committee about the transactions, the transactions are known as “non‑notified” transactions.

CFIUS needs a non-notified team because CFIUS is largely a voluntary process. Except in limited circumstances, transaction parties are not required to file their transactions with the Committee. The primary incentive for filing a transaction is to obtain a “safe harbor” letter. CFIUS has no statute of limitations, so if a foreign acquirer does not file a transaction with the Committee and obtain a “safe harbor” letter, there is always a risk that CFIUS can request a filing years later and force the foreign acquirer to divest its ownership of the U.S. business. Thus, if a foreign acquirer wants to eliminate any CFIUS risk before closing a transaction, the foreign acquirer needs to go through the CFIUS process. However, until recently, the Committee did not have a robust non‑notified team, and therefore, if parties refused to notify their transactions voluntarily, they rarely heard anything else about it. In other words, until recently, transaction parties could feel confident that they could hide their transaction from the Committee by simply refusing to file.

In 2018, Congress altered this dynamic by inserting a provision into the Foreign Investment Risk Review Modernization Act (FIRRMA) requiring CFIUS to create a process for identifying non‑notified transactions.1 Moreover, FIRRMA specifically gave Treasury, the chair of the Committee, the authority to centralize the non-notified team at Treasury.2 Following FIRRMA's enactment, Treasury has worked hard to build a new non-notified team.

How is Treasury's non-notified team organized?

Treasury carries out its CFIUS responsibilities through the Office of Investment Security. The Office of Investment Security is divided into three units: (1) Reviews & Investigations (R&I); (2) Policy & International Relations (PIR); and (3) Monitoring & Enforcement (M&E). The R&I unit conducts national security reviews and investigations for transactions that are filed with the Committee. The PIR unit drafts regulations, represents Treasury at interagency meetings, and works with our international partners and allies on investment security issues. The M&E unit monitors and enforces mitigation agreements. Each unit is supervised by a director—a senior career Treasury official with extensive experience in the investment security field.

The non-notified team falls within the M&E unit. The M&E unit is divided into two groups, with some case officers focused exclusively on identifying non-notified transactions (i.e., the non‑notified team) and other case officers focused primarily on monitoring and enforcing mitigation agreements. The case officers working on non-notified transactions are supervised by a deputy director, whose sole focus is to develop Treasury's non-notified capabilities. The deputy director for non-notified transactions reports to the director of M&E, who is the senior career Treasury official responsible for managing the non-notified process.

How does Treasury identify non-notified transactions?

Treasury's non-notified team identifies non-notified transactions in three ways. First, the team conducts market monitoring. Every business day, Treasury case officers scour press releases, bankruptcy filings, and multiple commercial databases, searching for transactions that were not filed with the Committee and may have national security consequences. CFIUS has jurisdiction over all types of corporate transactions, including mergers and acquisitions involving public and private companies, joint ventures, corporate restructurings, bankruptcies, real estate deals, and early-stage investments in startup companies. The non-notified team has access to information and databases covering all of these types of corporate transactions, and the team conducts near-constant surveillance of the market for transactions that may fall within CFIUS's jurisdiction.

Second, the non-notified team receives referrals from other government agencies and offices. The national security agencies—DOJ, DOE, DHS, and DOD—are probably most active in looking for non-notified transactions, but Treasury also accepts referrals from other government agencies and offices.

Third, the non-notified team reviews public tips. Members of the public are encouraged to provide tips, referrals, or other relevant information by emailing the non-notified team at

How does the non-notified team decide whether to request a filing?

If a case officer on the non-notified team identifies a potential non-notified transaction, the case officer notifies a supervisor, typically by writing a short memorandum providing a summary of the transaction. If a supervisor approves, the case officer performs due diligence on the transaction. Due diligence for a non-notified transaction consists of two tasks. First, Treasury's Office of General Counsel (OGC) performs a preliminary assessment of whether the transaction may fall within CFIUS's jurisdiction. Second, the case officer performs a preliminary national security assessment to determine whether the transaction may result in a risk to U.S. national security. When conducting the preliminary national security assessment, the case officer also assesses whether other legal authorities may be sufficient to address any national security concerns that could arise from the transaction. CFIUS is supposed to be a tool of last resort, and if other legal authorities can address a national security risk, the Committee is obligated to rely on those authorities.

If the non-notified team concludes that a non-notified transaction may fall within CFIUS's jurisdiction and present national security risks, Treasury seeks Committee approval to contact the foreign acquirer and request information about the transaction. If there is no objection, Treasury sends an email to the transaction parties. The email is typically brief. It usually doesn't even say the word “CFIUS.” Rather, the deputy director of the non-notified team asks to arrange a phone call to discuss what is often characterized as a time-sensitive and confidential matter.

Once contact is made, the non-notified team requests documents and information necessary to conduct a more robust assessment of the transaction. The documents and information provided by the parties are forwarded to Treasury OGC so that an attorney can draft a covered transaction analysis making a formal assessment of whether the transaction is covered. If CFIUS has jurisdiction and the transaction may present national security risks, then the Committee decides whether a filing should be requested.


  1. If you publicize your transaction, the non-notified team will see it. If a transaction is in the news, the non-notified team will see it. During the prior administration, Treasury attempted to reach out as quickly as possible (sometimes within 48 hours) to parties whose transactions made the headlines. The goal was to signal to private industry that CFIUS is actively monitoring corporate deals and will be aggressive about bringing in non-notified transactions.
  2. Even if you don't publicize your transaction, the non-notified team will likely find it. By refining their searches in commercial databases, increasing their coordination with other government agencies and offices, and using all the publicly available information at their disposal (e.g., SEC filings), the non-notified team is getting better and better at finding non-notified transactions, including transactions that are not publicized in major financial newspapers.
  3. If the non-notified team reaches out, you should cooperate. If the non-notified team is reaching out about a transaction, it not only means that it has seen the transaction; it means that the non-notified team has already performed preliminary due diligence and has reason to believe that the transaction may fall within CFIUS's jurisdiction and present national security issues. The non-notified team is not going to close a case simply because a lawyer for the foreign acquirer responds to an email from the non-notified team telling the non-notified team that it should just go away. Moreover, if parties are not cooperative, CFIUS can subpoena information, and in extreme cases, CFIUS can unilaterally initiate a review, meaning that the Committee can conduct a national security review of a non-notified transaction, and the President can block the transaction, without the participation of the foreign acquirer.
  4. Just because the non-notified team reaches out about a transaction, it does not automatically mean that it will request a filing. The non-notified team has the legal authority to request information if a non-notified transaction “may” fall within CFIUS's jurisdiction and raise national security considerations.3> It is not uncommon for the non‑notified team to reach out about a transaction and, after conducting further due diligence, confirm that the Committee does not have jurisdiction or that the transaction really does not present any national security risks.
  5. If you're engaging in a covered transaction that may have significant national security consequences, you should file because the Committee will find you anyway. If you are the foreign acquirer and it's likely that you'll have to go through the CFIUS process anyway, it's far better to go through that process before the transaction closes rather than after. If the Committee blocks the deal before it closes, the foreign acquirer can simply walk away. If the Committee blocks the deal after it closes, then the foreign acquirer will be required to sell its stake in the S. business on the open market in what will likely amount to a fire sale.
  6. When assessing whether a transaction will present a national security risk, don't focus solely on the threat side of the national security equation. Given the publicity about rising geopolitical tensions between the United States and China, it is reasonable for non-Chinese investors to believe that the non-notified team will never request a filing for one of their transactions because the Committee is focused primarily on China and other strategic competitors. But that's probably a mistake. If a U.S. business has critical technology, critical infrastructure, or sensitive personal data, then the Committee will almost certainly take a hard look at requesting a filing for that transaction, regardless of the home country of the foreign acquirer.


1 50 U.S.C. § 4565(b)(1)(H).

2 Id. § 4565(q)(2).

3 Id. § 800.501(b).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.