On November 18, 2024, Rimon attorneys James Min and Samuel Finkelstein attended the CFIUS annual conference in Washington, D.C., where officials from the CFIUS member agencies offered insights into the Committee's deliberations, suggestions for CFIUS practitioners, and perspectives on the Committee's direction after the Trump Administration assumes office in 2025.
I. Effective Engagement with CFIUS
CFIUS officials noted that the role of Limited Partners (LPs) in investment funds will continue to be a major focus in its transaction reviews. Generally, CFIUS wants to know who is involved with a fund, and what the fund will gain from the covered transaction. Reluctance to disclose the identities of LPs even if subject to an investors' confidentiality agreement will complicate transaction reviews and could result in longer processing times or outright rejection.
For shorter review timelines, CFIUS practitioners should provide pertinent information about LPs up front, including: (1) the total number of a fund's LPs; (2) LP background information; (3) the identities of any LPs who own 5% of more of a fund; and (4) additional information regarding LPs with ties to any countries of concern.
In addition to their identities, officials explained that CFIUS needs to understand the nature of the benefits that could be conferred to investors in a covered transaction, including through side letters. The Committee must assess whether investors could gain access to information that could be used to harm U.S. national security interests, or understanding of a critical emerging technology.
Also emphasized was the importance of technical details in responses to CFIUS. Practitioners should ensure that their responses offer sufficient technical detail to clarify exactly what technology will be made available in a covered transaction and its potential uses. This enables the Committee to consider all of the risks associated with the transaction.
II. Compliance & Enforcement Updates
CFIUS expanded its use of site visits as a means of assessing compliance with National Security Agreements (NSAs) in 2024, and found this to be an effective tool. Moving forward, site visits should be expected at a greater frequency than in the past. During site visits, company staffing levels must appear adequate to support NSA implementation and compliance.
Injunctive relief was also cited as an important tool for enforcing the Committee's mandate. CFIUS will continue looking to the courts in order to seek specific performance of NSAs in the future.
Officials stressed that monetary penalties are neither inevitable, nor the only tool at CFIUS's disposal when addressing violations. Violations that are effectively remediated may result in a Determination of Noncompliance Transmittal (DONT) Letter, issued in lieu of other penalties. This is more likely in the case of negligent violations (as opposed to willful), for entities with no history of violations, and where a violation is promptly disclosed and remediated. Violations that warrant monetary penalties were described as those that are not self-disclosed, if the discovery of a violation was mishandled, or where there is a failure to address the violation's underlying cause.
In disclosing potential violations, the Committee emphasized that speed is of the utmost importance. Rather than waiting until an internal investigation is completed, and instead of drafting the 'perfect' disclosure, the Committee prefers to be notified at the earliest discovery of a potential violation and be kept apprised of new developments as an investigation progresses.
III. Proximity & National Security Considerations
With the passage of the Foreign Investment Risk Review Modernization Act of 2018 (FIRMMA), Congress expanded CFIUS's jurisdiction over real estate transactions. On July 8, 2024, CFIUS issued a Notice of Proposed Rulemaking to further expand its reach over covered real estate. The rules located at 31 CFR Parts 800 and 802 are relevant to real estate transactions, with Part 802 focused exclusively on covered real estate.
Officials discussed how proximity fits into CFIUS's real estate transaction review process, which focuses on nearby military installations as well as critical non-military infrastructure, such as ports. The Committee considers whether a real estate transaction could pose a threat to such sites, the likelihood of that threat being realized, and what the consequences could be. This review contemplates the intent of the foreign acquirer, whether a foreign government has previously attempted to gather intelligence on nearby military installations or critical infrastructure, and whether the transaction could provide a capability gain to any governments or parties of concern.
With respect to the U.S. Department of Agriculture's (USDA) role in CFIUS reviews of covered real estate transactions, officials explained that USDA considers the commercial rationale for a transaction's proximity to sensitive bio-infrastructure, such as farmland, as well as its proximity to transportation networks (i.e., rail lines, etc.) that are used to move food or food products.
IV. Critical Technologies, Infrastructure, and Data (TID)
The 2024 Annual CFIUS Conference also included discussions on the Committee's work with so-called TID businesses. FIRMMA established mandatory CFIUS filing requirements for controlling and certain non-controlling investments in TID businesses. With the rapid scaling of Artificial Intelligence technology, TID businesses are a major focus for CFIUS.
Officials outlined CFIUS's reasoning in this area, and stated that some technologies such as biotech or power cells may fall outside the scope of TID but still present concerns to CFIUS. Similarly, novel uses of legacy technologies could result in CFIUS taking issue with a transaction, so practitioners should take care to consider new ways in which old technologies might be used.
For covered transactions involving data centers, officials from the Department of Energy (DOE) explained that DOE is focused on the source of energy that will be used to power the data center. Given recent developments in data center power supply—which have leaned towards developing power stations used exclusively for a given data center—CFIUS is increasingly concerned with the components and vendors used to develop data center power stations. This focus is particularly acute where the data center handles sensitive personal data, including health data, biometrics, genetic or genomic data, non-public electronic communications, geolocation data, and more.
Lastly, officials from the Bureau of Industry and Security (BIS) stated that commodity classifications (ECCNs) are reviewed in relation to covered transactions. This could result in ECCN modification, or the imposition of a BIS licensing requirement in parallel with a CFIUS mitigation action, not necessarily based on the export control regulations. Lastly, it was commented that if an item is considered EAR99, it could still pose national security concerns based on other factors beyond its export classification.
What was evident from the 2024 conference was that CFIUS will continue to be proactive in exercising its authority as well as continuing to issue additional guidance and regulations to further clarify and codify its authority. It was also clear that CFIUS will be increasingly focused on enforcement.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.