On November 8, 2017, a bipartisan bill was proposed in the Senate to “modernize and strengthen the process by which the Committee on Foreign Investment in the United State (CFIUS) reviews acquisitions, mergers and other foreign investments in the United States for national security risks.”1 Co-sponsored by Senators John Cornyn (R-TX), Dianne Feinstein (D-CA) and Richard Burr (R-NC), the Foreign Investment Risk Review Modernization Act (FIRRMA) is intended to “provide CFIUS with updated tools to address present and future security needs . . . [and] strengthen CFIUS by expanding its jurisdiction and moderniz[ing] its processes.”2 The legislative proposal follows a Senate hearing held in September before the Banking, Housing and Urban Affairs Committee, which sought to examine the CFIUS process and scope.
FIRRMA has been proposed as a means to address the “gaps in the current process [that] have allowed foreign adversaries to weaponize their investment in U.S. companies and transfer sensitive dual-use U.S. technologies, many of which have potential military applications.”3 FIRRMA comes at a time when there has been growing concern amongst Congress, the intelligence community, as well as the Trump administration, that the CFIUS process is outdated and in need of reform. Similar to Senator Cornyn’s concern, Secretary of Defense Jim Mattis has called the CFIUS process “outdated and overburdened”.4 The reform proposed by FIRRMA would serve to significantly alter the CFIUS process in a number of meaningful ways.
Background
CFIUS is an interagency organization that reviews inbound foreign investments for national security concerns, and advises the President on appropriate actions that may be necessary to suspend or prohibit foreign acquisitions, mergers, or takeovers which threaten to impair the national security of the United States. CFIUS has the authority to review all “covered transactions” for potential national security concerns. “Covered transaction” is a term of art defined by statute, and applies to any transaction that will result in “foreign control” of a U.S. business. A transaction will be found to result in foreign control of a U.S. business if the transaction will result in a foreign person or business having “power, direct or indirect, through the ownership of a majority or a dominant minority of the total outstanding voting interest in an entity, board representation, proxy voting, a special share, contractual arrangements, formal or informal arrangements to act in concert, or other means, to determine, direct, or decide important matters affecting an entity . . .”5 Under the current statutory construction governing CFIUS, a foreign person does not control an entity if it holds 10% or less of the voting interest in the entity and it holds that interest solely for the purpose of a passive investment.6 While the statute covering CFIUS does not define what constitutes a “national security concern,” it does include a list of factors that would contribute to a finding that a covered transaction has national security implications. These factors include, but are not limited to, whether the transaction will affect: national defense requirements; U.S. technological leadership in areas affecting national security; or U.S. critical technologies and infrastructure.
Under the current CFIUS process, parties to a covered transaction make a voluntary filing to begin CFIUS review of the transaction. CFIUS may also compel filings if it is determined that the transaction may pose a risk to national security. Following the filing of the initial notice, CFIUS will conduct an initial 30-day review, followed by an additional 45-day investigation period if it is determined that such an investigation is warranted. After the 45-day investigation, CFIUS may refer the transaction for a 15-day presidential review. The President makes the ultimate determination of whether to suspend or prohibit the transaction from proceeding. Even if CFIUS does not refer the transaction for presidential review, if it is determined that the transaction presents national security risks, CFIUS may impose mitigation measures as a condition of clearance.
FIRRMA Modifications to the CFIUS Process
If passed, FIRRMA will expand the scope of transactions that CFIUS has the authority to review, as well as alter the nature of the review process itself.
Expanding CFIUS’s Jurisdiction
FIRRMA would expand the definition of “covered transactions” to include a broader range of transactions that would be subject to CFIUS jurisdiction. Under FIRRMA, “covered transactions” would include:
- Non-passive, minority-position investments by a foreign person in a critical technology or infrastructure company. Even if such an investment does not result in foreign control of the U.S. business, under FIRRMA, it will still be considered a covered transaction and subject to CFIUS review.
- Joint ventures involving technology transfers to a foreign entity. Under FIRRMA, an IP licensing arrangement that includes “associated support” (e.g. technical cooperation or training) will be a covered transaction, even if it does not result in foreign control of a U.S. business. This jurisdiction would seemingly create a parallel requirement for U.S. government approval when the IP involved is subject to export control requirements, which already require prior U.S. government approval in many cases.
- Real estate investments near military or other national security facilities. Covered transactions under FIRRMA would include foreign investments in real estate even if it does not host an existing U.S. business.
In addition, FIRRMA narrows the understanding of what constitutes a “passive investment” for the purpose of CFIUS review. Under FIRRMA, an investment will no longer be considered “passive” if: the foreign investor has access to the U.S. business’s nonpublic technical information (or non-technical information that is not available to all investors); the foreign investor has decision-making rights with respect to the U.S. company’s board of directors or any matters involving the business; or the foreign investor and the U.S. business have a parallel strategic partnership or other material financial relationship.
FIRRMA would also expand the definition of “critical technology” to include “[o]ther emerging technologies that could be essential for maintaining or increasing the technological advantage of the United States over countries of special concern with respect to national defense, intelligence, or other areas of national security, or gaining such an advantage over such countries in areas where such an advantage may not currently exist.”7
Revised Filing Requirements and CFIUS Review Timelines
FIRRMA creates a new process for voluntary filings with CFIUS. Under the proposed legislation, parties may submit a “light filing,” limited to five pages in length, in lieu of a voluntary notice. The declaration is designed to provide CFIUS with basic information about the transaction, and must be filed at least 45 days prior to the completion of the transaction. Under FIRRMA, declarations would be mandatory for covered transactions involving the acquisition of a 25% or greater voting interest in a U.S. business by a foreign person or foreign government. CFIUS may also require mandatory declarations for transactions based on: the technology, industry, economic sector or subsector involved; the difficulty of remedying the harm to national security that may result from the transaction being completed; and the difficulty of obtaining information about the transaction from other sources. Parties retain the option to file a voluntary notice in lieu of a mandatory declaration (however, voluntary notices must be filed no later than 90 days before the completion of the transaction). If it is determined that parties are mandated to file a declaration and fail to do so, penalties will be incurred. FIRRMA also imposes a filing fee for all covered transactions, which would be either $300,000 or one percent of the value of the transaction – whichever is less.
While FIRRMA notes that CFIUS shall “endeavor” to take action within 30 days after receipt of a declaration, this time restraint is not mandatory. CFIUS also may require a full notice to be filed if it is deemed that the declaration is not sufficient for the purpose of their review.
Disparate CFIUS review of covered transactions based on the country of origin of the transacting party
FIRRMA makes clear that the country of origin of parties to covered transactions will be considered when determining the rigor of the CFIUS review such transactions undergo. Transactions involving parties from certain countries may be exempted from CFIUS review if the country has a mutual defense treaty in place with the United States, a mutual arrangement to safeguard national security with respect to foreign investment, or a parallel process to review the national security implications of foreign investment.
By contrast, transactions that involve parties from certain countries will face heightened CFIUS scrutiny if it is determined that the country poses “a significant threat to the national security interests of the United States.” A list of such countries is not required to be published in the legislation, but would presumably include China and Russia, among other countries.
Enhanced list of factors to determine national security implications of a covered transaction
FIRRMA adds to the list of factors—enumerated in the current CFIUS legislation—used by CFIUS to determine whether a covered transaction could present national security implications. These nine additional factors include:
- The degree to which the covered transaction is likely to increase the cost to the U.S. government of acquiring or maintaining the equipment and systems necessary for defense, intelligence, or other national security functions;
- The potential national security-related effects of the cumulative market share of any one type of infrastructure, energy asset, critical material, or critical technology by foreign persons;
- Whether any foreign person that would acquire an interest in a United States business or its assets has a history of: (1) complying with United States laws and regulations, including laws and regulations related to exports, the protection of intellectual property and immigration; and (2) adhering to contracts or other agreements with entities of the United States Government.
- The extent to which the covered transaction is likely to expose personally identifiable information or other sensitive data about U.S. citizens to access by a foreign government or person that may exploit that information in a manner that threatens national security;
- Whether the covered transaction is likely to have the effect of creating any new cybersecurity vulnerabilities in the United States or exacerbating existing cybersecurity vulnerabilities;
- Whether the covered transaction will provide a foreign government with the new capability to engage in malicious cyber-enabled activities against the United States (including activities designed to affect the outcome of elections for Federal office);
- Whether the covered transaction involves a country of special concern that has demonstrated or declared a strategic goal of acquiring a type of critical technology that the United States business party to the transaction possesses;
- Whether the covered transaction is likely to facilitate criminal or fraudulent activity affecting the national security of the United States; and
- Whether the covered transaction is likely to expose any information regarding sensitive national security matters or procedures, or operations of a Federal law enforcement agency with national security responsibilities, to a foreign person not authorized to receive that information.
This enhanced list would codify factors that CFIUS has been routinely using in practice in its review of transactions under current law.
Mitigation Measures
FIRRMA provides specific measures related to transacting parties’ compliance or noncompliance with mitigation agreements with CFIUS. The proposed legislation empowers CFIUS to create and monitor compliance plans to ensure that parties to the transaction at issue comply with mitigation agreements. It also allows CFIUS to hire third parties to conduct compliance monitoring. Under FIRRMA, consequences for non-compliance with a mitigation agreement include: (1) negotiating a plan of action to remediate the noncompliance; (2) CFIUS requiring the parties to submit for review any new covered transactions for five years; and (3) CFIUS seeking injunctive relief to enforce and enjoin violations of mitigation agreements before any U.S. District Court. If enacted, it will be interesting to see how this authority fits alongside the (in many cases) likely overlapping authority of other government agencies, including, for example, the Directorate of Defense Trade Controls, Defense Security Service, and Bureau of Industry and Security.
Appeals Process
FIRRMA provides that CFIUS determinations and actions are generally not subject to judicial review. However, parties are authorized to file a petition alleging that an action taken by CFIUS violates a constitutional right, power, privilege, or immunity. This petition: (1) may only be filed in those instances where the parties filed a voluntary notice with CFIUS of the transaction; and (2) must be filed within 60 days following action by the President or CFIUS. The U.S. Court of Appeals for the District of Columbia has the exclusive jurisdiction to hear the petition, and would either affirm the action or remand the case to CFIUS for further consideration.
Conclusion
Given the bipartisan support for CFIUS reform within and outside of Congress, it is more likely than not that some iteration of FIRRMA will be passed into law, representing the broadest change to the CFIUS process in many years. FIRRMA indicates that Congress clearly sees a need to expand CFIUS’s jurisdiction to enable the review of a broader array of transactions for potential national security concerns. However, by providing parties with the option to file a more limited declaration in lieu of an intensive voluntary written notice, Congress also appears aware of the importance of streamlining the CFIUS process so as to not unnecessarily impede the execution of transactions that do not pose a risk to national security. It is likely that this balance—between ensuring that foreign transactions do not threaten national security while not making it unreasonably burdensome for foreign investors and U.S. companies to capitalize on business opportunities—will be high in the minds of U.S. legislators as they work to pass CFIUS reform in the weeks to come.
- Press Release, New Bill Strengthens Review Process of Foreign Investments to Protect National Security, November 8, 2017, available at feinstein.senate.gov.
- Press Release, Cornyn, Feinstein, Burr Introduce Bill to Strengthen the CFIUS Review Process, Safeguard National Security, November 08, 2017, available at cornyn.senate.gov.
- Id.
- Hearing to Receive Testimony on the Dep’t. of Def. Budget Posture in Review of the Def. Auth. Req. for FY 2018 and the Future Years Def. Program Before the Comm. on Armed Services, 115th Congress (June 13, 2017).
- 31 CFR § 800.204(a) (emphasis added).
- 31 CFR § 800.302(b) (emphasis added).
- Foreign Investment Review Modernization Act of 2017, Sec. 3 §(a)(8)(B)(vi).
Client Alert 2017-287