September 27, 2013

CFIUS Invokes National Security in Ordering Indian Company to Divest Equity in U.S. Company

The Committee on Foreign Investment in the United States reviews in-bound foreign investments for national security concerns. Increasingly, CFIUS is reviewing closed transactions, applying an expanding concept of the “national security,” and conducting reviews of longer duration and broader scope. Given CFIUS’s powers to modify or divest investments that threaten the national security, the risks to investors and their U.S. targets who are unaware of CFIUS have never been greater.

Before investing in the United States, foreign companies and their U.S. targets should consider the role of the Committee on Foreign Investment in the United States (“CFIUS”), a federal interagency committee empowered to review foreign investments in United States companies for national security concerns.

If a proposed transaction presents national security concerns, CFIUS has the power to require the parties to mitigate those concerns, or, if they cannot be mitigated, to block the transaction.  And if a transaction has not been submitted for pre-closing review, CFIUS can revisit closed transactions and order post-closing mitigation measures, including divestiture.

CFIUS’s broad authority came into focus again last week, when Polaris Financial Technology Ltd., headquartered in Chennai, India, announced that CFIUS had ordered it to divest its 85.3 percent ownership stake in U.S. company IdenTrust Inc., which provides digital identification authentication services, including to banks for electronic account management systems and to U.S. government agencies for secure cloud computing. 

The Polaris misadventure is one of several in recent years in which parties elected to close a transaction without CFIUS review, only later to find CFIUS taking action.  For parties to cross-border transactions, what should you know about the recent CFIUS activism? 

1.         The risks of closing a transaction without review by CFIUS have never been more substantial. 

To be sure, the CFIUS process is “voluntary” in that no law is broken by parties who do not notify CFIUS of their transaction.  But CFIUS scans the press, reports filed with the Securities and Exchange Commission, and other sources to identify transactions that were not voluntarily submitted for CFIUS review.  As Polaris discovered, CFIUS increasingly initiates post-closing reviews, impacting those transactions and the reputations of the parties involved.

For instance, in 2011, Huawei Technologies of China was made to divest the assets of U.S.-based 3Leaf Systems, a cloud computing technology company.  Huawei had apparently believed the small $2 million acquisition was free from CFIUS’s jurisdiction as it involved only assets, but the inclusion of less than one-third of 3Leaf’s employees reportedly led CFIUS to conclude that it had jurisdiction. This was not Huawei’s first brush with CFIUS, having previously been blocked from investing in 3Com, 2Wire and Motorola.

CFIUS, concerned about possible espionage, has also ordered divestitures of Chinese investments in wind farm and mining projects proximate to U.S. military installations — i.e., nothing about the nature of the U.S. business itself indicated a national security concern, yet CFIUS blocked the transactions.  Does this mean that if a French private equity firm acquired a U.S. popsicle stick manufacturer with a plant proximate to a undisclosed U.S. intelligence facility, about which both parties were unaware, CFIUS could order divestiture?  In theory, yes. 

When parties who skirt the process are later “invited” by CFIUS to engage, suspicion about their motives may prove impossible to dispel.  What is clear is that parties to a transaction remotely within the scope of CFIUS’s jurisdiction forego CFIUS’s voluntary review process at considerable risk to their investment objectives and reputation.  For some companies, like Huawei, the costs of error seem incalculable.    

2.         The nature of national security is evolving and CFIUS will reach to assert jurisdiction in even questionable cases.

Polaris’s acquisition of IdenTrust presented features that called for CFIUS review, given the nature of the service (cybersecurity), the industry sectors (financial services, U.S. government agencies), and the United States’ complicated relationship with India.  But in other matters, “national security” — a term loosely tethered by equally vexing concepts such as “critical infrastructure” — is an expanding universe whose outer limits are hard to perceive.  Consider the acquisition of Smithfield Foods by the Chinese Shuanghui International Holdings Limited, a CFIUS-reviewed transaction that left many scratching their heads about what national security concerns are presented by a pork producer.

The importance of other endeavors to the national security will evolve, including clean technologies that gain importance for the nation’s energy requirements; new payment systems that alter the financial system; biomedical advances that disclose new vulnerabilities; social media technologies that change how we interact; “Big Data” that opens new windows on who we are; and all manner of other technologies that were inconceivable a short generation ago.  The relationship of each to the national security will present difficult questions. 

Where CFIUS does perceive a national security concern, it will assert jurisdiction aggressively.  Because the parties to a transaction can offer little resistance when CFIUS takes an interest, only those transactions falling well outside the scope of what is a “covered transaction” under the CFIUS regulations will be safe from review. 

3.         CFIUS reviews are taking longer to complete, with repercussions that spread beyond CFIUS’s mandate.

CFIUS has unfortunately done little to make the review process more inviting or expeditious for parties who submit to it.  A CFIUS review is subject to an initial 30-day review period, after which CFIUS can initiate a second “investigation” phase of up to 45 additional days. 

In 2007, when roughly 4 percent of filed cases were the subject of an investigation, it was safe for parties to plan around the likelihood that CFIUS would clear their transactions within 30 days.  Yet in 2011, the most recent year for which figures are available, roughly 36 percent of filed cases — over one in three — were sent to the investigation phase.  The resulting delays can frustrate the acquirer’s desire to close a transaction quickly.  For example, CFIUS’s investigation in 2012 of SAP’s proposed acquisition of the cloud-based human capital management firm SuccessFactors required SAP to extend its tender offer deadline. 

Parties can also expect intrusive questions during a CFIUS review, including some suggesting that CFIUS’s constituent agencies are advancing their independent regulatory objectives.  Not infrequently, information learned by CFIUS within the review process leads to further questions from its member agencies, including outside the CFIUS review and even after its conclusion.  Careful preparation in advance of a CFIUS filing can moderate these risks.

* * * * * *

We are available to answer your questions about the CFIUS voluntary filing process and whether it may be advisable in your transaction.  If you would like additional information about the issues addressed in this Client Alert, please contact Rich Matheny, who chairs Goodwin Procter’s National Security & Foreign Trade Regulation Practice, or the Goodwin Procter attorney with whom you typically consult.