August 2, 2018

Five Ways CFIUS Reform Law Will Impact Foreign Investment in the United States

New legislation addressing foreign investment in the United States is expected to become law in the next several weeks. The Foreign Investment Risk Review Modernization Act (FIRRMA) promises important changes to the powers and processes by which the Committee on Foreign Investment in the United States (CFIUS) reviews foreign investment in U.S. businesses to protect against national security risks. Although the most significant changes will not be effective until the issuance of regulations (possibly not for 18 months), some changes are immediately effective.

Here are the most important ways in which FIRRMA could affect a transaction involving foreign investment in a U.S. business:

1. There is no safe level of foreign investment in U.S. “critical technology” and “critical infrastructure” companies, even absent “control.”

Prior to FIRRMA, CFIUS enjoyed jurisdiction only to review transactions that would result in a foreign person exercising “control” over a U.S. business (the “control test”). Although the threshold for the control test was quite low, passive investments resulting in the foreign person holding 10% or less of the voting interests in the U.S. business were generally free from CFIUS review.

That so-called safe harbor is about to shrink further, as FIRRMA calls for regulations empowering CFIUS to review certain other, non-control investments (the “other investment” test). CFIUS will have jurisdiction to review, under the “other investment” test, a foreign person’s -

  • investment in an unaffiliated U.S. “critical technology” or “critical infrastructure” company;
  • investment in an unaffiliated U.S. business that maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security; and
  • purchase or lease of, or concession offered in respect to, private or public real estate in the United States that functions as a land, air or sea port, or is in “close proximity” to a sensitive U.S. military or other government facility, or would allow intelligence collection or expose national security activities at such facility;

unless, in each case, the foreign person:

  • has no access to nonpublic technical information about the U.S. business, other than financial information about the company’s performance;
  • appoints no board seat or even a board observer in the U.S. business; and
  • has no involvement, other than voting of its shares, in substantive decision-making in the U.S. business relating to use, access, release, etc., of “critical technology” or of sensitive personal data of U.S. persons, or the management, operation, etc., of “critical infrastructure.”

In a nod to the investment fund industry, the indirect investment by a foreign person in a U.S. business, as a limited partner in an investment fund, will not be subject to the “other investment” jurisdictional test, if:

  • the fund is managed exclusively by a general partner;
  • the general partner is not a foreign person; and
  • any advisory board or similar body on which the foreign person sits cannot control the fund or its investment decisions, nor control the general partner (including via decisions about compensation), and does not have access to material non-public technical information.

FIRRMA also authorizes CFIUS to prescribe regulations that would limit the applicability of the “other investment” test to “certain categories of foreign persons,” which may invite the creation of a list of friendly countries—e.g., NATO and non-NATO allies of the United States—to which the new “other investment” test would not apply.

The full effect of FIRRMA’s jurisdictional expansion through the “other investment” test will be unclear until regulations define important terms discussed above and elsewhere in FIRRMA.

2. For the first time, some foreign investments in U.S. businesses will be subject to a mandatory CFIUS notification requirement.

Under current law, parties to a CFIUS “covered transaction” are not required to file a notice with CFIUS and so violate no law in electing not to do so—subject, of course, to the threat that CFIUS could later investigate the transaction, even long after the deal has closed, and impose terms of mitigation or even order a divestiture of the foreign person’s interest.

FIRRMA calls for regulations that would impose a mandatory notice requirement for certain transactions that would result in a foreign person’s “substantial interest” in a U.S. “critical technology” or “critical infrastructure” company, as well as a U.S. company that handles sensitive personal data of U.S. persons, if a foreign government holds a “substantial interest” in the foreign person. Although the term “substantial interest” must be defined in regulations, FIRRMA specifies that a voting interest under 10 percent would not qualify, nor would an investment that is not captured by the “other investment” test described above.

Failure to file the declaration for qualifying investments would be subject to a penalty.

These new requirements are designed to ensure that CFIUS can monitor and target investments from China, and particularly those in which the PRC government plays a role—indeed, FIRRMA’s passage has been motivated by a trend of smaller Chinese investments in the U.S. technology sector, as has been widely reported in media coverage of the trade war between the United States and China. FIRRMA imposes reporting requirements that track Chinese investment in the United States, including as it relates to the PRC government’s Made in China 2025 plan.

Investments from friendly countries could be exempted from this mandatory notice requirement per CFIUS rule-making. This does not mean that investors from such friendly countries need not consider CFIUS implications of their investments, but that they will not be subject to monetary penalties for failure to notify CFIUS.

Investments made through investment funds, provided they meet the terms set forth in Part 1 above, would be exempt from the new mandatory filing requirement.

3. National security is an evolving, expanding concept touching new industry sectors.

By revisiting the existing terms “critical technology” and “critical infrastructure” and instructing CFIUS to refine them through rule-making, FIRRMA makes explicit what CFIUS practitioners have witnessed for years:  that the concept of national security is evolving, expanding, and often merging with more properly commercial sectors.

While “critical technology” in CFIUS lexicon already includes technologies subject to U.S. export control laws, FIRRMA introduces the concept of “emerging and foundational technologies”—i.e., newer technologies that the export control laws have been slow to recognize and so to regulate, but which the Commerce Department is now explicitly instructed to identify and address. The expanded concept will attempt to counter Chinese aspirations (exemplified in the PRC government’s Made in China 2025 plan) in sectors where the United States is competing for dominance, such as semiconductors, artificial intelligence, robotics, cybersecurity, advanced materials,  telecommunications, and biomedicine. These technologies could also be separately regulated through new authorities granted to the Commerce Department.

Technology companies in Silicon Valley and elsewhere will watch closely to see whether CFIUS will continue to rely on mitigation instruments to allow investments in these sectors by Chinese and other non-NATO, non-U.S. allied investors, or will instead raise a bar to such investments.

As reflected in the “other investment” test discussed above, FIRRMA also makes explicit the increasing concern of  CFIUS over foreign person and foreign government access to “personally identifiable information, genetic information, or other sensitive data of U.S. citizens”—a trend seen most prominently in proposed, attempted, and aborted Chinese investments in U.S. financial, insurance, medical, and other sectors that have drawn the attention of CFIUS in recent years.

Even bankruptcy gets a mention in FIRRMA, which clarifies that CFIUS jurisdiction extends to foreign person acquisitions effectuated in that context.

4. FIRRMA creates a new, short-form “declaration” notice filing.

As an option for parties to transactions where CFIUS jurisdiction and/or potential national security concerns may be ambiguous, and for certain mandatory filing requirements discussed in Part 2 above, FIRRMA creates a new, short-form option called a “declaration.” Parties will be able to notify CFIUS of a transaction by providing basic information short of what is required in a full-blown notice (nominally, in five pages or less).

Within 30 days of receiving a declaration, CFIUS must take one of four actions:  request the filing of a full notice; advise that CFIUS cannot complete action and leave to the parties’ discretion whether to file a notice; initiate a unilateral review of the transaction; or advise the parties that they may proceed with the investment.

It is uncertain how many will opt for this short-form option, in what circumstances, and for how many transactions CFIUS will be satisfied with this abbreviated review. The option threatens to prolong the process if CFIUS defaults excessively to request a full formal notice.

5. FIRRMA brings new review timelines and a filing fee.

With immediate effect, FIRRMA lengthens the initial CFIUS review period from 30 days to 45 days, maintains the current 45-day investigation period, and authorizes CFIUS to invoke a single, 15-day review extension for “extraordinary circumstances.” For particularly complex cases, these changes may actually result in shorter overall review times if they curtail the practice by which parties to a complex CFIUS review withdraw and refile their notice in advance of impending statutory deadlines to create more time for negotiations.

A significant improvement leading to greater predictability is FIRRMA’s requirement that where parties stipulate that their transaction is subject to CFIUS jurisdiction, CFIUS must provide comments on a draft notice (or accept it) within 10 business days. Unless CFIUS attempts to control its caseload by delaying formal acceptance of a completed notice—a practice now commonplace but perhaps no longer justified given new filing fees designed to provide additional human resources for CFIUS casework—these changes will be welcomed by parties wishing for a more predictable time period.

FIRRMA also authorizes CFIUS to impose a filing fee not to exceed the lesser of 1% of the transaction value, or $300,000.

* * * * *

As is evident from the liberal use above of quoted terms that remain partially or entirely undefined, most of the substantive changes that FIRRMA brings will not be effective until the drafting and implementation of new regulations. These are expected within 18 months.

We will continue to monitor these landmark changes in how the United States seeks to balance an open, dynamic investment environment with evolving threats to the national security.