We receive many questions from founders, investors and others about CFIUS, the Committee on Foreign Investment in the United States. This is not surprising given the amount of recent media and news coverage around foreign investment in U.S. businesses, various trade embargoes and sanctions, as well as changes to the CFIUS law that significantly expanded the scope of transactions subject to CFIUS review. In this article, we provide a high-level overview of CFIUS as reformed by recent legislation. A cautionary note—the regulations relating to CFIUS are highly complex and continually evolving as further regulations are contemplated under federal law. This article is only intended to provide a high-level overview of the current regulatory framework. The advice and guidance of legal professionals is essential to successfully navigating the CFIUS review process.
CFIUS stands for the Committee on Foreign Investment in the United States, and it refers to an inter-agency governmental committee tasked with reviewing certain acquisition and investment transactions involving non-U.S. parties in the interest of protecting U.S. national security.
Certain transactions in which your company engages that involve a foreign investor may fall within the jurisdiction of CFIUS, and if so, your transaction could be blocked or significantly delayed if CFIUS believes that your transaction raises national security concerns. In certain cases, CFIUS can even unwind a transaction after it has closed.
CFIUS only has jurisdiction over “covered transactions,” which generally fall into one of the following categories:
Thus, any change of control transaction in which a foreign investor acquires control of a U.S. business is potentially subject to review by CFIUS. In addition, a non-controlling active investment transaction with a foreign investor may also implicate CFIUS if the U.S. company is engaged in a business that is sensitive from a U.S. national security perspective.
Maybe. In order to assess whether a mandatory CFIUS filing is required, first, you must determine if your company is involved in critical infrastructure, critical technologies or maintenance of sensitive personal data. “Critical infrastructure” refers to systems and assets (including virtual assets) that are so vital to the U.S. that their incapacity or destruction would have a debilitating impact on national security. “Critical technologies” include technologies controlled for certain reasons under the U.S. export control regulations (including certain types of encryption technologies), technologies related to nuclear equipment, certain toxins and weapons as well as "emerging and foundational technologies" that are essential to national security. “Sensitive personal data” refers to certain types of personal information of U.S. citizens, including certain types of financial and health-related data.
Second, you must determine whether your business operates in, or designs its products specifically for use in, one or more of 27 identified sensitive industries. Among these industries, 25 relate to manufacturing, and the remaining two concern biotechnology and nanotechnology research and development.
Third, if you believe that your company satisfies the first two criteria, you must examine the voting interest and special access or rights that the investor will obtain in connection with its investment in your company. A transaction that results in a foreign person with a substantial foreign government ownership stake obtaining a high voting interest (25% or more) in the company, or that affords a foreign investor, director or observer rights or other involvement in the substantive decision-making of the company, could trigger a mandatory CFIUS filing; however, access solely to financial information regarding the performance of the company does not meet the relevant threshold.
If your business does not meet the first two criteria, but (a) your products or technology have specific military applications, or (b) you do significant work for the U.S. federal government, it may make sense to consider making a voluntary CFIUS filing to obtain the safe harbor described below.
An indirect non-controlling investment by a foreign person or entity in a U.S. business through an investment fund that affords the foreign person membership as a limited partner or equivalent on an advisory board or a committee of the fund is generally not subject to CFIUS review so long as: (i) the fund is exclusively managed by U.S. persons, and (ii) the foreign investor does not have any control or special access rights with respect to the fund, its managers, its portfolio companies or its investment decisions.
First, if your transaction fits any of the criteria mentioned in this article you should seek professional guidance on such matters, typically from a law firm. If your transaction is subject to CFIUS review but not likely to raise material national security concerns, the parties may jointly file a “declaration” prior to closing the transaction. This short form notice contains certain information about the transaction, including a description of the transaction, the parties involved and additional background regarding their respective business activities. CFIUS then has a 30-day initial review period, after which CFIUS will make a decision on the transaction. The ideal outcome for the parties is a no action (“safe harbor”) decision where CFIUS declines to intervene, but CFIUS has several options in terms of courses of action, including requiring the parties to submit additional information, and/or conditioning its approval of the transaction on the parties taking certain actions to mitigate the national security risk. In certain cases, CFIUS may even suspend or block the transaction entirely.
For the reasons outlined in this article, it is highly recommended that you discuss your approach to CFIUS review with legal counsel early and often in the transaction process. Fenwick's legal team addresses these issues for clients on a daily basis, so if you have questions, please contact us at your convenience.