On August 13, 2018, President Trump signed into law the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA)1 as part of the John S. McCain National Defense Authorization Act for Fiscal Year 2019, marking the first major overhaul of the procedures for foreign investment reviews by the Committee on Foreign Investment in the United States (CFIUS) in more than a decade. FIRRMA amends Section 721 of the Defense Production Act of 1950, the current CFIUS implementing statute. At the time of signature, the Treasury Department (which serves as the lead agency for most CFIUS reviews) also published a brief FAQ regarding the newly enacted legislation.2

FIRRMA expands the scope of CFIUS' review authority to encompass a wider range of investments by foreign persons. Specifically, certain transactions will now be subject to CFIUS review that do not involve a foreign person gaining control of a US business; the procedure for filing notices with CFIUS will be modified; and certain types of transactions will require mandatory notice filings. Most of the changes under FIRRMA will require implementation by regulations, but several provisions will take immediate effect. Foreign companies that invest in the US, as well as US companies that may receive such inbound investment, should understand both the immediate and upcoming impacts of FIRRMA in order to effectively manage their foreign investment–related risk.

Key takeaways from FIRRMA and the FAQ include:

  • With immediate effect, the CFIUS process will likely take longer given the extension of the initial review period from 30 to 45 days.
  • Parties should take note of the national security considerations in FIRRMA. While these are not mandatory for CFIUS to adopt, they do reflect factors CFIUS has been considering for some time (including the concept of "countries of special concern"), and participants in the process should avail themselves of this guidance.
  • Parties should recognize and plan for the eventuality that certain transactions currently outside the scope of CFIUS' review may, when regulations are promulgated, be in scope. Examples include certain greenfield investments as well as acquisition of certain rights that may not have previously been considered covered under the definition of "control" by a foreign person.
  • Other transactions, such as acquisitions in bankruptcy of US businesses by foreign persons, are currently within the scope of CFIUS' review, but FIRRMA indicates increased focus on such transactions going forward.
  • US inbound investment targets must continue to be aware of how their products and services are classified under applicable export control regimes. The new authority under the Export Control Reform Act of 2018 (ECRA) to monitor and control emerging technologies, and CFIUS' mandate to consider emerging technologies as part of its review process, will add both challenges and risks regarding export classification.
  • Most of the changes under FIRRMA will be implemented after a notice and comment period. Affected persons will have an opportunity to weigh in on, and potentially affect, the way in which the new law is implemented.

Overview of CFIUS process

CFIUS is an inter-agency committee that reviews the national security implications of foreign investment in the United States. Chaired by the Treasury Department, CFIUS comprises representatives of more than a dozen US departments and agencies, including the Departments of Commerce, Defense, Homeland Security, Justice and State. CFIUS has jurisdiction to review "covered transactions"—generally defined under existing regulations to include acquisitions of a US business that could enable a foreign entity to gain "control" of that business and that could have national security implications or impacts on critical US infrastructure. CFIUS has the authority to approve contemplated transactions, allow transactions to proceed subject to mitigation of national security risks, or recommend that the president block the transaction.

When completed prior to the closing of a transaction, a CFIUS review results in a safe harbor from post-closing unilateral CFIUS investigations that could result in retroactive mitigation measures or require divestiture or "unwinding" the transaction. Under current practice, parties to a covered transaction can voluntarily submit a written notice describing in detail the contemplated transaction to begin the review process. CFIUS then has a statutorily mandated 45-day period (recently extended by FIRRMA from 30 days for notifications accepted after August 13, 2018) in which to engage with the parties and examine the transaction. In the event that CFIUS is not able to resolve national security concerns within the review period, it will open an "investigation" of the transaction, which must be completed within an additional 45 days. It has been increasingly common for CFIUS to request that parties withdraw and refile their notices in order to create additional time for CFIUS to review transactions.

If CFIUS is able to resolve national security concerns during the review or investigation process, it will conclude its review and allow the transaction to proceed. If not, CFIUS will refer the case for decision by the president, who has the authority to suspend or prohibit the transaction from occurring. CFIUS can also unilaterally initiate an investigation in circumstances where national security concerns are present, regardless of whether the parties have filed a notice.

According to a 2017 report, 770 notices submitted between 2009 and 2015 were considered to involve "covered transactions."3 Of these notices, three percent were withdrawn during the review stage, seven percent were withdrawn during the investigation and 40 percent resulted in an investigation. CFIUS reported that 42 percent of these notices were in the manufacturing sector and 32 percent were in the finance, information and services sector. From 2013 through 2015, Chinese companies submitted the most notices (74), outpacing Canada (49), the United Kingdom (47) and Japan (40).

In recent years, there have been several instances in which the president has blocked a proposed acquisition. In 2016, President Obama blocked Fujian Grand Chip Investment Fund from acquiring Aixtron, a Germany-based semiconductor firm with US assets. More recently, President Trump blocked Canyon Bridge Capital Partners, a Chinese investment firm, from acquiring Lattice Semiconductor Corp, and blocked Broadcom's attempt to take over US chipmaker Qualcomm.

Summary of key changes as a result of FIRRMA

FIRRMA expands the definition of "covered transactions" to afford CFIUS broader authority in conducting reviews and opening investigations. This change, along with procedural modifications that will both streamline the review process and mandate pre-closing review for certain transactions, are likely to have the greatest practical impact on the CFIUS process and participants. Many of FIRRMA's other changes formalize certain aspects of existing CFIUS practice, while others incorporate substantive considerations that have long been part of the "national security" assessment of CFIUS reviews. FIRRMA also will extend the duration of CFIUS reviews and investigations and will allow for the assessment of filing fees. We provide an overview below of the most significant changes implemented by FIRRMA.

Expanded CFIUS jurisdiction and definition of "covered transaction"

FIRRMA amends the definition of a "covered transaction" to expand the scope of CFIUS' jurisdiction. Certain of these changes are unlikely to change standing CFIUS practice. Others are meant to address shifts in the nature of foreign investments and current national security concerns, and are likely to sweep a larger number of foreign investments within the potential review jurisdiction of CFIUS. FIRRMA also directs CFIUS to prescribe regulations that will further define "foreign person" in connection with certain transactions that will, also under new regulations, be considered "covered transactions."

Among those changes that largely formalize existing practice, covered transactions now expressly include real estate transactions involving air or maritime ports and other properties in close proximity to sensitive US government facilities or that otherwise present intelligence-gathering and surveillance risks.4 Such transactions have been part of CFIUS' purview at least since the Ralls case,5 in which President Obama blocked construction of a wind power farm by a Chinese investment partnership because of its proximity to restricted airspace close to a naval training facility. Although the investment partnership successfully challenged certain aspects of CFIUS' handling of the case on due process grounds,6 the courts did not reach the merits of the government's position, and Ralls ultimately agreed to abandon the project. It has become common for parties contemplating foreign investment transactions to consider physical proximity considerations, such as those at issue in Ralls, when determining whether a CFIUS filing is appropriate.

The new "real estate" subset of covered transactions could also expand CFIUS jurisdiction to include transactions that would otherwise be considered a greenfield investment and hence historically not subject to CFIUS review.7 All that is necessary under the statute for a real estate transaction to be "covered" is a purchase or lease of real estate (other than single-housing units and real estate in urbanized areas) that presents national security concerns due to proximity to sensitive installations.8 The plain language of this provision could include empty land, and not solely functioning or mothballed businesses, such as would presently be within the scope of CFIUS' review authority.

Another potentially consequential change is the expansion of covered transactions to include "other investments" involving critical infrastructure, critical technologies, or sensitive personal data of US citizens that could be exploited in a way that threatens national security.9 Because of this change, certain transactions that may not afford a foreign person "control" in the way that term historically has been defined, but do involve a business in the identified areas of concern, could become subject to CFIUS review. For such "other investments" to be within the new definition, they must allow the foreign person access to material nonpublic technical information; a position on the board of directors or an equivalent governing body (or the power to appoint such a person); or other substantive decision-making rights relating to aspects of critical infrastructure, critical technologies, or sensitive personal data of US citizens.10 This threshold is lower than the current (already not particularly high) definition of control as having the ability to direct certain important matters affecting the business.11

Adding to the breadth of the "other investments" element, the types of businesses to which this provision applies will include businesses involved in the development or sale of "critical technologies" such as export-controlled goods (including defense articles and defense services; items controlled by the Export Administration Regulations (EAR) for other than anti-terrorism (AT) reasons; and chemical, biological and nuclear items).12 This would also include emerging and foundational technologies subject to control under companion legislation to FIRRMA, the ECRA, which can be recommended for consideration for control by the CFIUS chair.13 The ECRA directs the president to establish a process to identify and impose appropriate controls on certain new and emerging technologies.14 As a result, it is possible that a foreign investment transaction could involve technology that the participants have not identified as subject to controls, but that is later determined to be controlled as emerging technology. The precise implementation of this provision will be determined by regulations promulgated by both CFIUS and the export control agencies.

"Critical infrastructure," in turn, is defined (subject to further regulation) as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security."15 FIRRMA directs CFIUS to specify the critical infrastructure subject to the "other investments" clause and provide examples.

FIRRMA also mandates that CFIUS issue regulations to make clear that "covered transactions" include transactions that arise pursuant to a bankruptcy proceeding or defaults on debt.16 Transactions resulting from a bankruptcy proceeding that otherwise would meet the criteria for a "covered transaction" historically have been within the scope of CFIUS' jurisdiction, so the revised regulations that the Committee promulgates may not result in much substantive change from current practice. That this provision was in FIRRMA and eventually will be expressly included in CFIUS regulations, however, indicates increased concern about, and likely increased focus on, such transactions.

While FIRRMA expands the universe of covered transactions, it also requires certain provisions that could limit the breadth of those newly added categories.

FIRRMA directs CFIUS to further define by regulation the definition of "foreign persons" for purposes of the newly added clauses that extend "covered transactions" to include real estate or "other investments."17 That definition will entail "criteria to limit the application of such clauses to the investments of certain categories of foreign persons," which shall "take into consideration how a foreign person is connected to a foreign country or foreign government, and whether the connection may affect the national security of the United States." This provision seems likely to lead to regulations that take into account both an investor's country of origin (and, potentially, differentiate among countries in terms of national security risk) and other information about the investor (such as ties to foreign governments and possibly the nature of its other investments and activities), in determining whether an "other investment" or real estate transaction is a "covered transaction."

FIRRMA also provides for certain transactions involving private equity structures to be excluded from the scope of "other transactions." In certain situations, an investment will be considered outside the scope of "other investments" where a foreign person, through an investment fund, serves as a limited partner on an advisory board or on a committee of a US critical infrastructure or critical technology company if all of the following criteria are met:

  1. The fund is managed exclusively by a general partner, a managing member or an equivalent
  2. The general partner, managing member or equivalent is not a foreign person
  3. The advisory board or committee does not have the ability to approve, disapprove or otherwise control investment decisions of the fund or decisions made by the general partner, managing member or equivalent related to entities in which the fund is invested
  4. The foreign person does not have the ability to approve, disapprove or otherwise control investment decisions of the fund or decisions made by the general partner, managing member or equivalent related to entities in which the fund is invested, or to dismiss, select or determine the compensation of the general partner, managing member or equivalent
  5. The foreign person does not have access to material nonpublic technical information as the result of participating on the advisory board or committee18

Extended timelines for CFIUS reviews, with immediate effect on initial reviews of newly accepted notifications

The most immediate practical change from FIRRMA is the extension of the permitted timeline for initial reviews. Previously, CFIUS had 30 days in which to conclude a review of a notice that it had accepted as complete. FIRRMA extends that to 45 days. This change is effective immediately.19

The 45-day period for CFIUS to complete an investigation remains intact, but FIRRMA authorizes an additional 15-day extension of the investigation period for "extraordinary circumstances," which have yet to be defined under forthcoming regulations.20

Establishment of a simplified "declaration" process and mandated declarations for certain transactions

FIRRMA will create a two-tier submission process consisting of brief, relatively simple "declarations" and more robust "notices." Declarations are not yet being accepted and will require the implementation of regulations governing their procedures.

Once implemented, parties to covered transactions may file a "declaration," described as "abbreviated notifications that would not generally exceed 5 pages in length," instead of a more substantial notification. CFIUS has 30 days in which to review a declaration. In response to a declaration, the CFIUS may request filing of a formal notice; inform the parties that CFIUS cannot take action on the submitted declaration and they "may" file a formal notice in order to seek notification that CFIUS has completed its review of the transaction; initiate a unilateral review based on the declaration; or notify the parties that it has concluded its review of the transaction.21

In certain transactions, CFIUS will require submission of a declaration. The types of transactions requiring mandatory declarations will be defined by regulations. They will include transactions involving a buyer in which a foreign government owns a "substantial interest" acquiring a "substantial interest" in a US business. The term "substantial interest" will also be defined by regulations, which will incorporate considerations of the means by which a foreign government could influence the actions of a foreign person. The term will specifically exclude interests excepted from the definition of "other investments" or amounting to less than a 10 percent voting interest. CFIUS may waive the requirement to submit a mandatory declaration where it determines that the investments of the foreign person are not directed by a foreign government and the foreign person has a history of cooperation with the committee. Once this section is implemented, FIRRMA authorizes penalties to be assessed against a party that does not comply with the mandatory declaration process.22

Stipulations regarding covered transactions and foreign government–controlled transactions

FIRRMA allows parties to stipulate that a contemplated transaction is a "covered transaction," and to indicate whether the transaction is a foreign government–controlled transaction (such as may trigger a mandatory declaration).23 CFIUS has promised guidance on how it will implement such stipulations.24

Where the parties so stipulate, CFIUS would be required to either (a) provide comments on draft or formal notices or (b) accept formal notices as complete within 10 business days after submission. If a formal notice is deemed incomplete, CFIUS would be required to explain its reasoning within that same time period.25

Supplemental national security factors for consideration

FIRRMA emphasizes that CFIUS will continue to review transactions for the purpose of protecting national security and should not consider issues of national interest absent a national security nexus.26 FIRRMA also sets forth several factors that CFIUS may consider in its review, memorializing considerations that, in practice, have been part of the review process for quite some time. Such considerations include:

  • Whether the transaction involves a country of special concern that has demonstrated or declared a strategic goal of acquiring a type of critical technology or critical infrastructure that would affect US leadership in areas related to national security
  • Potential national security–related effects of a foreign government or foreign person gaining a cumulative market share or engaging in a pattern of recent market transactions involving a particular type of critical infrastructure, energy asset, critical material or critical technology
  • Whether the foreign person has a history of complying with US laws and regulations
  • How the control of US industries and commercial activity by foreign persons may affect the ability of the US to meet the requirements of national security, including considerations involving the availability of resources
  • The extent to which the proposed transaction may directly or indirectly disclose sensitive data of US citizens to a foreign government or foreign person who could use such information in a manner that threatens US national security
  • Whether a transaction could create or exacerbate existing US cybersecurity vulnerabilities, or could provide a foreign government or foreign person with significant new capabilities to target the US with cyberattacks27

Authorization to assess filing fees

Presently, there are no CFIUS filing fees. FIRRMA authorizes CFIUS to assess and collect filing fees, to be set by regulation. The amount of such fees may not exceed one percent of the value of the transaction or US$300,000, adjusted annually for inflation pursuant to regulations. The fee amount must be based on the value of the transaction, taking into account its effects on small business concerns and on foreign investment, the expenses incurred by CFIUS, and other appropriate considerations.28

New authority of CFIUS to suspend transactions and take other enforcement actions

FIRRMA also grants significant new enforcement and mitigation authority to CFIUS. These authorities are statutory and do not require regulations to implement. Previously, presidential action was required to suspend or prohibit a transaction; CFIUS could only make a recommendation to the president for suspension or prohibition. FIRRMA now expressly authorizes CFIUS to suspend a proposed or pending covered transaction that may pose a risk to US national security while the transaction is under review. FIRRMA further expands CFIUS's ability to address national security risks by requiring implementation of compliance plans and authorizing enforcement action for noncompliance with mitigation agreements and conditions.29

Additionally, the "safe harbor" provision previously barred CFIUS from initiating a unilateral review of a covered transaction that had already been reviewed or investigated except in circumstances where a party submitted false or misleading information, or "intentionally" materially breached a mitigation agreement or condition. FIRRMA limits the protections of the safe harbor by eliminating the word "intentionally," expressly allowing unilateral review for any material breach of a mitigation agreement or condition.30

Dentons' Federal Regulatory and Compliance team continues to closely monitor and analyze developments in the implementation of FIRRMA and other matters relating to CFIUS.

footnotes

1 FIRRMA, Pub. L. No. 115-232, tit. XVII, §§ 1701-1728 (codified as amended at 50 U.S.C. § 4565) (2018)

2 https://www.treasury.gov/resource-center/international/Documents/FIRRMA-FAQs.pdf

3 CFIUS Annual Report to Congress for CY 2015 (September 2017)

4 FIRRMA, § 1703(a)(4)(B)(ii)

5 See Ralls Corp. v. Comm. on Foreign Inv. in U.S., 926 F. Supp. 2d 71, 95 (D.D.C. 2013)

6 Ralls Corp. v. Comm. on Foreign Inv. in U.S., 758 F.3d 296 (D.C. Cir. 2014)

7 See, e.g., 31 C.F.R. § 800.301(c), Example 3

8 FIRRMA, § 1703(a)(4)(B)(ii); id. § 1703(a)(4)(C)

9 FIRRMA, § 1703(a)(4)(B)(iii)-(iv); id. § 1703(a)(4)(D)

10 FIRRMA, § 1703(a)(4)(D)(i)(I)-(III)

11 31 C.F.R. § 800.204

12 FIRRMA, § 1703(a)(6)

13 Id. § 1703(a)(6)(A)(vi) (citing section § 1758 of ECRA, Pub. L. No. 115-232, tit. XVII, §§ 1741-1781 (2018))

14 ECRA, § 1758

15 FIRRMA, § 1703(a)(5)

16 FIRRMA, § 1703(a)(4)(F)

17 FIRRMA, § 1703(a)(4)(E)

18 FIRRMA, § 1703(a)(4)(D)(iv)(I)

19 FIRRMA § 1709

20 FIRRMA § 1709

21 FIRRMA § 1706

22 FIRRMA § 1706

23 FIRRMA § 1707

24 FAQ, supra n. 2 at 3.

25 FIRRMA § 1704

26 FIRRMA § 1702(b)(9)

27 FIRRMA § 1702(c)(1)-(6)

28 FIRRMA § 1723

29 FIRRMA § 1718

30 FIRRMA § 1708

About Dentons

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.