Ronald A Oleynik is a Partner in Holland & Knight's Washington D.C. office

Antonia I Tzinova is a Partner in Holland & Knight's Washington D.C. office

Seth M.M. Stodder is a Partner in Holland & Knight's Los Angeles office

Andrew K McAllister is an Associate in Holland & Knight's Washington D.C. office

What Is CFIUS?

The Committee on Foreign Investment in the United States (CFIUS) was granted authority to review foreign investment in existing U.S. businesses under the Defense Production Act of 1950. CFIUS is an interagency committee chaired by the U.S. Department of the Treasury and comprised of representatives from 16 U.S. departments and agencies, including the U.S. Departments of Defense, State, Commerce and Homeland Security, among others. Before the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), CFIUS jurisdiction extended to any transaction that would result in foreign control over a U.S. business that impairs U.S. national security. A transaction that poses a threat to U.S. national security where the threat cannot be reasonably mitigated under existing law or a CFIUS mitigation agreement may be referred to the President of the United States with a recommendation to block the transaction. Foreign investors should note that a review of a "covered transaction" may be initiated any time after the transaction closes, with no statute of limitations. The only guarantee that a foreign acquirer will not be ordered to divest is if the transaction has been reviewed, and not objected to, by CFIUS.

FIRRMA: The New Era

FIRRMA Expands CFIUS Jurisdiction

President Donald Trump signed the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA) into law on Aug. 13, 2018. Among other things, the NDAA contains FIRRMA, the first major legislative reform impacting CFIUS reviews of foreign acquisitions since Congress passed the Foreign Investment and National Security Act of 2007 (FINSA).

The new law expands CFIUS jurisdiction, especially with respect to real estate transactions and non-controlling interests in businesses involved in critical infrastructure, critical technologies and access to sensitive personal data. It also makes certain filings involving foreign governments mandatory. Most of the changes affect only procedure and funding for the Committee and codify recent CFIUS practice. Nevertheless, FIRRMA brings important changes to the law that all involved in foreign investments in U.S. business should be aware of, and it does emphasize the continuing shift of the CFIUS process from a technical exercise toward a more political trade policy decision.

The most important changes brought by FIRRMA involve the significant expansion of CFIUS jurisdiction to review certain real estate transactions that were not previously of interest to CFIUS and transactions not resulting in the foreign control of a U.S. business.

The authority of the President of the United States to suspend or prohibit certain transactions is provided in Section 721 to the Defense Production Act of 1950, as amended (50 U.S.C. § 4565) (the Act). Under the Act, the President can suspend or prohibit any "covered transaction" when, in the President's judgment, there is credible evidence to believe that the foreign person exercising control over a U.S. business might take action that threatens to impair the national security of the United States, and the law does not otherwise provide adequate protection against such action. FIRRMA modifies the definition of "covered transactions."

Under the old standard, a "covered transaction" was any transaction that was proposed, pending or concluded by, or with, any foreign person, which could result in control of a U.S. business by a foreign person. "Critical infrastructure" was addressed within the context of a covered transaction and defined as "a system or asset, whether physical or virtual, so vital to the United States that the incapacity or destruction of the particular system or asset of the entity over which control is acquired pursuant to that covered transaction would have a debilitating impact on national security." Thus, CFIUS jurisdiction covered any acquisition of a U.S. business that would result in foreign control and that might threaten U.S. national security. It has long been the practice of the United States to leave the term national security undefined to allow CFIUS and the President maximum flexibility in asserting jurisdiction over foreign acquisitions of U.S. businesses.

By enacting FIRRMA, Congress made certain practices explicit and, in the process, expanded the reach of CFIUS. It did this by amending the term "covered transaction" to include:

  • any non-passive investment by a foreign person in any U.S. business involved in critical infrastructure, the production of critical technologies or that maintains sensitive personal data that, if exploited, could threaten national security
  • any change in a foreign investor's rights regarding a U.S. business
  • the purchase, lease, or concession by or to a foreign person of certain real estate in close proximity to military or other sensitive national security facilities, and
  • any other transaction, transfer, agreement, or arrangement designed to circumvent or evade CFIUS

These changes boil down to two major expansions of CFIUS jurisdiction: 1) real estate transactions of developed and undeveloped land, and 2) non-controlling foreign interests in critical infrastructure, critical technologies or sensitive personal data.

Real Estate Transactions: The Close Proximity Test

Until FIRRMA, CFIUS had jurisdiction over transactions that involved a "U.S. business," i.e., a going concern. While assets of a business that comprised most of the business would qualify, the mere acquisition of land did not warrant, and was specifically excluded from, CFIUS jurisdiction. However, during the past few years, CFIUS has developed and applied the so-called "locational test" and weighed in on transactions involving the acquisition of a U.S. business in close proximity to sensitive U.S. Government facilities.

FIRRMA takes this further. It expands the scope of CFIUS jurisdiction to include any type of real estate transaction, i.e., both developed and undeveloped real estate. FIRRMA specifies that "CFIUS jurisdiction includes the purchase, lease, or concession of private or public real estate that: is located within, or will function as part of, an air or maritime port; [or] is in close proximity to a U.S. military installation or another facility or property of the U.S. Government that is sensitive for reasons relating to national security." Under the old statute, the acquisition of a building that might be leased to a government agency would already fall within the purview of CFIUS review as an ongoing concern. However, a piece of undeveloped land on its own was specifically excluded from the scope of CFIUS jurisdiction under prior law and regulations.

FIRRMA changes this. It not only codifies recent CFIUS practice with respect to real estate businesses but also expands CFIUS jurisdiction to allow CFIUS to block the purchase of even undeveloped land that is in close proximity to a U.S. military installation or another facility or property of the U.S. Government that is sensitive for reasons relating to national security. This is a significant change that, for the first time, inserts CFIUS review into purely "greenfield" investment in vacant land. This change allows CFIUS to speculate about the potential use or development of land, or lack thereof.

Non-Controlling Interests in Critical Infrastructure, Critical Technologies or Sensitive Personal Data

Another major departure from the prior regime is the ability to block the acquisition of non-controlling interests in critical infrastructure, critical technologies or sensitive personal data. Since its inception, it had been a hallmark of CFIUS review that the foreign acquisition had to result in foreign control, which could pose a threat to U.S. national security. This is no longer the case.

Under FIRRMA, CFIUS jurisdiction now also includes any foreign, non-passive investment in U.S. critical infrastructure or critical technology, or a U.S. business that maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. Such non-controlling interests will include minority equity interests with no board participation and no specific rights with respect to major decisions of the business. In essence, FIRRMA moves the focus from control to influence. Removing the control test will greatly expand the number of reviewed and reviewable transactions, particularly in the high-tech startup sector.

Voluntary and Mandatory Filing of Declaration

In addition to these substantive changes, FIRRMA also makes several procedural changes to CFIUS reviews. First, it creates a new, short form of filing (a "declaration") that will contain basic information regarding the transaction. These declarations are filed in three instances:

  1. Parties may voluntarily submit such a declaration to request that CFIUS determine whether a full, formal filing is necessary. CFIUS is required to take action within 30 days following receipt of a declaration.
  2. Parties must submit a declaration in certain government-control cases involving the acquisition of a "substantial interest" in a U.S. business by a foreign person in which a foreign government has a "substantial interest."
  3. Parties must submit a declaration in transactions identified in implementing regulations (e.g., pilot programs as discussed in more detail below).

FIRRMA authorizes CFIUS to impose civil penalties on any party that fails to comply with the mandatory declaration requirement. Furthermore, parties to covered transactions that are subject to the mandatory declaration requirement may elect to submit a full written notice instead of a declaration.

Procedural Changes

In addition, FIRRMA implements a number of procedural changes.

  • Expanded Timeframe for CFIUS Review: Previously, CFIUS undertook an initial 30-day review, with the option for an additional 45-day investigation. FIRRMA extends the review period to 45 days, retains the 45-day optional investigation period and authorizes a one-time extension of 15 days in "extraordinary circumstances," as defined in the CFIUS regulations.
  • Timing for Review of Draft Filings: FIRRMA requires that CFIUS provide comments on draft notices that parties submit in advance of formal filing within 10 business days.
  • Timeline for Acceptance of Formal Filings: FIRRMA requires that CFIUS accept formal filings within 10 business days and start the official review period clock.
  • Authority to Suspend Transactions: FIRRMA provides the authority for CFIUS to suspend transactions or refer transactions to the President prior to the conclusion of the full review period.
  • Filing Fee: Previously, there was no filing fee for submitting a notice to CFIUS; however, FIRRMA permits CFIUS to assess a fee of no more than 1 percent of the transaction or $300,000, whichever is less.
  • Committee on Foreign Investment in the United States Fund: FIRRMA provides for the creation of a funding mechanism to be administered by the CFIUS chairperson and authorizes $20 million in appropriations to this fund for each of fiscal years 2019 through 2023 for CFIUS to perform its duty.
  • Expanded Reporting Requirements: FIRRMA requires that CFIUS produce a report biannually (through 2026) that analyzes and includes information on investment in the United States by Chinese entities.
  • Voluntary and Mandatory Declarations: As discussed above, parties would be given the opportunity to file a short-form declaration to obtain CFIUS' view on whether a transaction is subject to review.
  • Monitoring Mechanism: FIRRMA requires that CFIUS create a monitoring mechanism with respect to transactions where the parties have not filed a notice with CFIUS.

CFIUS Pilot Program: The Future Is Now

Because of the extensive changes to the legal regime of CFIUS, some of FIRRMA's most significant provisions will not be effective until 18 months following the enactment of FIRRMA (i.e., Feb. 13, 2020); or 30 days after the U.S. Secretary of the Treasury publishes in the Federal Register a determination that the necessary regulations, organizational structure, personnel and other resources are in place to administer those provisions of FIRRMA (whichever is sooner). Notwithstanding this, in recognition of the need to immediately assess and address significant risk to national security posed by some foreign investment, FIRRMA also authorizes CFIUS to conduct one or more pilot programs to implement any provisions of the legislation before FIRRMA becomes fully effective.

The First CFIUS Pilot Program

The first CFIUS pilot program was announced on Oct. 11, 2018, and became effective on Nov. 10, 2018. The pilot program expands CFIUS' jurisdiction to include certain non-controlling investments by the foreign investors in a U.S. business that produces, designs, tests, manufactures, fabricates or develops one or more critical technologies that is either utilized in connection with the U.S. business' activity, or designed by the U.S. business specifically for use, in one or more of 27 pilot program industries, and affords the foreign investor any of the following rights:

  • access to any material nonpublic technical information in the possession of the pilot program U.S. business (does not include financial data)
  • membership or observer rights on the board of directors or equivalent governing body of the pilot program U.S. business, or the right to nominate an individual to a position on the board of directors or equivalent governing body of the pilot program U.S. business
  • any involvement, other than through voting of shares, in substantive decision-making of the pilot program U.S. business regarding the use, development, acquisition or release of critical technology

Under FIRRMA, "critical technology" is defined with reference to existing control regimes, among others. Consistent with FIRRMA, the definition of "critical technology" in CFIUS' regulations has been updated to include:

  • Defense articles – U.S. Munitions List
  • Dual-use technology – Commerce Control List
  • Nuclear equipment, materials, software, technology
  • Select agents and toxins
  • Emerging and foundational technologies (Export Control Reform Act of 2018)

As to pilot program industries, CFIUS has developed the list of 27 industries for which certain strategically motivated investment could pose a threat to U.S. technological superiority and national security, including aviation, defense, semiconductors, telecommunications, batteries, biotech, nanotechnology, among other strategic industries where the U.S. wants to keep its technological edge.

Pilot Program U.S. Business

A U.S. business meets the definition of a "pilot program U.S. business" if it produces, designs, tests, manufactures, fabricates or develops a critical technology that is 1) utilized in connection with the U.S. business' activities in one or more pilot program industries, or 2) designed by the U.S. business specifically for use in one or more pilot program industries.

The first step is to determine, if not already known, whether the U.S. business produces, designs, tests, manufactures, fabricates or develops a critical technology. This will involve considering everything that the U.S. business produces, designs, tests, manufactures, fabricates and develops, and determining whether anything falls within the definition of a "critical technology."

If a U.S. business produces, designs, tests, manufactures, fabricates or develops one or more critical technologies, the next step is to determine whether the U.S. business utilizes any of those critical technologies in connection with its activities in one or more pilot program industries (i.e., the 27 industries identified by CFIUS). If so, the U.S. business is a pilot program U.S. business.

If not, the final step is to determine whether one or more of the critical technologies produced, designed, tested, manufactured, fabricated or developed by the U.S. business is designed by the U.S. business specifically for use in one or more pilot program industries, irrespective of whether such use is by the U.S. business itself or by another person. If so, the U.S. business is a pilot program U.S. business.

Pilot Program Covered Transaction

If the U.S. business is a pilot program U.S. business, certain non-controlling investments by the foreign investors in said business which affords the foreign investor the right to 1) access any material nonpublic technical information of the pilot program U.S. business, 2) membership or observer rights on the board of directors or equivalent governing body of the pilot program U.S. business, or the right to nominate an individual to a position on the board of directors or equivalent governing body of the pilot program U.S. business, or 3) any involvement, other than through voting of shares, in substantive decision-making of the pilot program U.S. business regarding the use, development, acquisition or release of critical technology, will be deemed as a pilot program covered transaction. The pilot program requires that the parties to a pilot program covered transaction file a declaration with CFIUS (i.e., the mandatory declaration requirement under the pilot program).

Treatment of Certain Investment Fund Investments

The pilot program exempts certain indirect investments made through an investment fund by a foreign person in a pilot program U.S. business that affords the foreign person membership as a limited partner or equivalent on an advisory board or a committee of the fund from being considered as a pilot program covered transaction, if:

  • the fund is managed exclusively by a general partner, a managing partner or an equivalent who is not a foreign person
  • neither the advisory board or committee, nor the foreign person, has the ability to approve, disapprove or otherwise control the investment decisions of the investment fund or its portfolio companies
  • the foreign person does not otherwise have the ability to control the investment fund, including the right to unilaterally dismiss, prevent the dismissal of, select or determine the compensation of the general partner
  • the foreign person does not have access to material nonpublic technical information as a result of its participation on the advisory board or committee

The pilot program also exempts investment involving an air carrier.

Mandatory Declaration of Pilot Program Covered Transaction

As mentioned above, the pilot program mandatorily requires that parties to a pilot program covered transaction submit a declaration to CFIUS. Parties may, however, elect to submit a full written notice instead of a declaration. Parties will need to consider at the outset whether to submit a declaration or a full written notice based on the complexity of the transaction, timing considerations and other relevant factors. A full written notice may be more appropriate than a declaration when the parties believe that CFIUS may require more extensive information to analyze potential national security risks.

Upon the receipt of the declaration from the parties, CFIUS has 30 days to clear the transaction based on the declaration, initiate a unilateral review of the transaction or require the parties to file a full written notice.

Any person who fails to comply with the filing requirements may be liable for a civil penalty up to the value of the pilot program covered transaction.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.