Attention Corporate Counsel: If you are contemplating a cross-border M&A transaction involving a U.S.-based target company, key trends discussed in the recently released 2014 Annual Report1 from the Committee on Foreign Investment in the United States (CFIUS or Committee) to Congress are worth your careful consideration.

On February 19, 2016, CFIUS released its most recent analysis of foreign direct investment transactions reviewed for national security concerns. The report asserts that tabular data on the covered transactions, withdrawals, and presidential decisions "is not indicative of any discernible trends." As practitioners regularly engaged in CFIUS cases, we respectfully assert that there are certain notable takeaways.

Understanding CFIUS, and the Interplay with FOCI/NISPOM

By way of background, the Committee reviews deals in which a foreign person or entity will obtain control over a U.S. trade or business that has national security implications, which are identified as "covered transactions." To commence a review, the parties to the covered transaction may voluntarily inform CFIUS of the details of the deal, including extensive data regarding the acquirer, as well as the target business. Alternatively, the Committee can initiate its own review (or request that the parties file a notice), if CFIUS believes that a potential deal raises concerns regarding national security. Approval by the Committee allows a "safe harbor" in the manner of a "no action" decision, thereby allowing the deal to proceed without the risk of the deal being prohibited or unwound.

In short, there are four basic stages to the CFIUS analysis: (1) Pre-filing of a preparatory notice, along with preliminary consultations with CFIUS staff; (2) Initial review, which lasts for 30 days from the Committee's acceptance of a complete notice: (3) Investigation, if the Committee determines that an additional 45-day analysis is needed after the initial review period; and (4) Presidential Decision, which may be triggered if the deal is not approved by CFIUS following an Investigation, including the authority to unwind a deal that has been closed, but is determined to be contrary to U.S. national security. In this context, national security can be triggered based upon the type of business being acquired or the identity of the acquirer, including an affiliation with or control by a foreign government. For example, involvement of any foreign state-owned entity will trigger the more intensive 45-day Investigation. Recent cases also demonstrate that the involvement of any critical infrastructure in a deal will also require a careful analysis by CFIUS, typically to include the 45-day Investigation.

So how does this relate to a review of "Foreign Ownership, Control or Influence" (also known as "FOCI")? The U.S. Department of Defense (DoD) has independent authority to determine whether a company is under FOCI and, as appropriate, implement requirements consistent with the National Industrial Security Policy Operating Manual (NISPOM) when a foreign person or entity has the power, direct or indirect, to direct or decide matters or operations that may result in unauthorized access to classified information or may affect the performance of classified contracts. This analysis is independent of, but certainly an important part of, any CFIUS analysis. Indeed, DoD is an active member of the Committee and represents DoD interests in any such decisions made by CFIUS. For example, as part of a mitigation plan imposed by CFIUS, it will certainly include associated restrictions for the facility clearance process, for example. With this as general background, let's now examine the CFIUS activity as most recently reported.

The Numbers, and Just the Numbers

Key observations? First, the highest number of notified reviews over the last 5 years took place in 2014 – namely, 147 transactions, which constitutes a 52% increase over the 97 reviews in 2013, and a 33% increase over the 114 reviews undertaken in 2012. It is fully anticipated that this upward trend continued through 2015, based upon our understanding of the active M&A marketplace, particularly with Asian investment, as discussed below.

Second, while the absolute number of reviews continued to mount, the percentage of follow-on, 45-day "investigations" remained at recent historic levels. In 2014, only 52 of the 147 cases, or about 35%, resulted in a subsequent "investigation" as compared with 48 investigations in 2013, and 45 in 2012. Five years earlier, in 2009, CFIUS investigated 25 cases of the total 65 noticed reviews, about 38% of deals, which were subjected to the more intense 45-day investigation.

Interestingly, the number of notices that were "withdrawn" after the commencement of an investigation in 2014 (9) were nearly double those (5) from the prior year. Typically, the parties will seek to "withdraw" their request if they do not expect to obtain the desired approval or an acceptable mitigation plan. Of course, parties can request approval from the Committee to withdraw a request and may seek to refile at a later time if the deal is revised or later revived. Companies should understand that CFIUS has procedures to track the status of a withdrawn transaction to ensure national security concerns are not compromised.

Many may recall the prior reported CFIUS review and denial imposed on the Chinese telecommunications firm Huawei regarding its intended acquisition of 3Com in 2008, or the more recent congressional investigation of Chinese telecommunications giants ZTE Corporation and Huawei and the resulting report noting continuing national security concerns by the U.S. government about foreign investment by these companies in this U.S. industry. Indeed, on March 8, 2016, ZTE Corporation and three affiliates were added to the U.S. Commerce Department, Bureau of Industry and Security's Entity List prohibiting U.S. persons from undertaking certain export and reexport transactions with these entities. While the U.S. government on March 24, 2016 issued a final notice authorizing a Temporary General License regarding ZTE Corporation and one of the affiliates, the original act of adding these companies to the Entity List demonstrates that the Government will continue to analyze the activities of a foreign entity well after an unsuccessful CFIUS case and will take such steps as it deems necessary to protect the country's national security.

Finally, the seminal Ralls Corporation case in 2012 remains the only Presidential Decision issued under the CFIUS regulations.

Is Your Industry in the Target Zone?

The 2014 Annual Report demonstrated the wide range of businesses and industry sectors that were examined under a review and/or an investigation. Does this signal the government's increasing breadth of interest, or businesses' greater unwillingness to accept uncertainty, or both? A review of the facts may provide some guidance.

Consistent with historic trends, in 2014, the largest slice of covered transactions involved the Manufacturing sector, with 47%. In 2014, this dominant sector was followed by Finance, Information and Services (FIS) at 26%; Mining, Utilities and Construction (MUC) at 17%; and the Wholesale, Retail and Transportation (WRT) sector at 10% of covered transactions. Within Manufacturing, the predominant industry in CFIUS transactions involved computer and electronic products, with 29 of the 147 notices in 2014, which was greater than the combined next three industries of machinery (9 notices), transportation equipment (9), and chemical (7) in that segment. In the FIS sector, not surprisingly, the professional, scientific, and technical services industry saw the most action in covered transactions, with a total of 14 for 2014. In the Mining, Utilities and Construction sector, the predominant number of cases, at 13, involved utilities, followed by oil and gas extraction at 5. Finally, the "support activities for transportation" within the WRT sector experienced the greatest number of notices in 2014 at 8. Notwithstanding these apparent "spikes," the vast spread of activity among the four segments was remarkable, reflecting a notable interest in foreign investment among diverse yet important businesses within the United States.

"Know From Whence You Came"

U.S. author James Baldwin (1924-1987) purportedly once said, "Know from whence you came. If you know whence you came, there are absolutely no limitations to where you can go." Apparently, Mr. Baldwin never met CFIUS. Did 2014 reflect any geographic trends? Absolutely. In 2014, there was extensive acquisition activity emanating from Asia. Indeed, 36% of the covered transactions involved acquiring entities from Asia: China accounted for 24 of the total 147 covered transactions in 2014, followed by Japan with 10, South Korea at 7, and Hong Kong and Singapore at 6 transactions each. In addition to this influx from Asia, entities in more historic acquiring home countries like the United Kingdom (21) and Canada (15) were also very active, with double-digit transactions that year. Notwithstanding the concentration from Asia and other, more historic acquiring countries, 2014 also demonstrated a broad spread of transactions by entities from around the globe. It is expected that this continued through 2015 as well, given the current macroeconomic principles at play.

New Demands for Mitigation: Are You Ready?

Cases requiring mitigation in 2014 made up a smaller percentage than they had in the prior few years. In 2014, CFIUS mitigation measures were applied to 9 covered transactions or 6% of the 147 total transactions reviewed, as compared with 8% from 2012 through 2014. Not surprisingly, CFIUS required mitigation for those acquired U.S. companies that were in the software, services, and technologies industries, with no fewer than 5 CFIUS agencies serving as signatories to such mitigation agreements, exemplifying both the breadth in concern and interest among U.S. government agencies. The year 2014 also brought the adoption of new specific and verifiable mitigation measures imposed on parties. Such measures include, for instance, ensuring that only authorized persons have access to controlled technology; requiring that only U.S. citizens (and not resident aliens i.e., "green card" holders) handle certain products and services and that certain activities occur only in the United States; establishing a Corporate Security Committee or other safeguards for compliance with the agreed conditions; and establishing formal guidelines and terms for handling U.S. government contracts, customer information, and other sensitive data. Before requesting a review, the acquiring party should consider if they are well situated to promptly offer, and indeed implement, comparable physical, procedural, and technological safeguards. As those who have gone through the process are well aware, once the request is filed, statutory deadlines often drive to resolution in short order.

Analyzing all of the facts and figures from the 2014 Report, we suspect that businesses are employing a more cautious approach. It appears that businesses want (or their owners and managers demand) the formal "no action" blessing before consummating the deal, rather than face a potential unwinding of the transaction once it is made public. Historically, it was common to see complicated mitigation agreements, where the parties spun off troublesome businesses, stood up independent proxy boards, or implemented other formal mitigation plans in order to appease the Committee prior to formal approval. Today, these continue to be only a subset of the overall "covered transactions" reviewed. There are certain countries that have a more historic active record of their buyers undertaking CFIUS reviews; however, in addition to entities from the UK, Canada, and the Netherlands, we anticipate a continuing uptick in activity from the Asian countries through 2015 and today. In light of the demanding mitigation procedures that may be imposed, both the acquiring entity and the target should be fully prepared, even before any "pre-filing" is proffered to the Committee. Once the clock starts, the process often continues swiftly through resolution. Accordingly, all parties must be ready.