The Committee on Foreign Investment in the United States (CFIUS) is an inter-agency committee that conducts national security reviews of foreign investments in the United States. CFIUS, chaired by the US Department of the Treasury, has the authority to impose conditions on a deal and, in extreme cases, effectively block a deal before closing or unwind a deal after closing, all in the name of protecting US national security.
Although CFIUS's authority and general processes are set forth in statutes and regulations, they can be challenging to decipher and the statutes and regulations offer little in the way of direct guidance to dealmakers. As a result, it can be difficult to know how to conduct a comprehensive risk assessment and how to assess whether and when parties should approach CFIUS. If parties to a transaction do not approach CFIUS, because they determine that a notice was not necessary, they are willing to live with the risks of not filing or for some other reason, CFIUS may choose to approach the parties, which could lead to increased scrutiny in the review process. This practice tip is intended to convey some lessons learned from past deals and provide guidance on handling (or not handling) the CFIUS process in a transaction.
Risk Assessment -- Which Transactions Are Subject to CFIUS Review?
Will the Foreign Investor (or Buyer in an Acquisition) Obtain Control or Influence?
CFIUS does not review all foreign investments in the United States. Rather, CFIUS only reviews "covered transactions." A covered transaction is one that might result in foreign "control" over a US business involved in national security. There are detailed regulations on what constitutes "control," but generally, the test is functional and extremely broad (i.e., could the foreign investor cause the US business to take action or prevent it from taking action?). This power can be direct or indirect, and is relevant to CFIUS regardless of whether or not the investor exercises such power. The only explicit exception to CFIUS coverage is where a foreign entity owns 10 percent or less of the voting interest in the US business and holds it "solely for the purpose of passive investment." Note that, no matter how small the equity percentage, the ability to hold or appoint a seat on the board, for example, means that the foreign ownership is not solely for the purpose of passive investment.
What Industry and Business Functions Are Involved?
Even if a deal is a "covered transaction," CFIUS is interested only in investments related to "national security." As with "control," the concept of "national security" is wide-ranging and can be difficult to define. In addition to traditional defense and government contractor businesses, CFIUS has construed information and communications technology, transportation, energy, chemical production, and biotechnology and the life sciences, among other areas, as relevant to national security. As a general rule of thumb, deals involving businesses that do any classified work with the US government should anticipate a CFIUS review.
From What Country is the Foreign Investor?
CFIUS's mission is to manage risks to US national security, so it is unsurprising that CFIUS takes into account relations with foreign sovereigns and the jurisdiction of the investor and its ultimate beneficial owner (and the non-US intermediate subsidiaries in between and other affiliates). Companies from Russia and China, for example, have historically received greater CFIUS scrutiny than others. This does not mean, however, that if an investor is from a traditional US ally, that it will not receive similar attention. The level of CFIUS scrutiny also depends on the relationship of the investor to a government or governmental organization. When the investor is a private company rather than state-owned or controlled, CFIUS will likely have fewer concerns. By contrast, if an investor has direct or indirect ties to a foreign country's government or national security apparatus, there is likely to be a higher risk of CFIUS intervention, including potential mitigation measures.
When Should CFIUS be Notified?
If a transaction is "covered," then CFIUS generally expects to receive a joint notice submitted voluntarily by the parties after the deal has been signed but prior to closing. However, parties have given notice to CFIUS using letters of intent or other agreements (so long as they are specific and the deals fairly certain). Less commonly, parties may decide to file with CFIUS pre-closing but intend to close prior to CFIUS clearance. The timing of the notice has potential advantages and disadvantages, depending on the individual transaction. In addition, there are potential consequences if the parties decide that a joint notice is not necessary, and if CFIUS later learns of the transaction and invokes its authority to approach the parties about the transaction. In such situation, it can often be the case that CFIUS imposes greater scrutiny of a transaction and there may be increased risk of interference.
What Are Some Potential Costs of the CFIUS Process?
When evaluating CFIUS risks, parties to a deal should consider the following potential costs:
The transaction costs of due diligence, the determination of whether a CFIUS filing is required, and negotiation of the CFIUS-related deal terms; The process costs of informing CFIUS and responding to any informational inquiries; The time costs of any potential delay to deal closing (possibly, three months or more once CFIUS accepts a notice); The mitigation costs of any measures required by CFIUS as conditions to closing; and The prohibition costs of any impediment to closing imposed by CFIUS or unwinding of a closed transaction.
These costs are not exhaustive, but rather demonstrate the kinds of issues that parties should consider when evaluating whether and when to file a voluntary notice with CFIUS.
With respect to the time costs, if the parties decide to submit a joint notice to CFIUS, obtaining clearance is often an agreed-upon condition to close. The process of preparing and submitting the notice will depend on the nature of the transaction, but is typically a collaborative process that can take several weeks (or more) even in relatively straightforward transactions.
Once CFIUS "accepts" the submission (rather than the date the parties actually file with CFIUS), CFIUS typically has 30 days to "review" the transaction, after which it will either clear the transaction or initiate an investigation. A CFIUS investigation can extend the review by another 45 days, at which time CFIUS must clear the transaction, require a mitigation agreement or recommend that the transaction be blocked or unwound.
How Do You Allocate CFIUS Risk with Deal Terms?
Parties entering into a transaction that may implicate CFIUS review should consider the following:
Whether and how to include CFIUS approval in a regulatory best efforts clause--particularly in light of a investor's tolerance for potential mitigation demands and agreed upon efforts in the antitrust (or other regulatory) approval context (e.g., "hell or high water"); Whether to include CFIUS rejection or unacceptable mitigation demands as a trigger for the imposition of a breakup or reverse breakup fee (and whether the fee should be spread over time to account for the time costs of any CFIUS delay); and Whether and how to treat CFIUS review in the definition of "Material Adverse Event"--particularly whether to (i) limit the target's risk related to inaccurate representations and warranties, or (ii) limit the foreign investor's risk related to a duty to close with onerous mitigation measures or excessive CFIUS delay.
Strategic Considerations for Managing CFIUS Risk
1. As always, plan ahead and start early. The CFIUS process is time consuming, both throughout the notice preparation phase and the committee approval phase. Parties to a transaction should take CFIUS into account early and plan strategically to account for its potential risks and costs. To avoid any preparation and filing delays, parties should plan ahead and begin collecting the relevant information needed for the joint notice as early as possible. While the investor may have a greater interest in getting through the CFIUS process unscathed, the interests of both parties to a deal are aligned before CFIUS and parties should cooperate with each other to collect the relevant information and prepare the notice. After all, it is a joint notice.
2. Be aware of latent risks. Parties should be aware that latent CFIUS risks may lurk in many transactions, even when a target business does not appear, on its face, to involve national security. For example, a company whose primary activities do not involve national security may have a minor business line or limited number of products or services that implicate national security. Relevant information may be revealed throughout the due diligence process and recognizing from the outset that there may be "more than meets the eye" in many transactions will allow investors to appropriately incorporate CFIUS considerations into their deal planning.
3. Address CFIUS risks head on. Parties are free to negotiate provisions into their deal documents that allow flexibility (or do the opposite) to close the deal in the face of a negative reaction from CFIUS. Often times these provisions mirror those addressing antitrust approvals; however, investors should focus on what consequences they are willing to accept. For example, an investor should ask itself if it would be willing to do the deal if the US business was not included. If so, maybe it could agree to a "hell or high water provision," which is a requirement that it take any and all actions necessary to obtain CFIUS approval (even divesting the US business or engaging in endless litigation).
4. Consider other potential regulatory regimes. In addition to CFIUS, foreign investors into the United States must also consider whether or not they are subject to other regulatory regimes, including antitrust review, foreign ownership, control or influence (FOCI) review by the Defense Security Service (DSS) (e.g., if the target business holds a facility security clearance to possess or access classified information) or a 60-day notice requirement to the Directorate of Defense Trade Controls (DDTC), which administers and enforces the International Traffic in Arms Regulations (ITAR) (e.g., if the US business exports or manufactures defense articles and is registered with DDTC). These regulatory regimes have their own unique requirements and sometimes onerous processes that should be assessed before entering into a transaction. Indeed, for companies that perform classified work, the parallel DSS process which will typically require separate, Department of Defense-mandated mitigation measures can be a particularly complicated and time-consuming process which if mismanaged could place the target's facility clearance in jeopardy.