The Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”) has made compliance with increasingly complex Committee on Foreign Investment in the United States (“CFIUS”) rules an important part of a fund manager’s job if any of its funds have foreign investors. Before FIRRMA, CFIUS jurisdiction only applied to transactions where a foreign entity acquired control over a U.S. business (defined as “any entity engaged in interstate commerce in the United States”) and all CFIUS filings were voluntary. This meant that both U.S. funds with foreign investors and foreign investment funds whose U.S. investments were limited to real estate and minority investments in public and private companies had no reason to worry about CFIUS compliance.

FIRRMA has changed that. FIRRMA now extends CFIUS jurisdiction for the first time to cover certain minority investment in U.S. businesses and U.S. real estate acquisitions by or made on behalf of foreign investors, and in some instances, as explained below, to require mandatory reporting prior to closing. On Sept. 17, 2019, the U.S. Department of the Treasury issued over 300 pages of additional proposed rules to implement FIRRMA, which will take effect when made final sometime before the Feb. 13, 2020 statutory deadline. We summarize below the takeaways fund managers should know about the new proposed regulations.

1. The New Rules Leave the Pilot Program Mandatory Filing Unchanged, Along with the Safe Harbor for U.S.-Managed Funds Not Controlled by Foreign Investors

CFIUS has not proposed any changes to the current mandatory filing FIRRMA Pilot Program that became effective last November. The Pilot Program requires that certain foreign investments in U.S. critical technology businesses be reported to CFIUS. There have also been no changes proposed to the Pilot Program investment fund “safe harbor” rule (explained below) that exempts certain U.S.-managed funds from the mandatory filing requirement even if they have significant foreign investors.

The existing Pilot Program requires mandatory reporting for:

  • All foreign persons;
  • Making non-controlling investments;
  • That provide board representation or board observer rights, access to non-public technical information or involvement in substantive decision making of a U.S. business;
  • That produces, designs, tests, manufactures, fabricates or develops one or more “critical technologies” (which include items subject to export controls, items related to nuclear energy and select agents and toxins); and
  • Such technologies are used in one of 27 named industries.[1]

Mandatory reporting is not required if the investment fund safe harbor requirements are met. Investment funds organized as limited partnerships with foreign investors are not subject to the Pilot Program mandatory reporting requirements if the fund is (a) managed by a U.S. general partner and (b) foreign limited partners do not have certain types of control over the fund’s management or investment decisions, or access to certain types of technical information. Since the Pilot Program became effective, many investment funds have reviewed, and in some instances, revised, their fund governance to ensure that they fall within this safe harbor.

2. The New Rules Require Additional Mandatory Reporting for Certain Foreign Government Acquisitions of U.S. Businesses

Under the proposed regulations, certain foreign government-controlled investments in a newly defined term, “TID (Technology, Infrastructure, Data) U.S. Business,” will be also subject to mandatory CFIUS filing. A “TID U.S. Business” is defined as a U.S. business that:

  • Deals with critical technology as defined under the Pilot Program; as well as U.S. businesses that own, operate, manufacture, supply or service critical infrastructure as defined; or that maintain or collect sensitive personal data of U.S. persons that may be exploited in a manner that threatens U.S. national security.[2]

A mandatory filing will be required for transactions in which a foreign government holds a 49% or greater direct or indirect voting interest in any foreign person, including a fund, that obtains a 25% or greater direct or indirect voting interest in a TID U.S. Business.

This new mandatory reporting requirement likely will apply most often to foreign government sovereign wealth funds and foreign state owned-enterprises that make direct investments of 25% or more in a U.S. TID Business. For fund managers who oversee multi-investor funds that have no 49% or greater investors, this new regulation will not affect their investment activity. However, fund managers should be aware that this new rule would likely apply to managed accounts, single investor funds (“funds of one”) or any co-investment or sidecar fund held 49% or more by a foreign government investor if they invest in 25% or more of a U.S. TID Business.

3. The New Rules May Except Certain Foreign Countries and Certain Foreign Entities From Reporting Acquisitions of U.S. Real Estate and Non-Controlling Investments in U.S. Businesses

Under pre-FIRRMA law, all foreign investors were subject to CFIUS jurisdiction and reporting requirements and procedures; there has been no formal “white list” of favored countries or “black list” of disfavored countries.[3] FIRRMA for the first time allowed CFIUS to treat buyers and investors from certain foreign countries more favorably than others in terms of formal process.

The proposed regulations implement this new authority and provide that CFIUS may exempt individuals and entities from particular foreign countries from the scope of its jurisdiction when they make certain real estate acquisitions or non-controlling investments in a U.S. business. (All acquisitions of control of a U.S. Business by foreign buyers/investors will continue to be subject to CFIUS jurisdiction without respect to the home country of the buyer/investor.) The establishment of a so-called “white list” of what will be called “Excepted Foreign Countries” will be accomplished by CFIUS selecting specific countries to exempt based on a super-majority vote of CFIUS member agencies. The criteria for qualification will include the establishment by the foreign country of a foreign investment review process of its own and coordination and cooperation with the United States on security matters. It is expected that the initial list will be very narrow, possibly only including America’s closest allies, Canada, the United Kingdom, Australia and New Zealand. The prospects of further inclusion of additional favored foreign countries will likely be used by the U.S. government to leverage other countries to increase their level of security cooperation with the United States.

Investors from Excepted Foreign Countries who meet specified requirements related to prior legal compliance will automatically be considered “Excepted Foreign Investors” so long as they maintain specified ties with an Excepted Foreign Country.

Note that under the proposed rules, a fund operating in an Excepted Foreign Country will not qualify as an “Excepted Foreign Investor” if any of its 5% or more economic owners (investors) are foreign nationals or entities from a country that is not an Excepted Foreign Country.

Note that in such a situation, a foreign fund that does not qualify as a Excepted Foreign Investor may still take advantage of the Pilot Program safe harbor and avoid mandatory reporting if none of its foreign investors have the kinds of participation rights that would disqualify the application of the safe harbor. This would be an important point to keep in mind if the list of Excepted Foreign Countries is drawn narrowly.

4. The New Regulations Provide Greater Specificity as to the Types of Transaction for Which Parties May Be Advised to Make Voluntary Filings

As was the case prior to FIRRMA, most CFIUS compliance and enforcement activity will continue to be based on voluntary notification of covered transactions. The new regulations provide significant help in determining which types of transactions CFIUS is likely to be most concerned with. In the past, parties often were left to guess or rely on their CFIUS counsel to piece together clues from prior non-published CFIUS enforcement actions. While that may still be the case in some circumstances, the new regulations provide very specific lists of the types of infrastructure, personal data and geographic locations that are of greatest interest to CFIUS:

  1. Critical Infrastructure. The new rules specify that CFIUS has authority to review non-controlling investments in U.S. Businesses that own, operate, manufacture, supply or service certain critical infrastructure identified in a detailed Annex to the proposed regulations.[4]
  2. Sensitive Personal Data. Recent CFIUS enforcement has focused on the foreign acquisition of U.S. businesses that maintain or collect sensitive personal data of U.S. citizens that could be exploited in a manner that threatens national security, but until now the extent of information of concern has not been publicly detailed. The proposed regulations describe the specific types of information CFIUS will consider sensitive, such as consumer credit reports, health and genetic data, biometric data and financial data tied to specific identifiable individuals. The proposed rules also describe types of data that are not of significant concern, such as the personal data typically collected and maintained by businesses with respect to their own customers and employees. The new rules emphasize that CFIUS’s focus in this area is on companies whose primary business model depends on the collection or usage of large amounts of data on identifiable individuals.
  3. Real Estate. The regulations provide a new stand-alone section of rules related to the acquisition of U.S. real estate by foreign investors. For the first time, CFIUS has defined the types of facilities and the proximity areas around them that will be considered to raise security concerns. An appendix to the proposed rules provides a detailed list of military installations. Although no list is provided, the new rules also apply to real estate located near airports, maritime ports and U.S. government facilities or properties other than listed military installations that are sensitive for reasons of national security. These rules apply specifically to real estate acquisitions, but foreign acquirers of U.S. businesses that operate at sites located near such facilities may also be advised to make voluntary CFIUS filings.

Conclusion

As the Department of the Treasury continues to issue new and more complex rules to implement FIRRMA, fund managers should continue to (a) consult with qualified CFIUS counsel; (b) monitor their fund governance/documentation, positions of their foreign investors and fund portfolio investments in order to ensure they comply with mandatory CFIUS filing requirements; and (c) be aware of any risks of CFIUS enforcement where mandatory filings are not required but where CFIUS has jurisdiction to require mitigation or divestment if it finds national security concerns are raised by a particular transaction.

Fund managers should also expect that the U.S. businesses in which they make significant investments, lenders, co-investors and other counterparties may increasingly ask about the CFIUS status of their funds in due diligence, and should be prepared to make representations in transaction documents as to whether particular funds or investors are not (or are) subject to mandatory CFIUS filing requirements and/or CFIUS jurisdiction.

More rules implementing FIRRMA are expected in the coming months related to the establishment of filing fees for both mandatory and voluntary CFIUS filings, and the expansion of the mandatory Pilot Program reporting requirements related to critical technologies considered to be “emerging” or “foundational.” If you have any questions regarding FIRRMA regulations or CFIUS compliance, please reach out to the contacts provided below.