Regulations proposed September 17, 2019, continue the implementation of the Foreign Investment Risk Review Modernization Act of 2018 ("FIRRMA") and greatly broaden the scope of transactions subject to review by the Committee on Foreign Investment in the United States (“CFIUS” or “the Committee”).

Last November, the U.S. Department of the Treasury (“Treasury”) implemented part of FIRRMA, including putting in place a pilot program that gave CFIUS expanded jurisdiction over certain non-controlling investments in U.S. businesses with certain involvement in critical technology. The program mandates CFIUS filings for such investments. CFIUS is an inter-agency governmental committee that evaluates the national security implications of certain foreign acquisitions of, and investments in, U.S. businesses.

These proposed regulations expand CFIUS review to non-passive investments in U.S. businesses with critical infrastructure and sensitive personal data. They also expand CFIUS review to certain real estate investments. The regulations also appear to resolve the question of whether there will be a “white list,” by providing for excepted investors in certain circumstances. Another key development is the proposed implementation of mandatory filings for covered investments and control transactions in which a foreign government holds a substantial interest.

Comments on the proposed regulations must be received by October 17, 2019. CFIUS has indicated that the final regulations will cover not only matters addressed in its September 17 proposals, but also the matters covered in the pilot program it initiated last fall.

The proposed regulations would wholly replace the existing CFIUS regulations and provide significant detail and specificity. This briefing provides a high-level overview and we will be supplementing this with further posts analyzing various aspects of the proposed regulations and their implications.

Expanded Scope to Include Non-Passive Investments in Critical Infrastructure and Sensitive Personal Data

The proposed regulations provide CFIUS jurisdiction over both “covered control transactions” (31 CFR §800.210) and “covered investments” (31 CFR § 800.211). The distinction emphasizes that CFIUS continues to have jurisdiction over all foreign acquisitions of control in a U.S. business. Covered investments are proposed to include certain non-passive investments in unaffiliated Technology, Infrastructure, and Data (“TID”). Below is a breakdown of many of these definitions and an explanation of what investments would meet the proposed language’s definition of “covered investments.”

As mentioned above, a “covered investment” must be in a TID U.S. business. “TID U.S. business” is a CFIUS-created term that is shorthand for companies that:

  • Produce, design, test, manufacture, fabricate, or develop one or more critical technologies;
  • Perform the functions set forth in a detailed appendix to the regulations with respect to covered investment critical infrastructure; or
  • Maintain or collect, directly or indirectly, sensitive personal data of U.S. citizens.

Critical Technology. Critical technology was previously addressed by the Pilot Program, and the proposed regulations essentially continue this manner of identifying covered investments in critical technology.

Critical Infrastructure. The proposed regulations identify the functions and critical infrastructure that will be considered “covered investments” through a detailed analysis of whether the U.S. business carries out certain identified functions with respect to certain identified critical infrastructures (see proposed Appendix A to part 800). A key takeaway here is that the proposed regulations, while drawing some bright lines, provide detailed guidance that will require focused fact-finding and analysis relating to particular transactions. Also, the scope of critical infrastructure in this context includes “soft” assets—such as Internet protocol networks, Internet exchange points, and core processing services— in the Significant Service Provider Program of the Federal Financial Institution Examination Council. This is in addition to more-traditional assets, such as submarine cable systems and telecommunication and satellite networks, industrial resources, certain defense manufacturing facilities, electric energy storage facilities, refineries, ports, pipelines, and many others.

Sensitive Personal Data. The proposed regulations also define this term in considerable detail. Sensitive Personal Data covers data types ranging from health-related data to geolocation data to certain financial data and personal identifier data. For most types of sensitive personal data, the company will only be a TID U.S. business if it either targets or tailors certain U.S. Government personnel or contractors, or maintains or collects (or aims to maintain or collect) data on greater than one million individuals. However, companies that maintain or collect genetic information will be considered TID U.S. businesses regardless of whether they meet these thresholds.

Significantly, as described in FIRRMA, in the proposed regulations only certain direct or indirect investments in a TID U.S. business will be “covered investments” subject to CFIUS review. To be subject to CFIUS review, the investment must afford the foreign person:

  • access to material non-public technical information;
  • membership or observer rights on the board of directors or an equivalent governing body of the business or the right to nominate an individual to a position on that body; or
  • any involvement, other than through voting of shares, in substantive decision making regarding sensitive personal data of U.S. citizens, critical technologies, or critical infrastructure.

The proposed regulations continue to exclude from CFIUS review investments by limited partners that have only certain rights through a Limited Partnership Advisory Committee.

Expanded Scope to Include Real Estate Investments

Under FIRRMA, CFIUS is authorized to review the purchase or lease by, or a concession to, a foreign person of private or public real estate that (1) is located within, or will function as part of, an air or maritime port; (2) is in close proximity to a United States military installation or another facility or property of the United States Government that is sensitive for reasons relating to national security; (3) could reasonably provide the foreign person the ability to collect intelligence on activities being conducted at such an installation, facility, or property; or (4) could otherwise expose national security activities at such an installation, facility, or property to the risk of foreign surveillance.

To identify real estate transactions within the scope of CFIUS review, proposed regulations (new 31 CFR Part 802) (i) identify covered real estate in very specific geographic terms and (ii) define covered real estate transactions by rights acquired in covered real estate.

Covered Real Estate. The proposed regulations define covered real estate as real estate:

  • located within or functioning as part of an airport or maritime port
  • located within close proximity (one mile) of military installations and other government facilities and properties listed in an Appendix to the regulations
  • located within an extended range (up to 100 miles or 12 nautical miles) of certain military installations listed in the Appendix
  • located within counties or geographic areas identified in connection with military installations identified in the Appendix
  • located within any part of military installations identified in the Appendix, that is within 12 nautical miles seaward of the U.S. coastline

Covered Real Estate Transactions. A covered real estate transaction is any purchase or lease by, or concession to, a foreign person of covered real estate that affords the person at least three of the following rights: 1) to physically access; (2) to exclude; (3) to improve or develop; or (4) to affix structures or objects. Also included are changes in rights in an existing relationship that would grant a foreign person three of these same rights, as well as transactions structured to evade or circumvent CFIUS jurisdiction.

Exemptions. FIRRMA excludes from CFIUS’s jurisdiction the purchase or lease by, or concession to, a foreign person of a single “housing unit,” as defined by the Census Bureau. This means that, in most cases, CFIUS does not have jurisdiction to review the sale of residential houses, apartments, or condos to foreign citizens.

No Mandatory Filing. As a general matter, parties to a covered real estate transaction will decide whether to file a notice voluntarily or submit a declaration to CFIUS. As currently written, the proposed regulations do not require parties to covered real estate transactions to submit a declaration to CFIUS.

Mandatory Filings for Transactions Involving a Substantial Interest of a Foreign Government.

FIRRMA requires that CFIUS filings be mandatory when a foreign government would acquire a “substantial interest,” direct or indirect, in a TID U.S. business.

Substantial interest is defined as a voting interest of 25%, direct or indirect, in a U.S. business by a foreign person and a voting interest, direct or indirect, of 49% or more by a foreign government in a foreign person. 31 CFR §800.244. Any voting interest of a parent (one who holds at least 50% direct or indirect voting interest in an entity) will be deemed a 100% voting interest for purposes of calculating indirect ownership percentages. The proposed regulations make filings mandatory where the transaction would result in the acquisition of a substantial interest in a TID U.S. business by a foreign person in which a foreign government has a substantial interest. 31 CFR §800.401. The exclusion of certain limited partner investments continues to apply in this circumstance.

The mandatory filing required is the new short-form declaration filing described below, although parties may choose to submit a long-form notice filing.

Shorter “Declarations” for Voluntary Filings

FIRRMA created a process for a “light” CFIUS filing called a “declaration.” Less information is required than for a full notice, but a substantial amount of information is still required, as detailed in our previous briefing. One potential benefit to filers is that declarations do not require detailed personal information about the directors, officers, and owners of the foreign investor, the gathering of which can often delay the filing process.

The proposed regulations change the requirement for when mandatory declarations must be filed to 30 days before the completion date, instead of 45 days. CFIUS is required to take one of four actions in response to a declaration:

  • request that the parties file a notice;
  • inform the parties that CFIUS cannot complete action under section 721 on the basis of the declaration, and allow parties to file a notice;
  • initiate a unilateral review of the transaction; or
  • notify the parties that CFIUS has concluded all action under section 721.

Parties that foresee CFIUS scrutiny or seek formal conclusion of CFIUS review before closing will likely continue to submit a full notice in lieu of a mandatory declaration to avoid potential delay.

There Will Be a White List!

One of the discussed questions by practitioners about how CFIUS would implement FIRRMA has been addressed in the proposed regulations. CFIUS has indeed proposed a white list of foreign investors excepted from the regulations in certain circumstances. CFIUS warns in the preamble to the regulations that, in the beginning, this list will likely be very short.

Certain foreign investors will be excepted from the rules describing a “covered investment.” (Note they will not be excepted from the rules regarding covered control transactions.) Excepted investors must be either a foreign national of an excepted foreign state, a foreign government of an excepted foreign state, or a foreign entity organized and with its principal place of business in an excepted foreign state and with minimum excepted ownership by persons who themselves essentially qualify as excepted investors.[1] Several past and future missteps may disqualify someone as an excepted investor, including having violated certain U.S. laws or regulations (including Office of Foreign Assets Control and export control regulations), or having committed a violation of a mitigation agreement. Interestingly, missteps or changes in status within three years post-closing may retroactively disqualify someone as an excepted investor. CFIUS may then choose to review the closed transaction.

The proposed regulations indicate that Treasury will identify a short list of foreign states from which foreign persons are eligible to be excepted investors. An important factor will be whether the foreign state has established and is effectively using a robust national security review process itself. The Committee is considering a delay in this requirement, in order to give foreign states an opportunity to enhance their own programs. The proposed rulemaking requests comments on this particular issue.

Key Considerations

Companies considering making or receiving foreign investments should be acutely aware of key takeaways:

  • CFIUS will shortly implement the full scope of its authority under FIRRMA to include covered investments in critical infrastructure and sensitive personal data, in addition to the previously implemented authority to review covered investments in critical technology.
  • CFIUS will shortly implement its authority to review real estate transactions that may impact national security. Covered real estate is identified with geographic specificity to certain listed locations.
  • Investors from certain foreign countries may qualify for the “white list” as excepted investors. However, actions taken after the closing of a transaction can disqualify their excepted investor status and subject the transaction to CFIUS review.
  • Companies wishing for formal conclusion of CFIUS review and companies worried about the national-security implications of a proposed transaction should elect to file a full notice rather than a declaration.
  • Declarations will soon be mandatory for transactions that involve the acquisition of a substantial interest in a TID U.S. business by a foreign government.
  • Due diligence of both investors and investment targets should expand in depth and detail to ensure compliance with soon-to-be-implemented CFIUS regulations.