Cross-border mergers and acquisitions: what you should know about foreign investment in the United States and national security considerations

The Committee on Foreign Investment in the United States (CFIUS) is an interagency committee that conducts national security reviews of transactions in which a foreign person might acquire control over a person doing business in the United States. This Alert discusses CFIUS, the factors that might trigger a CFIUS review of a transaction, and the CFIUS review process.

Background

CFIUS was created in 1975 by Executive Order, and it currently consists of the heads of the Departments of Treasury (chair of the Committee), Justice, Homeland Security, Commerce, Defense, State, and Energy, as well as the heads of the Offices of the U.S. Trade Representative and Science & Technology Policy. In addition, the Office of Management & Budget, the Council of Economic Advisors, the National Security Council, the National Economic Council, and the Homeland Security Council also observe and, as appropriate, participate in CFIUS’s activities, and the Director of National Intelligence and the Secretary of Labor are non-voting, ex-officio members of CFIUS with specifically defined roles.

In 1988, amid concerns over foreign acquisitions of certain types of U.S. firms, the U.S. Congress enacted the Exon-Florio Amendment, amending Section 721 of the Defense Production Act of 1950 and giving the President of the United States the authority to investigate foreign acquisitions of U.S. companies and to suspend or prohibit a transaction if the President believes that the acquirer might take action that threatens to impair the national security. By Executive Order, President Reagan delegated the review process to CFIUS but retained the ultimate authority to suspend or prohibit transactions.

In 2007, as a result of the political firestorm that accompanied the attempted acquisition of major U.S. port operations by Dubai Ports World, an entity controlled by the United Arab Emirate of Dubai, Congress enacted the Foreign Investment and National Security Act of 2007 (FINSA) to formalize and strengthen the CFIUS review process. As required by FINSA, on November 18, 2008 the Treasury Department issued final regulations governing the CFIUS review process (the Final Regulations). These Final Regulations became effective on December 22, 2008. Also as required by FINSA, on December 8, 2008 the Treasury Department issued guidance concerning the types of transactions previously reviewed that have presented national security considerations. The guidance includes a discussion of certain types of information CFIUS considers useful for parties filing a notice to provide.

CFIUS Review Process

Although CFIUS has conducted national security reviews for many years as the President’s designee under the Exon-Florio Amendment, FINSA formally codifies the role of CFIUS in the review process. Specifically, FINSA requires that CFIUS conduct a national security review of any transaction that could result in foreign control of a person engaged in interstate commerce in the United States, which FINSA refers to as a “covered transaction” (discussed in greater detail below). For purposes of CFIUS review, “national security” is not defined, but certain factors are to be considered, including (1) U.S. defense production requirements; (2) potential impact on military sales contrary to U.S. interests; (3) the subject country’s adherence to nonproliferation control regimes, its cooperation with the United States on counter-terrorism efforts, and its national export laws and regulations; (4) potential national security-related effects on U.S. critical infrastructure; and (5) whether the transaction is a foreign government-controlled transaction.

The system is based on voluntary notices to CFIUS by parties to transactions, although FINSA authorizes CFIUS to review transactions that have not been voluntarily notified. In deciding whether to submit a voluntary notice of a transaction to CFIUS, parties to a transaction should consider whether their transaction could raise national security concerns. A covered transaction that has been notified to CFIUS, and on which CFIUS has concluded action after determining that there were no unresolved national security concerns, qualifies for a “safe harbor,” which would allow the transaction to proceed without the possibility of subsequent suspension or prohibition under FINSA.

When CFIUS is notified of a transaction, the Treasury Department will appoint one or more lead agencies for the transaction, and the lead agencies will have 30 days to complete an initial review of the transaction, to determine the effect of the transaction on national security and to address any national security concerns. Specifically, CFIUS is to focus on: (1) whether the transaction is by or with any foreign person and could result in foreign control of a U.S. business; (2) whether there is credible evidence to support a belief that any foreign person exercising control of that U.S. business might take action that threatens to impair the national security of the United States; and (3) whether other provisions of law provide adequate and appropriate authority to protect the national security of the United States. During the review process, where a covered transaction presents national security risks, FINSA authorizes CFIUS or a lead agency to enter into mitigation agreements with parties to the transaction or to impose conditions on the transaction to address such risks.  

After its initial 30-day review, if CFIUS determines that the transaction does not threaten national security or that other existing provisions of law provide adequate authority to address any such threat posed by the transaction, the Treasury Department will notify the parties to the transaction that CFIUS has decided not to undertake a further investigation of the transaction and has concluded action under FINSA. However, CFIUS will investigate the transaction further if a member of CFIUS believes that the transaction threatens to impair national security and the threat has not been mitigated, or if a lead agency recommends that CFIUS should investigate the transaction further and CFIUS concurs. In addition, subject to certain exceptions, FINSA requires further investigation in the following types of cases: (1) where the transaction threatens to impair U.S. national security and that threat has not been mitigated; (2) where the transaction results in foreign control over critical infrastructure that could impair national security and that impairment has not been mitigated; (3) where the transaction is a foreign government-controlled transaction (except where the Treasury Department and the lead agencies determine that the transaction will not impair national security); or (4) where a lead agency recommends that an investigation be undertaken and CFIUS concurs.

If CFIUS decides to proceed with a further investigation of a transaction, or is required to do so as described above, then the additional investigation must be completed within 45 days. Following such investigation, CFIUS must send a report to the President requesting the President’s decision if: (1) CFIUS recommends that the President suspend or prohibit the transaction; (2) the members of CFIUS are unable to reach a decision on whether to recommend that the President suspend or prohibit the transaction; or (3) CFIUS requests that the President make a determination with regard to the transaction. Otherwise, CFIUS may decide to conclude all action under FINSA without sending a report to the President, in which case the Treasury Department will notify the parties to the transaction that CFIUS has concluded action under FINSA.

If the President makes a decision on a transaction under FINSA, then he must announce his decision publicly within 15 days of the completion of the investigation.

Covered transactions

FINSA introduced the term “covered transaction” to identify the types of transactions that are subject to CFIUS’s review and investigation. FINSA defines a “covered transaction” as a transaction by or with a foreign person that could result in control of a U.S. business by a foreign person. The Final Regulations clarify the meaning of “covered transaction” by defining important elements of the term, such as “transaction,” “foreign person,” “control” and “U.S. business.”

The term “transaction” is defined as one that involves a merger, acquisition, or takeover proposed or pending after August 23, 1988, excluding certain start-up or “greenfield” investments. It should be noted that under the Final Regulations, if a transaction was proposed after August 23, 1988, then it could be a “covered transaction” even if it has already been consummated. In addition, the Final Regulations clarify that joint ventures and long-term leases may be “transactions.” Therefore, if a joint venture or long-term lease would give a foreign person control of a U.S. business (as those terms are defined under the Final Regulations), then those transactions would be subject to CFIUS review. The Final Regulations also clarify that loans themselves, including those with covenants giving the lender a negative right over certain decisions of the borrower, are not “transactions,” except where the foreign person acquires economic or governance rights in the U.S. business characteristic of an equity investment but not of a loan. The acquisition of control of a U.S. business by a foreign lender as a result of a borrower’s default on a loan, however, could still be considered a covered transaction. In that case, the Final Regulations allow CFIUS to provide the foreign person with the time needed to dispose of collateral of which it has taken possession, so long as the foreign person has made arrangements to transfer management decisions or day-to-day control over the U.S. business to U.S. nationals during the interim period.

The term “foreign person” is defined as any foreign national, foreign government, or foreign entity, or any entity over which control is exercised or exercisable by any of them. The Final Regulations expanded the definition to include the term “foreign entity.” A “foreign entity” is defined with a focus on where an entity is organized if either its principal place of business is outside the United States or its equity securities are primarily traded on one or more foreign exchanges, except that an entity with a majority of its equity interest ultimately owned by U.S. nationals is not a foreign entity.

The Final Regulations maintain the longstanding approach of defining “control” in functional terms as the ability to exercise certain powers over important matters affecting an entity. Specifically, “control” is defined as the “power, direct or indirect, whether or not exercised ... to determine, direct, or decide important matters affecting an entity ...” This “control” may be found many ways, including through ownership of voting interests, board representation, proxy voting, special shares, contractual arrangements, formal or informal arrangements to act in concert with other parties, or other means. However, the Final Regulations identify certain minority shareholder protections that are not considered to confer, by themselves, control over an entity, and they also include examples to clarify that, although an investor might have influence within a business, if that influence does not rise to the level of “control” then the acquisition of influence is not sufficient to trigger CFIUS review.

The term “U.S. business” means any entity engaged in interstate commerce in the United States, irrespective of the nationality of the persons that control it, but only to the extent of its activities in interstate commerce. For example, if a company is organized under the laws of a foreign state and is wholly owned and controlled by a foreign national, and if the company engages in interstate commerce in the United States through a branch or subsidiary, then the branch or subsidiary would be considered a U.S. business. However, if the company does not have a branch office, subsidiary, or fixed place of business in the United States, but merely exports and licenses technology to an unrelated company in the United States or exports goods to unrelated companies in the United States, then assuming no other relevant facts, the company is not a U.S. business.

The Final Regulations also clarify that certain transactions will not constitute “covered transactions,” including (1) a stock split or pro rata stock dividend that does not involve a change in control; (2) an acquisition by a foreign person of 10 percent or less of the voting interest in a U.S. business, if the interest is held solely for the purpose of passive investment; (3) an acquisition of any part of an entity or of assets, if such part of an entity or assets does not constitute a U.S. business; (4) an acquisition of securities by a securities underwriter, in the ordinary course of business and in the process of underwriting; and (5) an acquisition pursuant to an insurance contract relating to fidelity, surety, or casualty obligations if the contract was made by an insurer in the ordinary course of business.

Critical infrastructure

As described above, CFIUS is required to proceed with a further investigation of any transaction that (1) would result in foreign control over critical infrastructure and (2) could impair national security (unless that impairment has been mitigated). Although FINSA does not define “critical infrastructure” and lists only “major energy assets” as an example of critical infrastructure, the Final Regulations clarify that “critical infrastructure” means any system or asset, whether physical or virtual, that is so vital to the United States that its incapacity or destruction would have a debilitating impact on national security. The Final Regulations also clarify that, in determining whether a covered transaction involves critical infrastructure, CFIUS would consider the “particular” system or asset involved on a case-by-case basis, rather than defining certain classes of systems or assets as critical infrastructure.

Foreign-government-controlled transactions

As described above, CFIUS is required to proceed with a further investigation of any transaction that (1) is a foreign government-controlled transaction and (2) could impair national security (except where the Treasury Department and the lead agencies determine that the transaction will not impair national security). A foreign government-controlled transaction is defined as a covered transaction that could result in the control of a U.S. business by a foreign government or a person controlled by or acting on behalf of a foreign government. The Final Regulations clarify that CFIUS may treat investments by foreign government officials as investments by foreign governments where the circumstances so warrant, such as in certain cases where an official invests to advance governmental objectives.

Pre-filing recommendations

Before the Final Regulations were issued, CFIUS had adopted the practice of encouraging parties to engage with CFIUS before making a formal filing. The Final Regulations make this practice explicit. By consulting with CFIUS in advance of filing, the parties can help ensure that the filing they eventually submit will contain the information CFIUS needs for its review. This is particularly true when a party to a transaction has not previously filed a notice with CFIUS or when a transaction is unusually complex. The Final Regulations suggest that pre-filing consultations may include (1) informing CFIUS that a transaction may be filed and when it may be filed; (2) asking CFIUS procedural questions; (3) requesting a meeting to provide information about the transaction and to allow CFIUS to pose questions that may help the party identify information it may wish to include in its eventual filing; and (4) providing a draft of the filing. FINSA and the Final Regulations provide that confidentiality protections apply to information provided to CFIUS as part of the review process, including during the course of pre-notice consultations and after the CFIUS review is completed.  

Information requirements

The Final Regulations require that a voluntary notice include information that CFIUS has routinely sought from notifying parties, including, among other things; (1) a description of the transaction and a copy of any document establishing its terms; (2) the expected date for completion of the transaction, or the date it was completed; (3) a good faith approximation of the net value of the interest acquired in the U.S. business; (4) information about the target U.S. business, including its U.S. market share, its contracts with U.S. government entities connected to national defense, homeland security, or other national security responsibilities, and any licenses granted to it by the U.S. government; (5) information about the foreign acquirer, including information about the entities or individuals having ultimate control of the foreign acquirer, the directors and senior officers of the foreign acquirer and entities in its ownership chain, and the foreign acquirer’s intentions with respect to the target U.S. business; and (6) the opinion of the filing party as to whether it is a foreign person, is controlled by a foreign government, and the transaction is a covered transaction (focusing on any powers that the foreign person will have with regard to the U.S. business and how those powers can or will be exercised). In addition, the parties must certify the accuracy and completeness of their notices, and any material misstatement or omission made by a party may result in the rejection of the notice or the reopening of a completed review or investigation.  

Penalties  

The Final Regulations provide that any party who, either intentionally or through gross negligence, submits a material misstatement or omission in a notice to CFIUS, or makes false certifications to CFIUS, may be subject to civil penalties of up to $250,000 per violation, the amount of which will be based on the nature of the violation. In addition, the Final Regulations provide that any party who, either intentionally or through gross negligence, violates any material provision of a mitigation agreement or a material condition entered into or imposed under FINSA will be subject to civil penalties of up to $250,000 per violation or the value of the transaction, whichever is greater.  

CFIUS Guidance

On December 8, 2008 the Treasury Department issued guidance concerning the types of transactions previously reviewed that have presented national security considerations (the Guidance). The Guidance includes a discussion of certain types of information CFIUS considers useful for parties filing a notice to provide.

The Guidance clarifies that “national security considerations” are facts and circumstances that have potential national security implications and that therefore are relevant for CFIUS to analyze in determining whether a transaction threatens to impair U.S. national security. In making its determination, CFIUS considers all national security considerations to assess whether the transaction poses a national security risk (i.e., whether the foreign person that exercises control over the U.S. business as a result of the transaction might take action that threatens to impair U.S. national security). In analyzing whether the transaction poses national security risk, CFIUS focuses on two separate facets of the transaction: (1) the nature of the U.S. business and (2) the nature of the foreign person acquiring control of the U.S. business.

In examining the nature of the U.S. business, CFIUS will focus on whether the U.S. business provides goods or services that directly or indirectly contribute to U.S. national security, or whether its relationship to a weakness or shortcoming in a system, entity, or structure, creates susceptibility to impairment of U.S. national security. Areas of concern include (1) defense, security, and national security-related law enforcement sectors; (2) industry segments such as weapons and munitions manufacturing, aerospace, and radar systems; (3) goods and services involving information technology, telecommunications, industrial products, or creating vulnerability to sabotage or espionage; (4) the energy sector; (5) the exploitation and transportation of natural resources; (6) transportation systems, including maritime shipping and port terminal operations and aviation maintenance, repair, and overhaul; and (7) the financial system.

In examining the nature of the foreign person acquiring control of the U.S. business, CFIUS will focus on issues like the following: (1) whether a transaction is a foreign government-controlled transaction; (2) the record of the investor’s country with regard to nonproliferation and other national security-related matters; (3) the record and intentions of the foreign person and its personnel with regard to actions that could impair U.S. national security, including whether the foreign person acquiring control of the U.S. business has plans to terminate contracts between the U.S. business and U.S. government agencies for goods and services relevant to national security; (4) the extent to which the investor’s investment management policies require investment decisions to be based solely on commercial grounds; (5) the degree to which the investor’s management and investment decisions are exercised independently from the controlling government; (6) the degree of transparency and disclosure of the investor’s purpose, investment objectives, institutional arrangements, and financial information; and (7) the degree to which the investor complies with applicable regulatory and disclosure requirements of the countries in which it invests.  

National security risk is a function of the interaction between threat and vulnerability, and the potential consequences of that interaction for U.S. national security, and the Guidance clarifies that the mere fact that a transaction raises national security concerns does not mean that it necessarily poses national security risk. The Guidance also clarifies that normal corporate reorganizations involving the realignment of a company’s structure to achieve some legal, financial, or other business objective would present national security considerations only in exceptional cases, such as where control of a U.S. business is transferred from a foreign person to a second foreign person, both of which are wholly-owned subsidiaries of a third foreign person, but where the second foreign person that will be intermediately controlling the U.S. business has different actions, policies, and personnel that raise national security considerations that were not raised by the previously controlling foreign person.