Latham & Watkins operates worldwide as a limited liability partnership organized under the laws of the State of Delaware (USA) with affiliated limited liability partnerships conducting the practice in France, Hong Kong, Italy, Singapore, and the United Kingdom and as an affiliated partnership conducting the practice in Japan. Latham & Watkins operates in South Korea as a Foreign Legal Consultant Office. Latham & Watkins works in cooperation with the Law Office of Salman M. Al-Sudairi in the Kingdom of Saudi Arabia. Under New York’s Code of Professional Responsibility, portions of this communication contain attorney advertising. Prior results do not guarantee a similar outcome. Results depend upon a variety of factors unique to each representation. Please direct all inquiries regarding our conduct under New York’s Disciplinary Rules to Latham & Watkins LLP, 885 Third Avenue, New York, NY 10022-4834, Phone: +1.212.906.1200. © Copyright 2019 Latham & Watkins. All Rights Reserved.
Latham & Watkins CFIUS & US National Security Practice November 27, 2019 | Number 2567
CFIUS Annual Report: 10 Key Takeaways for Calendar Years 2016 and 2017 The number of CFIUS notices filed is growing, more cases are extending into an investigation phase, and instances of pulling and refiling CFIUS notices are increasing. On November 22, 2019, the Committee on Foreign Investment in the United States (CFIUS) published the public version of its Annual Report to Congress for CY 2016 and CY 2017 (Report). CFIUS did not publish a report in 2018, which explains why this year’s report includes two calendar years. The Report provides aggregated statistical data and other information about the notices submitted to CFIUS in 2016 and 2017, in connection with national security reviews of foreign investment in the United States.
Because CFIUS publishes these required annual reports more than a full year after the covered period, the current Report does not reflect recent trends, including the passage of the Foreign Investment Risk Review Modernization Act (FIRRMA) in August 2018 and the FIRRMA-authorized “Pilot Program,†which requires that certain non-passive and non-controlling foreign investments in US businesses with “critical technology†be notified to CFIUS.
For more information about FIRRMA and the Pilot Program, see US Treasury Department Publishes Proposed Regulations to Implement FIRRMA: 10 Key Questions Answered; New Law Governing Foreign Direct Investment in the United States Brings Significant Changes to CFIUS Review; and CFIUS Pilot Program Makes Notifications Mandatory for Specific Areas of Critical Technology.
10 Key Takeaways
1. The Report shows a significant increase in the number of notices filed with CFIUS in 2016 and 2017 The Report reflects that CFIUS received 172 notices in 2016 and 237 notices in 2017. These numbers indicate a significant increase in the number of notices filed in recent years. Filings increased almost 40% between 2016 and 2017, and nearly 150% from 2013 (97 notices) to 2017. CFIUS separately reported that it received 229 notices in 2018, about the same number as in 2017.
Data sourced from CFIUS Annual Report to Congress (Report Period: CY 2016 and CY 2017)
The authors expect that CFIUS will have received well over 200 notices by the end of 2019, which does not include the more than 100 short-form “declarations†CFIUS received this year in connection with the new Pilot Program.
2. Investors from China continued to submit the most CFIUS notices Of the 45 countries identified in the Report, including the Crown dependencies Jersey and Guernsey, China continued to account for the largest number of CFIUS notices filed — nearly three times as many as investors from Canada. In 2017, investors from China submitted 60 of 237 notices (25%). For comparison, the other top filers were from Canada (22 notices each in 2016 and 2017), Japan (13 notices in 2016 and 20 notices in 2017), the United Kingdom (seven notices in 2016 and 18 notices in 2017), and France (eight notices in 2016 and 14 notices in 2017).
CFIUS Notices Filed by Chinese Investors
Calendar year Total number of CFIUS filings Number of China-
related filings % of CFIUS caseload
2013 97 21 21% 2014 147 24 16% 2015 143 29 20% 2016 172 54 31% 2017 237 60 25%
Data sourced from CFIUS Annual Report to Congress (Report Period: CY 2016 and CY 2017)
Latham & Watkins November 27, 2019 | Number 2567 | Page 3
Together, these five countries represented 60% of all filings in 2016 (104 of 172 notices), and 57% in 2017 (134 of 237 notices). As compared to 2015, the countries with the biggest decreases in CFIUS submissions were Hong Kong, Indonesia, and Turkey. After generating no notices in 2015 and 2016, investors from Russia submitted three notices to CFIUS in 2017.
Data sourced from CFIUS Annual Report to Congress (Report Period: CY 2016 and CY 2017)
3. CFIUS pushed more transactions into a second-phase 45-day investigation period after an initial 30-day “review†period Before CFIUS partially implemented FIRRMA in 2018, the initial “review†period after CFIUS accepted a notice was 30 calendar days. (Post-FIRRMA, the review period is now 45 calendar days). If, at the end of that 30-day review period, CFIUS concluded that the transaction did not raise unresolved issues of national security, CFIUS cleared the transaction. If CFIUS could not reach that determination after the review period, CFIUS took the case into an additional “investigation†period, which could last up to 45 calendar days. (For a more detailed description, see Latham’s Overview of the CFIUS Process and Key Questions Answered on CFIUS.)
The Report shows a significant increase in CFIUS moving cases from the 30-day review period into the 45-day investigation period. CFIUS took 79 of the 172 notices filed in 2016 into the investigation phase (46% of CFIUS submissions), and 172 of the 237 notices filed in 2017 (73% of CFIUS submissions). CFIUS also released data showing that the investigation rate in 2018 was about 70%.
Latham & Watkins November 27, 2019 | Number 2567 | Page 4
Data sourced from CFIUS Annual Report to Congress (Report Period: CY 2016 and CY 2017)
As noted above, FIRRMA extended the initial review period in August 2018 from 30 calendar days to 45 days. Senior officials at the US Treasury Department have commented that the 15-day expansion of the review period has led to significantly fewer cases moving into the investigation phase in 2019 (i.e., less than 50% of cases). The CFIUS report for CY 2019, which is expected in 2021, should reflect this trend.
4. More parties “pulled and refiled†their transactions with CFIUS In 2016, the Report shows that 27 notices of the 172 filed were withdrawn — a withdrawal rate of 16%. The following year, the withdrawal rate nearly doubled to 31% (74 out of 237 notices). In comparison, parties withdrew 13 of 143 notices in 2015 (9%) and 12 of 147 notices in 2014 (8%).
The number of notices withdrawn during the investigation phase (21 in 2016, and 67 in 2017) was much higher than the number of notices withdrawn during the review phase (six in 2016, and seven in 2017). Notably, in both 2016 and 2017, most parties that chose to withdraw their notices refiled them. This indicates a growing trend in challenging CFIUS cases called a “pull and refile,†which serves to reset the statutory time periods, giving CFIUS more time to consider a case and hopefully find a way to issue a clearance, often with some form of mitigation.
5. A growing number of parties simply abandoned their transactions Calendar year 2017 also saw a sharp increase in the number of parties abandoning their transactions, in many cases presumably because CFIUS could not mitigate one or more national security concerns. While the Report reflects that only three filings were withdrawn and not refiled in 2016 due to national security concerns (accounting for about 2% of all notices), that number rose to 24 notices in 2017 (accounting for over 10% of all notices).
6. The Finance, Information, and Services sectors generated the most notices and, together with the Manufacturing sector, continued to account for about three-fourths of all CFIUS filings From 2009 to 2017, about three-fourths of all notices have involved US businesses in the Finance, Information, and Services and Manufacturing sectors. This trend continued — 135 of 172 total notices in 2016 and 190 of 237 notices in 2017 fell within these industries. For the first time since 2009, the
Latham & Watkins November 27, 2019 | Number 2567 | Page 5
Finance, Information, and Services sectors generated more notices in both 2016 (68 notices, or 40% of all notices) and 2017 (108 notices, or 46% of all notices) than any other sector, including Manufacturing.
Data sourced from CFIUS Annual Report to Congress (Report Period: CY 2016 and CY 2017)
Latham & Watkins November 27, 2019 | Number 2567 | Page 6
7. The Report does not reflect a significant increase in the number of cases in which CFIUS imposes mitigation on the parties as a condition of receiving the CFIUS clearance (though CFIUS is likely offering mitigation in fewer cases) From 2013 to 2015, 40 cases (10% of the total) resulted in the parties agreeing to mitigation proposed by CFIUS as a condition of receiving their CFIUS clearance. These numbers stayed relatively steady in the following years: In 2016, CFIUS agreed to mitigation in 17 of 172 of the notices submitted to CFIUS (10%) and, in 2017, that number increased slightly to 12% (29 of 237 notices).
The Report explains that common mitigation measures offered by CFIUS include:
• Establishing guidelines and terms for handling existing or future US government contracts, US government customer information, and other sensitive information
• Ensuring that only authorized persons have access to certain technology; that only authorized persons have access to US government, company, or customer information; and that the foreign acquirer not have direct or remote access to systems that hold such information
• Ensuring that only US citizens handle certain products and services, and that certain activities and products are located only in the United States
• Establishing a Corporate Security Committee and other mechanisms to ensure compliance with all required actions, including the appointment of a security officer approved by the US government or member of the board of directors, and requirements for security policies, annual reports, and independent audits
• Notifying, for approval, security officers or relevant US government parties in advance of foreign national visits to the US business that was the subject of the CFIUS review
• Implementing security protocols to ensure the integrity of goods or software sold to the US government
• Notifying customers regarding the change of ownership
• Issuing assurances of continuity of supply for defined periods, and notification and consultation prior to taking certain business decisions, with certain rights in the event that the company decides to exit a business line
• Establishing meetings to discuss business plans that might affect US government supply or national security considerations
• Excluding certain sensitive assets from the transaction that is the subject of the CFIUS review
Notably, in the most recent Report, CFIUS identified one new mitigation measure not included in previous reports:
• Prohibiting or limiting the transfer or sharing of certain intellectual property, trade secrets, or know- how
For the first time, the Report also includes the “divestiture of all or part of the US business†as an example of a “mitigation measure.†Despite including this as a potential mitigation measure, the Report
Latham & Watkins November 27, 2019 | Number 2567 | Page 7
acknowledges that divestiture is typically effectuated through a withdrawal of a notice and subsequent abandonment of a transaction, and divestiture data is therefore not included in mitigation data.
As an aside, in 2018, CFIUS separately reported its first publicly reported civil penalty of US$1 million for breach of a mitigation agreement. CFIUS imposed the penalty because of the target’s “failure to establish requisite security policies and failure to provide adequate reports to CFIUS.â€
8. The delayed release of the Report, which, for the first time, covers two years, likely reflects the additional demand on CFIUS’s time Section 721(m) of the Defense Production Act of 1950 requires CFIUS to produce an annual report before July 31 of each year on all of the reviews and investigations of covered transactions during the 12- month period covered by the report. CFIUS did not publish on its website a public version of a report in 2018, and this year’s Report includes data covering both 2016 and 2017. The lag in issuing the public report is likely the result of several factors, including: more CFIUS notices to review, staffing constraints, a 35-day government shutdown in 2018, and dedicating staff to developing regulations to implement FIRRMA. Notably, FIRRMA provides CFIUS member agencies increased authority on an expedited basis to hire more staff. In addition, for the first time, FIRRMA authorizes CFIUS to collect filing fees, which, by statute, must be restricted to 1% of the transaction value, or US$300,000 — whichever is less. The authors expect to see an announcement on new filing fees in the coming days or weeks.
9. The Report addresses whether certain foreign governments are engaging in coordinated strategies and espionage aimed at obtaining “critical technologies†from US companies Each year, CFIUS is required to assess whether there is credible evidence of (1) a coordinated strategy by one or more countries to acquire US companies involved in research, development, or production of “critical technologies†or (2) industrial espionage activities assisted by foreign governments against US companies aimed at obtaining commercial secrets related to such critical technologies. This unclassified Report does not include an assessment of whether a “coordinated strategy†exists, noting that a “meaningful summary of the US Intelligence Community (USIC) assessment cannot be provided on an unclassified basis.†The Report concludes that the chance of espionage activity is “extremely likely†and that such activity is “accelerating.â€
10. The Report identifies factors that could give rise to potential national security threats, including two new and broad factors The Report notes for the first time that one factor that could trigger national security concerns during a review is whether “with respect to the various technologies†described in the Report, the transaction “could facilitate†the technologies’ “transfer to third parties not directly related to the buyer, to the detriment of national security.†The Report also includes a catch-all factor, identifying as a potential risk those transactions that could “otherwise facilitate foreign intelligence collection against US targets.â€
Among other recommendations, the Report suggests that CFIUS continue to focus on a few areas of concern, including foreign “control†of US businesses to which any of the below apply:
• Provide products and services to US government agencies with national security functions
• Provide products or services that could expose national security vulnerabilities, including cyber security and supply chain concerns
• Have operations, produce goods, or provide services, the nature of which may implicate US national security (including, in particular, businesses that involve critical infrastructure, involve aspects of
Latham & Watkins November 27, 2019 | Number 2567 | Page 8
energy production, affect the national transportation system, or significantly and directly affect the US financial system)
• Have access to classified or other sensitive US government information or contracts, including information about US government employees
• Are part of the US defense, security, or law enforcement sectors
• Are involved in activities related to weapons, munitions, aerospace, and radar systems
• Produce advanced technologies useful to national security (including semiconductors, biotechnology, network and data security products, and other “dual-use†products)
• Hold substantial pools of potentially sensitive data about US persons and business in sectors of national security importance, including the insurance, health services, and technology services sectors (such data could include social security numbers, personal addresses, and credit card information)
• Are in a field with significant national security implications in which there are few alternative suppliers, or in which a loss in US technological competitiveness would be detrimental to national security
• Engage in research and development, production, or sale of technology, goods, software, or services subject to US export controls
• Are in geographic proximity to US military facilities or other sensitive US government facilities
• May be acquired by foreign persons that are controlled by a foreign government
• May be acquired by foreign persons that are from a country about which there are nonproliferation or other national security-related concerns
• May be acquired by foreign persons with a history of taking or intending to take actions that could impair national security
• May be acquired by foreign persons with a history of doing business in US-sanctioned countries (such as Iran, Syria, and North Korea)
* * *
Please contact one of the authors listed below for any assistance in assessing whether a transaction must be submitted to CFIUS under the Pilot Program, advising on the overall CFIUS risk of a transaction, or preparing and prosecuting a filing before CFIUS.
Latham & Watkins November 27, 2019 | Number 2567 | Page 9
If you have questions about this Client Alert, please contact one of the authors listed below or the Latham lawyer with whom you normally consult:
Les P. Carnegie [email protected] +1.202.637.1096 Washington, D.C.
Steven P. Croley [email protected] +1.202.637.2338 Washington, D.C.
Edward J. Shapiro [email protected] +1.202.637.2202 Washington, D.C.
Rachel K. Alpert [email protected] +1.202.637.1008 Washington, D.C.
Annie E. S. Froehlich [email protected] +1.202.637.2375 Washington, D.C.
Zachary N. Eddington [email protected] +1.202.637.2105 Washington, D.C.
Brittany J. Ehardt [email protected] +1.212.906.1865 New York
Lauren Talerman [email protected] +1.202.637.2191 Washington, D.C.
Andrew P. Galdes [email protected] +1.202.637.2155 Washington, D.C.
Allison Hugi* [email protected] +1.202.637.1088 Washington, D.C.
*Admitted to practice in Illinois only
You Might Also Be Interested In
Latham & Watkins Foreign Direct Investment Regimes App
Key Questions Answered on CFIUS
CFIUS Pilot Program Makes Notifications Mandatory for Specific Areas of Critical Technology
New Law Governing Foreign Direct Investment in the United States Brings Significant Changes to CFIUS Review
Outbound Investments in the United States: What You Need to Know About CFIUS and FIRRMA
Client Alert is published by Latham & Watkins as a news reporting service to clients and other friends. The information contained in this publication should not be construed as legal advice. Should further analysis or explanation of the subject matter be required, please contact the lawyer with whom you normally consult. The invitation to contact is not a solicitation for legal work under the laws of any jurisdiction in which Latham lawyers are not authorized to practice. A complete list of Latham’s Client Alerts can be found at www.lw.com. If you wish to update your contact details or customize the information you receive from Latham & Watkins, visit https://www.sites.lwcommunicate.com/5/178/forms- english/subscribe.asp to subscribe to the firm’s global client mailings program.
