What is a “CFIUS disaster”? The Committee on Foreign Investment in the United States reviews foreign investments in US companies for national security implications. If you’ve been a regular observer of the committee, you’ve likely seen a CFIUS disaster.
At its most grotesque, a CFIUS disaster is a business forced to divest a recently acquired company because of national security risk. That’s a costly situation. But the CFIUS process was designed to help parties avoid such disasters by providing a preclosing review mechanism. If CFIUS finds no national security problems with the proposed transaction, the parties receive a “safe harbor” — the deal is insulated from subsequent interference.
To a large degree, this process has worked — CFIUS disasters have been relatively rare in the last few decades. But recent unwritten changes to CFIUS, made in the name of national security, are causing transaction advisers to rethink their answers to the common question “Do we really need to get CFIUS clearance?”
This recalibration may result in more transactions with national security implications that do not get filed with CFIUS. That, in turn, may yield more CFIUS disasters — forced divestments — as well as transactions that go entirely undetected by CFIUS. The recent unwritten changes, in other words, may undermine the original purpose of the committee.
CFIUS Filing is Risk Mitigation, Not Legal Compliance
Because filing with CFIUS generally is a risk mitigation strategy rather than a legal requirement — there is no statute or regulation that requires filing — answering the “do we really need to” question is a judgment call.
The risks or costs of filing with CFIUS include potential delay in deal closing while the parties wait for CFIUS clearance, legal fees, and the possibility that CFIUS will require conditions on the deal. Such conditions can include, for example, limitations on access to technology or data — “mitigation measures” in CFIUS parlance.
So why file? If the parties choose not to file, CFIUS may learn of the deal and can force a filing after the deal has closed. In that case, CFIUS may impose tougher mitigation measures than would have been required had the parties decided to file in the first instance. Or CFIUS may force divestment — the big disaster — which can cause severe economic and reputational damage to the parties. With this CFIUS disaster frequently lurking, transaction advisers often conclude that a CFIUS filing is warranted because the expected costs of not filing often outweigh the costs of filing. That, in any event, is the calculus contemplated when the CFIUS process was established.
The Trump administration, however, already has wrought significant changes to CFIUS. In some cases, these changes within CFIUS may alter the answer to the “do we really need to” question.
The Committee is Far More Inclined to Find National Security Concerns
President Trump ran a campaign that emphasized myriad threats to the United States, whether real or perceived. And the administration has linked, or blurred the line between, economic threats and security threats. The balance of steel imports and exports, for example, traditionally has been viewed as a trade matter but now is seen as raising national security concerns.
In addition to the Trump-rooted intertwining of economic security and national security, an Obama-era concern has become increasingly prevalent. In the last several years of the Obama presidency, the committee became concerned with investments that enabled the foreign investor to get access to personal information about US citizens. That concern has grown, and it is a feature of an ever-larger number of cases.
With attention now focused on economic security and data access, in addition to all prior national security concerns, the committee has a much broader view about what constitutes a national security risk. And these risks accordingly are present in more cases than in years past.
The increased likelihood that CFIUS will identify significant national security risks means, in turn, that there is a greater likelihood that CFIUS will scuttle a deal, or require burdensome mitigation measures before clearing the deal.
The CFIUS Process is Taking Far Longer, On Average
In addition to the increased CFIUS tendency to find national security risks, several factors are contributing to much longer case processing times. One factor is that cases where significant national security risks are perceived — cases that now are more numerous — take much longer to resolve. Sometimes these cases are not resolved at all.
It is increasingly common for the deal parties to work with CFIUS for many months, seeking conditions to enable the committee to clear the deal, only to have CFIUS say that the proposed conditions are insufficient. Sometimes these cases are “withdrawn and refiled” to reset the deadlines under which the committee is obligated to do its work. And while many of these withdraw/refile cases are Chinese acquisitions — like the thrice-filed Canyon Bridge deal to acquire Lattice Semiconductor — some involve acquisitions from European and Canadian companies. Refilings like this can stretch the case processing time far beyond six months, in many cases jeopardizing the deal because of financing or other matters.
The fact that the Trump administration has been slow to install political appointees contributes to the CFIUS delays, because these political appointees often are needed to resolve tough cases. That is particularly true because the administration has not provided clear policies that enable CFIUS staff to discern the administration’s preferred outcome for many of these cases. The CFIUS staff may want political appointees to make decisions in tough cases, but many of the relevant appointees are missing — they have not yet been appointed, or they have been appointed but not confirmed by the Senate.
In addition to the difficulty of resolving many of the challenging cases, there are simply far more cases that CFIUS is processing. The economic climate remains favorable to foreign investment in US companies, but at the same time there is growing awareness of CFIUS risks. Until recently, at least, increased CFIUS risk has led to more rather than fewer filings. As of mid-2017, CFIUS is on pace to receive roughly 250 filings, far more than anytime in the last quarter century. This case volume means it often takes a long time for the committee to accept cases for processing, thereby further lengthening the overall time required for the CFIUS process.
The Risk Calculus Has Changed
In light of the changes discussed above — greater likelihood that CFIUS finds risk and greater likelihood of an intolerably long CFIUS process — some advisers are recalibrating filing decisions. There may be situations now in which, even in view of the CFIUS disaster risk (i.e., potential forced divestment), the risk calculus nevertheless weighs against filing.
Such a decision of course should not be made lightly, and there are many nuances in the risk calculation that deserve careful attention. But the CFIUS process has morphed considerably. It was designed to help parties prevent a CFIUS disaster — parties could file with the committee to get assurance that there was no national security issue, and thereby preclude the risk of a forced divestment. But now the CFIUS process itself is increasingly a disaster, leading to interminable delays and worse. Deal parties are increasingly in a “pick your poison” position.
It will be ironic if a process that has been tightened in the name of national security produces outcomes — more forced divestments and more cases undetected by the committee — that are disastrous both for business and national security alike.