At the end of 2008, the Committee on Foreign Investment in the United States ("CFIUS") adopted new regulations and issued guidance regarding acquisitions of United States businesses by foreign persons that will require buyers and sellers in a broad range of potential transactions to consider whether their proposed transaction has national security implications that would make a voluntary notice filing with CFIUS advisable.


The 2008 changes in the CFIUS review process are in large part the culmination of the government's response to the 2006 Dubai Ports World controversy that gave rise to the Foreign Investment and National Security Act of 2007 ("FINSA"). FINSA made CFIUS a statutory entity (it existed previously by virtue of executive order only) and expanded the scope of factors to be considered in reviewing potential transactions to include whether a transaction involves "critical infrastructure" of the United States (specifically identifying "major power assets" as critical infrastructure), whether there is a security-related impact on "critical technologies" or whether a foreign government (directly or indirectly) is the acquiror. The new regulations and guidance complete what was begun under FINSA.

Filing a notice with CFIUS regarding a proposed transaction is voluntary and essentially provides comfort to the transaction parties that their transaction will not be blocked or undone in the future under the powers granted to the executive branch pursuant to Section 721 of the Defense Production Act of 1950, as recently amended by FINSA. Section 721 gives the President the power to suspend or prohibit proposed transactions or even seek to undo completed transactions that pose threats to national security. Consequently, the possible application and enforcement of Section 721 presents foreign buyers and United States sellers with an additional deal risk that needs to be analyzed and managed.

FINSA gives CFIUS the power to enter into mitigation agreements with parties to address deemed national security risks. Such mitigation agreements allow a transaction to continue, subject to the terms of the agreement, which in some cases may also require structural and substantive changes to a transaction. FINSA also confirmed the membership of CFIUS, which is chaired by the Secretary of the Treasury. Its members include the Secretaries of Homeland Security, Commerce, Defense, State, and Energy, and the United States Attorney General. Both the Secretary of Labor and the Director of National Intelligence are ex-officio members of the committee. The President also has the authority to add other heads of departments, agencies or offices to the committee from time to time, and has already designated the United States Trade Representative and Director of the Office of Science and Technology Policy as additional CFIUS members.

New Regulations

The new regulations create additional obligations and rights, some of which codify existing CFIUS practices and some of which expand the potential reach of CFIUS. In general, CFIUS is concerned with reviewing a "transaction" that could result in foreign person controlling a United States business, which is called a "covered transaction."

Notable provisions in the new regulations are:

  • The meaning of the term "transaction" under the new regulations is intentionally expansive in scope. The term includes conventional transactions like mergers or acquisition of interests in an entity, but also captures less obvious structures. For example, certain joint ventures and long-term leases where the lessee operates that lease as though it were an owner may be considered "transactions." Even foreign lenders may find their credit transactions can raise CFIUS concerns.

A "covered transaction" can become the object of a potentially multi-staged CFIUS review process that determines whether it presents national security concerns, and if so, whether it poses a threat to national security. There are limited exceptions to the "covered transaction." For example, start-up or "greenfields" investments and long-term leases that do not confer operational control to the lessee are not "covered transactions."

  • The key concept of what constitutes "control" of a United States business is addressed. Unfortunately, there are no bright line tests to indicate the existence of "control." CFIUS views the concept of "control" in functional terms and contemplates the ability of a party to exercise power over important matters affecting an entity. Whether "control" exists in a given situation is based on CFIUS's review of "all relevant factors" and is not determined by the form of the proposed transaction structure, but rather its effects. CFIUS may even aggregate the interests of multiple foreign persons if there is reason to believe they are acting together.
  • The applicability of the regulations to lenders. Lenders who expect to be able to take control of secured assets in the event of a loan default receive special attention under the new regulations. Generally, a secured loan made to a United States person from a foreign person will not be considered a "covered transaction" when the loan is made, unless there are other terms of the loan that are more like an equity investment, such as giving the lender a seat on the board of directors. However, foreign lenders trying to marshal assets of a United States debtor following an event of default may suddenly find their previously uncovered transaction is now covered. The new regulations do provide that where day-to-day control over a United States business has been transferred to United States nationals, CFIUS will take this into account when determining whether there is a "covered transaction" or not.
  • Other provisions of the new regulations are intended to speed up the review process, including specifying defined periods of time in which CFIUS must take certain actions and incorporating in the initial notice filing information that CFIUS used to request only after a filing was made. The regulations also codify an existing practice of encouraging parties to consult with CFIUS prior to making a notice filing, and even providing drafts of such a filing to ensure that it is not rejected when actually filed. This pre-filing consultation may also be used by CFIUS to try to weed out marginal transactions, although CFIUS will not give any binding pre-filing indication of whether a transaction is a "covered transaction" or not.

Some other changes or clarifications that are likely to impact transaction parties include:

  • the definition of a "foreign person" is expanded to include the new concept of a "foreign entity," which is an entity that may be deemed a "foreign person" by virtue of its jurisdiction of formation or by being traded on a foreign exchange;
  • filing parties must certify as to the accuracy and completeness of information provided in a filing (both with respect to the original notice and any subsequent information provided to CFIUS thereafter);
  • the requirement that executive officers, directors and other control persons of proposed acquirors provide CFIUS with certain "personal identifier information," including passport numbers, social security numbers and other sensitive information;
  • the required contents of the notice have been greatly expanded, and in some cases made very specific (for instance, tech companies will need to be prepared to describe their cyber security measures);
  • there is no blanket exception for acquisitions of only 10% ownership-such an exception may apply if the intended transaction is a passive investment only
  • the presence of certain types of affirmative and negative protections for minority interest holders will not, by themselves, create a "covered transaction;" and
  • material misstatements in a notice or certification made intentionally or as a result of gross negligence may be punished by a fine of up to $250,000 per violation.

Guidance on Covered Transactions

In an effort to provide some additional clarity regarding the effect of the new regulations and covered transaction review in general, CFIUS also released written guidance concerning its national security review process.

In particular, the guidance offers some insights into the types of transactions that CFIUS may consider to be "covered transactions," although they offer no thoughts as to what may or may not actually pose national security considerations. The guidance notes that transactions that may raise national security considerations generally focus on one of two matters-the nature of the US business being acquired and the nature of the foreign person making the acquisition. The guidance offers the following examples of past "covered transactions" and factors that may contribute to whether a "transaction" is a "covered transition" or not:

  • transactions involved in various portions of the energy sector, from exploitation of natural resources, to generation and transmission or transportation of power;
  • transportation sector transactions involving maritime shipping, and aviation maintenance, repair and overhaul;
  • businesses involved in products or services that are subject to US or international export controls;
  • the record of a foreign person's country with regard to nonproliferation and other security-related matters; and
  • the independence of a foreign person from the control of a foreign government.

The guidance also emphasizes certain other aspects of the new regulations and the CFIUS review process in general:

  • that confidential treatment is extended to information that may be presented to CFIUS prior to a filing, even if a filing is not ultimately made or is rejected;
  • other types of information that may not be self-evident in the filing may be helpful to the CFIUS review, including, whether the U.S. business target develops cyber systems or processes natural resources; and
  • confirmation that CFIUS will not issue advisory opinions as to whether a transaction is a covered transaction or not, which effectively leaves the entire risk of not filing on the transaction parties.

Affect on M&A Transactions Going Forward

Although a CFIUS filing is voluntary, CFIUS has made it clear in previous public statements that it intends to take a more proactive role in policing the enforcement of Section 721 by looking for possible "covered transactions" that are not, or were not, the subject of a notice filing. As a result of the new regulations whole new categories of transactions, such as acquisitions of energy generation and transmission assets, may now be "covered transactions," and will require more in-depth analysis by buyers, sellers and their counsel to determine if a CFIUS filing is warranted or desired.