On November 14, 2008, the US Department of the Treasury released final revised regulations governing the national security review of transactions undertaken by the Committee on Foreign Investment in the United States (CFIUS) under the Exon-Florio Act (the Act). The Act gives the President the authority to block transactions that could result in foreign control of a US business that threatens to impair US national security. The revisions implement changes to the Act called for by the Foreign Investment and National Security Act (FINSA) enacted in 2007 but largely make explicit certain practices and polices that previously had been adopted informally.  

The final regulations make only minor revisions, but do reflect public comments seeking certain clarifications, to the regulations as originally proposed in April 2008 (as reported then in our April 2008 client briefing Proposed changes to the US national security review of transactions). Given the importance of the concepts of ‘control’ and ‘covered transactions’ to the applicability of the Act, it is not surprising that many public comments suggested that further clarification of these terms be incorporated into the final regulations. Although the final regulations provide additional guidance, they do not adopt any bright line rules with regard to such key terms1. The final regulations also formally implement a significant expansion of the information required to be submitted in a voluntary notification.  

The Treasury Department is expected to release guidance (as required by FINSA) on the types of transactions that CFIUS has reviewed and that have presented national security concerns as well as the types of information CFIUS finds useful to its review. Although the final regulations and expected guidance can be applauded for increasing the transparency of the national security review process, the threat of civil fines, added certification requirements, the pre-notification period and CFIUS’s increased ability to suspend the review period mean that the burden of voluntarily submitting to the national security review process will increase.  


The final regulations still struggle to harmonize the US policy position of supporting open investment with efforts to ensure the President has the flexibility to review and/or block transactions that might threaten national security. Control is at the center of this struggle, because absent a change of control, the President lacks authority under the Act to block a transaction.  

To ensure flexibility, the final regulations continue to employ a functional rather than structural-based definition of control – ie the power to determine, direct or decide important matters (examples of which are provided) affecting an entity. The proposed regulations already had expanded the ‘important matters’ to include influence over the appointment of senior officers, managers and employees with access to sensitive technology or classified information as well as policies relating to the treatment of non-public information. The final regulations add a few new examples to clarify circumstances under which control will (or will not be) found. The new examples address private equity structures (ie the relationship between limited and general partners) and attempt to offer some comfort that having minimal rights to protect an investment will not confer control. However, the new examples and list of important matters must be evaluated in light of the fact that CFIUS has emphasized that in all cases it will consider collectively all relevant factors, making each control determination dependant on the specific facts and circumstances.  

The final regulations also explicitly disavow (as the proposed regulations did) that there is an absolute safe harbor for investments of less than 10 percent. The final regulations do try to provide more clarity on what would constitute a sufficiently passive investment that control would not be found by adding the word ‘passive’ to the ‘solely for the purposes of investment’ exception to emphasize that the exception ‘does not pertain to a transaction if the foreign person plans or intends to gain control over the US business’.  

The proposal to adopt a list of minority shareholder rights that will not be deemed ‘in themselves’ to confer control has been expanded by the final regulations to include the power to prevent a voluntary filing for bankruptcy or liquidation and to prevent the change of existing legal rights or preferences of the particular class of stock held by the minority investors as provided for in the corporation’s documents. However, this list of minority shareholder rights is not meant to be exhaustive and is subject to the ‘all relevant factors caveat’.  

Covered transactions2  

The new regulations now define what constitutes a covered transaction subject to the Act: any transaction by or with any foreign person that could result in control of a US business by a foreign person. The definition of a foreign person has been expanded by the inclusion of a broadly defined ‘foreign entity’ within the meaning of a foreign person. A foreign entity can constitute an entity whose principal place of business outside the US or whose equity securities are primarily traded on one or more foreign exchanges (assuming those shares are not majority owned by US nationals). The analysis accompanying the final regulations notes that the purpose of the definition of foreign entity is to cover situations where there is significant foreign ownership but ownership is dispersed.  

Involvement of foreign governments  

The new regulations adopt FINSA’s directive that there be a rebuttal presumption that transactions involving foreign governments be subjected to a higher level of scrutiny. The regulations provide some greater clarity on what will constitute a foreign government controlled-transaction. The analysis accompanying the final regulations notes that CFIUS may treat investments made by foreign government officials as investments of foreign governments where appropriate, as in cases where an official invests to advance government objectives. The analysis also indicates that the guidance expected to be issued by CFIUS will clarify that whether a foreign government-controlled entity is operating on a purely commercial basis is among the important factors CFIUS will take into consideration when making its determination as to whether a transaction involves a foreign government.  

Contents of the notification and review procedure  

One of the issues debated during consideration of FINSA was whether the review period should be extended, but Congress ultimately left the existing review schedule unchanged3. However, the new regulations institute a recommended pre-notification consultation period of at least five business days, thereby effectively extending the review period. Such pre-notification consultations have been considered good practice but there was some flexibility as to when and whether to undertake them. While the regulations do not require the parties to submit a draft notification during the pre-notification stage, they do adopt several procedural changes that may encourage parties to submit a draft notification for review (eg CFIUS may now reject any notice any time after it has been accepted if a party does not respond to a request for additional information within three business days, unless an extension has been granted).  

The regulations now require substantially more information than was previously required to be submitted in connection with a notification, and the final regulations clarify certain of these requirements. While the voluntary submission of much of this information generally was considered good practice, the parties had some discretion as to when and whether to provide it. That discretion is eliminated by the now explicit requirements to include, notably: (a) information on all financial institutions involved in the transaction; (b) market share and competitor information; (c) a list of all products supplied to third parties ‘‘known’’ to be re-branded by or incorporated into other products; (d) the number of priority-rated contracts awarded under the Defense Priorities and Allocations System regulation in the last three years; and (e) personal identifier (and biographical) information for the board of directors and officers (as specified) of not only the acquiring foreign person but also its immediate, intermediate and ultimate parents and for any individual having an ownership interest of 5 percent or more in the acquiring foreign person engaged in the transaction and its ultimate parent. All notifications and submissions of additional information must now be certified by the company’s Chief Executive Officer or other duly authorized designee of the party.  


It has been over two years since the controversy erupted over Dubai Ports World’s proposed acquisition of P&O thereby precipitating the changes to the national security review process embodied in the final regulations. These new regulations, combined with the Executive Order issued by President Bush in January 2008 (see our January 2008 client briefing President Bush issues changes to the Exon-Florio US national security review process) and the expected further guidance to be issued by the Treasury Department will increase significantly the transparency of the standards by which national security reviews are conducted for both the public and the participating member agencies. This transparency is welcome given that prior reviews were conducted according to little known and often misunderstood practices. However, when Congress passed FINSA it sought not only to increase the transparency of the review process but also accountability and scrutiny. This all has inevitably resulted in greater burdens on the filing parties, which need to be well understood and accounted for in any transaction timetable.