On October 24, 2007, the Foreign Investment and National Security Act of 2007 (FINSA) became effective. FINSA amends the 1988 Exon Florio provision1, which empowered the executive branch to review and potentially prohibit an acquisition of a U.S. business by a foreign person on grounds of national security implications. FINSA further defines “national security” for purposes of enabling the executive branch to review an acquisition, supplements the Exon Florio factors for consideration as to whether to prohibit or unwind a transaction, and generally increases Congressional oversight. A grey area remains as to which proposed acquisitions may be reviewed, but efforts are under way to minimize the uncertainty.


The 1988 Exon Florio provision allowed the President to take appropriate action to suspend or prohibit a merger, acquisition, or takeover which would result in foreign control of a U.S. business and would threaten to impair national security. The multi-agency Committee on Foreign Investment in the United States (CFIUS) was established by executive order in 1975 within the Department of the Treasury and granted broad responsibilities but few specific powers in the area of acquisitions by foreign persons. This changed in 1988 when the President delegated to CFIUS authority to review and investigate transactions under Exon Florio. Under Exon Florio, if an investor voluntarily notified CFIUS of a proposed transaction and CFIUS approved the deal, then the parties were notified of the determination not to investigate and a review could not be re-initiated. However, if the parties did not voluntarily notify CFIUS, it could initiate a post-closing review, and the President could unwind the transaction.

In deciding whether a transaction might implicate national security and therefore should be reported, a prospective foreign investor could look to the regulations, which stated that products, services and technologies important to U.S. defense requirements are significant to national security. Thus, under Exon Florio, foreign acquisitions of defense industry companies or suppliers were clearly within the scope of CFIUS action and should have been reported before consummated. On the other side of the spectrum, some businesses clearly did not implicate national security concerns, were not subject to Exon-Florio, and did not warrant a notification to CFIUS. In the grey area between these extremes, foreign investors had little certainty.

The overall review process was relatively brief, a maximum 90 days, and had three stages. If a written notification was given to CFIUS, it had 30 days to determine whether to conduct an investigation.2 Investigations (whether mandatory or discretionary) were limited to 45 days. After the investigation, the President had 15 days to decide whether to take appropriate action if there was credible evidence that led the President to believe that foreign control of the U.S. business might threaten to impair national security. In making these decisions CFIUS and the President were to consider several factors, including: the needs of national defense, the ability of domestic production to meet those needs, the effect of foreign control over domestic production, and whether the transaction would facilitate sales of military goods to rogue countries.

Foreign Investment and National Security Act (FINSA)


FINSA is a codification of CFIUS’ responsibilities and a clarification of the CFIUS review, not an expansion in scope of executive review. The purpose is still to promote national security, not to deter foreign persons from making U.S. investments.

FINSA clarifies that “national security” includes issues relating to “homeland security” including its application to critical infrastructure. “Critical infrastructure” is broadly defined in the statute as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security.”

The statute does not increase clarity about which types of target companies do not implicate national security issues. Fortunately, the Treasury has been directed to issue guidance, expected to be published in February 2008, about the types of transactions which have been escalated through the review and investigation phases and those which have not merited review. This guidance should provide prospective foreign investors a bit more clarity in deciding whether to report deals to CFIUS. In the meantime, although the agency will not issue formal advisory opinions, CFIUS staff are available for informal advice.

Process under FINSA

The three stage process (review, investigation and action) and associated timeline remain intact under FINSA, as well as the potential for retroactive review if the acquisition is not voluntarily reported. Also, before a formal filing of notification, parties are encouraged to communicate with CFIUS through the Office of International Investment (contact information is available on the website at Given the short period of review (generally thirty days, maximum ninety days), the staff encourages a pre-filing which allows comments and feedback before the actual notification is filed.

Parties submitting a notification should send to CFIUS thirteen copies of the information required by 31 CFR 800.402, which includes a description of the transaction, the U.S. assets being acquired, the business of the U.S. entity being acquired (including any government contracts with an agency with national defense responsibilities and any government contracts involving classified information), and information about the foreign acquirer including its plans for the U.S. business after acquisition. Also, the filing should include annual reports of all the parties involved.

A lead agency will be appointed to conduct each review and decide whether to permit the proposed acquisition subject to conditions designed to mitigate the effect on national security. Generally, the lead agency is likely to be the Department of Homeland Security. Discussions can occur throughout the process and mitigation agreements may be executed at any point. The lead agency will continue to be responsible for monitoring compliance with any mitigation agreement and for enforcing or modifying such an agreement. Forthcoming regulations under FINSA will implement civil penalties for violations of mitigation agreements.

Instead of the discretionary investigation contemplated by Exon Florio, the FINSA amendments require investigation by CFIUS of (i) any foreign acquisition that threatens to impair the national security, (ii) any foreign government-controlled acquisition, or (iii) any acquisition of critical infrastructure which could impair national security. The lower standard for deals involving critical infrastructure may be attributed to backlash after the Dubai Ports World controversy.

FINSA also supplements the Exon Florio factors to be considered to escalate a review to an investigation, to impose mitigation steps, and to block or unwind the transaction, adding such factors as: consideration of the national security-related effects on U.S. critical infrastructure, including major energy assets; the national security-related effects on U.S. critical technologies3; whether the deal is foreign-government controlled; and the long-term U.S. need for energy sources and other critical resources. With these additions, the statute now lists eleven such factors.

FINSA also increased accountability to Congress. CFIUS now must provide written reports and assurances upon the completion of a review or investigation that a proposed transaction does not threaten to impair national security, as well as detailed annual reports of CFIUS activities. Congress can request a briefing on any transaction or on a party’s compliance with mitigation agreements.