SUMMARY OF PROPOSED CFIUS REFORM LEGISLATION
November 14, 2017
On November 8, 2017, Representative Robert Pittenger of North Carolina and Senate Majority Whip John Cornyn of Texas introduced a bill--the Foreign Investment Risk Review Modernization Act ("FIRRMA")--that would significantly reform the scope of authority and procedures of the Committee on Foreign Investment in the United States ("CFIUS").
What is CFIUS?
CFIUS is an interagency committee, chaired by the Treasury Department, which has authority to assess the national security implications of transactions that could result in control of a U.S. business by a foreign person. CFIUS and the President have the authority to block investments, require mitigation to eliminate national security concerns, and even order divestment if a transaction has already closed.
Why the need for reform?
Congress last reformed the CFIUS process in 2007, when it passed the Foreign Investment and National Security Act ("FINSA"). FINSA revised certain aspects of the process but did not substantially alter the scope of transactions subject to CFIUS review.
In recent years, there has been a growing concern about foreign investments in sensitive sectors, including in the technology and infrastructure sectors, and in sectors that create cyber vulnerabilities or expose the personal information of U.S. citizens. Over the last year, President Obama and President Trump each formally blocked Chinese investments in the semiconductor sector, and many other transactions have been terminated over CFIUS concerns. However, many observers and government officials believe that the current CFIUS process is outdated and needs to be amended, for example, to allow review of acquisitions of technology that are structured in ways that fall outside the current scope of CFIUS authority.
In introducing the legislation, Representative Pittenger reflected these concerns, stating that Chinese investment may act as a "backdoor effort to compromise U.S. national security." Senator Cornyn suggested that Chinese investment may "exploit gaps in the existing CFIUS review process...effectively degrading our country's military technological edge...."
Expansion of Scope of Covered Transactions
CFIUS currently has jurisdiction over transactions ("covered transactions") that result in control of a U.S. business by a foreign person or entity. FIRRMA preserves that authority, but then significantly expands the scope of "covered transactions" to include the following:
Real Estate: Transactions in which a foreign person purchases or leases real estate "located in the United States and is in close proximity to a United States military installation or to another facility or property of the United States Government that is sensitive for reasons relating to national security; and...meets such other criteria as the Committee prescribes by regulation."
Significance of Change: CFIUS already takes into account proximity of a U.S. business to sensitive installations in assessing national security risks, but FIRRMA would appear to give CFIUS authority to review real estate transactions even if the real estate is unimproved or it does not host an existing U.S. business.
Critical Technology or Critical Infrastructure: Any investment (other than passive investment), regardless of size, "by a foreign person in any United States critical technology company or United States critical infrastructure company." FIRRMA defines critical technology and critical infrastructure at a broad level, but leaves the details to regulation.1
Significance of Change: Under existing legislation, a non-passive investment would only be a covered transaction if it resulted in foreign control over a U.S. business. Under FIRRMA, non-passive investments in critical technology or critical infrastructure companies would be deemed covered transactions even if the foreign investor does not obtain control over the U.S. business. This change is particularly significant given that FIRRMA significantly narrow the scope of "passive investment" (as discussed below) As a result, even if a foreign investor acquired a small stake (e.g., less than 10%) in a U.S. critical technology or critical infrastructure business, the investment would be a covered transaction if the foreign investor, for example, had the right to appoint a board observer, acquired access to non-public technical or other information, or entered into a separate commercial or financial arrangement with the U.S. business.
IP Licensing and Associated Support: Transactions involving the contribution by a U.S. critical technology company of both intellectual property and associated support to a foreign person through any type of arrangement, such as a joint venture.
Significance of Change: Under existing law, IP licensing arrangements are not covered transactions, and the formation of a joint venture is not a covered transaction if it does not involve the contribution of a U.S. business. Under FIRRMA, an IP licensing arrangement coupled with "associated support" (which might include, e.g., technical cooperation or training) would be a covered transaction, even if it does not give a foreign investor control over a U.S. business.
Change in Rights: Transactions that result in any change in a foreign investor's rights that could result in control over a U.S. business or a non-passive investment in a U.S. critical technology or infrastructure company.
Significance of Change: This change is tied to the changes referenced above.
1 FIRRMA would require that certain technologies be defined as critical technologies, including "emerging technologies that could be essential for maintaining or increasing the technological advantage of the United States over countries of special concern with respect to national defense, intelligence, or other areas of national security, or gaining such an advantage over such countries in areas where such an advantage may not currently exist."
Evasion of CFIUS Review: Any other transaction, transfer, agreement, or arrangement the structure of which is designed or intended primarily to evade or circumvent CFIUS review.
Significance of Change: This is consistent with current law.
CFIUS may, by regulation, exclude from the scope of the first, second and third types of transactions (i.e., dealing with real estate, investments in critical infrastructure or critical technology companies, and IP licensing and associated support) investments by certain foreign investors, taking into account criteria such as whether the investor's country has entered into a mutual defense treaty with the United States or a mutual agreement with the United States to safeguard national security as it pertains to foreign investment, and the national security review process of the investor's home country.
Narrow Definition of Passive Investments
Current CFIUS regulations create a safe harbor for investments of 10% or less of the voting equity in a U.S. business, provided that the investment is "solely for purpose of passive investment." 31 C.F.R. 800.223 provides that:
Ownership interests are held or acquired solely for the purpose of passive investment if the person holding or acquiring such interests does not plan or intend to exercise control, does not possess or develop any purpose other than passive investment, and does not take any action inconsistent with holding or acquiring such interests solely for the purpose of passive investment.
FIRRMA would significantly narrow the scope of "passive" investments. Consistent with current law, a passive investment would not include an investment that results in foreign control over a U.S. business. However, under FIRRMA, the following circumstances would also render an investment not passive:
The foreign investor has access to any nonpublic technical information in the possession of the U.S. business. Such information will be described by regulation, but will include information without which critical technologies cannot be designed, developed, tested, produced, or manufactured; and "in a quantity sufficient to permit the design, development, testing, production, or manufacturing of such technologies."
The foreign investor has access to any nontechnical information (to be described by regulation) in the possession of the U.S. business that is not available to all investors;
The foreign investor has membership or observer rights on the board of directors or equivalent governing body of the United States business or the right to nominate an individual to such a position; or
The foreign investor is involved, other than through voting of shares, in substantive decision-making pertaining to any matter involving the United States business;
The foreign investor and the U.S. business have a parallel strategic partnership or other material financial relationship (to be described in regulations); or
The transaction meets such other criteria as the Committee may prescribe by regulation.
Significance of Change
As noted, if the investment is in a critical technology or critical infrastructure business, and it includes any of these factors, then the transaction will automatically be deemed a covered transaction.
If the investment is not in a critical technology or critical infrastructure business, and it includes any of these factors, then the transaction will not be deemed passive, regardless of the size of the investment. Whether the transaction will be a covered transaction will depend on whether it meets the revised definition of covered transaction described above.
For example, a small investment (less than 10% of the equity) in a U.S. business that confers no governance rights on the foreign investor will not be deemed to be passive if, for example, the foreign investor obtains nontechnical information (potentially just financial information) that is not available to all investors. In that case, the transaction could be a covered transaction. The result is likely to that investors will file notifications in these cases in order to obtain legal certainty.
Declarations and Mandatory Filings
Under the existing law and regulation, there is no opportunity for an expedited proceeding. As a result, parties decide not to file, file a full notice (which is costly to prepare and could result in a lengthy review and investigation), or engage in informal consultations with CFIUS that provide no definitive answer and no legal certainty. FIRRMA would create a new process that could result in an expedited determination, but could also result in additional delays.
Voluntary Declaration: The proposed legislation allow parties to submit a "light" filing called a "declaration." The declaration would be limited to five pages in length, and would provide CFIUS an opportunity to assess whether a formal review is necessary.
Significance of Change: The voluntary declaration could potentially be a way to obtain an expedited determination from CFIUS, subject to the timing and other considerations discussed below.
Mandatory Declaration: FIRRMA would make declarations mandatory for transactions involving the acquisition of a voting interest of at least 25 percent in a U.S. business by a foreign person in which a foreign government owns, directly or indirectly, at least a 25 percent voting interest. Regulations may prescribe other mandatory declarations, taking into account, e.g., the technology, industry, economic sector, or economic subsector involved; the difficulty of remedying the harm to national security that may result from completion of the transaction; and the difficulty of obtaining information on the type of covered transaction through other means. Parties may choose to submit a voluntary notice in lieu of a declaration. Mandatory declarations must be submitted not later than
45 days before the completion of the transaction (or, if a written notice is filed in lieu of a mandatory declaration, the notice must be filed not later than 90 days before the completion of the transaction). Failure to submit a mandatory notice/declaration would result in penalties to be determined by regulations.
Significance of Change: Under current legislation, all notices are voluntary (although CFIUS may self-initiate a review). FIRRMA would, for the first time, make declarations/notices mandatory in certain circumstances.
Timing for Deciding Disposition of Declarations: Upon receipt of a declaration, CFIUS would "endeavor" to take one of three actions within 30 days: (1) require a formal notice; (2) initiate a review of the transaction; or (3) clear the transaction.
Significance of Change: Presumably, the intention is that CFIUS would be able to clear many transactions without having to initiate a formal review. Whether that will happen, or whether CFIUS will routinely initiate reviews after receiving a declaration remains to be seen.
Timing of Review and Investigations
Under the current law and regulations, once the parties submit a written notice, CFIUS will initiate a review. The review must be completed within 30 days. At the end of that period, CFIUS will, if it requires additional time, initiate an investigation, which then must be completed within 45 days
Extension of Time: FIRRMA would extend the initial review from 30 days to 45 days. It would also authorize CFIUS to extend the 45-day investigation period --once, and only in an "extraordinary circumstance"--by an additional 30 days. What constitutes an extraordinary circumstance is to be defined by regulations implemented by CFIUS.
Significance of Change: FIRRMA would extend the time for CFIUS to complete an assessment, but it is possible that the extensions will reduce the number of "pull and refile" situations (where parties withdraw and resubmit a notice to allow CFIUS more time to examine the transaction).
Under current law, there is no filing fee for submitting a written notice. FIRRMA would require a filing fee for a written notice.
Filing Fee: The amount of the fee would be set by new regulations, but would be statutorily capped at 1% of the value of the transaction or $300,000 (indexed for inflation), whichever is lesser.
Significance of Change: The filing fee will discourage filings. It is not clear whether a fee would be necessary if CFIUS were to self-initiate a review without having received a formal notice. As a result, parties may be reluctant to submit a written notice, and may
instead wait for CFIUS to self-initiate. It does not appear that a fee would be necessary to submit a declaration.
Determination by Director of National Intelligence
The Director of National Intelligence ("DNI") will prepare a report on the national security risk of a transaction being review. The DNI's report will be provided to designated members of Congress.
Expanded List of Factors for Consideration
When considering a transaction's national security implications, the current statute lays out ten specific factors that may be considered. The proposed legislation supplements four of those factors and adds nine new ones. These factors include:
U.S. cybersecurity vulnerabilities in the United States;
The potential to expose personally identifiable information, genetic information, or other sensitive data of U.S. citizens;
Effects of the cost to the U.S. Government in its acquisition or maintenance of equipment and systems necessary for defense, intelligence, or other national security functions;
Whether the transaction involves a country that poses a significantly heighted threat to U.S. national security interests ("country of special concern") that has demonstrated or declared a goal of acquiring the critical technology at issue in a transaction;
The potential effect on U.S. technological and industrial leadership, including the potential reduction of technological or industrial advantage over countries of special concern;
The potential for loss of or other adverse effects on technologies that provide the United States a strategic national security advantage;
The potential for increased reliance on foreign suppliers to satisfy national defense requirements;
The potential national security-related effects of the cumulative market share of a foreign person of infrastructure, energy assets, critical materials, or critical technologies;
The potential effects on transportation assets;
The foreign investor's history of compliance with U.S. laws and regulations;
Whether the transaction would result in a foreign government gaining a significant new capability to engage in malicious cyber-enabled activities;
Whether the transaction could facilitate criminal or fraudulent activity; and
The potential exposure of any information regarding sensitive national security matters or procedures and operations of a federal law enforcement agency.
CFIUS would need to analyze these factors in determining whether and what type of mitigation arrangements might be necessary.
Significance of Change
While FIRRMA would expand the list of factors for consideration, CFIUS already considers most or all of these factors. As a result, the expanded list of factors likely would not result in a significant change in CFIUS practice.
The proposed legislation lays out specific requirements related to compliance with mitigation agreements and remedies in the event of noncompliance. Specifically, CFIUS must formulate and monitor compliance plans to ensure compliance with mitigation agreements, and may hire third parties, outside the U.S. government, to conduct the compliance monitoring. In the event the parties are not in compliance with a mitigation agreement or other conditions, the proposed legislation lays out three remedies: (1) the parties may negotiate a plan of action to remediate the noncompliance; (2) CFIUS may require the parties to submit for review any new covered transactions for five years; and (3) CFIUS may seek injunctive relief to enforce and enjoin violations of mitigation agreements, before any U.S. district court.
Under FIRRMA, actions and findings by the President or the President's designee are not reviewable in court.
Actions and findings by CFIUS also are not reviewable, except that a party may appeal CFIUS actions that it believes are contrary to a constitutional right, power, privilege, or immunity. The party must file a petition with the U.S. Court of Appeals for the District of Columbia within 60 days of CFIUS's and/or the President's decision. CFIUS and the President must have completed its review/investigation prior to filing of the petition. Any appeal of the U.S. Court of Appeals for the District of Columbia's decision is subject to review by the U.S. Supreme Court.
Only parties that submitted a declaration or written notice may submit a petition. (The intent appears to be that, if CFIUS self-initiates a review, the parties may not submit a petition to the Court of Appeals).
The proposed legislation aims to increase transparency by requiring a few new elements in the CFIUS annual report. These include a description of the outcomes of any reviews/investigations during that year, and whether mitigation measures were imposed or whether the President took action, and statistics on compliance reviews conducted. The additional reporting will provide useful guidance in assessing the CFIUS risks of proposed transactions.
A new intelligence community interagency working group, led by the DNI, would also be tasked to prepare a classified biennial report that identifies and analyzes any current or projected national security threat related to foreign investment; any strategies used by countries of special concern to acquire U.S. critical technologies, materials, or infrastructure; and any economic espionage efforts directed at the United States.
The legislation would clarify a number of procedural points. For example, it would make clear that CFIUS may order suspension of a transaction while a review or investigation is pending, CFIUS may refer a matter to the President at any time during a review or investigation, and the President may take other actions (in addition to suspending or prohibiting a transaction, or ordering divestiture) to address national security risks while CFIUS is conducting a review or investigation.