CFIUS Past, Present, and Future:
A 2018 CFIUS Carol
The year 2018 was a turning point in the history of the Committee on Foreign Investment in the United States (CFIUS). CFIUS’s change in direction in 2017 suggested that a metamorphosis was underway, but the magnitude of that change caught many by surprise. In 2018, CFIUS began its transformation from a specialized national security review process aimed particularly at significant international mergers and acquisitions (and occasionally investments) into a far-reaching regulator of foreign investments in U.S. technology companies of all kinds.
At the close of 2018, CFIUS is poised to be one of the most substantial regulatory hurdles in Silicon Valley and beyond. The next two years will determine whether the hurdle becomes manageable, or instead becomes so significant that it substantially deters the flow of foreign capital.
So, with a nod to Charles Dickens, we invite you to visit with three CFIUS spirits: 1. the more innocent past, when CFIUS was a voluntary regime affecting a relatively small slice of foreign investment, but with omens portending a more difficult environment; 2. the stern and troublesome apparition that now animates the latter half of 2018, following the broadening of CFIUS through the passage of the Foreign Risk Review Modernization Act (FIRRMA) and the “pilot program” rule; and 3. the several looming questions on the horizon posed by the unknown force of CFIUS yet to come:
- how “emerging technologies” will be defined and shape CFIUS mandatory filing requirements,
- how the rest of FIRRMA, including new mandatory filing rules and potential waiver opportunities, will be implemented, and
- how aggressively CFIUS will use its draconian enforcement authorities (including possible penalties up to the value of the transaction).
As a particularly miserly fellow once asked, “Are these the shadows of the things that Will be, or are they shadows of things that May be, only?” Read on, and see for yourself...
I. The Ghost of CFIUS Past
A Voluntary Regime, a More Innocent Time
In the more innocent era, filing with CFIUS was voluntary and CFIUS had limited bandwidth to hunt for non-filed transactions. For example, in 2017, the Committee reviewed just under 250 transactions; of those, all but approximately two dozen were filed voluntarily.
Why did parties submit these transactions to CFIUS when doing so was not required? CFIUS had authority to compel filings for specific transactions and to force divestment or otherwise condition a transaction post-closing. Obtaining CFIUS clearance insulated the deal from the threat of a divestment order.
The remaining roughly two dozen transactions were those in which CFIUS used its authority to compel a filing—a few selected buckets scooped out of a sea of thousands of "control" transactions over which CFIUS had jurisdiction. Because only investments of 10 percent or less made for purely passive investment purposes (i.e., providing no board seats, significant veto rights, or other special control rights) are safely considered "non-controlling" at CFIUS, even this older version of CFIUS had the right to examine far more investments than it ever actually saw. However, the Committee reportedly had, for many years, only a couple of people dedicated to the task for hunting for transactions that had not been filed with CFIUS.
In this environment, deal parties were unlikely to file acquisitions and investments unless i. the size of the deal made the costs of obtaining CFIUS clearance relatively miniscule, or ii. there were factors suggesting that CFIUS would notice and be concerned about the transaction. Absent such factors, however, deal parties often determined that CFIUS risk was not high enough to warrant a CFIUS filing. And in most cases, they were right.
The Omens of a Changing Regime
The treatment of Chinese investment at the end of 2017 and in early 2018 suggested that the prior CFIUS era was coming to a close. During the initial months of the new Administration, CFIUS seemed intent on blocking a significant percentage of Chinese deals, even in areas that had, on the surface, little to do with national security, such as the CFIUS block of the Ant Financial/MoneyGram transaction in January 2018.
U.S. worry about China even seeped into transactions that had no Chinese parties. This was manifest most spectacularly in the Broadcom/Qualcomm matter. In March 2018, CFIUS brought to a halt a hostile takeover of U.S. chipmaker Qualcomm by the Singapore-domiciled Broadcom. CFIUS acted reportedly because of concern that the deal might have hindered the U.S. race against China to develop the next generation of mobile communications protocols.
Some of us speculated early in 2018 that CFIUS had come to view all Chinese investment through the lens of a “great power competition” between the U.S. and China. We suggested that while this would continue to yield many blocked deals, the power competition perspective might lead CFIUS to clear some Chinese transactions. Why? CFIUS-imposed conditions sometimes can improve U.S. security in comparison to a simple block of the transaction. For example, if CFIUS is concerned about Chinese access to data that ordinarily is widely available, CFIUS may limit access to that data as a condition to clearing a transaction.
This view seemingly explains the CFIUS clearance of China Oceanwide’s purchase of insurer Genworth Financial in June 2018. The conditions reportedly imposed by CFIUS, concerning limitations on Chinese access to Genworth data, may have improved U.S. security in comparison to a simple block.
But the view that Chinese investments should be treated in the light of a China-U.S. great power struggle had other implications beyond whether CFIUS should clear a specific transaction. Perhaps the biggest contributor to CFIUS reform legislation was the concern that many Chinese investors were evading CFIUS review because of the voluntary nature of the CFIUS regime. Some influential commentators suggested that the largely unregulated area of venture investing, in particular, was enabling Chinese investment and technology transfer without CFIUS visibility.
Many observers simply replied “bah, humbug” to this newly challenging CFIUS environment, noting that there was no obligation to file, so the implications of the more challenging environment would not be widespread. They knew little of the statute still to come...
II. The Ghost of CFIUS Present
A Potentially Worrisome Scene
Enacted in August 2018 with bipartisan support, FIRRMA represents a dramatic change in the rules governing CFIUS. Despite being haunted by the spectre of Chinese investment, Congress elected to empower today’s CFIUS with authority over new investors regardless of their country of domicile. And while the ghost of CFIUS past lingers in the form of the voluntary review regime, which is very much still in effect, the spirit of FIRRMA can be expected to expand and alter that review process in multiple ways:
- Extension of CFIUS jurisdiction to non-controlling investments and to real estate purchases and leases near military facilities, airports, and sea ports;
- Mandatory filings for selected transactions; and
- Provision of significantly greater resources to CFIUS, in part to find non-filed transactions.
Many of these changes will not take effect until CFIUS writes implementing regulations. As of December 2018, CFIUS has implemented only part of FIRRMA, through a “pilot program,” i.e., an interim rule, discussed in detail below.
Expanded Jurisdiction. While CFIUS long has had jurisdiction over transactions resulting in foreign “control” of a U.S. business, FIRRMA permits CFIUS to review many non-controlling foreign investments. Under FIRRMA, CFIUS can exercise jurisdiction over foreign investments into i. “critical infrastructure” companies— such as utilities or financial services companies; ii. businesses that develop, make, or test “critical technologies”; and iii. companies that maintain or collect personal identifier information (“PII”) regarding U.S. citizens.
This expanded jurisdiction exists, however, only if the foreign person receives: a) “material non-public technical information,” or b) board membership, observer rights or the right to appoint someone to such a position; or c) involvement in decision-making regarding sensitive aspects of the U.S. company.
Critically, FIRRMA makes clear that when a foreign limited partner in a U.S. fund receives the rights above with regard to companies involved in critical infrastructure, critical technologies, or PII storage, then CFIUS has jurisdiction. This jurisdiction over transactions involving U.S. fund investments is of potentially great consequence. Many U.S. funds have foreign limited partners, and accordingly these funds will need to be attentive to CFIUS considerations.
Further, while CFIUS often has been able to assert jurisdiction over real estate investments to the extent such investments involve ongoing businesses, FIRRMA’s real estate provisions ensure that CFIUS can reach not only real estate investments but also real estate leases.
However, with the exception of expanded CFIUS jurisdiction regarding investments in “critical technologies,” discussed further below, none of FIRRMA’s new jurisdictional provisions have yet been implemented.
Two Categories of Mandatory Filings. FIRRMA permits CFIUS to impose mandatory filings for investments involving “critical technologies,” and FIRRMA requires CFIUS to impose mandatory filings for investments in which a foreign government has a “substantial interest.” CFIUS has not yet implemented the FIRRMA mandatory filing provision for foreign government involvement, but through its pilot program rule, CFIUS has seized its authority to impose mandatory filings for investments in critical technologies.
Risks from failing to make a mandatory CFIUS filing include not only the possibility of forced post-closing divestment, but also civil penalties (which can be imposed on both the U.S. business and the foreign person), as well as the possibility of litigation between the parties. Such litigation could be premised on, for example, an allegation that a party falsely claimed to have complied with all applicable laws.
New Resources Granted to CFIUS. Recognizing that FIRRMA’s changes to CFIUS are most meaningful if accompanied by financial and political resources to implement those changes, Congress included some resource-specific provisions in the CFIUS reform legislation. Specifically, FIRRMA authorizes:
- $20 million per year for CFIUS
- multiple new presidentially-appointed CFIUS positions
- CFIUS to collect filing fees to augment resources (up to the lesser of 1 percent of the transaction value, or $300,000), though CFIUS has not yet indicated an intent to require filing fees.
In addition, FIRMA commands CFIUS to use some of these resources to establish a formal process for finding transactions not filed with CFIUS.
The Pilot Program: The Ghost of CFIUS Present ‘Gets Real’
The pilot program—the aforementioned interim rule to implement three selected portions of FIRRMA on a fast-tracked, temporary basis—was issued October 10 and became effective November 10. First, it expands CFIUS’s jurisdiction into non-controlling investments for selected “critical technology” companies. Second, it mandates CFIUS filings for these critical technology investments—whether the investments are controlling or non-controlling. Third, the program also puts in place one of FIRRMA’s procedural changes, establishing a 30-day short-form “declaration” process for a “quick” CFIUS review.
There are four basic questions that a U.S. business and investor must ask to determine whether their transaction is covered by the pilot program:
- First, is the investor foreign?
- i.e., Is the investor a foreign natural person, foreign entity, foreign government, or U.S. entity under control of any foreign person?
- A “foreign person” may include a U.S. fund if that fund has a foreign general partner; moreover, a U.S. fund with a foreign limited partner may serve as a vehicle for that partner’s covered investment.
- Second, will the foreign investor receive any of four ‘triggering rights’?
- i.e., Will the investor receive i. “control” (as defined by CFIUS), ii. a board seat/observer/nomination right, iii. access to nonpublic information on “critical technologies,” or iv. decision-making rights regarding such technologies?
- Third, does the target deal in “critical technologies”?
- i.e., Most notably, would target products or services be controlled for export under certain sections of U.S. export control laws?
- This category may expand substantially once additional items are designated by the Department of Commerce as “emerging technologies,” as explained below.
- Fourth, does the target have activities in “pilot program industries”?
- i.e., Are the target’s critical technologies used in activities within a broad set of 27 industries laid out in the pilot program rules?
- Industries targeted by the pilot program include biotechnology research and development, electronic computing manufacturing, navigation services, and many others.
If the answer to all four questions is “yes” then the transaction must be filed with CFIUS 45 days prior to closing.
All in all, pretty scary stuff from the Ghost of CFIUS Present’s pilot program. But there is a silver lining, of sorts: using the new short-form “declaration” method of filing—for which CFIUS has provided a user-friendly template on the CFIUS website—the parties making the filing generally can expect a response 30 days after CFIUS accepts the filing as complete.
The pilot program, as frightening as it is, is not the end of the story. Just as Dickens declared that the ghost of the present would necessarily be on the earth for a “very brief” time, so, too, will the pilot program shuffle off its mortal coil no later than March 2020. As an interim rule, the pilot program eventually will be replaced by regulations that implement all of FIRRMA’s provisions, not only those related to investments in critical technologies. What will the future bring?
III. The Ghost of CFIUS Future
Some have suggested the ghost of CFIUS future should be feared more than any spectre we have yet seen. However, while there are major developments on the horizon, not all are necessarily to the detriment of technology companies and their investors:
Designation of “Emerging Technologies”
Most immediately, the Department of Commerce has initiated a process to designate “emerging technologies.” That process is important in the CFIUS context because “emerging technologies” is a subcategory of “critical technologies.” Foreign investments in any technology designated as an “emerging technology” (and therefore a type of “critical technology”) could trigger a mandatory CFIUS filing under the pilot program described above, and presumably under the final rules that will replace the pilot program.
The Commerce Department has requested input from the public on the effects of classifying technologies in 14 different categories, such as:
- Artificial intelligence
- Position, navigation, and timing technologies
- Microprocessor technologies
- Quantum computing
- Advanced materials
While this initial request for comments is only the first stage in developing a list of the “emerging technologies,” it is very likely that this process will result in far more transactions triggering mandatory CFIUS filings.
Mandatory Filings for Certain Transactions Involving Foreign Governments
FIRRMA directs CFIUS to implement mandatory filing rules for transactions in which a foreign government has a “substantial interest” in a foreign investor and the investor entity takes a “substantial interest” in a U.S. business.
CFIUS has not yet implemented this mandate. The implementing rules will have to explain what constitutes a “substantial interest,” guided by FIRRMA’s statement that less than a 10 percent voting interest cannot constitute a “substantial interest.” This future rule looms large, particularly for investors from China, because CFIUS generally has viewed Chinese investors as subject to government control.
Enforcement of Penalty Provisions and the New CFIUS Enforcers
CFIUS has new authorities to impose penalties up to the transaction value on “any person” who fails to make a mandatory CFIUS filing. CFIUS officials thus far have not commented on whether they intend to utilize this enforcement authority frequently, whether both U.S. parties and foreign investors will be jointly liable, or whether there will be mitigating considerations, such as good-faith belief that a transaction did not trigger a mandatory filing.
In addition, CFIUS has established a new monitoring and enforcement unit. It is not yet clear whether that unit will be devoted primarily to monitoring mandatory filing transactions or might spend significant time searching for transactions for which there was no CFIUS filing requirement.
Possible Burden-Reducing Measures
While several potential developments, such as the designation of “emerging technologies,” likely will result in a more challenging CFIUS environment, or at least one with even broader CFIUS jurisdiction, there are a couple of potential burden-reducing developments on the horizon.
First, CFIUS has begun to issue public answers to frequently asked questions. Clarifying applicable rules should enable U.S. companies and foreign investors to better navigate the CFIUS process.
Second, FIRRMA gives CFIUS authority to reduce the scope of the definition “foreign person” and/or to waive mandatory filing requirements for a broad set of transactions. CFIUS has solicited input on how it might accomplish these things in a manner that both protects national security but also maintains long standing U.S. policy of welcoming foreign investment.
Forthcoming developments likely will not produce broad enthusiasm about CFIUS. But, if CFIUS utilizes its authorities to narrow the scope of the “foreign person” definition or to provide broad waivers for mandatory filings, that might significantly reduce the private sector burden entailed by FIRRMA, the pilot program, and the new CFIUS regime. A few developments along these lines could help many to rediscover the kinder, simpler CFIUS of years past...
For more information about FIRRMA or any other CFIUS-related matter, please contact Stephen Heifetz (firstname.lastname@example.org); Joshua Gruenspecht (email@example.com); Melissa Mannino (firstname.lastname@example.org); Beth George (email@example.com); or any member of the national security practice at Wilson Sonsini Goodrich & Rosati.