5 Ways CFIUS Will Change With New Law

(August 7, 2018, 4:34 PM EDT) -- A bill aimed at overhauling the Committee on Foreign Investment in the United States is close to becoming a law, meaning vast changes are on the horizon for the interagency committee and its process for examining foreign direct investment for national security threats.

Legislation known as the Foreign Investment Risk Review Modernization Act is on its way to President Donald Trump's desk as part of the National Defense Authorization Act, a must-pass bill that details the annual budget and expenditures of the U.S. Department of Defense, after the Senate last week joined the House in approving a final version of FIRRMA.

FIRRMA has seen a number of significant changes and minor tweaks since it was first introduced by a group of bipartisan lawmakers in November, but at its core remains a bill aimed at updating CFIUS so it can better intercept unfriendly foreign investment that may have previously flown under the radar.

Here, Law360 outlines five ways the proposed legislation would alter CFIUS.

Broadens Reach Beyond Control Transactions

CFIUS, as it currently stands, reviews transactions that give foreign entities control over or access to a sensitive U.S. asset. With the anticipated legislation, CFIUS would have the ability to also review non-control investments by foreign entities in companies that are in the critical infrastructure or critical technology spaces or that hold personal data of U.S. citizens.

The legislation also explicitly opens the door for CFIUS to review other investments that give a foreign person influence over a U.S. entity or access to nonpublic information, such as the right to be on the board, nominate a board member or even just observe the board.

Real estate transactions are also explicitly pulled into reach for CFIUS, including investments and leases in proximity to sensitive government areas. The new legislation also specifically gives CFIUS the ability to review any deals that are structured in a way that aims to circumvent the review process.

"The FIRRMA legislation, in the first instance, takes the jurisdictional box of what CFIUS has legal authority to review and makes it much bigger," said Mario Mancuso, who leads Kirkland & Ellis LLP's international trade and national security practice. "FIRRMA is the most fundamental reform of CFIUS in its history."

While there were some concerns that private equity funds, which have investors from all over the world, might get snagged by the expansion of CFIUS' reach, that's no longer expected to be the case. Funds with foreign limited partners will be granted some relief from CFIUS' expanded powers, so long as they are U.S. funds, operated by U.S. general partners, and the foreign investors in the funds do not have influence over the funds' decision-making.

"There are provisions in the legislation that essentially make an exception for certain kinds of foreign investments that come through U.S. investment funds," said Brian Curran, a partner in Hogan Lovells LLP's regulatory practice group. "These provisions won't cover every foreign investment through a U.S. fund, but they should cover quite a few."

Formally Makes Personal Information an Area of Concern

As part of the expansion of CFIUS' reach, the interagency committee will formally be given the ability to review investments in U.S. entities that hold personal information of U.S. citizens. While that has snagged other potential foreign acquirers in the past, its formal inclusion in the text establishing CFIUS' power takes it a step further.

"Any acquisition where the party being acquired has access to lots of U.S. individuals' personal information could be looked at with a lot more scrutiny," said Thaddeus McBride, a Bass Berry & Sims PLC member. "That opens up a whole panoply of transactions that weren't previously open to CFIUS reviews."

The formal inclusion of personal data as a national security threat is not necessarily shocking, however. In January, Texas-based money transfer company MoneyGram International Inc. and China-based Ant Financial Services Group abandoned their merger plans amid pushback from CFIUS. It's understood that Moneygram's access to U.S. consumer data made the acquisition by a Chinese buyer seem risky.

That precedent, along with the more explicit legislation, could pull in more deals in areas generally seen as being outside of CFIUS' reach, like deals involving U.S. financial institutions or health care companies, McBride explained.

Pulls Outbound Tech Transfers From Changes

Although early drafts of FIRRMA called on CFIUS to review outbound transfers of technology or intellectual property, that proposal was pulled from the final version of the legislation.

"The original legislation that was introduced in the fall of 2017 expanded the jurisdiction of CFIUS to cover certain technology transfers," Curran said. "That was stripped out."

The idea wasn't scrapped entirely, though. Instead of having CFIUS review those types of deals, the Commerce Department will examine them as part of an enhanced export control licensing review.

"This export licensing review process for these emerging and foundational technologies is going to be somewhat beefed up from the traditional process, in that the Secretary of Commerce can request, as part of the process, a threat assessment from the Director of National Intelligence," Curran said.

Requires Certain Transactions to Undergo Review

Filing for CFIUS review has always been a voluntary process, with the caveat that the committee can review a deal it was not notified about if it believes there is a national security concern associated with it.

With FIRRMA, however, certain transactions would be required to file with CFIUS. Those deals that would spur a mandatory declaratory filing include those that involve a U.S. entity involved in the areas of critical infrastructure, critical technology and the personal data of U.S. citizens.

The declaratory filing is not a full filing. It's expected to be no more than five pages and really would just allow the parties to flag the deal to CFIUS so the committee can determine whether it would need to make a full filing to kick off an initial review period.

"The hope there is it can be a kind of expedited check to see if it's a transaction that CFIUS is interested in," said DJ Rosenthal, who co-chairs the CFIUS practice of Kroll Inc., a risk consulting firm. "That could significantly lessen the overall burden on the committee, and could also entice kind of marginal cases to file with the committee."

The light filings, along with the perception that the U.S. is cracking down on foreign investment, could help curb the burden the new legislation might otherwise place on CFIUS' resources.

"CFIUS has sort of a wider net to cast. Theoretically, more transactions are going to fall within its purview but some of the tougher measures, some of the more aggressive tools that the committee has, might scare off some potential foreign investors who look candidly at their likelihood of success and don't like the odds," Rosenthal said.

FIRRMA also extends the timeline for the review process. The initial investigation period is currently 30 days, but would be extended to 45 days. CFIUS would maintain the ability to then launch a 45-day investigation period, with the new ability to extend the investigation by 15 days under certain circumstances.

In practice, however, that will not be much of a change. As more deals have been filing for CFIUS approval, reviews have been taking longer, with the committee sometimes asking that filings be withdrawn and refiled to give it more time to conduct the review.

"Sensitive transactions and even transactions that aren't that sensitive have been taking longer to be reviewed anyway. So the timing issues may not, at the end of the day, be that different post-FIRRMA than they have been," McBride said.

Leaves It Up to Treasury to Fine-Tune Certain Provisions

FIRRMA calls for a broad overhaul of CFIUS, while also leaving a lot of the finer details of the framework and its implementation up to the committee to fine-tune at a later point.

"The legislation spells out that certain provisions go into effect right away when the legislation is signed into law by the president, and other provisions might not go into effect until as long as a year and a half later," Curran said.

Those details include determining how to calculate filing fees, which were previously not attached to the CFIUS process, and actually determining what would need to be disclosed on the smaller declaratory filings.

"It's unclear exactly when the Treasury will weigh in on those provisions, but considering the process, which includes a proposal and a comment period, early 2019 is for the time being a fair estimate," McBride said.

From there, foreign buyers might pull back a little until a few deals test out the new regime and there's a better understanding of just how all of the changes actually work in practice.

"There could be sort of a cooling-off period in foreign investment in the U.S. while the process plays itself out and while the new regulations are observed in practice," McBride said.

--Editing by Pamela Wilkinson and Kelly Duncan.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!