Pursuant to amendments implementing the Foreign Investment Risk Review Modernization Act (“FIRRMA”), which expanded CFIUS jurisdiction in several respects, certain types of transactions are subject to mandatory declarations with CFIUS. Currently, one type of transaction that requires a mandatory filing is one in which: 1) the target company produces, designs, tests, manufactures, fabricates, or develops a “critical technology.” A “critical technology” is an item that is included on one of the U.S. export control lists, including the Commerce Control List (“CCL”), included within the Export Administration Regulations (“EAR”); and 2) the target company uses the critical technology in a sensitive industry, identified in Appendix B to the CFIUS regulations (31 C.F.R. Part 800). This two-prong test is slightly more strict than the export control regulations themselves because an item included in the CCL is not generally restricted for export to all destinations. For example, transactions with NATO allies are generally subject to more permissive restrictions than are transactions with other countries. The current CFIUS mandatory declaration framework does not account for this distinction.

The proposed rule would more closely align the mandatory filing obligations with the export control analysis. Under the proposed rule, the mandatory declaration obligation would be amended to apply to transactions in which the export, re-export, or transfer of a critical technology would require an authorization from one of the export controls regulators. Specifically, CFIUS would consider the nationality of the transaction parties and non-U.S. parties in the ownership chain of the acquiring entity. Further, under the proposed rule, CFIUS would no longer consider the industry in which the target company operates. Overall, we expect that the proposed rule would result in fewer mandatory declarations from countries subject to relatively permissive U.S. export controls.

If implemented, this rule would increase the importance of transaction due diligence clearly identifying what export-controlled items and know-how a target company produces or develops. Because mandatory declarations are required prior to the completion of a transaction and failure to timely file can result in a penalty of up to the transaction value, all parties must clearly understand the export controls implications of a proposed transaction well in advance of a transaction’s close.

Jurisdiction over non-controlling investments

The draft regulations identify several company types that satisfy the first part of the test. The first type is a business that produces or otherwise deals in certain “critical technologies.” A separate statute[2] authorizes the Department of Commerce to identify these critical technologies. Although the Department of Commerce did identify examples of these technologies in a 2018 rulemaking, that process is not yet complete.

The second type is a business that maintains or otherwise deals in sensitive personal data of U.S. persons. The scope of sensitive personal data is likely to be very broad in practice, but must be able to be used to identify a person by a “personal identifier.” There are limited exceptions that include anonymized data. In practice, financial firms, insurance firms, firms collecting medical information, and firms in industries that collect similar types of personal identifier information, including certain internet and media firms, are very likely to fall within this type of company.

The final type is a business that owns, operates, manufactures, or otherwise performs a function specified in the regulations in critical infrastructure, which includes infrastructure that, if incapacitated, would have a “debilitating impact” on U.S. national security. Examples of such “covered investment critical infrastructure” includes certain internet protocol networks; certain internet exchange points; certain submarine cable systems and facilities; satellite systems that provide services directly to the U.S. Department of Defense or a related component; certain specialty metals and carbon, alloy, and armor steel plates; systems related to the storage of electric energy comprising the bulk-power system; and several others

The draft regulations specify that, to satisfy the second part of this test, the foreign investor must gain access to certain enumerated rights. These enumerated rights include access to material, non-public, technical information, which includes information that provides information regarding critical infrastructure, or provides information regarding critical technology; membership or observer rights on the U.S. company’s board of directors; and any involvement, outside of voting rights provided by shareholding, in substantive decision making processes.

Mandatory filing types

The expanded jurisdiction regarding critical technology was initially rolled out in the Pilot Program prior to these draft regulations, which identified 27 specific technologies subject to the rules. These draft regulations do not alter the Pilot Program, though we do expect that the final version of the regulations will include information about the Pilot Program.

Further, any transaction resulting in a foreign government obtaining a “substantial interest” in a critical technology, critical infrastructure, or personal data company is subject to a mandatory filing. In general, if the foreign government owns at least a 49 percent voting interest in the foreign person acquiring the U.S. business, and the foreign person is acquiring at least 25 percent of the U.S. business, that would qualify as a substantial interest.

Putting the mandatory filing provisions aside, in general, the proposed FIRRMA implementing regulations codify, rather than expand, the current jurisdiction already exercised by CFIUS in practice. The rulemaking is a clear indication, however, that CFIUS intends to continue to review non-U.S. investments in critical infrastructures and technologies. Moreover, other aspects of FIRRMA – including those related to the imposition of penalties – suggest a more proactive CFIUS going forward.

[1] Currently, the proposed regulations are in a notice and comment period, and there are likely to be some changes in the final rules. However, the basic outline of the changes are unlikely to change substantially.

[2] The Export Control Reform Act of 2018, which was also part of the broader National Defense Authorization Act package that included FIRRMA, is this authority.

Expansion and clarification of jurisdiction

FIRRMA both expands CFIUS jurisdiction and codifies certain existing practices. CFIUS reviews certain “covered transactions” to determine whether proposed foreign investments in a U.S. business would impair U.S. national security, and has the authority, along with the president, to block or amend transactions. Under current law, a “covered transaction” requires that a foreign person have effective control over a U.S. business.[2] FIRRMA expands CFIUS jurisdiction to several non-controlling transactions, if the investment involves:

• Critical technologies. This includes items or technology that are subject to export controls under either the International Traffic in Arms Regulations (“ITAR”) or the Export Administration Regulations (“EAR”), as well as certain undefined “emerging and foundational technologies.”[3]
• Critical infrastructure. The Committee will “enumerate specific types and examples” of critical infrastructure, and will presumably include defense and military, energy, telecommunication, and financial infrastructure, among others. However, because the regulations will likely enumerate a non-exhaustive list, the Committee may interpret this term broadly.
• Sensitive personal data of U.S. citizens. This will broadly include consumer data, as well as information regarding financial services, insurance, and health care.

Other expansions of CFIUS jurisdiction include the Committee’s ability to review certain changes in a foreign investor’s existing rights in a U.S. entity, which could allow the Committee to review both the initial investment by a foreign person, as well as any future investment or change to an entity’s governance structure or authorities. Further, CFIUS may review transactions in real estate located near military facilities, ports, or other sensitive national security facilities. These expansions largely formalize our experience with current CFIUS practices. though it may signal the Committee’s intention to assert this jurisdiction more aggressively.

Administrative procedures and appeals

FIRRMA made significant changes to the CFIUS process, including changes regarding expedited reviews for less sensitive transactions, mandatory filings for certain transactions, timing of the review and investigation procedures, and transparency.

• Expedited reviews. CFIUS will permit parties to file a short “declaration,” rather than a full joint voluntary notice, describing less sensitive transactions. CFIUS will then have 30 days to respond to the declaration by either clearing the transaction or demanding a full joint voluntary notice.
• Mandatory filings. Under current law, submitting a transaction to CFIUS for review and investigation is a voluntary process. Although most transactions will remain subject to voluntary filing, CFIUS will require notification of transactions in which the U.S. business involves either critical infrastructure or critical technology, and a foreign government has a substantial interest in the foreign investor. CFIUS will define “substantial interest” in subsequent rulemakings.
• Review and investigation timelines. When considering a transaction, CFIUS currently has a 30-day review period and an additional 45-day investigation period, if necessary. FIRRMA extends both of these timeframes, automatically making the review period 45 days and allowing the Committee to extend the investigation phase to 60 days, if necessary.
• Increased transparency. CFIUS currently provides an annual report to Congress, but focuses almost exclusively on broad, aggregated statistics (such as the nationality of foreign investors and the economic sector of the U.S. business). FIRRMA will require CFIUS to report at least basic details regarding all reviews that include a full notice, which will include the results of the case. CFIUS will also be required to provide statistics on the length of time the CFIUS review process takes. The increased transparency will offer parties significantly more information regarding how CFIUS has handled transactions in the past and may allow the development of some baseline precedents.
• Judicial review. Currently, only very limited substantive due process appeal rights exist in the CFIUS context.[4] FIRRMA will allow appeals of CFIUS determinations to the DC Circuit Court of Appeals, though presidential determinations are not included in the right to judicial review.
• Filing fees. CFIUS will establish by regulation a filing fee for full notices, though the fee may not exceed either $300,000 or one percent of the value of the transaction. These fees will allow CFIUS to increase its staff to handle CFIUS’ notoriously heavy workload.

______________

[1] Although the majority of the statutory provisions will come into force 180 days after FIRRMA’s effective date, some provisions will be in force immediately after the president signs the bill, including the changes to the review and investigation period timeframes and the right to judicial review.

[2] In our experience, any transaction not meeting the regulatory 10 percent foreign ownership threshold has been potentially subject to CFIUS review.

[3] An interagency committee will be established to identify emerging and foundational technologies.

[4] See Ralls Corp. v. CFIUS.

CFIUS is an inter-agency committee that has jurisdiction to review transactions that could result in control of a U.S. business by a foreign person If CFIUS determines the transaction presents a national security risk, it can take action to mitigate the risk or refer the case to the President for further action. The reforms under FIRRMA would expand CFIUS’s jurisdiction to review foreign minority investments in start-ups in key sectors, certain sensitive real estate transactions, and joint ventures – all of which are currently not subject to examination. The FIRRMA bill passed in the House specifically notes that the “national security risks related to foreign investment, particularly those emanating from countries such as China and Russia, warrant an appropriate modernization of the processes and authorities of {CFIUS}.” FIRRMA would also expand existing export controls that govern trade in sensitive technologies.

President Trump’s statement this week comes after a May 29, 2018 statement from the White House regarding the implementation of investment restrictions on China. Press reports and statements by Administration officials had suggested significant increased investment restrictions that may apply to more countries than China. While the FIRRMA amendments that President Trump now supports are not limited to China, his June 27^th statement ties backing of the legislation directly to the recent Section 301 action in response to China’s unfair trading practices with respect to U.S. intellectual property and technologies.

The White House statement this week also indicates that President Trump may take alternative action if FIRRMA is not passed by Congress. That could include an executive order that would ban companies with at least 25 percent Chinese ownership from U.S. investment, and would restrict companies with an even lower threshold of Chinese ownership from gaining a board seat on a U.S. company or obtaining access to certain technology through a merger or acquisition of a U.S. firm.