Overview
On October 20, 2022, the Committee on Foreign Investment in the United States (CFIUS) issued new Enforcement and Penalty Guidelines (the “Guidelines”). CFIUS is an interagency committee that reviews and seeks to mitigate national security risk arising from foreign investment in U.S. businesses and real estate. The Guidelines follow closely on the heels of an executive order re-emphasizing the U.S. Government’s strategic and policy focus on non-U.S. parties’ access to and influence or control of sensitive data, technologies, infrastructure, supply chains, and other national security-sensitive equities.
The Guidelines signal CFIUS’s commitment to increasing accountability and consistency in its approach to exercising authority to review and mitigate national security risk arising from covered foreign investment in U.S. businesses and real estate. Investors, companies, and practitioners who communicate with CFIUS, that are involved in CFIUS mitigation, and/or are involved in investment transactions that may implicate national security-sensitive equities may be substantially affected by the Guidelines. This client alert summarizes the Guidelines’ key provisions and assesses its purpose and implications.
Guidelines Summary
The Guidelines provide for enforcement where transaction parties:
-
fail to file a mandatory declaration regarding investment in a critical technology business or by a foreign sovereign-controlled entity ( “Non-Notified Transactions”),
-
fail to comply with CFIUS mitigation agreement or order, or
-
make a material misstatement or omission to CFIUS.
The Guidelines describe multiple channels through which CFIUS may obtain relevant information, including Requests for Information directed from CFIUS to affected parties, voluntary disclosures, and tips from third parties. The Guidelines also establish a process for administrative notice, reconsideration, and final determination of penalty decisions.
Finally, the Guidelines define numerous “Aggravating and Mitigating Factors” that CFIUS will consider when determining an appropriate penalty for a violation. The Guidelines state that the factor analysis is fact-specific, and may include the following considerations:
-
Accountability and future compliance
-
Harm to national security
-
Negligence, awareness, and intent
-
Persistence and timing
-
Response and remediation (including cooperation)
-
Sophistication and record of compliance
Notably, CFIUS’s civil penalty authority is substantial, including a fine up to the value of the underlying investment transaction and/or unwinding a deal—even years after its completion.
Purpose and Implications
The Guidelines likely signal a more assertive CFIUS approach to compliance and enforcement, which may significantly affect CFIUS-covered transactions and mitigation. In a statement accompanying the Guidelines’ publication, CFIUS head Paul Rosen (a former federal prosecutor) stated, “Compliance with CFIUS mitigation agreements is not optional, and the Committee will not hesitate to use all of its tools and take enforcement action to ensure prompt compliance and remediation, including through the use of civil monetary penalties and other remedies.”
In recent comments, senior CFIUS officials have expressed that the Committee intends to prioritize enforcement in order to drive accountability and consistency. More resources will be applied to identify and enforce penalties for Non-Notified Transactions. CFIUS also intends to look closely at parties’ implementation of mitigation requirements to establish accountable expectations for early and robust compliance.
The implications for affected investors, companies, and practitioners may be significant. CFIUS has not publicly disclosed any civil penalties since 2019 and recent compliance practice has tended to involve extensive communication between CFIUS and the parties regarding the coordination of expectations. Publication of the Guidelines and accompanying statements may reflect CFIUS leadership's impatience with this approach and a shift toward increased focus on prompt accountability and enforcement.
This shift also mirrors recent actions by other U.S. national security authorities (including the Office of Foreign Asset Control and the Bureau of Industry Security) and statements by Department of Justice and Administration leadership that the U.S. government intends to leverage regulatory enforcement tools to secure national security objectives.
In this context, it is important for potentially affected parties to ensure that they actively understand and engage with CFIUS and related national security requirements and risks. In particular parties:
-
Contemplating investments involving non-U.S. persons should evaluate whether the deal may present national security items that implicate CFIUS jurisdiction.
-
Communicating with CFIUS must ensure that their communications are accurate, fulsome, and do not omit or obscure material information.
-
Involved in CFIUS mitigation should ensure that they are aligned with the applicable CFIUS Monitoring Agencies regarding mitigation expectations and that the parties implement an auditable compliance program to demonstrate satisfactory performance.