April 17, 2024

CFIUS’ Proposed Rules Enhance its Enforcement Authority

Darshak Dholakia, Betsy Feuerstein, Hrishikesh Hari, Amy Jicha, Brooklynn Moore, Jeremy Zucker

Dechert LLP

+ Follow Contact

Facebook

Send

Embed

Dechert LLP

Key Takeaways

The U.S. Department of Treasury (“Treasury”), which is Chair of the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”), released a Notice of Proposed Rulemaking on April 11, 2024 (“NPRM”) meant to “enhance [CFIUS’] procedures and sharpen its penalty and enforcement authorities.”
The NPRM invites public comment on the proposed changes to CFIUS’ regulations. Public comments can be submitted through May 15, 2024.
The proposed changes to CFIUS’ implementing regulations (31 C.F.R. Parts 800 and 802) reflect lessons learned by the Committee with respect to compliance, deterrence, enforcement, and addressing U.S. national security risks in connection with the Committee’s work. These changes seek to build on the Committee’s Enforcement and Penalty Guidelines (our prior coverage is available here) that were published in 2022.
The trendlines remain clear: CFIUS continues to be focused on managing the impact of foreign investments on U.S. national security and is strengthening and refining its tools to do so. Although CFIUS has historically only engaged in enforcement activities sparingly (there have only been two CFIUS enforcement actions disclosed pre-FIRRMA and none so far post-FIRRMA), the Committee has pursued new enforcement actions in recent years and the investment community is expecting additional information in connection with those actions over the months ahead.

This OnPoint analyzes CFIUS' proposed rule, which aims to enhance its monitoring, compliance, and enforcement capabilities.

CFIUS Notice of Proposed Rulemaking: Key Changes

CFIUS is an interagency committee, chaired by the U.S. Department of the Treasury, which has broad powers to review non-U.S. investments in, and acquisitions of, U.S. businesses to determine the potential impact on U.S. national security. CFIUS has the authority to review matters that are brought before it and to initiate its own transaction reviews. It may impose mitigation measures on transactions that it determines are a risk to U.S. national security and any failure to comply with such measures may result in the imposition of a penalty by the Committee.

After almost a year of preview from CFIUS officials, Treasury has issued an NPRM that previews a series of amendments to CFIUS’ implementing regulations (31 C.F.R. Part 800 and Part 802) designed to enhance CFIUS’ enforcement authority, reduce mitigation negotiation timelines, and increase applicable civil monetary penalties, among other changes. Below, we highlight the proposals outlined in the NPRM, and how they compare to CFIUS’ current authorities.

Topic	Current Rule	Proposed Change	Analysis
Timing Constraints for CFIUS Mitigation Negotiations	The current CFIUS regulations do not include a specified timeframe in which transaction parties must respond to proposed mitigation agreement terms.	Transaction parties would have three business days to provide a substantive response to proposed mitigation agreement terms (both initial and subsequent proposals or revisions) unless an extension is granted by the Committee.	The Committee has likely proposed this timeframe to ensure that the negotiation of mitigation measures does not linger and/or result in a withdraw and refile request, which extends the CFIUS review process. As seen in the most recent CFIUS Annual Report data (see our coverage of the 2022 CFIUS Annual Report here), there has been a recent increase in the number of transactions subject to mitigation measures. In practice, the requirements may make it more difficult to conclude reviews in which mitigation agreements are required. Such agreements often require careful consideration by transaction parties; it may prove challenging, absent an extension, to fully consider and offer thoughtful responses to a proposed mitigation agreement in just three business days. This proposed change, among others, highlights the importance of developing a sophisticated CFIUS strategy in advance and evaluating the likelihood and feasibility of potential mitigation measures from the earliest stages of a transaction.
Enhanced Ability to Investigate and Request Information	The Committee may currently request information from parties regarding information: (i) to monitor compliance with or enforce the terms of a mitigation agreement, order, or condition, (ii) to determine whether transaction parties have made material misstatements or omitted material information during the course of previously concluded review or investigation (including in such cases where the transaction parties’ CFIUS filing was rejected by the Committee), and (iii) necessary to determine whether the non-notified transaction would constitute a “covered transaction” that is subject to CFIUS’ jurisdiction for review. If deemed necessary by the Committee, it may exercise its subpoena authority in order to obtain information from transaction parties or other persons.	The proposed ruIe would expand the Committee’s authority and permit it to request information from parties or other persons regarding information: (i) to monitor compliance with or enforce the terms of a mitigation agreement, order, or condition, (ii) to determine whether transaction parties have made material misstatements or omitted material information during the course of previously concluded review or investigation (including in such cases where the transaction parties’ CFIUS filing was rejected by the Committee), (iii) necessary to determine whether the non-notified transaction would trigger a mandatory CFIUS filing obligation, and (iv) necessary to determine whether the non-notified transaction would raise national security considerations. If deemed appropriate by the Committee, it may obtain information from parties to a transaction or transaction parties do not comply, CFIUS may seek to compel the provision of such information through exercising its subpoena power.	One of the goals of the NRPM is to enhance CFIUS’ regulations in order to more effectively promote compliance so that CFIUS can “swiftly” address potential U.S. national security risks in connection with CFIUS reviews. The proposed changes compelling responses to certain information requests further that goal. Of course, the Committee already enjoys broad authority with respect information requests and it is unclear how the Committee will utilize these new authorities. One important change with the proposed rules is that it will allow the Committee to require non-parties to transactions to provide information to the Committee in a number of circumstances. It will be important to monitor how the Committee will utilize this authority and if third parties (i.e., beyond the transaction parties) should now expect to receive subpoenas or information demand letters. It will also be important to understand how the Committee will protect the confidentiality of the CFIUS review process if it begins to reach out to non-transaction parties to request information regarding parties to active or concluded reviews. Another key change relates to the Committee’s authority with respect to non-notified transactions. For context, CFIUS has authority to review transactions submitted to it for review and also has the authority to initiate its own review of transactions. CFIUS has dedicated significant resources to the review of non-notified transactions in recent years and its casework in this area is expanding. This proposed change will broaden the Committee’s ability to review non-notified transactions and strengthen the Committee’s ability to assess whether a CFIUS review is necessary. These changes appear to formalize existing practices with respect to the Committee’s growing body of work with respect to non-notified transactions and offer greater flexibility to the Committee with respect to its information requests in such reviews.
Expanded Penalties	The current maximum penalty amounts for the following actions are either (i) $250,000 (per violation), or (ii) the value of transaction (whichever is greater): The submission of a CFIUS filing with a material misstatement or omission, or the making of a false certification; Failure to submit a mandatory CFIUS filing; or Violations of material provisions of mitigation agreements, material conditions imposed by the Committee, or orders issues by the Committee.	The maximum penalty amounts for the following actions will be increased to either (i) $5,000,000 (per violation), (ii) the value of the transaction, or (iii) the value of an investor’s interest in a U.S. business at the time of the violation or the transaction (whichever is greatest): The submission of a CFIUS filing with a material misstatement or omission, or the making of a false certification; Making a material misstatement or omission to the Committee in contexts outside of a CFIUS filing (e.g., in response to the Committee’s requests for information related to non-notified transactions or in response to the Committee’s request for information relating to monitoring or enforcing compliance); Failure to submit a mandatory CFIUS filing; or Violations of material provisions of mitigation agreements, material conditions imposed by the Committee, or orders issues by the Committee.	These proposed changes expand the Committee’s penalty and enforcement tools by increasing the civil monetary penalty amount that the Committee may impose and expand the scope of activities that may result in a penalty. Transaction parties must ensure they are forthcoming in their responses and filings made with CFIUS as well as comply with all national security measures. Given the existing penalty authorization which already allowed penalties up to the value of the transaction, it will be important to monitor how the Committee uses this new authority.

Topic

Current Rule

Proposed Change

Analysis

Timing Constraints for CFIUS Mitigation Negotiations

The current CFIUS regulations do not include a specified timeframe in which transaction parties must respond to proposed mitigation agreement terms.

Transaction parties would have three business days to provide a substantive response to proposed mitigation agreement terms (both initial and subsequent proposals or revisions) unless an extension is granted by the Committee.

The Committee has likely proposed this timeframe to ensure that the negotiation of mitigation measures does not linger and/or result in a withdraw and refile request, which extends the CFIUS review process. As seen in the most recent CFIUS Annual Report data (see our coverage of the 2022 CFIUS Annual Report here), there has been a recent increase in the number of transactions subject to mitigation measures. In practice, the requirements may make it more difficult to conclude reviews in which mitigation agreements are required. Such agreements often require careful consideration by transaction parties; it may prove challenging, absent an extension, to fully consider and offer thoughtful responses to a proposed mitigation agreement in just three business days. This proposed change, among others, highlights the importance of developing a sophisticated CFIUS strategy in advance and evaluating the likelihood and feasibility of potential mitigation measures from the earliest stages of a transaction.

Enhanced Ability to Investigate and Request Information

The Committee may currently request information from parties regarding information: (i) to monitor compliance with or enforce the terms of a mitigation agreement, order, or condition, (ii) to determine whether transaction parties have made material misstatements or omitted material information during the course of previously concluded review or investigation (including in such cases where the transaction parties’ CFIUS filing was rejected by the Committee), and (iii) necessary to determine whether the non-notified transaction would constitute a “covered transaction” that is subject to CFIUS’ jurisdiction for review. If deemed necessary by the Committee, it may exercise its subpoena authority in order to obtain information from transaction parties or other persons.

The proposed ruIe would expand the Committee’s authority and permit it to request information from parties or other persons regarding information: (i) to monitor compliance with or enforce the terms of a mitigation agreement, order, or condition, (ii) to determine whether transaction parties have made material misstatements or omitted material information during the course of previously concluded review or investigation (including in such cases where the transaction parties’ CFIUS filing was rejected by the Committee), (iii) necessary to determine whether the non-notified transaction would trigger a mandatory CFIUS filing obligation, and (iv) necessary to determine whether the non-notified transaction would raise national security considerations. If deemed appropriate by the Committee, it may obtain information from parties to a transaction or transaction parties do not comply, CFIUS may seek to compel the provision of such information through exercising its subpoena power.

One of the goals of the NRPM is to enhance CFIUS’ regulations in order to more effectively promote compliance so that CFIUS can “swiftly” address potential U.S. national security risks in connection with CFIUS reviews. The proposed changes compelling responses to certain information requests further that goal. Of course, the Committee already enjoys broad authority with respect information requests and it is unclear how the Committee will utilize these new authorities.

One important change with the proposed rules is that it will allow the Committee to require non-parties to transactions to provide information to the Committee in a number of circumstances. It will be important to monitor how the Committee will utilize this authority and if third parties (i.e., beyond the transaction parties) should now expect to receive subpoenas or information demand letters. It will also be important to understand how the Committee will protect the confidentiality of the CFIUS review process if it begins to reach out to non-transaction parties to request information regarding parties to active or concluded reviews.

Another key change relates to the Committee’s authority with respect to non-notified transactions. For context, CFIUS has authority to review transactions submitted to it for review and also has the authority to initiate its own review of transactions. CFIUS has dedicated significant resources to the review of non-notified transactions in recent years and its casework in this area is expanding. This proposed change will broaden the Committee’s ability to review non-notified transactions and strengthen the Committee’s ability to assess whether a CFIUS review is necessary. These changes appear to formalize existing practices with respect to the Committee’s growing body of work with respect to non-notified transactions and offer greater flexibility to the Committee with respect to its information requests in such reviews.

Expanded Penalties

The current maximum penalty amounts for the following actions are either (i) $250,000 (per violation), or (ii) the value of transaction (whichever is greater):

The submission of a CFIUS filing with a material misstatement or omission, or the making of a false certification;

Failure to submit a mandatory CFIUS filing; or

Violations of material provisions of mitigation agreements, material conditions imposed by the Committee, or orders issues by the Committee.

The maximum penalty amounts for the following actions will be increased to either (i) $5,000,000 (per violation), (ii) the value of the transaction, or (iii) the value of an investor’s interest in a U.S. business at the time of the violation or the transaction (whichever is greatest):

The submission of a CFIUS filing with a material misstatement or omission, or the making of a false certification;

Making a material misstatement or omission to the Committee in contexts outside of a CFIUS filing (e.g., in response to the Committee’s requests for information related to non-notified transactions or in response to the Committee’s request for information relating to monitoring or enforcing compliance);

Failure to submit a mandatory CFIUS filing; or

Violations of material provisions of mitigation agreements, material conditions imposed by the Committee, or orders issues by the Committee.

These proposed changes expand the Committee’s penalty and enforcement tools by increasing the civil monetary penalty amount that the Committee may impose and expand the scope of activities that may result in a penalty. Transaction parties must ensure they are forthcoming in their responses and filings made with CFIUS as well as comply with all national security measures. Given the existing penalty authorization which already allowed penalties up to the value of the transaction, it will be important to monitor how the Committee uses this new authority.

Conclusion

As evidenced by the NPRM, the CFIUS landscape continues to evolve in anticipation of an increasing workload for CFIUS. A sophisticated CFIUS strategy, at every step of the process, can make a significant difference. Parties contemplating transactions involving foreign investments in U.S. businesses should evaluate CFIUS considerations early in the transaction process and ensure that if mitigation measures are imposed, there is an actionable compliance program developed to oversee compliance with the parties’ obligations. As the Committee continues to make clear now formally through the NPRM, the cost for failing to do so may be more than reputational.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.