On April 11th, the US Department of the Treasury, as chair of the Committee on Foreign Investment in the United States (CFIUS), issued a Notice of Proposed Rulemaking (NPRM) to "enhance certain CFIUS procedures and sharpen its penalty and enforcement authorities." The proposed rule, which is the first update to the mitigation, information-gathering, and enforcement provisions of the CFIUS regulations since the implementation of the Foreign Investment Risk Review Modernization Act of 2018, signals CFIUS's continued focus on bolstering its ability to pursue non-notified transactions and penalize non-compliance with the CFIUS regulations and CFIUS mitigation requirements. Notably, the proposed changes would also impose tight timelines (to which extensions may be granted) on transaction parties substantively responding to CFIUS mitigation proposals. This is potentially highly consequential, as parties may have less time to process and understand the implications of mitigation terms, the importance of which is elevated given that CFIUS is actively strengthening its mitigation monitoring and enforcement efforts.

Public comments to the proposed rule must be submitted by May 15, 2024.The three main proposed changes, and our key takeaways, are as follows:

• Three-Day Deadline for Responding to Proposed Mitigation Terms

  Bottom line: CFIUS would impose a three-business-day deadline (to which CFIUS may grant "reasonable extension requests on a case-by-case basis") for parties to provide a substantive response to mitigation proposals. This means that parties would operate under a highly compressed timeline to review, understand, and assess the feasibility and business implications of proposed mitigation terms—as well as coordinate as needed with each other—before responding to CFIUS.

  The NPRM seeks to impose a three-business-day period for parties to respond substantively to proposed mitigation terms (both initial and subsequent proposals or revisions) unless the parties request an extension and CFIUS grants such request. CFIUS is statutorily required to complete an investigation of a transaction within 45 calendar days (which, if initiated or required, follows an initial 45-calendar-day review period). If CFIUS intends to require mitigation terms as a condition to clearing the transaction, it typically will propose the mitigation terms during the investigation period and will negotiate with the parties to finalize such terms within the 45-day period. Currently, neither CFIUS nor the parties are obligated to respond to proposed terms within a specified time. If negotiations appear likely to extend beyond the statutory end date, parties may request to withdraw and resubmit their filing to afford both the parties and CFIUS more time to negotiate, which is the typical process to extend the CFIUS timeline when needed. As we previously reported, there have been a relatively high instance of notices being withdrawn and refiled in recent years—in 2022 (the most recent year for which data is available), 31% of notices withdrawn (77% of which were later refiled). This proposed rule appears aimed at reducing the frequency of withdrawals and resubmissions to resolve more cases within a single, 90-day review and investigation cycle.

  The NPRM's proposed deadline would obligate the parties to evaluate and "substantively respond" to proposed mitigation within three business days unless CFIUS grants an extension. The commentary in the NPRM states that CFIUS "expects a substantive response to consist of acceptance of the terms, a counterproposal, or a detailed statement of reasons that the party or parties cannot comply with the proposed terms, which may also include a counterproposal," but the proposed rule itself does not specify any particular criteria required for a substantive response. As justification for the new deadline, the NPRM notes that the absence of such requirement can often lead to a protracted negotiation process, particularly for transactions that have already closed. The NPRM further notes that absent such a rule, parties may not be incentivized to agree quickly to mitigation terms, and that timing is critical where CFIUS has identified an extant risk to national security for closed transactions. CFIUS, however, is empowered (and in certain cases has) addressed such risks by imposing an interim mitigation order while negotiations progress—though the NPRM does not reference such practice. This risk to national security is also seemingly not addressed by CFIUS's remedy under the proposed rule, which is for CFIUS to reject a filing (thereby taking it out of the CFIUS review process) if the parties do not respond substantively to mitigation terms on time. Notably, the NPRM does not impose any requirement for CFIUS to provide mitigation terms to transaction parties by a certain date within the process or any reciprocal deadlines for CFIUS to respond to parties' proposals, revisions, or concerns regarding mitigation.

  Given this proposal—combined with CFIUS increasing the frequency of requiring mitigation and being highly focused on monitoring and enforcement of mitigation compliance—it is critical that parties retain counsel capable of anticipating mitigation terms for their specific transaction well before the government may request them and that can help them quickly understand implications of mitigation implementation if and when the terms are received. Mitigation terms can include nuanced requirements that present a variety of implementation complexities. By being conceptually familiar with terms that CFIUS is likely to impose, parties will be better positioned to process and respond timely and constructively to mitigation proposals.

• Higher Potential Civil Monetary Penalties

  Bottom line: CFIUS is increasing by twenty-fold—from $250,000 to $5 million—the explicit monetary cap for civil penalties relating to material statements or omissions, material violations of mitigation requirements, and failure to make a mandatory filing. The stated justification is to deter bad actors, but the NPRM also states that penalties will continue to be determined on a case-by-case basis pursuant to the Enforcement and Penalty Guidelines CFIUS issued in 2022. CFIUS has consistently emphasized enforcement in the past several years, and the NPRM demonstrates that CFIUS wants sharper and increasingly impactful authorities as it transitions to being more of an enforcement body.

  The NPRM seeks to increase the maximum potential penalty amounts for the following violations:

  • Material misstatements or omissions or the making of a false certification: Currently, the maximum penalty for making a material misstatement or omission in a filing or for making a false certification is $250,000 per violation. The NPRM seeks to increase such maximum penalty to $5,000,000 per violation. The NPRM also seeks to expand the list of circumstances in which these penalties may be imposed, including certain responses to non-notified inquiries and certain requests relating to monitoring and enforcing compliance.
     
  • Mandatory filings: The current maximum penalty for failing to make a mandatory filing is $250,000 or the value of the transaction, whichever is greater, per violation. The NPRM seeks to increase the maximum penalty to the greater of $5,000,000 or the value of the transaction per violation.
     
  • Violations of mitigation agreements: The current maximum penalty for violating a mitigation agreement or condition is $250,000 or the value of the transaction, whichever is greater, per violation. The NPRM seeks to increase the maximum penalty, per violation, to the greater of (1) $5,000,000, (2) the value of the person's interest in the US business at the time of the transaction, (3) the value of the person's interest in the US business at the time of the violation, or (4) the value of the transaction filed with CFIUS. This change from the reference to the value of the transaction provides CFIUS additional flexibility to potentially impose higher penalties for violations by being able to calculate that value in a variety of ways.
     

  While the NPRM frames the proposed increases in part based on outdated standards that no longer have a significant deterrent effect, the focus on penalties is consistent with CFIUS's recent and repeated emphasis on compliance and enforcement, as we detailed previously. CFIUS views the increase in the maximum penalty amounts as a stronger deterrent while also maintaining CFIUS's discretion in choosing the appropriate penalty amount in discrete cases consistent with its Enforcement and Penalty Guidelines.

• Broader CFIUS Authorities for Requiring Information Regarding Non-Notified Transactions

  Bottom line: The NPRM would empower CFIUS to require additional information in connection with a non-notified outreach to assess both substantive national security considerations a transaction might present as well as whether a mandatory filing should have been made for the transaction. In practice, CFIUS has considered such information in non-notified inquiries, though the proposed rule would formalize such authorities. Notably, the proposed rule also empowers CFIUS to require information from "other persons"—not just the parties to the transaction—in connection with its non-notified process.

  The NPRM seeks to expand the information that CFIUS may request from parties to include information related to whether a transaction may raise substantive national security considerations and information concerning whether a transaction meets the criteria for a mandatory filing. The NPRM also seeks to empower CFIUS to require information from "other persons" that are not parties to the non-notified transaction. The current CFIUS regulations only provide that CFIUS may require the parties to a non-notified transaction to provide to CFIUS information necessary to determine whether the transaction is a covered transaction (i.e., a transaction subject to CFIUS's jurisdiction).

  The NPRM states that by gathering this additional information, CFIUS would be able to better prioritize transactions that parties were required to submit (i.e., mandatory filings) or that otherwise warrant formal review (i.e., covered transactions that present national security considerations). The NPRM further seeks to lower the standard that is needed for CFIUS to obtain such information through subpoena—from if deemed "necessary" by CFIUS to if deemed "appropriate."

  In our experience, CFIUS's non-notified team sometimes requests, and parties generally provide, information unrelated to its jurisdictional assessment (e.g., information about the parties, their products and services, their customers, etc.), so some parts of this proposed rule merely codify current practice. It is unclear, however, under what authority CFIUS will compel persons who are not parties to a transaction to provide information to CFIUS and how aggressively CFIUS will use such authorities. The NPRM indicates that CFIUS will not use these additional authorities as a substitute for formal review, but there does remain the potential for broad and burdensome substantive requests outside of the formal process—and prior to CFIUS even determining that it has jurisdiction over the given transaction. For example, CFIUS could potentially compel a range of substantive information (including by subpoena) from passive limited partners in connection with private equity investments.

Overall, the NPRM reflects a continuously evolving and increasingly aggressive CFIUS that is seeking to expand and bolster its powers to address potential national security concerns relating to foreign investment into the United States.