CFIUS Invokes National Security in Ordering Indian Company to Divest Equity in U.S. Company

by Goodwin

Before investing in the United States, foreign companies and their U.S. targets should consider the role of the Committee on Foreign Investment in the United States (“CFIUS”), a federal interagency committee empowered to review foreign investments in United States companies for national security concerns.

If a proposed transaction presents national security concerns, CFIUS has the power to require the parties to mitigate those concerns, or, if they cannot be mitigated, to block the transaction.  And if a transaction has not been submitted for pre-closing review, CFIUS can revisit closed transactions and order post-closing mitigation measures, including divestiture.

CFIUS’s broad authority came into focus again last week, when Polaris Financial Technology Ltd., headquartered in Chennai, India, announced that CFIUS had ordered it to divest its 85.3 percent ownership stake in U.S. company IdenTrust Inc., which provides digital identification authentication services, including to banks for electronic account management systems and to U.S. government agencies for secure cloud computing. 

The Polaris misadventure is one of several in recent years in which parties elected to close a transaction without CFIUS review, only later to find CFIUS taking action.  For parties to cross-border transactions, what should you know about the recent CFIUS activism? 

1.         The risks of closing a transaction without review by CFIUS have never been more substantial.

To be sure, the CFIUS process is “voluntary” in that no law is broken by parties who do not notify CFIUS of their transaction.  But CFIUS scans the press, reports filed with the Securities and Exchange Commission, and other sources to identify transactions that were not voluntarily submitted for CFIUS review.  As Polaris discovered, CFIUS increasingly initiates post-closing reviews, impacting those transactions and the reputations of the parties involved.

For instance, in 2011, Huawei Technologies of China was made to divest the assets of U.S.-based 3Leaf Systems, a cloud computing technology company.  Huawei had apparently believed the small $2 million acquisition was free from CFIUS’s jurisdiction as it involved only assets, but the inclusion of less than one-third of 3Leaf’s employees reportedly led CFIUS to conclude that it had jurisdiction. This was not Huawei’s first brush with CFIUS, having previously been blocked from investing in 3Com, 2Wire and Motorola.

CFIUS, concerned about possible espionage, has also ordered divestitures of Chinese investments in wind farm and mining projects proximate to U.S. military installations — i.e., nothing about the nature of the U.S. business itself indicated a national security concern, yet CFIUS blocked the transactions.  Does this mean that if a French private equity firm acquired a U.S. popsicle stick manufacturer with a plant proximate to a undisclosed U.S. intelligence facility, about which both parties were unaware, CFIUS could order divestiture?  In theory, yes. 

When parties who skirt the process are later “invited” by CFIUS to engage, suspicion about their motives may prove impossible to dispel.  What is clear is that parties to a transaction remotely within the scope of CFIUS’s jurisdiction forego CFIUS’s voluntary review process at considerable risk to their investment objectives and reputation.  For some companies, like Huawei, the costs of error seem incalculable.    

2.         The nature of national security is evolving and CFIUS will reach to assert jurisdiction in even questionable cases.

Polaris’s acquisition of IdenTrust presented features that called for CFIUS review, given the nature of the service (cybersecurity), the industry sectors (financial services, U.S. government agencies), and the United States’ complicated relationship with India.  But in other matters, “national security” — a term loosely tethered by equally vexing concepts such as “critical infrastructure” and “critical technologies” — is an expanding universe whose outer limits are hard to perceive.  Consider the acquisition of Smithfield Foods by the Chinese Shuanghui International Holdings Limited, a CFIUS-reviewed transaction that left many scratching their heads about what national security concerns are presented by a pork producer.

The importance of other endeavors to the national security will evolve, including clean technologies that gain importance for the nation’s energy requirements; new payment systems that alter the financial system; biomedical advances that disclose new vulnerabilities; social media technologies that change how we interact; “Big Data” that opens new windows on who we are; and all manner of other technologies that were inconceivable a short generation ago.  The relationship of each to the national security will present difficult questions. 

Where CFIUS does perceive a national security concern, it will assert jurisdiction aggressively.  Because the parties to a transaction can offer little resistance when CFIUS takes an interest, only those transactions falling well outside the scope of what is a “covered transaction” under the CFIUS regulations will be safe from review. 

3.         CFIUS reviews are taking longer to complete, with repercussions that spread beyond CFIUS’s mandate.

CFIUS has unfortunately done little to make the review process more inviting or expeditious for parties who submit to it.  A CFIUS review is subject to an initial 30-day review period, after which CFIUS can initiate a second “investigation” phase of up to 45 additional days. 

In 2007, when roughly 4 percent of filed cases were the subject of an investigation, it was safe for parties to plan around the likelihood that CFIUS would clear their transactions within 30 days.  Yet in 2011, the most recent year for which figures are available, roughly 36 percent of filed cases — over one in three — were sent to the investigation phase.  The resulting delays can frustrate the acquirer’s desire to close a transaction quickly.  For example, CFIUS’s investigation in 2012 of SAP’s proposed acquisition of the cloud-based human capital management firm SuccessFactors required SAP to extend its tender offer deadline. 

Parties can also expect intrusive questions during a CFIUS review, including some suggesting that CFIUS’s constituent agencies are advancing their independent regulatory objectives.  Not infrequently, information learned by CFIUS within the review process leads to further questions from its member agencies, including outside the CFIUS review and even after its conclusion.  Careful preparation in advance of a CFIUS filing can moderate these risks.

* * * * * *

IRS Circular 230 Disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. tax advice contained in this informational piece (including any attachments) is not intended or written to be used, and may not be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Goodwin | Attorney Advertising

Written by:


Goodwin on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.