In-fo’ a CFIUS Review: The Expanding Power of CFIUS through Data Security Scrutiny

Sheppard Mullin Richter & Hampton LLP

CFIUS is expanding its reach. Where the Committee on Foreign Investment in the United States has generally scrutinized foreign acquisition of U.S. “critical infrastructure,” it has now signaled that it may look closely at any deal where the target collects or maintains sensitive personal information.

So be CFIUS-wary on foreign investment in:

  • healthcare,
  • telecommunications,
  • financial services,
  • mortgage lenders,
  • insurance brokers,
  • internet service providers,
  • search engines,
  • recruiting and job placement platforms,
  • even sports teams that collect data on their fans . . .
  • . . . and the list goes on. It will end up including just about any industry where companies collect personal information about individuals in the United States.

An Imposing Barrier: The Latest Failed Deal

Last week, CFIUS reportedly refused for the third time to accept the mitigation steps proposed in Ant Financial’s proposed acquisition of MoneyGram, the U.S. money transfer service. For that reason, Ant Financial gave up the effort and paid a $30 million termination fee to MoneyGram to compensate for the deal’s collapse.

But the question remains: Why is CFIUS looking at a deal about cash wiring services?

The Narrow Scope: Where CFIUS Usually Looks

The implementing regulations authorize CFIUS to examine any transaction in which a foreign person will take ownership or control of a U.S. company. Based on that review, the President of the United States is empowered to suspend or unwind transactions that affect U.S. national security. As a rule of thumb, CFIUS review has typcially focused on transactions where a foreign person might take control of a U.S. company in the defense sector, or in the sectors falling within the broad category of “critical infrastructure.” That term, though not clearly defined in the regulations, includes energy infrastructure, telecommunications, and goods and services that the U.S. government relies on for day-to-day function.

The Broad Horizon: Where CFIUS may Begin Looking Now

The refusal of the Ant Financial/MoneyGram deal continues a trend we have seen in our recent dealings with CFIUS: a laser-sharp focus on data security and protection. The Committee is clearly concerned that non-U.S. persons will acquire access to the sensitive personal information of persons in the United States. U.S. companies considering foreign direct investment and non-U.S. investors looking at the U.S. market would be well advised to prepare meticulous data security plans, even limiting the sharing of data held by the U.S. target company from its putative foreign parents.

As we report here, the trend of expanding review of foreign investment does not appear to be going away soon. The best placed companies will be those that adapt to the changes and prepare themselves to pass that scrutiny come through to a successful deal.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.