CHEAT SHEET
- CFIUS. The Committee on Foreign Investment in the United States reviews transactions that result in foreign ownership of US businesses to determine whether there could be adverse effects on US national security.
- Voluntary notifications. The majority of notifications to CFIUS are submitted voluntarily and jointly by parties in advance of closing the transaction.
- Review stages. There are three key stages of the CFIUS review process: draft notice, submission of the final notice and initial review, and 45-day investigation.
- FIRRMA. In 2017, the US Congress proposed the Foreign Investment Risk Review Modernization Act of 2017, which expands the types of transactions CFIUS is authorized to review.
In March 2018, US President Trump announced that he would not allow Singapore-based Broadcom to acquire US-based Qualcomm, a rival chipmaker. The proposed transaction, estimated to be valued at US$117 billion or perhaps even more, would have been one of the largest technology deals in history.
In making this decision, the President relied on the conclusions and recommendation of the Committee on Foreign Investment in the United States (CFIUS or the Committee). CFIUS is the US government’s inter-agency committee that reviews transactions that could result in control of a US business by a foreign person in order to determine whether the transaction would have an adverse effect on the national security of the United States.
While the Qualcomm-Broadcom matter was somewhat unique, it also indicates that CFIUS is becoming increasingly assertive and expansive in conducting reviews of foreign transactions in and involving the United States. In fact, this more expansive approach is soon to be codified through revised CFIUS legislation, the Foreign Investment Risk Review Modernization Act (FIRRMA), which President Trump signed into law in August 2018.
This article will provide a history and overview of CFIUS, as well as predictions about how the Committee may operate going forward. Based on recent CFIUS activity and the broad language of FIRRMA, it is highly likely that CFIUS’ role in reviewing foreign investment in the United States will increase. In particular, CFIUS will be getting involved in reviews of more types of transactions involving more types of industries, including industries such as health, finance, and retail, in which personal information or information transfer could occur as a result of the proposed transaction.
Background
CFIUS is headed by the Secretary of the US Department of Treasury and includes representatives of other departments, such as State, Defense, Justice, Commerce, Energy, and Homeland Security. The Committee was first created in 1975 and, for much of its first few decades, operated in fairly low-key fashion.
That all changed in 2006 with the Dubai Ports World matter, in which a state-owned entity named Dubai Ports World sought to acquire a British firm, The Peninsular and Oriental Steam Navigation Company, which operated several US ports. In the fall of 2005, the parties voluntarily notified CFIUS about the proposed transaction and subsequently briefed multiple US government agencies about the deal. Approximately three months after the parties first notified CFIUS about the transaction, CFIUS concluded its review and determined that the transaction could proceed.
Soon after CFIUS concluded its review, however, US politicians started raising potential security concerns about the transaction. The media picked up on the same theme. By early March 2006, the parties had decided to scupper the deal in the face of opposition in the court of public opinion.
As a result of the fallout from the Dubai Ports World matter, new regulations were issued in 2008 that expanded the makeup of the Committee and extended its mandate. When issuing the new regulations, the government also issued guidance on the operation of CFIUS and when CFIUS would (or would not) consider a transaction to be covered by the regulations and thus warrant review.
Under the current regulations, nearly all notifications made to CFIUS are submitted voluntarily and typically jointly. That is, the parties to the transaction prepare a submission to CFIUS and submit it together for the Committee’s review. The usual approach is to make the submission to CFIUS in advance of closing on the transaction and condition closing on obtaining CFIUS’ blessing of the transaction.
Generally speaking, there is no requirement to make a filing with CFIUS, though the Committee may request the parties to make a filing where the Committee believes a transaction could raise national security considerations. This can even happen after a transaction has been completed. Needless to say, this can throw an existential wrench into the works. For example, in 2012, US President Obama blocked a transaction by which Ralls Corporation — a US company ultimately owned by Chinese nationals — sought to acquire wind farms and related assets on the coast of Oregon. After the transaction had been consummated, CFIUS required the parties to make a filing regarding the transaction. Based on its review, CFIUS instructed the parties to unwind the transaction because it posed national security risks due to the fact one of the wind farms was located in restricted airspace.
Nuts and bolts
A detailed description of the CFIUS process is well beyond the scope of this article. In addition, the process, including information that is required as part of a notice to CFIUS, will change under FIRRMA.
What will not change is that it is time-consuming to prepare a CFIUS notice; therefore, it is essential to plan accordingly. For example, personal information related to owners and officers of the foreign buyer must be provided. Obtaining this information from non-US individuals can be understandably difficult.
There are three key stages of the CFIUS review process:
- Draft notice — Though not required, CFIUS has explicitly encouraged parties to make draft submissions so that the Committee can get a general sense of a pending transaction.
- Submission of final notice and initial review — Under FIRRMA, once a final notice is submitted to CFIUS, the Committee will have 45 calendar days to complete its review of the filing. This timeline is misleading, however: The 45-day clock only starts once CFIUS deems the filing to be complete. Even in the best of cases, that usually does not occur until several days after the filing is made to CFIUS. During the 45-day review, CFIUS often poses questions to the parties. Absent an extension, the parties have three business days to respond to these questions before CFIUS may make the parties withdraw their notice.
- 45-day investigation — After the initial review, if there are unresolved national security issues, CFIUS can extend its review to a 45-day investigation. This period is similar to the 45-day review as the Committee may pose questions to the parties that need to be addressed within three business days. Under FIRRMA, at the conclusion of that 45-day period, CFIUS can further extend its investigation by another 15 days in “extraordinary circumstances.” Regardless of the duration of the CFIUS investigation, when completed, CFIUS can conclude its review without further action (meaning the transaction can proceed), authorize the transaction contingent on the implementation of measures to mitigate national security risks, or recommend to the president that the transaction be blocked altogether.
CFIUS alone cannot reject a transaction; that authority lies with the US president. But CFIUS concerns are often enough to undo a deal, as seen through the MoneyGram deal discussed below. Thus, companies typically walk away from deals when CFIUS raises material concerns. Companies can withdraw a filing at any time throughout the process.
Recent CFIUS matters
CFIUS involvement in several high profile transactions has been front-page news, particularly in cases in which CFIUS concerns torpedoed the deals. It is important to remember that CFIUS gives its blessing to the majority of transactions it reviews. The fact that a transaction is reviewed by CFIUS is unlikely to make the news unless disclosed by the parties, as CFIUS filings are confidential.
Nonetheless, there is still much to be learned from recent transactions that have failed due to CFIUS concerns. Below is a summary of three transactions that hint at certain risk factors and considerations. These matters also provide clues into how CFIUS is likely to operate under FIRRMA.
Lattice Semiconductor
In September 2017, President Trump blocked a proposed US$1.3 billion acquisition of Oregon-based Lattice Semiconductor by a subsidiary of the Canyon Bridge Fund, a private equity fund backed by Chinese investors.
According to press reports, Lattice and Canyon Bridge had extensive communications about the proposed transaction with CFIUS representatives. Prior to entering into an agreement and plan of merger, Lattice met with CFIUS to discuss interest it had received from parties in China. Once Canyon Bridge was identified as the buyer, both parties met with CFIUS to preview the potential transaction and the parties involved. In addition, the parties filed a joint voluntary draft notice with CFIUS in December 2016 and, after receiving comments, filed a voluntary final notice. The parties subsequently went through three rounds of CFIUS filings, as filings were withdrawn and re-made as the terms of the deal evolved.
Nonetheless, in late August 2017, CFIUS indicated it would recommend that the President suspend or prohibit the transaction. On September 13, 2017, President Trump issued an Executive Order prohibiting the transaction.
While the full details of this matter are not publicly available, it is notable that even with extensive communications between the parties and CFIUS, it was not possible to get this transaction approved. When transaction parties cooperate with CFIUS, for instance, with respect to agreeing to modify the transaction to mitigate the government’s national security concerns, it is typically possible to obtain CFIUS approval for the transaction. Perhaps the government’s concerns were simply insurmountable from a commercial standpoint. Regardless, several themes were illustrated in this case: ample communication with CFIUS is not a silver bullet; Chinese transactions involving sophisticated technology, particularly involving Chinese buyers, receive extra scrutiny; and the Trump administration is going to be tougher on foreign acquisitions than past administrations.
MoneyGram
In January 2018, US-based MoneyGram International announced that its proposed acquisition by Ant Financial, a Chinese company owned by Alibaba, was being blocked by CFIUS. According to press reports, CFIUS notified MoneyGram and Ant Financial that it intended to recommend to the President that he block the transaction. At that point, the parties decided to terminate the proposed deal.
This decision by CFIUS was perhaps surprising. For one thing, both Alibaba and Ant Financial reportedly secured CFIUS clearance in past transactions. In addition, MoneyGram might not be considered particularly sensitive from a national security perspective — at least in the traditional sense — given that the company does not operate in the defense sector nor deal in critical infrastructure. Moreover, like the Lattice case, Ant Financial and MoneyGram apparently offered multiple proposals to mitigate CFIUS concerns.
CFIUS concerns — that a Chinese company would possess reams of US consumers’ data — apparently superseded the two companies’ pledges to protect that data. In that respect, CFIUS’ decision in this matter seems to be consistent with other CFIUS decisions aimed at protecting the security of US information and technology.
Qualcomm
On March 12, 2018, President Trump blocked Broadcom, a Singapore-based semiconductor manufacturer, from pursuing the purchase of US-based Qualcomm, a rival chip maker. Broadcom’s offer — reportedly for US$117 billion or perhaps even more — would have been one of the largest technology deals in history. The President’s decision followed a determination by CFIUS that the transaction was likely to pose unacceptable national security risks to the United States. The president apparently made his decision shortly after Broadcom met with Pentagon officials in a final effort to salvage the deal.
In distinction from the other two examples above, Broadcom was seeking to gain control of Qualcomm through a hostile takeover, and had been attempting to obtain approval from Qualcomm shareholders to move forward with its offer. In a highly unusual move, before the terms of the transaction had even been finalized by the parties, CFIUS commenced an investigation into the proposed transaction. CFIUS reportedly took action in response to a submission to CFIUS from Qualcomm in the fall of 2017.
In a letter to the parties dated March 5, 2018, CFIUS stated that the potential transaction “could pose a risk to the national security of the United States.” The March 5 letter also implied that CFIUS intended to conduct a careful review of the proposed transaction — even though there were no transaction terms at that time. It did not take long for CFIUS to reach its conclusion, and in a letter to the parties dated March 11, CFIUS stated that its investigation had “confirmed the national security concerns that CFIUS identified [in the March 5 letter].” CFIUS also stated that it was considering “referring the transaction to the President” (i.e., recommending to the President that the transaction be blocked).
In blocking the deal, the President implied that it would not be possible for the parties to mitigate the national security issues identified in the March 5 letter, which explicitly identified the following:
- Qualcomm’s importance in the development of next-generation digital technology and standard-setting;
- The US government’s trusted relationship with Qualcomm; and,
- Concerns about weakening Qualcomm’s supply relationship with the US Defense Department.
But perhaps the most important statement in the March 5 letter was this one: “Given well-known … national security concerns about Huawei and other Chinese telecommunications companies, a shift to Chinese dominance in 5G would have substantial negative national security consequences for the United States.”
Broadcom had argued that these national security fears were unwarranted because the company intends to re-domicile itself in the United States in April. This argument was obviously not persuasive.
FIRRMA
Perhaps reflecting the increase in deals that are not surviving CFIUS scrutiny, Congress has tried to get in on the act with legislation to expand CFIUS’ mandate. In November 2017, a bipartisan group in Congress proposed FIRRMA. Both the Senate and House passed their versions of the bill in June 2018, and as noted earlier in this article, President Trump signed the bill in August 2018.
Many elements of the new law will only take shape once regulations are issued to put the law into practice. Nonetheless, it is safe to say that the following key elements of FIRRMA will significantly impact how CFIUS operates:
- Filings and timelines: FIRRMA establishes an abbreviated “declaration” filing that will be mandatory for certain transactions covered by the law. In addition, CFIUS would be authorized to assess and collect filing fees for any covered transaction. At present, it is not necessary to pay a fee to make a CFIUS filing.
- Definitions: FIRRMA will expand the types of transactions CFIUS is explicitly authorized to review, including minority investments in “critical technology” or infrastructure companies, and real estate transactions near military bases or other sensitive government facilities. An expanded definition of “critical technology” will also give CFIUS the authority to review proposed investments that involve emerging technology that is or could be important to US national security.
In addition, FIRRMA establishes a new category for countries of “special concern.” While FIRRMA does not specify exactly how such countries will be defined, it is likely that such countries could include those against which the United States imposes economic sanctions, arms embargoes, or other export or trade restrictions.
- National security factors: FIRRMA will broaden the national security factors that CFIUS must assess in its review of investments. Factors will include the investor’s history of compliance with US law, whether the transaction could expose US cyber vulnerabilities, and the potential that the transaction could create the risk of exposure of US individuals’ personal data.
- Focus on personal information: FIRRMA explicitly authorizes CFIUS to review transactions that could or would lead to personal identifier information being made available to the foreign investor.
Analysis
Although some believe that FIRRMA will radically alter CFIUS, many of the proposed features of FIRRMA may simply reflect CFIUS’ current practices. As described earlier, CFIUS has already reviewed and refused to approve transactions involving sensitive real estate (Ralls) and transfers of personal information (MoneyGram).
In addition, FIRRMA’s reference to “countries of special concern” may simply codify already heavy scrutiny of investments from Russia, the Middle East, and, especially, China.
In addition to the Lattice Semiconductor, MoneyGram, and Qualcomm matters, according to press reports, a number of other proposed deals recently failed during or as a result of the CFIUS process. Many of these deals involved Chinese investors:
- Xcerra–Hubei Xinyan Equity Investment (US$580 million)
- Cowen–China Energy Company Limited (US$100 million)
- Aleris–Zhongwang USA (US$1.1 billion)
- HERE–Navinfo (US$330 million)
- Global Eagle Entertainment–HNA Group (US$416 million)
- Novatel Wireless–T.C.L. Industries (US$50 million)
- Cree–Infineon Technologies (US$850 million)
Industry concerns
Some US companies and industries have expressed concerns that the legislation could make it harder for them to conduct business overseas. As is evident from the current tit-for-tat on tariffs, it seems likely that other countries could impose their own restrictions on US investments and even sales — to the detriment of the US economy.
Industry concern seems to arise from the fact that CFIUS jurisdiction would be significantly expanded without clear boundaries. In this regard, the industry has expressed worry about the ambiguous scope of some terms in FIRRMA. Businesses like predictability, and there is concern that regulators would have too much discretion in deciding what transactions fall under their authority. The regulatory uncertainty may last, as implementing regulations under FIRRMA may not be issued for up to 18 months from the date the law was enacted.
Similarly, critics worry that if there is overlapping jurisdiction between different arms of the US government, potential deals could stall or be deterred, leading to fewer funding sources for US companies. For example, there could be a scenario in which the US State Department (which has a seat on CFIUS) bogs down a potential deal because of export controls concerns, where those concerns could have been addressed through applicable export regulations. To the extent that foreign investors, even from US-allied countries, view the CFIUS review process as opaque, US companies are likely to have a harder time enticing non-US partners.
Conclusion
It remains to be seen whether the operations of CFIUS will change dramatically in light of recent activity and new legislation. FIRRMA creates new obligations for transaction parties and a broader set of mandates by which CFIUS will operate. As a result, more CFIUS filings will be made, and thus more transactions will be exposed to CFIUS review. But recent matters suggest that CFIUS already is taking a broad view of the types of transactions that could harm US national security. Chinese investors are subject to particularly close review, and that is not likely to change. Ultimately, companies that maintain US individuals’ personal data may be most affected, as any foreign investment is likely to trigger CFIUS scrutiny. US companies in the financial, health, and retail sectors need to be ready.