4 Key Ways CFIUS Affected Private Equity In 2023

In this article for Law360, partners Mario Mancuso and Lucille Hague and associate Billy Phalen discuss four key Committee on Foreign Investment in the United States (CFIUS) developments for private equity sponsors and related takeaways of 2023.

This has been an especially active year for the Committee on Foreign Investment in the United States. By late November, three important points had become clear: (1) CFIUS is on track to review at least 240 joint voluntary notices, (2) CFIUS has significantly increased its use of enforcement mechanisms, including, in some cases, by imposing civil penalties; and (3) CFIUS continues to enhance and institutionalize its coordination with other non-U.S. global foreign investment regulators.

CFIUS is continuing to have broad impacts on deals of all sizes, in virtually all verticals; at no point in CFIUS' 50-year history has the committee's activity been as impactful for private equity deal making as it is today. And we expect the long reach and effect of CFIUS' activity to continue, if not increase, in 2024.

We discuss below four key CFIUS developments for private equity sponsors and offer related takeaways.

1. CFIUS has effectively increased the disclosure required of transaction parties, particularly with respect to the limited partners in investment funds.

The CFIUS regulations prescribe the minimum disclosure required to complete a filing, in order for a CFIUS review of the transaction to commence. Nevertheless, CFIUS has long used its legal authority to press for disclosure beyond that disclosure floor and to ask searching questions of transaction parties on a wide range of topics — e.g., an investor's direct or indirect connections to sanctioned countries or persons.

However, during 2023, the scope and number of questions that CFIUS poses during its assessment or review have increased significantly. CFIUS now regularly requests that transaction parties submit, among other things, unredacted copies of side letters, investment management agreements and other highly confidential documents pertaining to the governance of a fund. This shift underscores that it is also necessary to assess carefully potential transactions — and transaction structures — through a CFIUS-specific lens.

While information and documentation submitted to CFIUS is confidential and not subject to Freedom of Information Act requests, many general partners and limited partners are unfamiliar with the level of disclosure that CFIUS now commonly requires. CFIUS' increased disclosure requirements often give rise to difficult conversations for investment-relations professionals who liaise with limited partners who are unaccustomed to having their identities or side letters disclosed to a U.S. government regulator.

2. CFIUS has significantly enlarged its sight picture of potential buy-side risks; it is carefully scrutinizing virtually all foreign government investors — not just China.

While a direct or indirect nexus to China continues to put investors in an elevated CFIUS-risk category, CFIUS has sharpened its due diligence on investments by buyers from U.S. partner and allied countries, especially if the investor is controlled by, or affiliated with, a foreign government.

For example, in the private equity context, the participation of a foreign sovereign co-investor in a transaction may result in a protracted CFIUS review, or conditions to CFIUS clearance, that may not have been required absent such participation. This is true even if the co-investor has a long track record of receiving CFIUS clearance for investments in U.S. businesses.

The co-investor should expect that CFIUS will carefully examine, among other things, its participation in new transactions as well as the contours of its historical relationship with the private equity sponsor, and require more extensive disclosure than in prior reviews.

3. CFIUS is more frequently imposing conditions on receiving CFIUS clearance, resulting in new and greater costs and challenges for investors and companies.

The number of mitigation agreements entered into by transaction parties increased sharply in 2022 — approximately 23% of all transactions that CFIUS reviewed resulted in mitigation, as compared to a historical mean of approximately 10%. In 2023, CFIUS has continued to require parties to enter into mitigation agreements in a higher number of control transactions, as well as in connection with minority investments.

CFIUS has also imposed interim and final orders on transaction parties, including in cases where CFIUS believed that parties were uncooperative in negotiating the terms of an agreement.

We expect that CFIUS will continue to vigorously exercise its authority to craft bespoke measures to address both longstanding and emerging national security risks arising from transactions.

While parties to transactions that result in CFIUS mitigation may be frustrated during the negotiation process by increased legal fees and, potentially, delays in obtaining CFIUS approval, the financial and other impacts of a mitigation agreement do not end when the agreement is executed.

By way of example, a company that is required to engage a third-party monitor, conduct an audit or adopt and implement heightened data security controls — all of which are fairly common conditions in a mitigation agreement — may find itself spending upwards of $1 million per year to comply with CFIUS conditions.

4. CFIUS continued to sharpen its focus on enforcement.

Unlike certain of its member agencies, CFIUS has not historically maintained an agency practice of encouraging voluntary self-disclosures for potential or actual violations of relevant laws and regulations. This is changing quickly: CFIUS now encourages parties that suspect they have breached CFIUS regulations or a mitigation agreement to proactively disclose such matters.

At the same time, CFIUS is increasing its outreach regarding so-called nonnotified transactions — i.e., transactions that were not voluntarily notified to CFIUS, usually in advance of closing — more frequently than ever. When CFIUS requests filings on such transactions, these filings often result in the imposition of costly and resource-intensive conditions to clearance, up to and including requiring the foreign investor to divest all or part of a U.S. business.

Takeaways

CFIUS is an enterprise-risk matter for a sponsor. Sponsors should evaluate whether their current processes and practices are adequate to ensure that the sponsor and its portfolio companies account for CFIUS considerations across the life cycle of an investment and in connection with varied transaction types — e.g., add-ons or joint ventures.

Sponsors should ensure that suitable CFIUS provisions are included in relevant agreements and other fund documents. These should be tailored to a fund's industry focus, the geographies where the fund will invest and its limited-partner base.

Investment professionals should ensure that appropriate, CFIUS-specific due diligence is conducted and that CFIUS topics are addressed, as may be warranted, early in transaction planning. This should occur both in specific deals where the fund is deploying capital, and in connection with any fund-level transactions — e.g., continuation funds or internal restructurings.

Sponsors should consider how best to allocate CFIUS-related costs, both for specific transactions — e.g., filing fees — and on a post-closing basis for transactions that result in CFIUS mitigation. Market practices in these areas are evolving quickly, and a precedent agreement from even a year ago may not be appropriate for a new transaction.

CFIUS is not the only national security regulator in the mix for cross-border transactions, and CFIUS often collaborates with its non-U.S. counterparts. As other countries continue to strengthen their own national security review regimes, sponsors should ensure that, to the extent feasible, transaction announcements and disclosures are consistent across jurisdictions.