Article Law360

New Bipartisan CFIUS Reform Begins to Take Shape

On Nov. 8, 2017, Sen. John Cornyn, R-Texas, and Rep. Robert Pittenger, R-N.C., introduced the Foreign Investment Risk Review Modernization Act of 2017 (“FIRRMA”).[1] It is aimed at strengthening the Committee on Foreign Investment in the United States to address CFIUS’ perceived inadequacies in dealing with new vectors of foreign investment risk. Fourteen respected bipartisan co-sponsors, including House Intelligence Committee Chairman Devin Nunes, R-Calif., Senate Intelligence Committee Chairman Richard Burr, R-N.C., and Sen. Dianne Feinstein, D-Calif., backed the long-anticipated legislation.[2]

If enacted, FIRRMA would impose sweeping changes in CFIUS’ jurisdiction and authority, particularly with respect to foreign investments in U.S. technology companies. In fact, the proposed legislation would reflect the most significant changes to CFIUS since the passage of the Foreign Investment and National Security Act of 2007 (“FINSA”). Whether FIRRMA will pass remains to be seen, but given the bipartisan commitment to empowering CFIUS to tackle new and different risks arising from foreign investment, we anticipate that some version of the legislation will powerfully shape the debate around CFIUS reform going forward.

We discuss below key elements of FIRRMA and related takeaways for boards and investors to consider in both near-term transaction planning and overall investment strategy.

FIRRMA would significantly expand the universe of transactions subject to CFIUS’ jurisdiction.

In the past six months, senior U.S. government officials with CFIUS responsibilities, including Secretary of Commerce Wilbur Ross and Secretary of the Treasury Steven Mnuchin, have publicly expressed concerns that CFIUS’ jurisdictional ambit is overly narrow.[3] Reflecting this perspective, FIRRMA would make the following types of transactions subject to CFIUS review:

  • A joint venture or any other “type of arrangement” (e.g., a licensing arrangement) that involves the “contribution … by a United States critical technology company of both intellectual property and associated support to a foreign person.”[4]
    • While joint ventures involving the contribution of a U.S. business are currently subject to CFIUS’ jurisdiction, this provision would empower CFIUS to review joint ventures outside of the United States. “Ordinary customer relationships” are explicitly excluded; however, the absence of a definition of “associated support” could provide grounds for CFIUS to raise questions about customer relationships that would require, for example, ongoing technical support for a product.[5]

  • An investment of any size by a foreign person in a U.S. critical technology company or critical infrastructure company, unless such investment is truly passive.
    • FIRRMA makes clear that “passive investment” is to be construed very narrowly. A foreign investor may not have:
      • A board seat or any board observer rights,
      • Any “involvement, other than through voting of [the investor’s] shares, in the substantive decision making pertaining to any matter involving the U.S. business,” or
      • Access to certain types of information.[6]

  • Certain real estate purchases or leases of property located “in close proximity to a United States military installation or to another facility or property of the United States Government that is sensitive for reasons relating to national security.”[7] While CFIUS has evaluated “co-location” aspects of covered transactions for years, FIRRMA would codify this feature of CFIUS’ review. However, because the most sensitive U.S. government facilities are not publicly known, transaction parties may not be able to anticipate when CFIUS may raise concerns about a transaction due to co-location risks.

  • Any “transaction, transfer, agreement, or arrangement[,] the structure of which” is designed to circumvent CFIUS’ jurisdiction.[8] FIRRMA provides that CFIUS may prescribe regulations to further clarify this provision, but, as drafted, it suggests that FIRRMA would provide CFIUS with a basis to assert jurisdiction over a broader range of transactions than those specified in FIRRMA or current regulations.

FIRRMA focuses heavily on addressing perceived threats to U.S. national security arising from investments in and acquisitions of U.S. technology companies.

FIRRMA’s core thematic focus on protecting U.S. technology is not surprising, given recent public comments from senior numerous U.S. government officials expressing concern about the propensity of foreign investment to cause the transfer of U.S. technology to other countries, at the expense of U.S. national security.

Two proposals in FIRRMA that would expand CFIUS’ review of technology deals are particularly noteworthy:

  • FIRRMA provides for a new construction of “passive investment” with respect to technology companies. Currently, the CFIUS regulations provide that an investment by a foreign person is not a covered transaction if the foreign person will acquire under 10 percent of the voting interest in a U.S. and will have no governance rights with respect to such investment. This narrow exception to CFIUS’ jurisdiction is often referred to as a “safe harbor.” In practice, however, CFIUS has chipped away at the “safe harbor” for years.
    • FIRRMA would eliminate the safe harbor for investments in critical technology or critical infrastructure companies. It would also permit CFIUS to specify a benchmark above which an investment would not be “passive.”[9] And, while FIRRMA purports to restrict the definition of “passive investment” to investments in critical technology or critical infrastructure companies, the proposed definitions of each are sufficiently broad that the requirements could capture investments in companies that would not, at first glance, appear “sensitive.”[10]

  • FIRRMA builds out the definition of “critical technologies.” Under the new legislation, “critical technologies” would include “emerging technologies that could be essential for maintaining or increasing” U.S. technological leadership, particularly with respect to countries of special concern.[11] CFIUS has traditionally focused on products and technology that are subject to U.S. export license requirements. This provision would allow CFIUS to consider unclassified, “bleeding-edge” or “leading-edge” technologies to be “critical technologies,” thereby subjecting deals involving unclassified technologies to enhanced scrutiny.

While FIRRMA does not mention China, if enacted, it would have an outsized impact on how CFIUS reviews transactions involving Chinese parties.

FIRRMA’s sponsors have made clear in public comments that these proposed measures aim to mitigate national security risks arising from Chinese investment in the United States. Upon FIRRMA’s release, Sen. Cornyn explained, “By exploiting gaps in the existing CFIUS review process, potential adversaries, such as China, have been effectively degrading our country’s military technological edge by acquiring, and otherwise investing in, U.S. companies[.]”[12] Rep. Pittenger was even more direct, titling his press release announcing the bill, “Pittenger Takes Aim at China.”[13] Other U.S. government stakeholders have repeatedly raised alarms regarding Chinese investments in U.S. companies across diverse business sectors, including artificial intelligence, semiconductors and insurance.

In this connection, certain of the factors that FIRRMA would require CFIUS to examine in reviewing covered transactions are designed to counter China’s efforts to advance its own domestic policy goals and military and security capabilities through M&A. These factors include:

  • Whether a deal “involves a country of special concern that has a demonstrated or declared strategic goal of acquiring a certain type of critical technology”possessed by the U.S. business, [14]
  • The likelihood of a covered transaction to “expose, either directly or indirectly, personally identifiable information, genetic information, or other sensitive data of United States citizens,” [15] and
  • The impact of a covered transaction on cybersecurity vulnerabilities.[16]

FIRRMA would establish separate procedures permitting parties to submit short-form notifications of covered transactions to CFIUS.

FIRRMA would create a separate “declaration” process to permit parties to provide CFIUS with “basic information” about a covered transaction in lieu of filing a formal joint voluntary notice.

  • Declarations would be required for transactions involving (“the acquisition of a voting interest of at least 25 percent in a United States business by a foreign person in which a foreign government owns, directly or indirectly, at least a 25 percent voting interest,” [17] as well as any other transactions specified by CFIUS in regulations. Parties would be required to submit such declarations at least 45 days before closing.
  • Declarations would be permissible for all other covered transactions, but would need to be submitted to CFIUS at least 90 days before closing.
  • In response to declarations, CFIUS could clear the transaction, request that the parties file a formal joint voluntary notice, initiate a unilateral review of the transaction or inform the parties that CFIUS was not able to complete action regarding the transaction but that the parties could file a formal joint voluntary notice to receive formal notification from CFIUS.[18]

As the current CFIUS regulations do not permit CFIUS to provide advisory opinions, creating a separate, short-form review process could enable CFIUS to quickly and efficiently process less complex transactions, while reserving the bulk of its resources for examining those transactions that may pose elevated national security risk.

FIRRMA encourages and incentivizes other countries to adopt foreign investment clearance regimes analogous to the CFIUS process.

FIRRMA encourages the president to engage with U.S. allies to urge them to adopt and implement foreign investment screening processes, “and to facilitate coordination” with CFIUS reviews. Moreover, FIRRMA recommends that the president work with U.S. allies to enhance multilateral export controls to “address the unprecedented industrial policies of certain countries of special concern, including aggressive efforts to acquire United States technology, and the blending of civil and military programs.”[19]

FIRRMA uses other countries’ clearance regimes as both carrot and, potentially, a stick. It permits CFIUS to exclude from its jurisdiction investments from certain “identified countries” that, among other factors, maintain (i) their own foreign investment clearance regimes for national security purposes, and/or (ii) arrangements with the United States “to safeguard national security as it pertains to foreign investment.”[20] In light of these benefits, investors from non-identified countries would face considerable strategic disadvantages in, for example, competitive bid scenarios, where such investors would be able to offer more competitive timelines to closing. However, the choice of which countries to select as “identified countries” could create collateral risk of CFIUS being perceived as focused on politics rather than its national security mission.


  • Transactions involving Chinese parties and/or third-country exposure to the Chinese market (e.g., through the foreign investor’s value chain) will require careful consideration and advance planning.
  • Private equity sponsors focusing on technology acquisitions should account for potential changes in the CFIUS regulations in raising capital, developing co-investment strategies and syndication.
  • Board observer rights may be perceived as indicia of “control” that would subject a transaction to CFIUS’ jurisdiction.
  • CFIUS is increasingly concerned with “big data,” particularly personally identifiable information and personal health data of U.S. citizens.
  • To the extent that other countries adopt CFIUS-like regimes to review foreign direct investment, dealmakers will need to account for the potential impacts of such reviews on cross-border transactions in relation to deal feasibility, timing, cost and certainty.

Mario Mancuso is a partner with Kirkland & Ellis LLP in Washington, D.C., and New York. He leads the firm's international trade & national security practice. He is also a former U.S. undersecretary of commerce for industry and security, and senior U.S. Department of Defense official.

H. Boyd Greene IV is a partner and Lucille Hague is an associate with the firm in Washington, D.C.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio?? Media Inc., or any of its?? or their respective affiliates. This article is for general info??rmation p??urposes an??d is?? ??not ??intended to be and?? should not be taken as legal advice.

[1] Foreign Investment Risk Review Modernization Act of 2017, S., 115th Cong. (2017).

[2] New Bill Strengthens Review Process of Foreign Investments to Protect National Security, (2017), (last visited Nov 13, 2017).

[3] Ross: ‘A Lot of Talk’ Within Administration About Updating CFIUS, World Trade Online (June 13, 2017); Saleha Mohsin, Mnuchin Seeks Lawmakers’ Help to Fix Foreign Investment Panel, Bloomberg (June 6, 2017, 3:23 PM),

[4] Foreign Investment Risk Review Modernization Act of 2017, S., 115th Cong. (2017) at 7.

[5] Id. at 7.

[6] Id. at 11.

[7] Id. at 6.

[8] Id. at 7.

[9] Id. at 10.

[10] Id.

[11] Id. at 16.

[12] Cornyn, Feinstein, Burr Introduct Bill to Strengthen the CFIUS Review Process, Safeguard National Security, (2017), (last visited Nov 13, 2017).

[13] Taking Aim at China: Pittenger and Cornyn Introduce Legislation to Enhance National Security Review of Foreign Investment in United States, (2017),, (last visited Nov 13, 2017).

[14] Foreign Investment Risk Review Modernization Act of 2017, S., 115th Cong. (2017) at 52.

[15] Id. at 17-18.

[16] Id. at 51.

[17] Id. at 21.

[18] Id. at 24.

[19] Id.  at 4.

[20] Id. at 9.