On September 17, 2019, the U.S. Department of the Treasury (“Treasury”), as chair of the Committee on Foreign Investment in the United States (“CFIUS”), published proposed regulations (the “Proposed Regulations”) implementing certain provisions of the Foreign Investment Risk Review Modernization Act (“FIRRMA”). The Proposed Regulations implement a broad expansion of CFIUS’ jurisdiction to cover non-controlling foreign investments in U.S. companies involved in critical technology, critical infrastructure or sensitive personal data, as well as many real estate transactions — including, for the first time, the purchase of undeveloped land in specified areas. While the Proposed Regulations remain subject to public comment and further revision, they are poised to have a significant impact on cross-border dealmaking worldwide.
The View from Washington
The Proposed Regulations reflect a broad and longstanding bipartisan policy consensus that the historic voluntary CFIUS process has not been adequate to identify, review and mitigate risks arising from new and different types of foreign investment in many U.S. businesses. These changes will transform CFIUS’ jurisdictional reach and will immediately start affecting transaction considerations, even if the implementing regulations are not finalized until early in 2020. Except for a mechanism to implement a filing fee and the decision to retain, modify or terminate the temporary CFIUS critical technology Pilot Program, the Proposed Regulations are intended to fully implement all of the provisions of FIRRMA.
The Proposed Regulations reflect a broad and longstanding bipartisan policy consensus that the historic voluntary CFIUS process has not been adequate to identify, review and mitigate risks arising from new and different types of foreign investment in many U.S. businesses.
Below are ten things to know about the Proposed Regulations:
- Certain transactions involving foreign government investors (e.g., public pension funds, state-owned enterprises and sovereign wealth funds) will trigger mandatory filing obligations. A CFIUS filing (at minimum, as short-form “declaration”) will be required for investments involving foreign government investors in:
(i) U.S. businesses with specified involvement in critical technologies, critical infrastructure or sensitive personal data, when
(ii) the foreign person with the closest relationship to the U.S. business will hold a 25% or greater direct or indirect voting interest in such business, and the foreign government will hold a 49% or greater direct or indirect voting interest in the foreign person.
- Data-intensive businesses will be subject to increased CFIUS scrutiny. While CFIUS has long been concerned with potential foreign access to and exploitation of personal data of U.S. citizens, the Proposed Regulations spell out, for the first time, what types of data, both qualitative and quantitative, can be “sensitive” for national security purposes. In particular, “sensitive personal data” is defined in the Proposed Regulations as “identifiable data” (i.e., data that can be used to distinguish or trace a person’s identity) within specified categories that is maintained by a U.S. business that, among other things, maintains or collects, or intends to maintain or collect, data on more than one million people, targets or tailors products or services to sensitive U.S. government personnel, or collects genetic data. Categories of “identifiable data” include, among other things, information contained in consumer reports or insurance applications, geolocation data, biometric identifiers or genetic information, or information related to someone’s physical or mental health. CFIUS’ broad jurisdiction over non-controlling investments in U.S. businesses maintaining or collecting “sensitive personal data” will extend to diverse sectors of the economy and likely capture many that have not been traditionally considered “sensitive.”
- Non-controlling foreign investments in certain “critical infrastructure” companies will be subject to CFIUS’ jurisdiction. Investments in a U.S. business that “owns, operates, manufactures, supplies, or services” (collectively referred to as “functions”) identified critical infrastructure will be subject to review by CFIUS, even if the investor will not obtain control over the asset itself. The types of critical infrastructure and the related functions that will trigger CFIUS’ jurisdiction are spelled out in the Proposed Regulations, and include infrastructure from, among others, the telecommunications, defense industrial base, energy, financial services, transportation, and water and waste water systems sectors. Notably, nothing from the nuclear, government facilities, commercial facilities, health care, food and agriculture, emergency services, dams, or chemical manufacturing sectors was included.
- CFIUS will not have jurisdiction over foreign investments by a foreign limited partner made through an U.S. investment fund solely because the limited partner is a member of the fund’s advisory board. The Proposed Regulations clarify that an indirect non-controlling investment by a foreign limited partner through an investment fund in a business with specified involvement with critical technologies, critical infrastructure, or sensitive personal data will not be subject to CFIUS’ jurisdiction solely by virtue of affording the foreign limited partner or its designee membership of an advisory board or committee of the investment fund. However, this exception does not apply where the foreign limited partner will have specified control, information or decision-making rights, and CFIUS retains the ability to find “control” by a foreign limited partner based on other circumstances (e.g., close relationships between the limited partner’s leadership and the general partner).
- Some investments by foreign investors from certain U.S. allies will be exempt from CFIUS’ jurisdiction. The Proposed Regulations provide that certain non-controlling investments in U.S. businesses by foreign persons from specified foreign countries (“excepted countries”) will be exempt from review by CFIUS. Treasury will publish a list of foreign countries to whom this provision will apply in forthcoming regulations, which will be based on criteria including an assessment of the effectiveness of such countries’ own foreign investment screening regimes. Notably, Treasury stated that it may delay implementation of this exemption.
- Incremental acquisitions by foreign persons of additional ownership interests in U.S. businesses will remain subject to review by CFIUS in certain circumstances. If a foreign person acquires an additional interest in a U.S. business and CFIUS reviewed and approved such acquisition based upon a short form declaration, a subsequent acquisition by the same foreign person of an additional interest in such business will remain subject to CFIUS’ review.
- The purchase, lease, or concession to, a foreign person of certain real estate located in proximity to sensitive U.S. military or government facilities will be subject to review by CFIUS. The Proposed Regulations expand CFIUS’ authority with respect to real estate transactions that give the foreign person specified property rights with respect to maritime ports, airports or real estate located within a specified distance from sensitive military or other government facilities. However, there are no mandatory filing requirements for any real estate transactions that are not otherwise captured as “covered transactions.” Notably, these regulations are highly technical and contain a number of exceptions.
- Absent other relevant facts, the sales or leases of most residential property are excluded from CFIUS’ jurisdiction. Purchases and leases by, or concessions to, foreign persons of a single “housing unit” are excluded from CFIUS review. Land adjacent to a single housing unit is also excluded from review as long as the acquisition of such land is “incidental” to the intended use of the real estate as a residential housing unit.
- The Proposed Regulations are subject to public comment and revision, but must become effective no later than February 13, 2020. Interested members of the public and stakeholders may submit comments to Treasury on the Proposed Regulations until October 17, 2019. Treasury may also hold one or more teleconferences for stakeholders. FIRRMA mandates that final regulations will become effective no later than February 13, 2020.
- Additional regulations implementing FIRRMA are coming soon. In addition to the list of “excepted countries” mentioned above, Treasury will be issuing regulations clarifying which transactions involving U.S. businesses dealing in “critical technologies” will be subject to mandatory declarations, detailing CFIUS’ new authority to impose filing fees and confirming whether the Pilot Program’s mandatory declaration requirement for certain transactions involving critical technologies will be retained.
CFIUS will not have jurisdiction over foreign investments by a foreign limited partner made through an U.S. investment fund solely because the limited partner is a member of the fund’s advisory board.
Some investments by foreign investors from certain U.S. allies will be exempt from CFIUS’ jurisdiction.
Additional regulations implementing FIRRMA are coming soon.
- The Proposed Regulations are a landmark development for the CFIUS regime that provide substantial additional guidance — and complexity — for foreign investors and U.S. businesses. Transaction parties must carefully evaluate the impact of the Proposed Regulations on deal timing and certainty, particularly for investments involving targets with sensitive technology and data profiles.
- The scope of CFIUS’ jurisdiction is changing in important ways. The Proposed Regulations expand the requirement for mandatory declarations and provide new jurisdiction over certain incremental investments while potentially exempting certain investors from CFIUS review, among other things.
- The Proposed Regulations confirm that the CFIUS review process will remain largely voluntary. Outside of the Pilot Program, filings will be legally required only in connection with specified foreign government investments in U.S. businesses that produce, design, test, manufacture, fabricate or develop one or more “critical technologies.”
- Treasury will be issuing important additional guidance and regulations to implement FIRRMA in the coming months, including identifying countries whose investors may be exempt from CFIUS review and specifying whether the existing mandatory declaration requirement for certain “critical technology” transactions will continue.
* * *
Anchored in Washington, D.C., Kirkland & Ellis’ International Trade & National Security Practice, in coordination with the Firm’s global offices and related practice areas, serves as a trusted adviser to companies, private equity sponsors and financial institutions to identify, assess and mitigate the complex international risks of operating and investing across national borders.
We focus on U.S. and EU economic sanctions (OFAC, EU), export controls (ITAR, EAR), anti-money laundering (AML), national security investment reviews (CFIUS) and related areas. We regularly work with our clients on a global basis on transactional, regulatory counseling, and investigative and enforcement matters, providing seasoned, holistic and sound advice.
Faith Dibble* was also a contributing author to this publication (*New York admission pending).
© 2019 Kirkland & Ellis LLP. All rights reserved.