On August 2, 2022, the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) released its annual report covering calendar year 2021 (the “Annual Report”). This reporting year was significant in part because it represents the first full year of data since the regulations implementing the Foreign Investment Risk Review Modernization Act (“FIRRMA”) went into effect in February 2020.
2021 was the busiest year on record for the Committee. It formally reviewed 436 transactions through a combination of long-form notices and short-form declarations, and considered another 135 transactions as part of its process for screening transactions not filed proactively. The Annual Report demonstrates that CFIUS continues to expand its ability to simultaneously manage an increasing caseload while also identifying “non-notified transactions” for inquiry. CFIUS has become increasingly interested in reviewing transactions involving data-centric U.S. businesses, including for minority foreign investors joining a U.S.-led acquisition. We expect CFIUS to remain an important regulatory consideration for both foreign investors and the U.S. private equity funds that invest alongside them.
Below, we discuss and analyze seven key highlights of the Annual Report and offer related takeaways.
1. Despite the record high number of joint voluntary notices (“Notices”) submitted in 2021, clearance rates during the first review period remained consistent.
CFIUS reviewed a record high number of Notices in 2021 (272), surpassing its previous high of 237 cases in 2017. Despite this, CFIUS continued to clear over half of submitted Notices during the initial, 45-day review period. This clearance trend most likely reflects increased staffing and the Committee’s triaging of matters based on complexity and likely outcomes. It also demonstrates that a clearance during the initial 45-day review period is consistently achievable for straightforward cases, which can result in a more efficient outcome than submitting a short-form declaration that may lead to a Notice request. Timing considerations for choosing between a Notice and declaration are discussed in more detail below.
|Clearance During Review
|140 (51% of Notices)
|98 (52% of Notices)
|118 (51% of Notices)
2. Despite intensifying trade tensions, filings from Chinese investors increased in 2021 — and data suggests that a non-negligible number were approved in some form.
In 2021, foreign investors from China/Hong Kong submitted 44 Notices — more than double the total in 2020.1 This increase may reflect a shifting approach to Chinese investment under the Biden administration, with CFIUS more open — or perceived as more open — to exploring mitigation to address national security concerns for Chinese investors. Although the Annual Report does not confirm how many China/Hong Kong Notices were ultimately approved, we infer from the stable clearance rates and low number of Notices withdrawn and abandoned that many of the China/Hong Kong Notices were approved, with or without mitigation (as discussed further below in our comments on mitigation, only nine Notices were withdrawn because national security concerns effectively could not be resolved through mitigation). This trend shift is particularly relevant for private equity funds and consortiums that consider including minority Chinese investors in their acquisition strategy.
However, China remains a key focus of concern for many CFIUS reviews. Moreover, CFIUS continues to scrutinize all foreign investors’ ties to adversarial countries — particularly China and Russia. Like China, Russia was the source of a larger number of Notices in 2021 (seven, versus none in 2020). Some of this increase in Notices from China and Russia may be attributable to Notices filed during the non-notified process, as well as to investors choosing to file Notices rather than short-form declarations, both discussed below.
|Total Notices from China/Hong Kong
|Total Declarations from China/Hong Kong
3. CFIUS continues to identify and examine a considerable number of transactions that investors did not proactively file with CFIUS.
So-called “non-notified” reviews, i.e., inquiries by CFIUS into transactions that were not proactively filed with the Committee, continue to be an increasingly important part of the CFIUS landscape. CFIUS identifies non-notified transactions through a variety of methods, including, among others: interagency referrals, tips from the public, media reports, commercial databases, other regulatory filings and congressional inquiries.
The statistics indicate that, despite an increase in the number of proactive filings by parties, CFIUS is continuing to expand its non-notified outreach. In 2021, the Committee identified 135 non-notified transactions for consideration compared to 117 in 2020. Recognizing that these reviews are not necessarily associated with transactions completed in 2021 (CFIUS has no restriction on how far back it can look for non-notified transactions), these numbers undoubtedly confirm that CFIUS has been more active in identifying non-notified transactions. Moreover, the Annual Report notes that CFIUS continues to hire additional dedicated non-notified staff and conduct internal training and awareness programs designed to enhance its non-notified transaction identification practices.
Despite the increasing number of transactions CFIUS pulled into non-notified screening, the Committee appears to be acting on fewer such cases, one supporting data point being the number of formal Notice requests by the Committee decreasing from 17 in 2020 to only eight in 2021. The published data does not explain this decrease, but it could be attributable to several factors. First, parties receiving an initial non-notified inquiry sometimes make the strategic decision to file a Notice before the Committee formally requests one, thus the Annual Report’s statistics may understate the true number of non-notified inquiries that result in a formal Notice review. Second, the time between the Committee initiating a non-notified inquiry and requesting a formal Notice may lag substantially — Kirkland is aware of Notice requests coming many months to over a year after the initial outreach. Thus, the Annual Report may not reflect inquiries begun in 2021 that did not or will not result in Notice requests until 2022. Third, the Annual Report is opaque regarding transactions that were the subject of initial outreach but, upon closer examination, were determined not to be subject to CFIUS’s jurisdiction.
One notably absent data point regarding non-notified transactions is whether any such transactions involved the parties failing to make a mandatory filing. The Annual Report states that no penalties were assessed or imposed in 2021, indicating either that no such transaction involved mandatory filings or that the Committee decided not to impose penalties.2
4. CFIUS is increasingly focused on transactions involving data-centric businesses.
The Annual Report lists perceived adverse effects of covered transactions that CFIUS will take into account in future deliberations. This list largely mirrors the same list published for 2020. However, the list includes a change in line with CFIUS’s evolving perception of potential risks with respect to personal data and cumulative acquisitions. Specifically, in 2020, CFIUS listed the acquisition of a U.S. business “hold[ing] potentially sensitive data about U.S. persons and businesses that have national security importance” as a perceived adverse effect of covered transactions. In 2021, CFIUS modified the list to address businesses that “have access to potentially sensitive data about U.S. persons, such as health or biological data, that could be exploited in a manner that threatens U.S. national security, and have access to data about businesses that have national security importance” (emphasis added). The distinction between “holding” data and having “access” to data better reflects how CFIUS has been approaching its reviews. Companies that provide software services to other businesses may not necessarily consider themselves to “hold,” “maintain,” or “collect” their customers’ data but may potentially have “access” to such data, at least as a technical matter, through the services that they provide.
The updated description reflects CFIUS’s increasing focus on the potential impact of foreign investors acquiring businesses that may have indirect access to, or even just the hypothetical potential to access, sensitive personal data of U.S. persons. Moreover, our experience shows that CFIUS is increasingly interested in foreign access to a wider range of personal data and, for cases where it has traditional jurisdiction to review a control transaction, is not limiting inquiry to the categories of “sensitive personal data” identified pursuant to FIRRMA.
The focus on data is expected to continue and is echoed in other U.S. government efforts, such as the bipartisan bill that was introduced in 2022 that would impose controls on exports of personal data. We expect an increasing number of foreign investments in data-centric businesses to result in mitigation in 2022 and beyond.
5. CFIUS is increasingly concerned with transactions implicating the supply chains for a broad range of products relevant to national security.
The Committee included a new perceived adverse effect related to supply chains for important sectors. In the Annual Report, CFIUS lists acquisitions by foreign investors that “make multiple acquisitions or investments in a single sector or in a supply chain with national security implications, including raw materials, research and development for relevant technologies, tools and equipment, and manufacturing capabilities” as a perceived adverse effect. These additions reflect CFIUS’s increasing concern with acquisitions it views as potentially part of a pattern of investment in sensitive sectors that could give rise to threats based on cumulative sector control or involvement and acquisitions that present potential supply chain risks. Importantly, the Committee’s reference to “multiple acquisitions” means that it does not look narrowly at whether a particular transaction on its own presents a threat to the given supply chain but rather will look cumulatively at a foreign investor’s overall activity in the sector in weighing whether a transaction presents a national security risk.
6. More transaction parties chose to file a short-form declaration, and the associated clearance rate for declarations also increased.
The Annual Report reveals a substantial increase in the total number of declarations filed in 2021 (164 versus 126 in 2020) showing that, alongside the increased number of filings, the proportion of declarations cleared by CFIUS has also increased (to 73% in 2021 from 64% in 2020).
The statistics indicate that clearance rate is materially impacted by the nature of declaration filings. For example, in 2021, investors from U.S. partners and allies (e.g., Canada, Japan, the UK and Germany) accounted for a majority of the declarations submitted to CFIUS, with Canada accounting for the largest number (22) overall, likely contributing to the increased clearance rate. By contrast, investors from China/Hong Kong and Russia submitted only one declaration each in 2021.
As such, the short-form declaration continues to be a viable option for certain types of transactions, but is not without risk and should be undertaken only after significant diligence. This is because more than a quarter of declaration filings do not result in safe harbor. Almost one in five declarations resulted in the request for a long-form Notice, meaning that, for many of these transactions, the CFIUS process was extended by another several months and likely well beyond the CFIUS timeline that would have resulted from beginning with a Notice. Although the declaration continues to provide a potentially faster timeline and reprieve from filing fees, parties should evaluate (i) the risk of receiving a request for a Notice if starting with a declaration when timing presents a deal issue and (ii) whether the parties are comfortable with closing a transaction without having received the safe harbor.
|Number of Declarations
|% of Total Declarations
|Unable to Complete Action, but no Notice Requested
7. CFIUS continued its relative rate of imposing mitigation measures in 2021.
As summarized in the table below, CFIUS imposed mitigation measures (i.e., conditions to clearance) on approximately 9.5% of Notices filed in 2022, consistent with the number of Notices subject to the same in 2020 (approximately 9%). There were also nine instances in 2021 when transaction parties withdrew their Notices following CFIUS either notifying the parties that it could not identify mitigation measures that would resolve the Committee’s national security concerns or proposing mitigation measures that the parties deemed unacceptable. In those instances, the Committee may have referred the transactions to the President for a decision had the parties not chosen to withdraw their Notices. For the first time since 2015, CFIUS did not refer any transactions to the President for a decision.
|Number of Notices
|% of Total Notices
|Approved, but conditioned on the parties' acceptance of mitigation measures
|Withdrawn and the underlying transaction abandoned
|Prohibited by the President
The Annual Report also confirms that, as part of its monitoring of parties’ compliance with its 187 signed mitigation agreements, CFIUS has resumed conducting physical site visits (29 in total) after pausing those efforts following the initial outbreak of COVID-19.
- The CFIUS review process is becoming more ordinary course in the context of cross-border transactions. With a record number of filings in 2021 and expectations for the number of filings to increase for 2022, transaction parties appear to be increasingly comfortable engaging with CFIUS to proactively mitigate risks to deal timing and certainty. Despite increasing CFIUS filings, CFIUS clearance rates have remained relatively stable, indicating that, for many deals, CFIUS is not an impediment to closing a transaction, but instead another workstream to account for in the transaction timeline.
- CFIUS continues to demonstrate its commitment to the non-notified review process. It is critical for foreign investors — and for the U.S. investors leading consortiums or syndication involving foreign investors — to conduct CFIUS due diligence and assess whether a transaction may prompt outreach from CFIUS before or after closing if a voluntary filing is not made. Parties should also consider whether they would need to disclose future non-notified outreach to the public or to investors, as well as to future transaction counterparties, when evaluating the risk of forgoing a filing.
- CFIUS’s perception of what may constitute a risk to U.S. national security evolves over time and access to data is in the Committee’s crosshairs. Transactions involving even indirect access to sensitive personal data — as well as identifiable data more broadly — without obvious connections to military or law enforcement operations (e.g., personal health data) are receiving increased scrutiny from CFIUS, as are transactions that, when considered in combination with other acquisitions by the same investor(s), provide foreign buyers with significant access to, or involvement in, sensitive market sectors. Parties should proactively consider how these investments could be acceptably mitigated when entering into them.
- CFIUS continues to apply its most rigorous scrutiny to investments implicating China and Russia. Despite the increase in filings from Chinese and Russian investors, CFIUS remains critical of any foreign investors’ ties to these countries, even for investors from close allies. Foreign investors that routinely include investors from adversarial countries in their acquisition structures should consider incorporating new measures to manage their reputational risk with the U.S. government.
1. There was a change in how Hong Kong cases are categorized effective about midway through 2021, which for the Annual Report is now based on the Executive Order that eliminated differential treatment between Hong Kong and China: Executive Order 13936 (85 Fed. Reg. 43413) (July 17, 2020). ↩
2. Under FIRRMA, it is within CFIUS’s discretion to apply a civil penalty of $250,000 or the value of the transaction where a party failed to comply with mandatory filing requirements. 31 CFR § 800.901(b).↩