Ask Not What CFIUS Can Do For You – Ask What You Can Do For CFIUS
On September 15, 2022, President Biden issued an Executive Order (the “CFIUS EO”) that provides clear signals to dealmakers regarding areas of heightened interest to the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”).
Although the CFIUS EO does not expand the Committee’s processes or jurisdiction, the CFIUS EO sharpens the Committee’s focus, including with respect to protecting sensitive personal data, enhancing the resiliency of the U.S. supply chain, and preserving U.S. technological leadership in areas like semiconductors and microelectronics, biotechnology, clean energy, and artificial intelligence.
While the White House has downplayed whether the CFIUS EO targets a specific country, the CFIUS EO’s areas of focus align with concerns previously raised by U.S. officials regarding Chinese investment.
Amid a surge in global dealmaking and in related CFIUS reviews, dealmakers should be alert to areas of heightened interest to the Committee. Undertaking due diligence to evaluate the types of U.S. national security risks identified in the CFIUS EO and taking steps to mitigate such risks voluntarily can help transaction parties obtain regulatory approvals and clearances on their preferred timeline and reduce the risk that their transactions become cautionary tales.
Background on CFIUS
CFIUS is an interagency committee, principally comprising nine members and chaired by the Secretary of the Treasury, which has broad powers to review foreign investments in and acquisitions of U.S. businesses to determine the potential impact on U.S. national security. The Committee has the authority to impose mitigation measures, suspend transactions and, where appropriate, recommend that the President block or unwind transactions.
CFIUS has broad authority (expanded in recent years as a result of the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”)) to review certain transactions involving U.S. businesses and foreign investors (“covered transactions”), including:
Mergers, acquisitions and takeovers that could result in a foreign person acquiring control (defined broadly) of a U.S. business;
Certain non-controlling investments by foreign persons in U.S. businesses associated with critical technology, critical infrastructure and sensitive personal data (collectively, “TID U.S. Businesses”) (with mandatory filing requirements for transactions involving certain U.S. businesses dealing in critical technologies or foreign persons affiliated with foreign governments); and
Transactions involving the purchase or lease by, or concession to, a foreign person of certain U.S. real estate that might raise national security concerns.
CFIUS EO Highlights for Dealmakers
The CFIUS EO underscores an important role played by the Committee in responding to emerging U.S. national security threats in the context of foreign investment in the United States. Given that the White House could have communicated its priorities to CFIUS behind closed doors, the CFIUS EO is newsworthy in that it is public. Reading between the lines, the White House’s intention is to make clear to dealmakers what types of issues they should be evaluating with potential transactions. We highlight key questions dealmakers should be asking below.
1. Does the Transaction Impact U.S. Technological Leadership?
The CFIUS EO specifically identifies sectors that are fundamental to U.S. technological leadership and therefore national security, including but not limited to microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, and elements of the agricultural industrial base that have implications for food security. While existing authorities arguably capture these sectors as TID U.S. Businesses already, dealmakers should consider future advancements and applications in an investment target’s technology and whether future innovation could potentially undermine U.S. national security, especially if a potential non-U.S. investor (or third parties with whom a non-U.S. investor has ties) poses a potential threat to U.S. national security. Among other points, dealmakers should consider whether a transaction involves manufacturing capabilities, services, critical mineral resources, or technologies in the sectors identified above.
Though the Biden Administration has downplayed whether the CFIUS EO is a response to concerns regarding China, it is not coincidental that the U.S. sectors identified in the CFIUS EO parallel the growth sectors identified under the Chinese Government’s “Made in China 2025” initiative. Dealmakers proactively considering potential national security risks should evaluate whether a non-U.S. investor has ties to countries of concern, including China, if involved in a transaction.
2. Does the Transaction Impact the Resilience of U.S. Critical Supply Chains?
The CFIUS EO makes clear the Committee will focus on the impact of a potential transaction’s effect on supply chain resilience and security. A White House Fact Sheet states CFIUS will consider “the degree of diversification through alternative suppliers across the supply chain, including suppliers located in allied or partner countries; supply relationships with the U.S. government; and the concentration of ownership or control by the foreign person in a given supply chain.”
3. Given Other Transactions Like It, What is the Cumulative Impact of the Transaction on U.S. National Security?
Pursuant to the CFIUS EO, multiple investments over time “in a sector or technology may cede, part-by-part, domestic development or control in that sector or technology” and may result in a national security risk. The White House appears focused on understanding how a particular transaction is part of a broader investment strategy. Dealmakers proactively conducting due diligence should take a step back from transaction-specific considerations and evaluate whether there may be risks stemming from a non-U.S. investor’s participation in (or association with) a “series of acquisitions” that can be construed as “part-by-part” control of a U.S. sector of focus or otherwise if the acquisition(s) can facilitate sensitive technology transfer in key industries.
4. What is the Cybersecurity Risk of the Transaction?
Prevention of cybersecurity intrusions and other malicious cyber activities remains a central focus of U.S. national security policy. Dealmakers should consider the cybersecurity posture, practices, capabilities, and access of both a non-U.S. investor (including third parties with whom a non-U.S. investor has ties) and an investment target. Dealmakers should also carefully consider ties between a non-U.S. investor and non-U.S. state actors, as the CFIUS EO highlights state-sponsored cybersecurity risks as a key concern.
5. What Risks Does the Transaction Pose to Sensitive Personal Data?
The CFIUS EO describes data as “an increasingly powerful tool for the surveillance, tracing, tracking, and targeting of individuals or groups of individuals.” Following FIRRMA, it became clear that dealmakers should evaluate whether an investment target collects or maintains sensitive personal data and whether a transaction will result in non-U.S. persons gaining access to such data. The CFIUS EO underscores the breadth of data that CFIUS considers sensitive and adds wrinkles to diligence that should be conducted. For example, while anonymized data previously had been viewed as less sensitive, advances in de-anonymizing technology make clear that dealmakers should evaluate the potential for a transaction to result in the exploitation of such technology.
Given converging trends of an uptick in global deal volume, review activity at the Committee, and guidance from the White House for the market in the form of the CFIUS EO, transaction parties contemplating investments by non-U.S. investors in U.S. businesses should evaluate CFIUS considerations early in the transaction process to avoid surprises and delays on their preferred path to closing. A sophisticated CFIUS strategy – one that accounts for an investor’s objectives and also anticipates the likelihood that the Committee will identify national security risks as well as the measures that may be required to mitigate such risks – can make a significant difference. When contemplating a transaction, investors should conduct due diligence to understand national security touchpoints on all sides of a transaction, including the investors and the investment target. Whether the target business provides products or services to the U.S. Government (whether directly or indirectly), and whether it is involved in critical technology, critical infrastructure, or sensitive personal data should all be considered.
Dechert has represented many clients through CFIUS reviews, including major operators and investors in the high tech, telecommunications, energy, defense, and infrastructure industries. We regularly advise foreign and domestic entities (“buyers” and “sellers,” as well as other interested third parties) through the CFIUS review process, helping them determine whether or not to bring a transaction before the Committee (and whether or not CFIUS review is required), to assemble the required information and materials for a filing, and then (as necessary) to negotiate national security agreements with CFIUS in a manner that minimizes both delay and the imposition of conditions that might threaten the transaction. We also give counsel on strategies for identifying and addressing political and policy considerations that may arise.