CFIUS Finalizes New FIRRMA Regulations

36 min read

White & Case CFIUS FIRRMA Tool

Click here to visit the CFIUS FIRRMA Tool, an online, step-by-step analysis platform to assist in determining whether a contemplated transaction could be subject to CFIUS's jurisdiction under FIRRMA and if mandatory filing requirements would apply

Nearly a year and a half after the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) was enacted, authorizing the most substantial overhaul of the Committee on Foreign Investment in the United States (CFIUS) process since its inception, CFIUS has released final FIRRMA implementing regulations. This alert describes the key features of the new regulations, which take effect on February 13, 2020, including notable changes to the proposed regulations issued in September 2019 (see our prior alert here). The final regulations largely retain the framework set forth in the proposed regulations—including implementing the expansion of CFIUS's authority while maintaining CFIUS review as a mostly voluntary process—but make certain significant changes, codify the critical technology pilot program (subject to new exemptions), offer some clarification and guidance, and promise additional changes to come.

As we previously reported in July and August 2018, FIRRMA provided the general contours for CFIUS reform – including new jurisdiction over certain non-controlling investments and real estate transactions; limitation of such expanded jurisdiction to certain categories of foreign investors; a new short-form filing and review process; and mandatory filing requirements for certain transactions involving foreign government interest or critical technologies – but largely deferred to CFIUS itself to define the precise extent of such reforms. CFIUS did so in September 2019 when it issued two sets of proposed regulations addressing investment and real estate rules, often in the form of highly specific bright-line criteria. With some modifications, the final regulations maintain this framework, which reflects efforts by CFIUS to limit the expansion of its jurisdiction and mandatory filing requirements only to those transactions most likely to raise national security concerns. Notably, the final regulations further limit the expansion of CFIUS's jurisdiction and mandatory filing requirements by loosening the requirements to be an "excepted investor" and by adding a number of exemptions to mandatory filing requirements for investments in companies involved with critical technologies.

FIRRMA does not change CFIUS's core risk-based analysis of each reviewed transaction, which assesses the "threat" posed by the foreign investor, the "vulnerability" exposed by the US business, and the national security consequences of combining that threat and vulnerability. Overall, however, the new CFIUS regime requires a substantially more complex, nuanced, and fact-intensive analysis for jurisdictional questions – including whether filing is mandatory – while retaining the long-standing challenges of assessing and allocating potential substantive national security risks in connection with the CFIUS review process.

The following summarizes the key aspects of the new CFIUS regulations, which take effect on February 13, 2020.


Expanded Jurisdiction

Prior to FIRRMA, CFIUS's jurisdiction was limited to transactions that could result in foreign control of any US business. As a result, the jurisdictional analysis was largely legal in nature: did the investor's ownership structure make it a "foreign person"; could the investor's governance rights result in "control"; and did the target company or assets constitute a "US business"? There was little, if any, need to consider the substantive national security vulnerabilities of the target to complete the jurisdictional analysis. Historically, the substantive assessment would typically be considered in assessing whether to file and potential risks relating to such a decision where jurisdiction was clear or presumed.

FIRRMA retains CFIUS's jurisdiction over such transactions (referred to as "covered control transactions") but gives CFIUS two new bases for jurisdiction: (1) certain non-controlling investments in certain US businesses involved with critical technology, critical infrastructure, or sensitive personal data (known as "TID US businesses" for technology, infrastructure, and data), and (2) certain real estate transactions. The regulations provide detailed criteria of a US business's operations or the real estate assets, as applicable, that would cause a transaction to fall within these new bases for jurisdiction. As a result, under the new framework, the jurisdictional analysis for non-controlling transactions will require a substantive assessment of the target business against these detailed criteria.

The criteria for subjecting transactions to CFIUS's expanded jurisdiction reflect the types of US businesses or real estate assets that have presented heightened national security vulnerabilities in CFIUS's caseload over the past years as well as the US government's growing concern with maintaining the integrity and reliability of the defense industrial base. We summarize these criteria below.

Covered Investments

CFIUS's jurisdiction to review certain non-controlling, yet non-passive investments (called "covered investments" in the regulations) is based on both the nature of the investment and the nature of the target US business. FIRRMA supplied the first half of the test: the nature of the investment must afford a foreign person (other than a foreign person that meets a detailed list of criteria, referred to as an "excepted investor") one or more of the following:

a. access to any material non-public technical information in the possession of the TID US business;

b. membership or observer rights on the board of directors (or equivalent) of the TID US business or the right to nominate an individual to a position thereto; or

c. any involvement, other than through voting of shares, in substantive decision-making of the TID US business regarding critical technology, critical infrastructure, or sensitive personal data.

The new regulations supply the second half of the test by defining with more particularity what is required to be a "TID US business." The three categories of TID US businesses are as follows:

1. Critical Technology

A US business that produces, designs, tests, manufactures, fabricates, or develops one or more "critical technologies" is considered a "TID US business." The regulations maintain without change or additions the definition of "critical technology" in FIRRMA, which includes: defense articles and defense services included on the United States Munitions List; certain items included on the Commerce Control List (CCL); certain nuclear-related facilities, equipment, parts and components, materials, software, and technology; select agents and toxins; and emerging and foundational technologies controlled for export pursuant to section 1758 of the Export Control Reform Act of 2018 (ECRA). As of the date of this alert, the Commerce Department has issued its first emerging technology control – on software specially designed to automate the analysis of geospatial imagery. We understand that export controls on additional emerging technologies will be released in the near term, including in the areas of biomedical, semiconductor, 3D printing, and quantum computing technologies.

2. Critical Infrastructure

FIRRMA instructs CFIUS to limit its jurisdiction over covered investments in "critical infrastructure" to a subset of critical infrastructure (referred to in the regulations as "covered investment critical infrastructure") that is likely to be of particular importance to US national security. The regulations define this subset with precise bright lines – but with many such lines – in a detailed appendix that identifies 28 types of infrastructure. These include:

  • telecoms: certain internet protocol networks, telecommunications and information services, internet exchange points, submarine cable systems and related facilities (including certain data centers);
  • power: certain systems for the generation, transmission, distribution, or storage of electric energy comprising the bulk-power system, industrial control systems utilized therefor, and certain electric storage resources physically connected to the bulk-power system;
  • oil and gas: certain refineries, crude oil storage facilities, liquid natural gas (LNG) import or export terminals, natural gas underground storage facilities or LNG peak-shaving facilities, interstate oil and natural gas pipelines, and industrial control systems therefor;
  • water: certain public water systems and treatment works, and industrial control systems therefor;
  • finance: certain systemically important financial market utilities, securities and options exchanges, and core processing services providers;
  • defense industrial base: fiber optic cables that directly serve certain military installations; facilities that provide electric power generation, transmission, distribution, or storage directly to or located on certain military installations and industrial control systems therefor; public water systems or treatment works directly serving certain military installations and industrial control systems therefor; interstate oil pipelines that directly serve the strategic petroleum reserve; rail lines and associated connector lines designated as part of the Department of Defense's (DOD) Strategic Rail Corridor Network; satellites or satellite systems providing services directly to DOD and its components; facilities in the United States that manufacture certain specialty metals, covered materials, chemical weapons antidotes, and carbon, alloy, and armor steel plate; and – other than commercially available off-the-shelf items – certain industrial resources manufactured or operated for a Major Defense Acquisition Program, Major System, or "DX" priority-rated contract or order, or funded by the Title III program, Industrial Base Fund, Rapid Innovation Fund, Manufacturing Technology Program, Defense Logistics Agency (DLA) Warstopper Program, or a DLA Surge and Sustainment contract; and
  • ports: airports and maritime ports that are subject to CFIUS's new real estate jurisdiction.

The appendix also assigns one or more of five specified functions (own, operate, supply, service, or manufacture) to each of the 28 types of infrastructure. A US business that performs at least one of the functions assigned to the corresponding type of covered investment critical infrastructure is considered a "TID US business."

3. Sensitive Personal Data

FIRRMA contains no definitions or delineating principles with respect to "sensitive personal data," other than that it refers to data that may be exploited in a manner that threatens national security. To address this, the regulations create two classes of sensitive personal data.

First, sensitive personal data includes the results of an individual's genetic tests, including any related genetic sequencing data, whenever such results constitute "identifiable data" (discussed below) – regardless of the amount of such data or the population on which it is collected. This definition excludes data derived from databases maintained by the US government and routinely provided to private parties for purposes of research and generally reflects a narrowing of the types of genetic information that would have been captured under the proposed regulations issued last fall.

Second, sensitive personal data includes "identifiable data," which is defined as data that can be used to distinguish or trace an individual's identity – but only if the following category and collection requirements are satisfied:

  • Categories: the identifiable data falls within one of 10 identified categories, which are: (a) financial data that could be used to determine an individual's financial distress or hardship; (b) data in a consumer report (with certain exceptions); (c) data included in health or other types of insurance applications; (d) data relating to the physical, mental, or psychological health of an individual; (e) non-public electronic communications (email, text, chat, etc.) between users of the US business's products or services if facilitating third-party user communications is a primary purpose of such products or services; (f) geolocation data; (g) biometric enrollment data; (h) data used to generate a state or federal government ID card; (i) data concerning US government personnel security clearance status, or (h) data contained in the application for a personnel security clearance or for employment in a position of public trust.
  • Collection: the US business that maintains or collects the identifiable data (a) targets or tailors products or services to any US executive branch agency or military department with intelligence, national security, or homeland security responsibilities, or to personnel and contractors thereof; (b) had such data on greater than one million individuals at any point over the 12 months preceding the earliest of the "completion date" of the transaction, execution of a binding transaction agreement, the submission of a CFIUS notice or declaration, or certain other transaction-related actions (unless it can demonstrate no ability to collect or maintain any such data as of the completion date); or (c) has a demonstrated business objective to maintain or collect such data on greater than one million individuals and such data is an integrated part of the US business's products or services.

Any US business that maintains or collects either class of "sensitive personal data," with limited exceptions (e.g., such data on the employees of the US business or available in the public domain), is considered a "TID US business."

Covered Real Estate Transactions

FIRRMA also gave CFIUS jurisdiction to review the purchase or lease by, or concession to, a "non-excepted" foreign person of certain real estate (a) located within or functioning as part of an air or maritime port or (b) that is in close proximity to, or that provides the foreign person the ability to collect intelligence on or surveil national security activities at, US military installations or other sensitive US government facilities or property.

The regulations implement this new basis for jurisdiction through the concept of a "covered real estate transaction." Specifically, unless any of the eight exceptions listed below applies, CFIUS has the authority to review any purchase or lease by, or concession to, a foreign person of "covered real estate," either directly or indirectly, that affords the foreign person at least three of the following four "property rights":

  • physically access the real estate;
  • exclude others from physically accessing the real estate;
  • improve or develop the real estate; or
  • attach fixed or immovable structures or objects to the real estate.

"Purchase" includes less than full ownership of the covered real estate. A "lease" includes a sub-lease. "Concessions" only pertain to the development or operation of infrastructure for certain air or maritime ports.

There are five types of "covered real estate":

1. real estate that is located within, or will function as part of, certain air or maritime ports (referred to in the regulations as "covered ports");

  • "airports" are limited to (i) any "large hub airport," as defined in 49 U.S.C. § 40102, listed in the Department of Transportation (DOT), Federal Aviation Administration's (FAA) annual final enplanement data, (ii) any airport with annual aggregate all-cargo landed weight greater than 1.24 billion pounds listed in the FAA's annual final all-cargo landed weight data, and (iii) any "joint use airport" as defined in 49 U.S.C. § 47175 listed by the FAA.
  • "maritime ports" are limited to (i) commercial strategic seaports within the National Port Readiness Network, and (ii) the top 25 tonnage, container, or dry bulk ports listed by the DOT's Bureau of Transportation Statistics.

2. real estate that is within "close proximity" (defined as one mile) of any military installation listed on part 1 (131 such sites) or part 2 (32 such sites) of Appendix A to the real estate regulations;

3. real estate that is within the "extended range" (defined as up to 100 miles but where applicable not exceeding the outer limit of the US territorial sea) of any military installation listed on part 2 of Appendix A. These 32 military installations generally cover expansive territory and contain sensitive training ranges or launch sites susceptible to physical or electronic surveillance. These sites include, for example, Naval Weapons Systems Training Facility Boardman, Oregon, which was relevant to a Presidential divestment order in 2012 on the basis of a CFIUS review in the Ralls transaction;

4. real estate located within any of the 48 counties or other geographic areas listed on part 3 of Appendix A, which are associated with missile fields and were expanded to cover more area than was originally listed in the proposed regulations; and

5. real estate located within any part of the 23 offshore military operating areas listed on part 4 of Appendix A, but only to the extent located within the limits of the US territorial sea (i.e., generally 12 nautical miles from the coastline).

In an effort to streamline what could otherwise be a countless number of "covered real estate transactions," which would be unworkable for both industry and CFIUS, the regulations include eight important exceptions:

1. A blanket exemption from "covered real estate transactions" for certain categories of foreign persons known as "excepted real estate investors" (see next section, below).

2. Any transaction involving covered real estate that is a covered transaction subject to CFIUS's investment-related jurisdiction. Any transaction involving the acquisition of, or an investment in, a US business must be analyzed under CFIUS's "covered control transaction" or "covered investment" jurisdiction, described above, and would not be considered a "covered real estate transaction" even if it includes covered real estate. In other words, "covered real estate transactions" only apply to transactions involving real estate that does not constitute a US business.

3. Any covered real estate that is within an "urbanized area" or "urban cluster," each as identified in the most recent US Census, unless the real estate either (i) is located within, or will function as part of, a covered port, or (ii) is within close proximity (i.e., one mile) of any military installation listed on part 1 or part 2 of Appendix A to the real estate regulations.

4. All single housing units, including fixtures and adjacent land that are incidental to the use of the real estate as a single housing unit.

5. Leases or concessions to a foreign air carrier for which the Transportation Security Administration has accepted a security program under 49 CFR § 1546.105, but only to the extent the lease or concession is in furtherance of its activities as a foreign air carrier. This exception was added to the final regulations on the basis that such foreign air carriers are already subject to Department of Homeland Security oversight.

6. Leases and concessions involving covered real estate at covered ports that may be used only for the purpose of engaging in the retail sale of consumer goods or services to the public. This is meant to exclude leases by retail vendors within an airport, including with respect to car rental and parking.

7. Commercial space in a multi-tenant building that is covered real estate, but only if, upon closing, the foreign person and its affiliates (i) do not, in the aggregate, exceed 10 percent of the total square footage and (ii) do not represent more than 10 percent of the total number of tenants based on the number of ownership, lease and concession arrangements for commercial space in the building. Notably, the final regulations removed the proposed rule's reference to "office" space, so this provision applies more clearly to the commercial space within a building generally, regardless of how it is used by tenants.

8. Covered real estate owned by certain Alaska Native entities or held in trust by the United States for American Indians, Indian tribes, Alaska Natives, and Alaska Native entities.

The real estate regulations are extremely detailed and could require a time- and fact-intensive assessment to determine whether a transaction falls within this new basis for CFIUS jurisdiction. We note, however, that "covered real estate transactions" are subject to voluntary review – they are not subject to the two categories of mandatory filing requirements described below. Additionally, the commentary accompanying the regulations states that the Treasury Department (which chairs CFIUS) "anticipates making available a web-based tool to help the public understand the geographic areas subject to CFIUS jurisdiction." In the meantime, it references online resources relevant to assessing coverage of the rule.


Limited Exemption from Expanded Jurisdiction for "Excepted Investors"

While FIRRMA instructs CFIUS to limit the application of the two new bases for jurisdiction (covered investments and covered real estate transactions) to certain categories of foreign persons, the regulations instead apply the new bases for jurisdiction to all foreign persons unless a foreign person is specifically exempted. The proposed rules issued last September did not identify countries for exemption and set forth extremely strict criteria to qualify as an excepted investor.

In connection with issuing the final regulations, CFIUS identified Australia, Canada, and the United Kingdom as "excepted foreign states." The final regulations also relaxed somewhat the standards for qualifying as an "excepted investor" (which are the same as for an "excepted real estate investor"), as discussed in more detail below.

The regulations provide no criteria for how CFIUS selects countries for the excepted foreign state list(s) (which may differ for investment and real estate transactions, but do not initially), other than that (i) they must be identified by CFIUS as an eligible foreign state and (ii) after February 13, 2022, including for existing excepted foreign states to remain on the list(s), CFIUS must have made a determination that the country has established and is effectively utilizing (or, with respect to real estate, made significant progress towards) a robust process to (a) analyze national security risks in foreign investment and (b) facilitate coordination with the United States on matters relating to investment security. The specific factors that CFIUS will consider as to whether a country has developed such a "robust process" in the future have not yet been determined.

It is not surprising that the initial list of excepted foreign states is small and limited to three of the four foreign "Five Eye" countries with special intelligence-sharing arrangements. Indeed, the commentary accompanying the regulations specifically notes that those countries were chosen "due to aspects of their robust intelligence-sharing and defense industrial base integration mechanisms with the United States." The commentary also acknowledged that the limited list reflects that the excepted foreign state rules "are new and an expansive application carries potentially significant implications for the national security of the United States." The list of excepted foreign states is not static and may change in the future.

The process to determine whether a particular foreign person is an "excepted investor" (or "excepted real estate investor") is complex and ultimately highly restrictive. To be an "excepted investor," the foreign person must fall into one of three categories:

1. A foreign national who is exclusively a national of one or more excepted foreign states.

2. A foreign government of an excepted foreign state.

3. A foreign entity that meets each of the following five criteria with respect to itself and each of its parents:

i. Organized under the laws of an excepted foreign state or in the United States.

ii. Principal place of business in an excepted foreign state or in the United States.

iii. Seventy-five percent or more of the members and 75 percent or more of the observers of its board of directors or equivalent governing body are either US nationals or foreign nationals who are exclusively a national of one or more excepted foreign states.

iv. Any foreign person that individually, or as part of a group of foreign persons, holds 10 percent or more of the voting interest, economic interest, profit interest, or asset-upon-dissolution interest or that could otherwise control such entity must be (a) a foreign national who is exclusively a national of one or more excepted foreign states, (b) a foreign government of an excepted foreign state, or (c) a foreign entity organized under the laws of an excepted foreign state and that has its principal place of business in an excepted foreign state or the United States.

v. The "minimum excepted ownership" of such entity – defined as a majority of its voting, profit, and asset-upon-dissolution interest for an entity publicly traded primarily on an exchange in an excepted foreign state or the United States; and at least 80 percent of its voting, profit, and asset-upon-dissolution interest for any other entity – must be held, individually or in the aggregate, by persons each of whom either is not a foreign person or qualifies as (a), (b), or (c) in criterion (iv) above.

Even if a foreign person meets all of the above criteria, it is still not an "excepted investor" if (a) it is listed on the Commerce Department, Bureau of Industry & Security's Unverified List or Entity List, or (b) in the five years prior to the completion of its transaction, either the foreign person or any of its parents or any entity of which it is a parent engaged in any of eight types of bad acts, including: material misstatements in a CFIUS filing, material breach of a CFIUS mitigation agreement, violations of US sanctions laws, debarment by the Directorate of Defense Trade Controls, violations of US export control laws, and felonies. Further, if the foreign person no longer satisfies the criteria in (1), (2), and (3)(i)-(iii), above, at any time during the three-year period after the completion date of the transaction, it is no longer an "excepted investor" from the completion date onward, and its transaction would become subject to a potential CFIUS-initiated agency notice during the remainder of this three-year period.


Mandatory Filing Requirements

A key takeaway from both FIRRMA and the new regulations is that CFIUS remains primarily a voluntary process. Unless a transaction falls within either of the two specific categories below, the parties may decide for themselves whether to submit the transaction for CFIUS review. Though, importantly, CFIUS retains the right to initiate reviews of, or encourage parties to voluntarily submit for review, non-notified transactions.

As discussed in more detail below, there are two categories of transactions subject to mandatory filing requirements, both specific to TID US businesses. The first applies to investments by any investor (subject to certain exemptions) in certain TID businesses involved with critical technologies. The second pertains to certain investments by foreign investors with substantial foreign government ownership (subject to certain exemptions) in any TID US business.

Critical Technology Pilot Program Codified, With New Exemptions

In November 2018, CFIUS started a pilot program that mandated filings for covered control transactions and covered investments in certain US businesses involved with critical technologies in or for 27 specific "pilot program industries." (See our alert on the pilot program here.) The final FIRRMA regulations codify the requirements of the pilot program, including mandating filing for qualifying critical technology transactions, with some notable changes. Most significantly, the regulations introduce a number of exemptions to the mandatory filing requirements. Specifically, the following are not subject to mandatory notification:

1. A covered control transaction by an excepted investor (note: qualifying as an excepted investor already precludes the investor from being subject to the expanded jurisdiction for covered investments in TID US businesses);

2. A covered transaction (i.e., covered control transaction or covered investment) made directly by a company holding an active facility security clearance and operating pursuant to a Security Control Agreement, Special Security Agreement, Proxy Agreement, or Voting Trust Agreement to mitigate its foreign ownership, control or influence (FOCI);

3. A covered transaction by an investment fund if the fund is managed exclusively by a general partner (or equivalent) that is either not a foreign person or is ultimately controlled exclusively by US nationals and (as described in more detail below) to the extent any foreign limited partner serves on an advisory board or committee of the fund, such role would not allow the foreign limited partner to control the fund, its investment decisions, or decisions regarding the entities in which it has invested;

4. An investment that becomes a covered investment only because the investor ceases to meet the excepted investor criteria during the three-year period after the completion date;

5. A covered control transaction involving an air carrier that holds a general, temporary, or charter air transportation certificate (note: FIRRMA already carves out such carriers from "covered investments"); or

6. A covered transaction where the target only qualifies as a TID US business because it produces, designs, tests, manufactures, fabricates, or develops encryption items, software, or technology eligible for License Exception ENC under the Export Administration Regulations.

There are also two key changes in the regulations that impact the rules that applied to the pilot program. First, the filing of a declaration (or notice in lieu of a declaration) is required 30 days before the "completion date," which reduces the pilot program's 45-day advanced notice period. Second, the regulations include a strict definition of "completion date," which is the earliest date upon which any ownership interest, including a contingent equity interest, is conveyed, assigned, delivered, or otherwise transfers to a person, or a change in rights that could result in a covered control transaction or covered investment occurs. While commentary in the final regulations suggests that the first date upon which a transfer of interest occurs is not the "completion date" unless such a transfer constitutes a "covered transaction," the definition itself is not clear. This lack of clarity creates uncertainty in the context of a transaction that has multiple tranches (which is common in venture capital and other early-stage investing) as to whether the closing of the first such tranche constitutes the "completion date" (including for purposes of the 30-day lead time by which a mandatory filing must be submitted), even if "control" or "non-passive" rights do not attach at the first closing.

Finally, the commentary accompanying the regulations states that CFIUS anticipates moving from a mandatory filing rule utilizing an industry test based on North American Industry Classification System (NAICS) codes to one based upon export control licensing requirements. A notice of proposed rulemaking regarding this change will be published in the future.

Substantial Foreign Government Interest in TID US Businesses

As required under FIRRMA, transactions involving the acquisition of a substantial foreign government interest in a TID US business are subject to mandatory filing requirements. Specifically, a short-form declaration, or a full notice in lieu of a declaration, must be submitted at least 30 days prior to the completion date of any covered control transaction or covered investment that results in:

  • a "substantial interest" (defined as a voting interest, direct or indirect, of 25 percent or more) in a TID US business
  • by a foreign person in which the national or subnational governments of a single foreign state (other than an excepted foreign state) have a "substantial interest" (defined as a voting interest, direct or indirect, of 49 percent or more).

For purposes of determining the percentage of voting interest held indirectly by one entity in another entity, any voting interest of a parent will be deemed to be 100 percent in its subsidiary. Thus, for the substantial-interest analysis, the regulations do not recognize dilution throughout the ownership chain that would otherwise result from parent ownership interests less than 100 percent.

The final regulations were modified to state that for an entity with a general partner, managing member, or equivalent, the substantial interest test is only satisfied if the government entity(ies) holds 49 percent or more of the general partner, managing member or equivalent – foreign government limited partner interests are disregarded.

The final regulations also provide exemptions from mandatory filing requirements for substantial foreign government ownership in two cases:

1. A covered transaction by an investment fund if the fund is managed exclusively by a general partner (or equivalent) that is either not a foreign person or is ultimately controlled exclusively by US nationals and (as described in more detail below) to the extent any foreign limited partner serves on an advisory board or committee of the fund, such role would not allow the foreign limited partner to control the fund, its investment decisions, or decisions regarding the entities in which it has invested; and

2. A covered control transaction involving an air carrier that holds a general, temporary, or charter air transportation certificate.


Failure to make a mandatory filing may incur civil penalties not to exceed $250,000 or the value of the transaction, whichever is greater, with the amount of the penalty based on the nature of the violation. The Treasury Department is also considering whether it can make available additional information to assist the public in understanding CFIUS's enforcement priorities.

Please also note that while a mandatory filing must be made at least 30 days before the completion date, the regulations permit the parties to close their transaction prior to the expiration of the 30 days if they have been informed in writing by CFIUS either that (a) CFIUS has concluded all action, or (b) in the case of a declaration, CFIUS is not able to complete action on the basis of the declaration (but CFIUS does not request or self-initiate a full notice).

Investment Funds

There are a number of provisions in the regulations directly focused on, or primarily of relevance to, investment funds.

First, as noted above, there are certain exemptions to mandatory filing requirements for US-controlled investment funds. Specifically, transactions are exempt from both critical technology and substantial government interest mandatory filings if:

1. the fund is managed exclusively by a general partner, a managing member, or equivalent;

2. that general partner, managing member, or equivalent is not a foreign person; and

3. if any foreign person has membership as a limited partner on an advisory board or committee of the fund:

i. the advisory board or committee does not have the ability to approve, disapprove, or otherwise control (a) investment decisions of the investment fund or (b) decisions made by the general partner, managing member, or equivalent related to entities in which the investment fund is invested; and

ii. the foreign person does not otherwise have the ability to control the investment fund.

Also as noted above, the substantial interest test for an investment fund pertains only to government ownership in the general partner, managing member, or equivalent – foreign government limited partner interests do not trigger mandatory filing.

Second, the regulations, consistent with FIRRMA, include a "clarification" for certain investment fund investments in relation to participation by foreign limited partners on advisory boards or committees of the fund. As we have previously reported, this clarification means that a foreign limited partner's membership on an advisory board or committee of a fund does not, in and of itself, render the foreign person's indirect investment in a TID US business to be a covered control transaction or a covered investment if it would not otherwise be. Whether such indirect investment would otherwise be such a covered transaction would still need to be assessed based on the respective criteria for covered control transactions and covered investments. Indeed, the final regulations add an example clarifying that even if the investment fund is exempted under this clarification, a limited partner's indirect investment in the TID US business would be subject to a mandatory filing requirement if it is afforded a qualifying right regarding the TID US business.


Short-Form Declarations Can Be Filed for Any Transaction

As previously reported, one key new feature under FIRRMA is the ability for transaction parties to notify CFIUS via a declaration – a form that is approximately five pages in length – and receive feedback within 30 calendar days of CFIUS accepting the declaration. This is an alternative to submitting a full notice and going through the full prefiling and formal review processes, though parties may still ultimately end up filing a full notice after the declaration period at their election or the request of CFIUS. Declarations have been permitted since November 2018 for transactions subject to the pilot program, but once the new regulations take effect, they may be utilized for any transaction (investment or real estate) notified to CFIUS. Following its review of a declaration, CFIUS may take one of four actions: (1) request that the parties file a full written notice, (2) advise the parties that CFIUS cannot complete action based on the declaration and that the parties may submit a notice in order for CFIUS to complete action (commonly referred to as the "shrug"), (3) initiate a unilateral review of the transaction, or (4) notify the parties in writing that CFIUS has completed all action with respect to the transaction (i.e., cleared the transaction).

The ultimate usefulness of the declaration process is likely to depend on a combination of how willing CFIUS is to conclude action or give the shrug via declarations and parties' risk tolerance for accepting the shrug as a sufficient resolution absent conclusion of action. Although no statistics have been released in connection with the pilot program, indications were that relatively few transactions (somewhere between 10 and 20 percent) were cleared on the basis of a declaration, and the shrug was a more common outcome where CFIUS did not request a full notice. Of course, by definition the pilot program was targeted at transactions that were viewed as likely to be more sensitive from a national security perspective, so it is possible more transactions could be cleared with the broader use of declarations under the new regulations.


Other Key Points

  • New definition of principal place of business. The regulations include a new definition for "principal place of business," which was a previously undefined element of the definition of "foreign entity." A foreign entity is defined as an entity organized under the laws of a foreign state if either its principal place of business is outside the United States or its equity securities are primarily traded on a foreign exchange. This can be an important jurisdictional distinction where entities are organized offshore for tax purposes, but effectively operate and are managed within the United States. "Principal place of business" is now defined as "the primary location where an entity's management directs, controls, or coordinates the entity's activities, or, in the case of an investment fund, where the fund's activities and investments are primarily directed, controlled, or coordinated by or on behalf of the general partner, managing member, or equivalent." That is qualified, however, by a provision stating that if in the most recent filing to a government agency (other than CFIUS) the entity's principal place of business is listed as being outside of the United States, then that foreign location shall be deemed the principal place of business. Essentially, this provision provides a practical standard of a principal place of business generally, but also seeks to avoid allowing parties to claim different principal places of business for different regulatory filings. As the definition of "principal place of business" is new in the final regulations, it is effective on February 13 as an interim rule, but subject to a 30-day public comment period and potential revision.
  • No filing fees yet. The regulations do not contain any provisions for filing fees, but the commentary notes that filing fees will be the subject of a separate rulemaking. FIRRMA authorizes CFIUS to impose filing fees not to exceed the lesser of one percent of the value of the transaction or $300,000 (adjusted for inflation).
  • Potentially expansive definition of "US business." CFIUS's long-standing regulations defined "US business" to mean any entity engaged in interstate commerce in the United States, but only to the extent of its activities in interstate commerce. The definition in the new regulations deletes the limitation "but only to the extent of its activities in interstate commerce." In response to public comments requesting clarity on how expansive CFIUS viewed the new definition, CFIUS states that the "definition tracks the language of FIRRMA and is not intended to suggest that the extent of a business's activities in interstate commerce in the United States is irrelevant to the Committee's analysis of national security risk." The new regulations also added language to an example clarifying that a foreign entity that only has operations and personnel outside of the United States is not a US business by virtue of providing remote technical support services (along with exporting and licensing technology) to customers in the United States. While it is helpful that the regulations clarified that, from a jurisdictional standpoint, there must be some actual US operations for there to be a US business, the regulations did not clarify to what extent non-US operations would also be considered part of the "US business." CFIUS's deliberate silence on this point indicates that CFIUS is leaving itself flexibility about how broadly it may interpret (i) the scope of a "US business" in the context of any given transaction before it, and by extension, flexibility about how broadly it may interpret (ii) the "covered transaction" that is the subject of its review, (iii) the national security concerns that arise from such "covered transaction," and (iv) the extent of the mitigation or divestment actions that CFIUS or the President may take to resolve any such national security concerns.
  • "Incremental acquisition rule" is extended to declarations. The new regulations have been revised to clarify that the long-standing "incremental acquisition rule" – i.e., a transaction will not be deemed a "covered transaction" if a foreign person acquires an additional interest in a US business over which the same foreign person (or any entity that it wholly owns, directly or indirectly) previously acquired direct control in a transaction for which CFIUS concluded action – applies in cases in which CFIUS concludes action in a covered control transaction on the basis of either a notice or a declaration. This change provides stronger safe harbor protection for parties whose control transactions are cleared via the declaration process. The incremental acquisition rule does not apply to covered investments or for control transactions in which, following an assessment of a declaration, CFIUS does not conclude action (even if no notice is requested).
  • Effectiveness of the new regulations. The current regulations – including mandatory filing requirements under the pilot program – will remain in effect through February 12, 2020 and will apply to any transaction for which any of the following has occurred prior to February 13, 2020:
    • the completion date;
    • the parties to the transaction have executed a binding written agreement, or other binding document, establishing the material terms of the transaction;
    • a party has made a public offer to shareholders to buy shares of a US business; or
    • a shareholder has solicited proxies in connection with an election of the board of directors of a US business or an owner or holder of a contingent equity interest has requested the conversion of the contingent equity interest.

With respect to transactions subject to mandatory filing requirements under the new regulations, starting February 13, 2020, a declaration (or written notice in lieu of a declaration) must be submitted no later than (1) February 13, 2020, or promptly thereafter, if the completion date of the transaction is between February 13, 2020 and March 14, 2020; or (2) at least 30 days before the completion date of the transaction, if the completion date is after March 14, 2020.

The new regulations bring substantial changes to the CFIUS regime – most notably mandating certain filings for the first time and expanding CFIUS's jurisdiction beyond control deals and even to real estate transactions lacking a traditional investment in a business. That said, FIRRMA was designed to fill gaps that could potentially be exploited, and as such, much of the expansion of CFIUS's authority is tailored in a relatively narrow way. Most significantly, the jurisdictional expansion regarding investments and mandatory filing requirements are exclusively focused on TID US businesses, which CFIUS has clearly identified as presenting heightened national security vulnerabilities. There is no change to the jurisdiction rules with respect to foreign investments in non-TID US businesses. Similarly, the real estate regulations serve to provide CFIUS the authority to reach new transactions that may present close-proximity concerns (a long-standing issue of interest to the committee) and highlight for transaction parties the specific geographical areas of sensitivity.

Importantly, whereas the jurisdictional assessment for investments in TID US businesses and real estate has become complex and in some cases highly technical under the new regulations, that is only one part of the analysis. The substantive risk assessment of any given transaction – regardless of whether it is subject to CFIUS's new authorities – remains a key issue for parties to consider during deal planning and negotiations.


Click here to download 'CFIUS Finalizes New FIRRMA Regulations' PDF.


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2020 White & Case LLP