Transitioning from CFIUS pilot program to full FIRRMA implementation

January 2020  |  TALKINGPOINT | MERGERS & ACQUISITIONS

Financier Worldwide Magazine

January 2020 Issue

FW discusses transitioning from the CFIUS pilot program to full FIRRMA implementation with John Lash at Control Risks and Stephanie L. Connor at Gibson, Dunn & Crutcher LLP.

FW: What impact has the Foreign Investment Risk Review Modernization Act (FIRRMA) had on foreign investment in the US since it was signed into law in August 2018?

Lash: The Foreign Investment Risk Review Modernization Act (FIRRMA) requires companies to balance their approach to compliance strategy with traditional business-focused investment protocols. The regulations strengthen the US’ ability to address a dynamic national security landscape, intimately integrated with the threat, vulnerability and consequence of foreign direct investment (FDI). FIRRMA’s impact is the enhanced compliance and security posture of US organisations, including cyber security, physical security and supply chain integrity. FIRRMA also makes institutions more resilient in the 21st century’s evolving threat environment. US companies – particularly technology, infrastructure and data (TID) businesses – perform strategic and tactical assessments to evaluate investment decisions, with national security part of their calculations. While there is a potential cost, it is important to recognise the potential long-term value of harmonising operational enhancements. Acknowledging statistics comparing strict FDI figures post-FIRRMA, I believe that – while broadly correlated – there are too many confounding variables to establish a causal relationship.

Connor: These are turbulent times with respect to US trade policy and, after accounting for other factors, including the brewing trade war between the US and China, FIRRMA does not seem to have stemmed the tide of FDI into the US. As US government spokespersons are oft quoted, the US is still open for business. Historically, the US Committee on Foreign Investment in the United States (CFIUS) had the authority to review transactions resulting in foreign control over US businesses with national security implications. FIRRMA expanded the scope of transactions subject to CFIUS review to include non-passive but non-controlling investments in US companies involved in specified ways with critical technologies, critical infrastructure or sensitive personal data – referred to as ‘TID US businesses’, as well as certain real estate transactions. Most of the final FIRRMA regulations will become effective by February 2020; to date only certain provisions of FIRRMA have been fully implemented.

FW: How have investment funds responded to the September 2019 proposals by the Committee on Foreign Investment in the United States (CFIUS) to widen FIRRMA’s scope? To what extent do the proposals provide additional clarity and certainty for foreign investors?

Connor: In September 2019, CFIUS proposed regulations to implement FIRRMA. These new rules provide some much-needed clarity with respect to the way that CFIUS perceives and adjudicates national security risk. For investment funds, the FIRRMA regulations provide both comfort and concern. The good news is that FIRRMA provided an express ‘carve-out’ for indirect, passive foreign investments made through certain US-managed funds, provided there are limits on foreign investor involvement in substantive decision making and access to material non-public technical information. The bad news is that the committee will undertake a much more rigorous review of complex investment structures to better understand the nature of a foreign investor’s influence. Fund managers will need to weigh these risks when considering new foreign investors in certain higher risk funds. Other developments are still to come, including the publication of a list of excepted foreign countries from which certain investors will receive less scrutiny.

Lash: Investment funds have historically demonstrated the ability to navigate major economic shifts and evolutions in global trade policy. Draft regulations provide a framework for evaluating the viability of investment targets and assessing the appropriate structure of the fund vehicle for investments. However, investment fund decisions are too complex for a single predetermined decision tree, which can lead to uncertainty and frustration. The clarity provided to funds is grounded in performing risk-based assessments and having the information to make difficult decisions based on the unique deal. Funds recognise they must be able to address risks surrounding access to and control of information, involvement in substantive decision making and membership rights afforded by the transaction. Some funds elect to exclude certain investor groups from investments, which may raise CFIUS concerns. Others recognise the relative strength of offerings, which provides for reduced execution deal risk.

Many FIRRMA provisions reflect a new and substantial focus on protecting critical technologies from foreign interference.
— Stephanie L. Connor

FW: Drilling down, what are the key takeaways from the CFIUS proposals? How are these likely to impact foreign investment in US companies and assets, potential third-party interests and the ability to identify beneficial owners?

Lash: Substantively, the draft FIRRMA regulations are aligned with expectations across the industry. Based on the updates to declarations, minority-position investments in critical technology, critical infrastructure and sensitive personal data, as well as real estate deals, I would anticipate CFIUS filings to exceed 1000 annually between notices and declarations. A critical takeaway is the enhancement of the enforcement mandate and capabilities of the committee, establishing a marked expansion of jurisdiction over what are considered covered transactions, controlling investments and non-controlling interests. A key enforcement pursuit that will have significant impact in the coming year is the committee’s capacity and ability to seek out non-notified transactions that have previously closed, which may have a national security implication.

Connor: First, it is critical that parties to a transaction can identify foreign investors, particularly those owned or controlled by a non-US government. It is not uncommon for CFIUS to consider the nature of those investments as well as whether there is any formal or informal arrangement between foreign interests, and the new FIRRMA regulations will eventually require certain foreign government investments to obtain CFIUS clearance. Second, parties must think through their governance structures and the way that information flows to investors if they are involved or expect to become involved in a TID US business. The type of non-controlling TID investments that trigger CFIUS review include non-passive equity investments, which afford a foreign person access to any material non-public technical information in the possession of a TID business, membership or observer rights or the right to nominate an individual to the board of directors or equivalent governing body of the TID business or any involvement, other than through voting of shares, in substantive decision making. In sum, it is essential that parties consider whether and how certain governance rights could trigger CFIUS scrutiny.

FW: How do the additional regulations address national security concerns arising from certain foreign investments, such as investments in US technology emanating from China?

Connor: FIRRMA expanded the scope of transactions subject to CFIUS review in an effort to better address the national security risk posed by an increasing number of Chinese investments in the US, and many FIRRMA provisions reflect a new and substantial focus on protecting critical technologies from foreign interference. Furthermore, many of the Chinese transactions blocked by CFIUS in the past year relate to security concerns regarding cyber security or access to sensitive personal data. In late March 2019, CFIUS ordered Beijing Kunlun Tech Co. Ltd to sell its interest in Grindr LLC, a popular dating application focused on the LGBTQ+ community. Although CFIUS has not commented publicly, observers speculated that the action was prompted by concerns over Kunlun’s access to sensitive personal data from Grindr users, such as location, sexual preferences, HIV status and messages exchanged via the Grindr app. CFIUS also forced Shenzhen-based iCarbonX to divest its majority stake in PatientsLikeMe, an online service that helps patients find people with similar health conditions, and which purportedly maintained sensitive information on hundreds of thousands of US persons.

Lash: Geopolitical, economic and national security considerations specific to China continue to present a complex investment paradigm. Deal activity can be successfully conducted with Chinese companies if appropriate measures are taken to identify and address the associated national security risks. However, mitigation measures required to resolve national security risk can have such an impact on the transaction’s underlying economic or technology transfer goals that its viability may not be sustainable. To conduct business in high-risk industries and jurisdictions, companies should understand and vet the transaction’s execution deal risks through the lens of US national security. When considering how the US and China coexist as global economic superpowers there are essentially two paths: collaboration or conflict. Collaboration seeks a common ground on national security, economic policy and foreign policy considerations; conflict entails viewing any investment activity as a zero-sum game.

Some funds elect to exclude certain investor groups from investments, which may raise CFIUS concerns.
— John Lash

FW: Which sectors are likely to be particularly affected following full implementation of FIRRMA? What aspects of FIRRMA should companies in these sectors consider?

Lash: The implementation of FIRRMA will represent a significant expansion of authority to address the evolving national security threat environment, particularly risks in technology, infrastructure and data companies or TID US businesses. The risk-based assessment model for these sectors should examine whether foreign control or influence may establish a national security threat if there exists a nexus to US citizens or intelligence-gathering techniques. The mandate of CFIUS, particularly post-FIRRMA, has enhanced the authority of the committee to maintain a broad jurisdiction over the personal data of US citizens. A threat assessment should be conducted specific to the potential to capture, control or transmit the sensitive personal data of US citizens vis-à-vis various customer databases or social media applications. Depending on the type, volume and localisation of such data, this information may present an increased national security risk profile for a company.

Connor: Notably, the CFIUS critical technologies pilot program focuses on 27 specific industries that pose heightened national security risks. These range from aircraft manufacturing, nuclear power generation, semiconductors and petrochemical manufacturing, to nano- and biotechnology research and development. Foreign investments in these sectors can trigger a mandatory filing requirement under the pilot program. CFIUS may review transactions related to US businesses that perform specified functions, such as owning, operating, manufacturing, supplying or servicing, with respect to critical infrastructure across subsectors such as telecommunications, utilities, energy and transportation. CFIUS may also review transactions related to US businesses that maintain or collect sensitive personal data of US citizens. As defined by the new regulations, ‘sensitive personal data’ includes 10 categories of data maintained or collected by US businesses that target or tailor products or services to sensitive populations.

FW: What essential advice would you offer to dealmakers in terms of preparing for full transition to FIRRMA? Going forward, what strategies can investors deploy to pacify regulators?

Connor: The first step for any investor is to determine whether a potential transaction could trigger CFIUS scrutiny, and if so, whether a filing is mandatory under the new rules. If a filing is required, or advisable, the parties should ensure that a CFIUS review is baked into the timeline for the deal, and that the parties have agreed upon the level of cooperation, acceptable mitigation and any termination fees that may result from failure to obtain CFIUS approval. Investors who have a long-term development strategy in the US may consider how they would like to approach CFIUS. First impressions matter, and a company’s initial filing presents an opportunity to establish a positive working relationship with CFIUS. The FIRRMA regulations dictate new filing procedures and timelines that could present hurdles or even roadblocks to investors unfamiliar with the regulatory landscape.

Lash: The best advice is to incorporate the foreign investment reviews as part of the business-focused investment strategy. A transparent and disciplined approach to navigating national security reviews should be viewed as a value-additive process of the deal cycle. US companies should view the process as one that protects intellectual property (IP) in emerging and edge technologies, while also ensuring a hardened cyber perimeter to protect infrastructure and customer data. The successful dealmaking models will not only address national security risks defensively, but proactively engage the process early and aggressively. These offensive strategies will address the potential risks early in negotiations, which will lead to better economic decision making, as well as a more streamlined review process.

FW: Once the proposals are finalised, how do you expect them to affect investment levels in the short, medium and long term? What additional developments are we likely to see?

Lash: The variables converging at the intersection of trade policy and national security create a complex mosaic of the FDI landscape. Overall, the US has historically been, and remains, the premier destination for foreign investment due to the country’s ability to incubate technological innovation through the contributions of private industry, government programmes and academic research. Funding this innovation through domestic and foreign investment is a critical component to free and open trade that also yields significant breakthroughs and economic benefit. The implementation of FIRRMA regulations will not significantly change the level of investment but may also change the context surrounding investment. The context and type of investment levels will vary as markets adjust and the strategic approach to the evolved concept of national security is harmonised with these deal decisions. Ultimately, the regulations will present an essential and net-positive result in balancing free trade and national security.

Connor: It is important to think about CFIUS in the broader context of geopolitical developments. The lens through which CFIUS views foreign investment will depend on an evolving landscape of national security threats. For example, although the US Congress considered adopting a list of countries that would be subject to heightened scrutiny, such as China, in FIRRMA, legislators ultimately deferred to CFIUS on the question of which countries and investors should be exempted from scrutiny. Under the new regulations, certain foreign investors with ties to ‘excepted foreign states’ will receive preferential treatment with respect to the review of certain non-controlling and real estate investments. Notably, investors can lose this preferred status if they have a history of non-compliance with US sanctions and export controls. This will have a significant impact on foreign companies which engage in activities subject to US law.

 

John Lash is a principal at Control Risks, leading the Committee on Foreign Investment in the United States (CFIUS) group. He has significant experience advising domestic and international clients in national security reviews and assisting with related regulations, including the mitigation of foreign ownership, control or influence. His teams serve in independent audit and monitor roles as required by mitigation terms and provide guidance to clients during various phases of CFIUS evaluation, submission and review. He can be contacted on +1 (202) 449 3330 or by email: john.lash@controlrisks.com.

Stephanie Connor is of counsel in the Washington DC office of Gibson, Dunn & Crutcher. Ms Connor’s practice focuses on a range of issues arising under US international trade regulations, including national security reviews conducted by the US Committee on Foreign Investment in the United States (CFIUS), economic sanction and embargo regulations administered by the US Department of Treasury’s Office of Foreign Assets Control (OFAC) and US export controls implemented by the US Departments of Commerce and State. She can be contacted on +1 (202) 955 8586 or by email: sconnor@gibsondunn.com.

© Financier Worldwide

THE PANELLISTS

 

John Lash

Control Risks

 

Stephanie L. Connor

Gibson, Dunn & Crutcher LLP

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.