What is CFIUS?
The Committee on Foreign Investment in the United States (CFIUS) is an interagency committee charged with reviewing transactions involving foreign investment in the U.S. and certain real estate transactions for national security considerations. CFIUS has the ability to impose conditions or suspend or prohibit transactions to protect U.S. national security.  

Investors, target companies, and market participants should conduct due diligence to assess the full range of national security concerns that CFIUS considers before undertaking any foreign investment transaction.

CFIUS is chaired by the Secretary of the Treasury and is composed of key national security and economic agencies, the White House, and the intelligence community.  

What is FIRRMA?
The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) strengthens and modernizes CFIUS by broadening the scope of CFIUS authorities to review transactions and enforce actions. These rules went into effect on 13 February 2020. With the changes made by FIRRMA, and its implementing regulations, CFIUS now has the authority to review: 

  • Mergers, acquisitions, or takeovers that could result in foreign control of a U.S. business
  • Noncontrolling investments in U.S. businesses related to critical technologies, critical infrastructure, or sensitive personal data that give foreign persons access to material, nonpublic technical information, rights to board participation, or decision-making authority implicating national security sensitive matters
  • Certain real estate transactions, such as those involving land, air, or seaports, or property located near U.S. military installations and other sensitive locations

CFIUS now requires mandatory declarations for certain investments in U.S. businesses related to critical technologies, critical infrastructure, or sensitive personal data in which a foreign government has a substantial interest or involving critical technologies.  

What should businesses consider with respect to CFIUS and FIRRMA?
Business should examine a range of factors in assessing CFIUS considerations related to a transaction, including, but not limited to:

  • Whether critical technologies are involved, such as items subject to dual-use or defense-related export controls or emerging or foundational technologies identified by the U.S. Department of Commerce.
  • Whether critical infrastructure is involved, including IP networks, telecommunications services, interstate oil pipelines, crude oil storage facilities, rail lines, public water systems, and electric power generation, storage, or transmission.  
  • Whether sensitive personal data is involved, including health, financial, or genetic data and data related to the U.S. military, executive branch, or national security.
  • Whether U.S. government contracts, funding, or partnerships are involved, and if so, whether there are national security or supply considerations. 
  • Whether the purchase or lease of real estate proximate to sensitive facilities, such as ports or defense establishments, are involved.
  • Whether there are financial crime considerations of the investor or the target companies, such as those related to sanctions, bribery or corruption, or money laundering.
  • Whether there are sensitive foreign government connections, particularly in higher-risk jurisdictions.

Investors, target companies, and financiers should all evaluate national security considerations and CFIUS implications as part of a given transaction. 

Why the change?
The FIRRMA changes result from CFIUS’s experience and lessons learned with implementing the Foreign Investment and National Security Act of 2007 (FINSA) and are designed to broaden authorities to respond to identified gaps and changes to the investment landscape.  

Among these considerations are foreign investments in early-stage U.S. technology companies that may erode the U.S. technological advantage with critical national security implications; the ability of foreign investors, particularly those with links to foreign governments, to misuse sensitive personal data in a manner adverse to national security interests; and the ability of a foreign person to lease or acquire  real estate to gain physical proximity to and surveil sensitive facilities. 

Who is affected?
Investors from all countries should take into account the potential for CFIUS review, particularly for controlling investments. Jurisdictions such as Australia, Canada, and the UK are currently excepted from the mandatory declaration requirement for certain noncontrolling investments.  

What does this mean to me and my deal?
CFIUS will continue to scrutinize and prioritize transactions of businesses operating in sensitive sectors and from sensitive countries. Investors, target companies, and financiers should conduct due diligence at all phases of a transaction to assess CFIUS-related risks and to determine whether to undertake proactive measures, such as policies and procedures, to be able to effectively address potential CFIUS concerns or to consider potential investment partners to identify CFIUS red flags.   

Is there anything unique to U.S.-based private equity investors? 
Private equity, venture capital, and hedge funds must now proactively consider the new CFIUS rules and their application to both minority stakes taken in U.S. businesses, particularly those involved in critical technologies, critical infrastructure, and sensitive personal data, as well as controlling interests. CFIUS specifically imposed a mandatory declaration requirement for transactions involving substantial foreign government interest or investments in U.S. companies that do business in listed critical technology sectors, including everything from military sensitive sectors to nanotechnology and biotechnology. For these investments, investors must consider foreign access to material, nonpublic information or sensitive personal data, the control a foreign partner can exercise over the investment decisions, and governance participation, even without a controlling stake.

PE involving foreign financing will need to conduct comprehensive due diligence on all parties involved in a transaction—investors, partners, and the acquisition target—to ensure compliance with CFIUS declaration requirements and to navigate potential CFIUS concerns. Risk assessments and due diligence can help point the way to scoping transactions to mitigate CFIUS concerns.

What are the changes that concern real estate investments? 
Prior to FIRRMA, CFIUS had authority to review foreign investments in U.S. real estate only in connection with foreign acquisitions that could result in control over a U.S. business. Now, CFIUS jurisdiction can review certain transactions involving the purchase or lease by, or a concession to, a foreign person of certain real estate in the United States, even where there is no accompanying investment in a U.S. business. There are two areas of “covered” real estate:

  • Real estate that is located within, or will function as part of, an air or maritime port.
  • Real estate near U.S. military installations or other property owned by the U.S. government that "is sensitive for reasons relating to national security.”

For U.S. real estate firms, it is critical to conduct due diligence up front to understand each partner in the transaction and potential concerns that CFIUS might raise. Even if not in the scope of real estate regulations, parties involved in transactions must do the same level of diligence up the chain and down, and now have to think about real estate.