This is part 2 of a five-part series with Tom Fox and the FCPA Compliance Report on mitigating risks within CFIUS compliance with business intelligence.

What Is CFIUS Looking For?
Entities facing the Committee on Foreign Investment in the United States (CFIUS) review process are often uncertain as to how to proceed, as for many this is the first time undergoing this process. When facing such uncertainty, it’s helpful to keep in mind that the review process is essentially a two-way conversation between CFIUS and the parties to the transaction. Moreover, through this process, CFIUS is trying to sort through the filings and assess what threats and vulnerabilities are presented by the transaction, and often reaches out to the filing parties to either seek information or clarify information presented to it. Compliance professionals will not be surprised that CFIUS wants to understand the underlying business rationale for the transaction, and so will pose a number of questions aimed at discovering it.

CFIUS’s next goal is to understand and discuss with the parties the national security considerations. As these issues are often classified as security-related issues, the parties may be required to do a little bit of guesswork in terms of trying to understand exactly what the national security considerations are and to think through how to manage them appropriately. After CFIUS reaches an understanding on this national security component, it will then negotiate mitigation terms with the parties. 

Mitigation involves a dialogue between CFIUS and the parties to see if it is possible to alleviate those national security concerns in ways that are consistent with business interests. As this often becomes a somewhat complicated process, it is critical for all parties to a transaction to have effective advisors, who are able to understand the CFIUS process, what issues CFIUS considers, and the dynamics within the CFIUS interagency process.

Beginning the Filing Process
It is absolutely critical to begin thinking about the CFIUS process and the information required when you first conceive of an M&A transaction. It’s never too early to start thinking about what the national security dimensions are because these might have an impact on the contours and the structure of the transaction and the manner in which the parties approach it. CFIUS compliance should start at the point talk begins about a transaction or an investment. The more complex a transaction, the more likely it is to raise significant national security sensitivities, so it is important to begin thinking through possible CFIUS issues and prepare a game plan for navigating the process. At that point the parties can begin a dialogue directly with CFIUS about the parameters of the proposed transaction so there are no surprises down the road.

From here the parties decide whether or not to make a voluntary declaration, which does not require as much information as the longer and more detailed process. The voluntary declaration process can take as few as 30 days. However, in a more substantial transaction where there might be an investment by a foreign government involving critical technologies, sensitive or dual-use technologies, avionics, robotics, biotechnology, the process will likely take a minimum of 90 days.

Establishing Compliance Frameworks
Companies also need to ensure they have a compliance framework in place to facilitate CFIUS approval. For businesses engaged with sanctioned countries or jurisdictions, where there is a high concentration of sanctioned actors, a large number of transnational criminal organizations, or the potential for terrorist financing issues, it is important to have a robust sanctions compliance framework that meets the standards set forth by OFAC or any other appropriate agency as well as to have a culture of compliance around sanctions. CFIUS will look to whether or not a company and the foreign investor have a strong compliance framework. This means much more than having a paper compliance program in place. A company must fully operationalize compliance and then be able to document that operationalizing.

To listen to the next podcast in the series, please click here.