The U.S. government continues to aggressively monitor and impose restrictions on transactions deemed to threaten U.S. national security.

On a day-to-day basis, restrictions arise most commonly in the context of export controls and economic sanctions. In the case of investments and other transactions in the United States by foreign persons, the Committee on Foreign Investment in the United States (CFIUS) assesses potential national security risks.

This post examines recent U.S. government action and guidance that seeks to introduce greater clarity to the CFIUS review and enforcement process.

Background on CFIUS

CFIUS is a U.S. government committee comprised of representatives from multiple agencies, including the Department of the Treasury, which chairs CFIUS, and the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and State. The U.S. Trade Representative and the White House’s Office of Science and Technology Policy are also among those represented on CFIUS. Ultimately, CFIUS exists to identify and address national security risks that cannot be ameliorated through another legal regime such as export controls or Foreign Ownership, Control or Influence (FOCI) mitigation.

September 2022 Executive Order Sharpens CFIUS Focus

In September 2022, to clarify the focus of CFIUS and tie the agency more formally to established national security prerogatives, President Biden issued EO 14083. The EO lists the five specific factors for CFIUS to consider when reviewing transactions:

  1. Supply chain resiliency.
  2. Protection of U.S. technological superiority.
  3. Incremental investments over time in a particular sector or technology.
  4. Cybersecurity risk.
  5. Sensitive data.

The EO also identified certain priority technology areas for review, including artificial intelligence, biotechnology, clean energy technologies, microelectronics, quantum technologies, and semiconductors. Finally, the EO directed CFIUS to consider national security risks associated with certain acquiring countries with a “demonstrated or declared strategic goal of acquiring a type of critical technology or critical infrastructure that would affect U.S. leadership in areas related to national security.” For a fuller treatment of the EO, please see our September 2022 blog post.

October Enforcement and Penalty Guidelines

In October 2022, CFIUS released new, non-binding Enforcement Penalty Guidelines that delineate categories of conduct that constitute violations and detail the sources of information CFIUS relies upon to determine whether a violation has occurred. The Guidelines also spell out the process for developing and imposing penalties and provide the aggravating and mitigating factors that CFIUS evaluates when deciding whether to impose a penalty. We summarized the Guidelines in greater detail in an October 2022 blog post.

Increased Review of Non-Notified Transactions

More recently, in September 2023, Assistant Secretary for Investment Security at the Department of Treasury Paul Rosen called CFIUS’s “non-notified work . . . one of [it’s] most important functions.” Non-notified deals are transactions about which the parties do not notify CFIUS but where CFIUS contacts the parties to request information about the transaction. CFIUS may become aware of a transaction from an interagency referral, public tip, media report, and even as a result of agency staff reading the press release pertaining to a transaction.

Along these lines, in its 2022 Annual Report to Congress, CFIUS hinted that it may begin to prioritize identifying and commencing reviews of more non-notified and non-declared transactions. In fact, CFIUS is reportedly adding resources specifically to detect non-notified transactions. Perhaps as a result of this new focus, in 2022, CFIUS requested filings for 19 non-notified transactions, many of which ended up in mitigation or voluntary divestment. According to the 2022 Annual Report, there are apparently more non-notified transactions “in the pipeline,” including transactions valued at “hundreds of millions of dollars.”

Enhanced Oversight of Mitigation Agreements

In 2022, nearly a quarter of transactions notified to CFIUS concluded with mitigation agreements, i.e., agreements between the parties and CFIUS binding the parties to take steps to address CFIUS’s national security concerns.

In his September remarks, Assistant Secretary Rosen stated that companies should “expect more compliance checks, questions, and site visits” and that CFIUS would lean on third-party monitors and auditors. Site visits can be quite comprehensive, including interviews “at all levels, including of line-level staff . . . spot checks on records, and . . . other measures to actively monitor compliance of mitigation agreements.” CFIUS will also bring technical experts to ensure compliance and will look for evidence of a culture of compliance.

Future Regulatory Changes

In recent public remarks, Secretary of the Treasury Janet Yellen signaled upcoming regulatory changes to the CFIUS regulatory framework. Assistant Secretary Rosen also emphasized that it is “time to refine some of those regulations, so over the course of the next year I expect the Treasury will be issuing one or more notices of proposed rulemaking to do so.”

Assistant Secretary Rosen outlined four principal updates:

  1. Allow for increased efficiency and effectiveness in Treasury’s case processing and review functions.
  2. Update CFIUS’s penalty and enforcement authorities.
  3. Sharpen and enhance CFIUS’s tools in the non-notified space.
  4. Broadly ensure CFIUS’s tools and processes are best aligned with the current landscape.

Going Forward

A more robust and active CFIUS means that parties to any transaction involving a foreign investor or acquirer must consider whether a notice to CFIUS is warranted (or, as is sometimes the case, required). While the decision of whether to voluntarily file is based on a range of factors, consideration must be given to the factors outlined in EO 14083 and the other elements on which CFIUS intends to focus. Absent a well-designed CFIUS strategy, buyers and sellers alike face increasing risk.

Please contact the authors if you have any questions about the Committee on Foreign Investment in the United States (CFIUS) and how it might impact your business.

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Faith Dibble Faith Dibble

Faith Dibble counsels clients as they navigate the complex regulations associated with a global marketplace. She advises clients on international trade and complex cross-border transactions, investigations, and regulatory and compliance matters relating to U.S. national security.

Photo of Thad McBride Thad McBride

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP)…

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP), and the Foreign Corrupt Practices Act (FCPA). He also advises clients on anti-boycott controls, and assists companies with matters involving the Committee on Foreign Investment in the United States (CFIUS). Thad supports international companies across a range of industries, including aviation, automotive, defense, energy, financial services, manufacturing, medical devices, oilfield services, professional services, research and development, retail, and technology. Beyond advising on day-to-day compliance matters, Thad regularly assists clients in investigations and enforcement actions brought by government agencies, including the U.S. Department of Justice (DOJ), the U.S. Treasury Department Office of Foreign Assets Control (OFAC), the U.S. State Department Directorate of Defense Trade Controls (DDTC), Customs and Border Protection (CBP), the U.S. Commerce Department Bureau of Industry & Security (BIS), and the Securities & Exchange Commission.