On October 20, 2022, the Committee on Foreign Investment in the United States (“CFIUS” or “the Committee”) released its first-ever guidelines (the “Guidelines”) pertaining to the enforcement actions that CFIUS may take under applicable statutes and regulations (“CFIUS Rules”). The Guidelines are neither comprehensive nor binding, nor do they provide CFIUS with any new authorities, but they do provide insight into how CFIUS will approach enforcement. They may also forecast an increase in CFIUS’s enforcement activities, which have been limited to date.

We summarize the key aspects of the Guidelines and provide related takeaways below.

Types of Violations

The Guidelines outline three categories of “acts or omissions” that may constitute a violation of the CFIUS Rules: (1) failure to timely submit a mandatory filing; (2) failure to comply with orders issued by CFIUS or applicable mitigation agreements; and (3) making material misstatements, or failing to include material information, in submissions (e.g., declarations, joint voluntary notices, Q&A responses and presentations) to CFIUS.

The Guidelines indicate that CFIUS will consider a range of sources when investigating potential violations, including information provided by parties themselves (either voluntarily or at CFIUS’s request), information that is publicly available (e.g., via company websites) or information provided by other components of the U.S. government (e.g., classified reports). CFIUS will also consider information provided by the public via CFIUS’s “tip line,” which is likely to come from employees or other individuals with particular knowledge of a party or transaction (e.g., failed bidders in a competitive deal), and can, if “necessary and appropriate,” utilize its subpoena authority to gather information.

Determining Potential Penalties

The Guidelines state that CFIUS will not issue penalties for every violation that it identifies. Instead, CFIUS will “exercise its discretion in determining when a penalty is appropriate, including by considering applicable aggravating and mitigating factors.” The aggravating and mitigating factors CFIUS may consider include, among others:

• The impact of the potential enforcement action on protecting U.S. national security, ensuring accountability for the violating party and encouragement of future compliance and cooperation;
• The extent of the harm to U.S. national security caused by the violation;
• The intent of the violating party;
• The duration (including time elapsed between the violation and any mitigating action) and frequency of the violation(s);
• Any voluntary disclosure and the level of cooperation of the violating party;
• The violating party’s history with CFIUS, including any past compliance record and familiarity with the CFIUS process, as well as a party’s compliance culture; and
• In the case of a violation of a mitigation agreement, the extent that written compliance policies and training on the terms of the agreement were communicated and implemented by the violating party and, if applicable, the sufficiency of any security officer’s authority, access and independence relative to the terms of applicable CFIUS orders or mitigation agreements.

The weight CFIUS gives any specific factor will depend on the facts and circumstances of each case. As noted above, the Guidelines’ list of aggravating and mitigating factors is not exclusive and does not prevent CFIUS from considering new or different factors in specific cases, as may be relevant and/or appropriate.

Takeaways

• CFIUS will likely be more active in pursuing enforcement actions in parallel with its continued commitment to the non-notified review process and other related activities.While CFIUS has had the statutory authority to impose penalties since 2007, according to published reports from CFIUS, only two penalties have been imposed: in 2018, the Committee imposed a $1 million penalty for repeated breaches of a mitigation agreement entered into in 2016, and in 2019, the Committee imposed a $750,000 penalty for violations of an interim order. In its annual report covering calendar year 2021¹, CFIUS noted that, although it did not assess or impose any penalties in 2021, it would continue “increasing staff resources dedicated to monitoring and enforcement activities.” An increase in staffing and other resources will enable CFIUS to more actively monitor parties’ compliance with their obligations and, as CFIUS continues to identify, and inquire about, more “non-notified transactions,” it is more likely to identify transactions that were subject to mandatory filing requirements but for which no filing was made. As a result, in addition to providing guidance to market participants regarding how CFIUS will approach enforcement actions, the Guidelines may signal that CFIUS is preparing to pursue enforcement actions on a larger scale.
• The Guidelines signal to market participants how CFIUS is thinking about compliance, and stress that a party’s interactions with CFIUS can significantly impact the issuance and severity of any penalties. A recent Executive Orderprovided guidance to parties regarding, among other things, the types of transactions that are of particular interest to CFIUS.² The Guidelines are a similar signal regarding CFIUS’s approach to compliance and enforcement, providing insight into the potential impact of interactions with the Committee in two key ways. First, the Guidelines explain that parties may be able to lessen the likelihood or severity of penalties by voluntarily disclosing potential violations as soon as they are discovered, which aligns CFIUS’s practice with other U.S. regulatory regimes that allow for, and encourage, voluntary disclosures. Second, the Guidelines emphasize that parties should engage openly and transparently throughout their relationship with the Committee, and that doing so is likely to result in violations being punished less severely than they otherwise could be.
• The Guidelines do not expand CFIUS’s ability to pursue enforcement actions or alter the existing responsibilities of transaction parties.While the Guidelines provide parties with a “roadmap” to CFIUS’s enforcement process and consideration of particular potential violations, they do not expand the Committee’s authority or jurisdiction, including with respect to its authority to penalize parties for violating the CFIUS Rules. Parties have always been obligated to provide accurate and complete information to CFIUS and to comply with any orders issued by CFIUS or applicable mitigation agreements. The Guidelines do not change those obligations.

ENDNOTES

1. ^{Discussed further in Kirkland’s August 15, 2022, Alert, “Committee on Foreign Investment in the United States Releases 2021 Annual Report”↩}
2. ^{As described further in Kirkland’s September 21, 2022, Alert,“President Biden Issues First-Ever Directive to CFIUS on National Security Considerations in Transactions”↩}

This comes to us from Kirkland & Ellis LLP. It is based on the firm’s memorandum, “CFIUS Releases First-Ever Enforcement Guidelines,” dated October 31, 2022, and available here. Chad Crowell, Brad Dumbacher, Erika Krum, William Phalen and Michelle Weinbaum contributed to this article.