Skadden Discusses CFIUS Proposal to Expand Its Authority, Tighten Time Frames, and Boost Penalties

On April 15, 2024, the secretary of the Department of the Treasury, as chair of the Committee on Foreign Investment in the United States (CFIUS or Committee), published a notice of proposed rulemaking (Proposed Rule) to expand CFIUS’ investigation and enforcement authorities and to tighten time frames for negotiating mitigation.

Specifically, the Proposed Rule:

  • Clarifies and expands CFIUS’ authority to request information when conducting reviews.
  • Specifies a time frame (three days) for parties to respond to proposed mitigation terms.
  • Increases maximum civil monetary penalties for noncompliance and expands the circumstances in which penalties can be imposed.

If enacted, the Proposed Rule will change long-standing limits on CFIUS’ ability to investigate national security risks outside a formal transaction review, allowing CFIUS to informally investigate transactions for (broadly defined) national security considerations. In addition, CFIUS will have the authority to request information about transactions from third parties who are not parties to the transaction.

The Proposed Rule’s attempt to accelerate parties’ responses to proposed mitigation terms — while providing several exceptions — appears to be intended to address process delays but may greatly limit parties’ ability to consult adequately and offer counter-proposals. This proposal also does not provide a time limit for CFIUS to respond to mitigation proposals submitted by the parties, thereby greatly enhancing CFIUS’ leverage and control over negotiations.

Finally, the Proposed Rule provides CFIUS with discretion to impose higher penalties on parties for non-compliance. A detailed discussion of the Proposed Rule follows.

Expansion of CFIUS’ Authority To Request Information

Historically, CFIUS’ authority to investigate a transaction that was not filed with CFIUS (a “non-notified transaction”) was limited to requesting information from the parties to determine whether the transaction was within CFIUS’ jurisdiction. If CFIUS determined that it had jurisdiction, it could then ask the parties to submit a formal filing.

Such a request would be based on CFIUS’ determination, after an internal investigation supported by CFIUS member agencies and the intelligence community, that the transaction could pose national security risks. CFIUS has the authority to review non-notified transactions indefinitely, subject to overcoming limited procedural hurdles three years after a transaction closes.

The Proposed Rule would expand CFIUS’ authority to request additional information on non-notified transactions from transaction parties and — for the first time — from third parties, to determine whether a transaction meets the requirements for a mandatory filing or to assess whether the transaction may pose national security concerns.

CFIUS states that it does not intend for this expanded authority to be a substitute for formal reviews or investigations. CFIUS non-notified investigations, however, are not time-bound and can drag on for months or years while CFIUS deliberates on whether to request a filing. There also remains no obligation for CFIUS to inform parties that a non-notified review has been completed.

The Proposed Rule would also make some other, more modest changes to CFIUS’ authorities to request information.

  • It expressly provides CFIUS with the ability to request information related to compliance with existing mitigation agreements or to assist with determining whether parties to a transaction have made a material misstatement during the course of a review or investigation.
  • It also provides CFIUS with the authority to exercise its subpoena power when “appropriate,” lowering the bar somewhat from current practice, where subpoenas can only be issued when “necessary.”

As a general matter, parties, especially repeat investors, are strongly motivated to cooperate early and often with CFIUS’ requests for information to reduce the likelihood of the Committee requesting a formal filing. Cooperating early could limit potential penalties or simply maintain a good relationship with an important regulator.

That being said, previous limits provided parties some comfort that CFIUS’ authority at different stages of its own process might be cabined, which was important given how little oversight — either judicial or legislative — of the body exists. These new rules, if enacted, would largely eliminate such guardrails and mark a shift in the balance between investors and CFIUS, in favor of the Committee.

New Time Frame for Responding to Proposed Mitigation From CFIUS

The Proposed Rule would impose a three-day deadline for parties to respond to drafts of mitigation agreements provided by CFIUS. On the other hand, the proposal would not place any deadlines on CFIUS to share draft mitigation agreements, respond to the parties’ mitigation proposals or respond to the parties’ comments on proposed mitigation.

Of all the changes outlined in the Proposed Rule, we expect that this change will impose the greatest practical burden on transactions going through formal CFIUS review.

In a case raising national security concerns, negotiations with CFIUS over mitigation agreements are the most critical part of the review process, and the length and complexity of mitigation agreements has increased substantially in recent years.

CFIUS typically does not alert transaction parties to the need for potential mitigation until well into the investigation period (in many recent cases, not until a few hours or days before the investigation period is set to expire), often leaving limited time to negotiate mitigation agreements.

The new response deadlines will expand CFIUS’ negotiating power by limiting parties’ ability to propose or devise alternatives, while leaving CFIUS’ own deliberation time open-ended.

While the Proposed Rule provides CFIUS with the ability to grant exceptions (e.g., “is the proposed mitigation agreement sufficiently ‘complex’ for an extension?”), these exceptions would be judged unilaterally by CFIUS.

Most strikingly to parties who have experience in negotiating such agreements, the rule imposes no time limitations on CFIUS, even though the Committee frequently lags well behind the parties in its turnaround time on draft mitigation agreements. This is not surprising, given that parties almost always have strong economic or contractual incentives to finalize a transaction in a way that the U.S. government — especially a committee with distributed responsibilities — does not.

While CFIUS must comply with a statutory timeline to complete its review, this imperative has increasingly faded with CFIUS’ now all-too-common request that parties withdraw and refile their notice (which restarts the statutory clock) to negotiate mitigation agreements or (where mitigation has been agreed at the CFIUS staff level) to have more senior U.S. government officials review and sign off on agreements that have been months in the making.

Thus, from our vantage, the Proposed Rule would add to CFIUS’ already considerable negotiating power without adding any guardrails to CFIUS’ own internal process. For this reason, we are dubious that the Proposed Rule would make all but the more routine matters materially more likely to be completed during the 90-day statutory timeline.

Increased Civil Penalties

The Proposed Rule raises the maximum civil monetary penalty for material false statements from $250,000 per violation to $5 million. The increase in the maximum civil penalty level for these violations — which has not been changed in over 15 years — is an attempt to establish greater deterrence in an area that CFIUS has identified as an enforcement priority.

The Proposed Rule also expands the circumstances in which CFIUS can seek penalties, to include:

  • Material misstatements or omissions in contexts outside of declarations.
  • Notices to include information related to non-notified transactions.
  • Information requested relating to monitoring and enforcement.

Takeaways

Time will tell whether the Proposed Rule will expand CFIUS’ enforcement caseload in the same way that the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) expanded its jurisdiction.

It is not clear whether CFIUS is ready to ramp up enforcement or, perhaps more importantly, whether noncompliance is as great of a problem as the Proposed Rule would suggest. Building upon FIRRMA and the CFIUS Enforcement Guidelines published in October 2022, CFIUS agencies have sought, and in some cases received, significant increases to resources dedicated to monitoring and enforcement without yet documenting clear objectives for their use.1

Parties facing CFIUS scrutiny must be prepared to prove compliance when a curious CFIUS comes knocking.

ENDNOTE

See the FY 2025 Performance Budget Congressional Submission, National Security Division, and the Government Accountability Office’s “Foreign Investment in the U.S.: Efforts to Mitigate National Security Risks Can Be Strengthened” (April 18, 2024).

This post comes to us from Skadden, Arps, Slate, Meagher & Flom LLP. It is based on the firm’s memorandum, “CFIUS’ Proposed Rule: More Questions, Tighter Time Frames and Higher Penalties,” dated April 24, 2024, and available here.

Leave a Reply

Your email address will not be published. Required fields are marked *