CFIUS, Continued Increase in Regulation of Foreign Investment: Part 3, Enforcement

International Law News

Client Alert


A record $1 million fine and multiple divestment orders signal the importance of compliance reviews for any foreign investment.

Increased regulation of foreign investment has recently been accentuated by significant U.S. enforcement activity, notably:

  • A $1 million civil penalty was imposed for violations of CFIUS mitigation requirements.
  • Beijing Kunlun Tech Co. Ltd. was required to divest its acquisition of Grindr LLC.
  • iCarbonX was required to divest its majority stake in PatientsLikeMe Inc.
  • Pamplona Capital Management was required to divest its minority stake in a U.S. cybersecurity business.

The Committee on Foreign Investment in the U.S. (CFIUS) is an interagency committee that reviews foreign investment in the U.S. for potential national security issues. Historically, CFIUS only applied to industries and technologies that directly impacted national security -- it was also a voluntary disclosure. 

That changed in August 2018, with the passage of the Foreign Investment Risk Review Modernization Act (FIRRMA). FIRRMA extended the authority of CFIUS over foreign investments, and the U.S. Treasury Department was quick to take action to implement it with a new regulatory “Pilot Program.” Significantly, the Pilot Program created the first mandatory CFIUS filing requirement, with civil penalties up to the value of the transaction for failing to comply.

The Treasury’s Pilot Program was a quick start to the implementation of FIRRMA, and the Committee’s recent enforcement actions foreshadow CFIUS’ intent to more broadly protect critical technologies and national security from foreign investment. The recent CFIUS enforcements also likely signify a change in future enforcement practices.

CFIUS has rarely taken action to un-wind a transaction post-closing, but CFIUS has recently required divestitures in three separate transactions. Similarly, CFIUS has not historically imposed significant monetary penalties, but the imposition of a $1 million civil penalty for the breach of a CFIUS mitigation agreement suggests that has changed as well.

As a result, if you have a process, joint venture, merger or acquisition underway, be mindful of how CFIUS and the current Pilot Program may affect your transaction. At a minimum, undertake pre-deal diligence to assess:

  • Any non-U.S. investment in the process.
  • The correct classification of your business.
  • The involvement of critical technologies, or proximity to critical infrastructure.

More detailed pre-closing diligence should also assess whether the proposed transaction:

  • Involves U.S. businesses that “produce, design, test, manufacture, fabricate, or develop one or more critical technologies.”
  • Will provide a non-U.S. investor with rights to access nonpublic technical information, membership, participation, observation or nomination rights to boards of directors, or the ability to make substantive decisions regarding the use, development, acquisition, or release of critical technology.

The Treasury Department has identified 27 industries in the North American Industry Classification System (NAICS) which are currently covered by the CFIUS Pilot Program. The list of covered industries is notably much more expansive than the historically limited scope of national security and military industries. The Treasury is currently working to provide a more specific list of critical technologies in the context of new export control regulations. Such should be carefully evaluated to determine whether there is a covered transaction that would either require a mandatory filing or would justify a voluntary filing.

The recent record civil penalty and three divestment orders evidence the increasing focus on foreign direct investment in the U.S., and the pitfalls for failing to consider such. The same is now true for the other U.S. trading partners as well.

In November 2018, the EU Parliament established Regulation 2017/0224, which was subsequently adopted by the European Council on March 5, 2019. The regulation provides a framework for the screening of foreign direct investments (FDI) in the EU. EU 2017/0224 mimics FIRRMA in its intent to protect the “essential interests” of the EU and its member states from FDI. The UK, Germany, Italy and France have already established FDI screening regimes, with 14 other member states adopting some form of foreign investment reporting. Canada, Norway, South Korea, Japan, Australia, and New Zealand also have FDI screening regimes.

As a result, regardless of where a transaction originates or concludes, it is now critical to include a meaningful assessment of the implications of foreign investment, applicable regulations and reporting requirements related to such – or risk enforcement.