President Trump signed into law the Foreign Investment Risk Review Modernization Act (FIRRMA) to modernize the CFIUS review process to address 21st century national security concerns today. Congress enacted FIRRMA as Title XVII of the Fiscal Year 2019 National Defense Authorization Act, HR 5515.
Background and Rationale for the New Law
The Committee on Foreign Investment in the United States (CFIUS) is an inter-agency committee led by the Treasury Department to review transactions that could result in control of a U.S. business by a foreign person (referred to as “covered transactions”) in order to determine the effect of such transactions on the national security of the United States. CFIUS operates pursuant to section 721 of the Defense Production Act of 1950 (the “Exon-Florio” amendment), as later amended by Congress and as implemented by Executive Order.
For many years, CFIUS has worked to police national security concerns arising from investment in the U.S. by foreign companies and entities. Two transactions in the last few years have made the issue of foreign investment in the U.S. (and the role of CFIUS) notorious: first, the Dubai Ports World controversy in 2006 involving the sale of port management businesses in six major U.S. seaports to a company based in the United Arab Emirates and, second, the 2012 effort by a Chinese-owned company to purchase land for a windfarm next to a U.S. military weapons testing facility in Oregon. Current law governing CFIUS was last updated more than a decade ago, and its jurisdiction has been increasingly perceived as too limited.
Many government and private industry observers have come to believe that the CFIUS review process is neither designed to, nor sufficient to, address modern threats to national security. Their perception was that China and others have cheated the system, exploited the gaps in its authorities, and have structured their investments in U.S. businesses to evade scrutiny. In short, their view was that many transactions that could pose national security concerns often escaped review altogether.
For example, in introducing the bipartisan FIRRMA in late 2017, Sens. Dianne Feinstein (D-CA) and John Cornyn (R-TX) asserted that:
To circumvent CFIUS review, China will often pressure U.S. companies into arrangements such as joint ventures, coercing them into sharing their technology and know-how. This enables Chinese companies to acquire and then replicate U.S.-bred capabilities on their own soil. China has also been able to exploit minority-position investments in early-stage technology companies to gain access to cutting-edge IP, trade secrets, and key personnel. It has figured out which dual-use emerging technologies are in development and not yet subject to export controls.
Substantive Changes in CFIUS Law
To counteract these new threats, FIRRMA is intended to strike a balance between giving CFIUS additional authority that it needs to address modern national security issues without unduly chilling foreign investment in the American economy and slowing American economic growth in the process. The new law refashions the authority of CFIUS to allow it to reach additional types of investments like minority-position investments and overseas joint ventures. Plus, it creates a new streamlined filing process to encourage notification of potentially problematic transactions. The provisions of FIRRMA make the following changes:
- FIRRMA expands CFIUS jurisdiction to cover minority investments, any change in a foreign investor’s rights regarding a U.S. business, and any device or scheme designed to evade CFIUS, as well as the purchase, lease, or concession of certain real-estate by or to a foreign person.
- FIRRMA recognizes the authority of CFIUS to review non-controlling, non-passive investments, especially those involving critical technology and critical infrastructure
- FIRRMA for the first time recognizes the authority and responsibility of CFIUS to protect against the exposure of sensitive personal data as part of its national security jurisdiction.
- FIRRMA allows CFIUS to include in the review process any emerging and critical technologies and sets reporting requirements for them.
- FIRRMA expands CFIUS’s ability to unilaterally choose to initiate a review in the case of a breach of a prior agreement with CFIUS and with respect to covered transactions that have not been submitted to CFIUS for review.
FIRRMA modifies the definition for covered transaction to include “other investments” by a foreign person in a U.S. business that owns, operates, manufactures, supplies, or services to critical infrastructure, produces critical technologies, or maintains or collects sensitive personal data of U.S. citizens. The “other investments” provisions is designed to capture small investments that might not otherwise fall within CFIUS jurisdiction because they lack the previously-required threshold of “control.”
Among the procedural changes is that FIRRMA establishes a new expedited process for securing CFIUS clearance by filing a five-page “declaration” (instead of a lengthier written notice). After reviewing such a declaration, CFIUS may direct the parties to submit a full notice.
Any party to a covered transaction may choose to follow the declaration approach, but a declaration is mandatory for any “foreign person in which a foreign government has, directly or indirectly, a substantial interest.” This requirement may be waived by CFIUS if the foreign government does not direct the foreign business and the foreign business has previously cooperated with the Committee. CFIUS may also choose to require a mandatory declaration where a U.S. business that controls critical infrastructure, technology, or sensitive personal data is a party to the transaction.
The new legislation also is intended to improve information-sharing with U.S. allies and partners and provides needed additional resources to the panel while maintaining safeguards to ensure that CFIUS would review transactions only when necessary.
Effective immediately, FIRRMA increases the filing and review schedule to 45 days and the investigatory phase to a second 45 day period. The act permits CFIUS to extend the investigation period by another 15 days in “extraordinary circumstances.” The legislation also adds an additional 15 days to the President’s current 15-day review period in extraordinary cases. Thus, relatively complex CFIUS cases may routinely begin to take 105 days (45+45+15) following initiation, instead of the previous 75 days (assuming that the parties do not withdraw and refile their notice).
Certain other provisions of FIRRMA have a delayed effective date (which is the earlier of 18 months following enactment or 30 days after CFIUS determines that it has sufficient resources). For example, the delayed date applies to the expansion of “covered transactions” to include real estate located in important ports or near sensitive US government facilities such as military installations. The delayed date also applies to CFIUS’s expanded jurisdiction with respect to “other investments” in U.S. business that own critical infrastructures or technologies or that maintain sensitive personal data of U.S. citizens.