Newly released data on the operations of CFIUS, coupled with a new law and implementing rules, point to the U.S. as having erected in just a few years time the most comprehensive—and activist—regime of national security regulation of inbound foreign direct investment among the advanced economies.
Newly released government data and the recent publication of proposed regulations to implement transformative legislation enacted in 2018 confirm the contours of a fundamental paradigm shift in U.S. policy towards foreign investment: In the course of just the last few years, Washington has erected the most comprehensive—and activist—regime of national security regulation of inbound foreign direct investment (FDI) among the advanced economies.
This is a dramatic change for a country that for much of the last century was not only the global ideological champion for unhindered cross-border investment flows, but also the key architect of treaties and rules across the world aimed at steering the realization of such outcomes. Indeed, the U.S. had built a reputation for taking on governments whose policies contravened its liberal policy stance towards FDI. As has been the case for years, the United States is both the largest recipient and source of foreign direct investment.
Against the backdrop of a significant rise of populism in the U.S. and an increasingly economically aggressive China determined to win the race for global technological domination—in part through overseas investments in advanced countries, particularly high valued transactions in the U.S.—both the Trump Administration and Capitol Hill have turned their sights on beefing up the statutory authority and animating the operations of the interagency Committee on Foreign Investment in the U.S. (CFIUS).
A heretofore little known—and relatively inactive—agency that was established in 1975, CFIUS is empowered to investigate the national security implications of inbound FDI and recommend to the President to block such transactions where the committee deems such action is warranted. (For full disclosure, I was a member of CFIUS during my time in the White House in the early 1990s, and a few years earlier served as a U.S. Senate Committee staffer helping to revise the nascent statute then undergirding CFIUS’s authority.)
To be sure, other industrialized countries, such as Australia, Canada, France, Germany, Japan, Spain, and the United Kingdom, are in the throes of modernizing and expanding their own foreign investment control policy frameworks. And, the EU is in the process of revising its 28-country union-wide stance on foreign investment.
But no jurisdiction has in place a regulatory regime as sweeping and forward leaning as the US. For example, in August 2018, Germany issued its first ever order prohibiting the acquisition of a German business: the proposed acquisition by China’s Yantai Taihai of Leifeld Metal Spinning AG, a supplier to the aircraft, aerospace and nuclear industries.
As I have written in this space earlier, the watershed event in the history of CFIUS was the enactment in August 2018 of the Foreign Investment Risk Review Modernization Act (FIRRMA), which significantly enlarged the statutory and regulatory powers of the body compared to what previously existed, especially those stemming from the “Exon Florio” provision in the Omnibus Trade Act of 1988 and the enactment of the Foreign Investment and National Security Act (FINSA) in 2007. FIRRMA became effective in November 2018.
FIRRMA expanded the scope and authority of CFIUS in numerous dimensions. One of the most salient pertains to broadening its coverage of transactions depending on: (i) the foreign investor’s country of origin; (ii) the extent of noncontrolling investment in a U.S. business involved in a “critical technology”, “critical infrastructure”, or “collecting sensitive data” that may result in compromising personally identifiable information of U.S. citizens; (iii) if there is any change in foreign investor rights; (iv) if a foreign government has a direct or indirect substantial interest; or (v) the transaction involves assets in close proximity to certain U.S. government facilities (including military installations and some airports).
Another relates to the nature of the rules and timeline governing CFIUS’s decisions. The two most significant changes in this regard are shifting the filing of Notices with CFIUS for foreign firms from voluntary to mandatory in many cases and lengthening most periods for CFIUS Reviews and Investigations.
FIRRMA also established new mandates for separate reforms related to export controls, with requirements to establish an interagency process to identify “emerging and foundational technologies” and to establish controls on the export or transfer of such technologies.
The law also strengthened CFIUS’s authority to address potential national security risks that may arise prospectively from transactions CFIUS had cleared subject to the parties instituting Mitigation Agreements. To this end, in 2019 CFIUS revealed it had imposed in 2018 an unprecedented $1 million civil penalty for repeated breaches of a 2016 Mitigation Agreement. That Mitigation Agreements are now being taken more seriously by CFIUS, an emergent industry of 3rd-party monitors is taking place—very good news for those of us steeped in the law and operations of CFIUS!
What makes FIRRMA so critical in altering U.S. policy towards FDI is not only the expanded scope of authority it vests in CFIUS. Equally important, which few observers both in the U.S. and abroad seem to fully appreciate, is that the law’s passage reflects a significant increase in the U.S. legislative branch’s buy-in on the obligations now vested in the executive branch’s authority to regulate foreign investment.
Why do I say this? Because FIRRMA was a bona fide bipartisan effort—a real rarity on Capitol Hill these days. It passed the Senate by a vote of 87-10 and the House by a vote of 359-54.
In this regard, there should be little surprise to investors that in contrast to earlier years, U.S. legislators now have an intense interest in conducting oversight of CFIUS’s operations. And, it will likely do so proactively. Hence, the recent overtures by members of the U.S. Congress towards pushing CFIUS to assess the 2017 acquisition of the music video social media app firm Musical.ly Inc.—now merged with TikTok—by the Chinese news and information site Beijing Bytedance Technology Co.
Coupled with the enactment of FIRRMA has been the issuance of the law’s implementing regulations, which details the specific parameters as to how the law will be enforced. This is why the implementing regulations matter most to investors, whether U.S. or foreign.
The first set was issued in October 2018 and established CFIUS’s “pilot program” for the regulation of foreign investor transactions pertaining to “critical technologies”. Among other provisions, this specifies 28 products/process where a filing with, and formal review by, CFIUS is made mandatory.
At the same time, these regulations empower CFIUS to review transactions in such sectors even where foreign investors would not have a controlling interest.
Rather than the previous “controlling interest” standard—specified as a having at least 10% of voting shares—the new standard is defined as an investor having access to “material nonpublic technical information” in possession of the U.S. business; membership or observer rights on the board of directors; or any involvement in substantive decision-making.
In September 2019, CFIUS made public a proposed second tranche of implementing regulations, which following receipt of public comments, will come into force in February 2020.
Broadly speaking, these flesh out with great specificity definitions and criteria that serve to inform investors of the types of foreign transactions CFIUS is likely to investigate and potentially impede with respect to real estate as well as non-controlling investments. The latter are defined as pertaining to “Technology, Infrastructure, and Data” (TID) activities, which cover (i) development, design, production, or testing of a “critical technology;” (ii) owning, operating, manufacturing, supplying, or servicing “critical infrastructure”; or (iii) the collecting or maintaining “sensitive personal data.”
New Data on CFIUS Operations
By law, CFIUS is to issue annual reports to Congress that describe various facets of its operations over previous years (usually with more than a one-year lag). Thus in November 2019, CFIUS released its annual report for 2016-2017. (The preceding annual report was for 2015, which was published only in September 2017, but contained some elements of data for 2016).
Since the newest CFIUS annual report covers transactions filed in calendar years 2016 and 2017, it thus portrays the operations of CFIUS prior to the enactment of FIRRMA.
The data in the report reveal a striking increase in CFIUS activities across the board for both years compared to earlier periods—whether in terms of number of (i) filings (or “Notices”) made by investors with CFIUS; (ii) Notices withdrawn by investors following CFIUS’s Review (the initial step in the agency’s assessment process); (iii) Investigations undertaken by CFIUS; (iv) Notices withdrawn during the Investigation phase; or (v) Presidential Decisions.
In 2016 CFIUS received 172 Notices from investors, and in 2017 it received 237 Notices—a 38% increase between 2016 and 2017. (For comparison, CFIUS received 143 Notices in 2015).
Of the Notices received in 2016, during the CFIUS Review process, 6 (or 3%) were withdrawn by investors. In 2017, 7 Notices (or 4%) were withdrawn during the Review process. In most cases, withdrawal during the CFIUS Review process signifies investors will not proceed with the transaction. (In some instances, investors might re-file with CFIUS for another Review after altering the structure and/or composition of the transaction.)
Of the Notices filed in 2016, CFIUS conducted 79 Investigations, which accounts for 46% of the Notices that year. For 2017, of the Notices filed, 172 Investigation were conducted, which amounts to 73% of Notices.
During the Investigation phase, in 2016, 21 Notices were withdrawn, which is 27% of Notices under Investigation, and in 2017, 67 Notices were withdrawn, which is 39% of Notices under Investigation.
The data in the annual report also illustrate the sizeable increase in the share of CFIUS “Covered” transactions in the Finance, Insurance and Services industries at the same time the share of such transactions in Manufacturing have sharply dropped. In 2015, Manufacturing accounted for 48% of CFIUS covered transactions. But in 2017, its share fell to 35%. In contrast, in 2015, 29% of such transactions involved Finance, Insurance and Services; by 2017, that share had risen to 46%.
The report also details that investors from China by far dominate the nationality of source countries for CFIUS covered transactions. The absolute number of China-related CFIUS covered transactions doubled over the 2015-2017 period (from 29 to 60). At the same time, the share of China-related deals of the total transactions under CFIUS’s purview was the largest of any country between 2015 and 2017, and China’s share of the total number of CFIUS covered transactions increased from 20% to 25% over the same period.
More often than not, for most of the transactions withdrawn, CFIUS will deliberately move slowly to extend its Investigation process beyond the parties’ transaction closing dates, thus avoiding having to make an affirmative finding to seek a Presidential decision to block a deal that CFIUS has determined will undermine U.S. national security.
In cases where such deals did progress to the Oval Office in 2016 and 2017, two transactions were blocked. President Obama prohibited a Chinese investment firm in 2016 from acquiring Aixtron, a Germany-based firm with assets in the United States, and in 2017, President Trump blocked the acquisition of Lattice Semiconductor Corp. by the Chinese investment firm Canyon Bridge Capital Partners.
While detailed CFIUS data for its operations in 2018 and 2019 will be forthcoming, we do know that in 2018, President Trump blocked the acquisition of Qualcomm by Broadcom.
In addition, highlighting the Congressional intent behind the passage of FIRRMA to have CFIUS focus squarely on the national security implications of foreign parties’ access to personal data of U.S. citizens, in 2019, CFIUS made it clear to Beijing Kunlun Tech (BKT) to take steps to divest itself of Grindr, a U.S.-owned online dating app. BKT acquired Grindr between 2016 and 2018 through two separate transactions, but did so without going through the CFIUS Review process, which at the time was voluntary, not mandatory as it is under FIRRMA.
This action illustrates the power of CFIUS to be able to unwind prospectively transactions it deems run counter to U.S. national security interests. As the owners of TikTok, Bytedance would do well to pay heed to such lessons.