When the Committee on Foreign Investment in the United States (CFIUS) issued its long-awaited Annual Report a few days ago, it produced few headlines and very little media coverage generally. For one thing, the data in the report (like the data in each CFIUS annual report) is two years old – the report issued in 2017 concerns data from 2015 (due to the laborious process of collecting and vetting the data). Although certain aspects of the CFIUS process have changed significantly since 2015, several findings in the report are worthy of attention:

CFIUS Filings Are Now Commonplace

In 2009, CFIUS reviewed 65 foreign acquisitions of U.S. businesses to determine if they posed a threat to U.S. national security. In 2014, they reviewed 147 transactions. That was a huge jump from the year before, when only 97 cases were reviewed – but the numbers held steady in 2015, when 143 cases were filed. We know there were at least 170 cases last year, and we expect over 200 cases this year. That's more than twice the number filed just eight years ago.

There are many reasons for this, but the chief takeaway is that CFIUS filings should be expected in any foreign acquisition that implicates U.S. national security – including critical infrastructure. Every acquisition that touches on national security should be evaluated to determine whether filing is appropriate. Filing is still voluntary – but CFIUS has the authority to initiate reviews on its own, which is never pretty.

Chinese Notices Top the List – But 80% of Cases Did Not Involve China

Yes, China continues to top the list of reviews, and it is clear that Chinese acquisitions that implicate national security will get reviewed. A majority will pass, but reviews will be rigorous. China accounted for 29 cases – but that means that there were 114 cases that did not involve China. The next three countries after China were Canada, the United Kingdom, and Japan – three stalwart allies of the United States. The data show that every foreign acquisition should be evaluated to determine if CFIUS review makes sense – not just acquisitions by Chinese investors.

Full Investigations Are Now Commonplace

Initial CFIUS reviews run 30 days, but CFIUS can take a case into full investigation for an additional 45 days – 75 days in total. When CFIUS was created, full investigations were viewed as a mark of shame – a clear sign that an investigation was "in trouble." That probably wasn't true then, and it certainly is not true today. The 2015 report says that 66 of the 143 filings went to full investigation – 46% – nearly half. The truth is that all, or nearly all Chinese acquisitions will get a full investigation – but even if all of the Chinese deals are taken off the table, roughly a third of the filed cases in 2015 went to full investigation.

Full investigations happen for numerous reasons – the complexity of the deal, government ownership, mitigation measures that need time to work through – and, the one factor that the parties cannot control, too many cases for the staff to handle in 30 days. The lesson is that parties to large transactions, and transactions that present any significant issues, should expect investigation and plan accordingly.

Even Deals That Are Withdrawn Can Survive

The 2015 report notes that 13 cases were withdrawn during review or investigation, roughly 9%. In three of these cases, CFIUS says that CFIUS informed the parties "that it was unable to identify mitigation measures that would resolve its national security concerns" or "CFIUS proposed terms that the parties chose not to accept." But in nine of the 13 cases, the parties re-filed and started the clock again. One later withdrew the filing and abandoned the deal. But eight of the nine cleared review, proving that investigation, withdrawal, and mitigation are not the kiss of death. The 10th case (for those who are counting) was another story, as noted below.

Transparency Is Critical

Under 31 C.F.R. §800.403(a)(2)(ii), CFIUS has the authority to reject a filing if "information comes to light that contradicts material information provided in the notice by the parties." The report says that CFIUS rejected one notice in 2015 for just such reasons and did not complete its review, and that the parties subsequently abandoned the transaction. It is rare for CFIUS to reject a filing for this reason, but it has the authority, and the 2015 report makes clear that it will use it in appropriate cases.

In its reviews, CFIUS does not rely exclusively on information provided by the parties. It reads the papers. It has access to the internet. It has access to intelligence resources that are unavailable outside the government. And it uses them. Parties are required to certify to the truth of information provided in filings. False statements carry legal jeopardy – but the 2015 report makes clear that material "contradictions" – even if they do not give rise to criminal prosecution – will stop a filing cold.

Real Estate Remains a Concern

It is fair to say that virtually no one contemplated real estate transactions going through CFIUS when the Committee was created – but that was before President Obama vetoed the Chinese-backed purchase of a wind farm located near a critical government facility, and policymakers realized that "proximity" carried risk, even if the asset was relatively benign. A recent Government Accountability Office report noted that "leasing space [for U.S. government offices] in foreign-owned buildings could present security risks such as espionage and unauthorized cyber and physical access."1 The 2015 reports notes four real estate filings – not a large number, taken by itself, but still 10% of the total filings in the "finance, information, and services" area. We expect that number has gone up in the past two years. The truth is that real estate transactions will attract CFIUS review if they involve – or are close to – sensitive government installations. Real estate deals that involve government leases or that are near government facilities thus require assessment to determine if CFIUS review is warranted.

Big Data Gets the Committee's Attention

CFIUS has increasingly focused on national security concerns that relate to holdings of large pools of potentially sensitive data about U.S. persons and businesses. The 2015 report specifically references this issue – to our knowledge, for the first time. Although the report calls out, without limitation, insurance, health and technology services, these big data holdings could be found in any industry sector. As a result, foreign acquisitions targeting U.S. businesses holding sensitive data (including personally identifiable information) should assess whether a CFIUS filing is warranted. Importantly, national security issues can arise in such cases even when there is no other apparent nexus to national security – e.g., no classified or controlled unclassified information.

Mitigation Is a Reality

CFIUS notes that between 2013 and 2015, 40 cases resulted in "legally binding mitigation measures," 11 in 2015 alone. The CFIUS report lists no fewer than 10 mitigation measures that it employed in 2015 – and another seven compliance measures it uses to "monitor and enforce" compliance, including third party audits. The mitigation measures range from divestment of sensitive assets to security protocols for software and goods sold to the U.S. Government to restrictions on access to technology or customer information.

Formal mitigation was rare in 2015 – plainly nine out of 10 cases did not involve mitigation – but mitigation orders can carry a high price. Parties may agree to unfavorable terms and conditions simply to get on to the closing. Even seemingly benign measures, like third party audits, can be extremely costly. For all of these reasons, parties are well advised to do a critical review of the deal before filing, determine the vulnerabilities, and assess how and where changes could be made that would address anticipated problems. This "fix it first" approach can help avoid the hazards of negotiating mitigation measures under a timeclock.

Footnote

1. See "GSA Should Inform Tenant Agencies When Leasing High-Security Space from Foreign Owners" GAO-17-195: Published: Jan 3, 2017. Publicly Released: Jan 30, 2017. See also, Stroock Special Bulletin, "Real Estate in the Crosshairs: Congressional Calls to Step Up Scrutiny of Foreign Investment", June 1, 2017, available at: http://www.stroock.com/siteFiles/Publications/RealEstateCrosshairs.pdf.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.