The U.S. Department of the Treasury (Treasury) announced final Regulations that will be effective February 13, 2020, and broaden the scope of transactions subject to review by the Committee on Foreign Investment in the United States (CFIUS or the Committee). The final Regulations follow public comment on the proposed regulations of September 2019.

Pilot Program Incorporated in Final Regulations

In November of 2018, the Treasury implemented part of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), including putting in place a pilot program that gave CFIUS expanded jurisdiction over certain non-controlling investments in U.S. businesses with certain involvement in critical technology. The program mandates CFIUS filings for such investments. As of February 13, 2020, the substance of the pilot program will be incorporated into CFIUS’s General Regulations.

However, Treasury explained in its preamble to the final rule that it anticipates that it will issue a separate notice of proposed rulemaking that would revise the mandatory declaration requirement regarding critical technology from one based upon North American Industry Classification System (NAICS) Codes to one based upon export control licensing requirements. Such a change will have significant impact on foreign investment in technology companies, likely leading to more openness to certain investors.

Other Changes Effective February 13, 2020

The final Regulations take the following key steps:

  • Expand CFIUS review to certain non-passive investments in U.S. businesses with critical infrastructure and sensitive personal data and incorporate the provisions previously included under the pilot program that covered critical technology. (The new term TID U.S. Business refers to Technology, Infrastructure, and Data.)
  • Expand CFIUS review to certain real estate transactions.
  • Establish a “white list” of excepted foreign states, currently the United Kingdom, Australia, and Canada. Certain “excepted foreign investors” from those states will be exempt from some, not all, of the CFIUS regulations. Mandatory filings for covered transactions in which a foreign government holds a substantial interest (defined below) in a foreign person who will acquire a substantial interest of a TID U.S. Business.

In addition, the final Regulations provide a mechanism for parties to make a voluntary short-form filing or declaration in lieu of a full notice.

Treasury also announced one interim rule: a definition for “principal place of business,” which was previously undefined in the proposed regulations. Comments on the interim regulation must be received by February 18, 2020.

The final regulations wholly replace the existing CFIUS regulations and provide significant detail and specificity. This briefing provides a high-level overview.

Expanded Scope Includes Non-Passive Investments in Critical Infrastructure and Sensitive Personal Data

The regulations provide CFIUS jurisdiction over both “covered control transactions” (31 CFR §800.210) and “covered investments” (31 CFR § 800.211). The distinction emphasizes that CFIUS continues to have jurisdiction over all foreign acquisitions of control in a U.S. business. However, now CFIUS also has jurisdiction over covered investments which include certain non-passive investments in unaffiliated Technology, Infrastructure, and Data (“TID”) U.S. Businesses. In our September briefing, we provided a breakdown of many of these definitions and an explanation of what investments would meet the proposed language’s definition of “covered investments.” While many of the definitions remain unchanged from the proposed regulations, the final regulations change the definition of “sensitive personal data.”

Sensitive Personal Data. The proposed regulations defined this term to cover data types ranging from health-related data to geolocation data to certain financial data and personal identifier data. For most types of sensitive personal data, the company would only be a TID U.S. Business if it either targeted or tailored certain U.S. Government personnel or contractors, or maintained or collected (or aimed to maintain or collect) data on greater than one million individuals. But companies that maintained or collected genetic information would be considered TID U.S. Businesses regardless of whether they met these thresholds. The definition of “sensitive personal data” in the final regulations makes two important changes to the proposed regulations:

  1. Sensitive personal data no longer encompasses all genetic data. Instead, it only applies to the “results of an individual’s genetic tests, including any related genetic sequencing data, whenever such results constitute identifiable data. Such results shall not include data derived from databases maintained by the U.S. Government and routinely provided to private parties for purposes of research.” The regulations define “genetic tests” in reference to 42 U.S.C. 300gg-91(d)(17).
  2. For the collection or maintenance of certain identifiable information on over one million individuals, an exception is made for those U.S. businesses that can demonstrate that at the time of the completion date of the transaction it had or will have neither the capability to maintain nor the capability to collect any of that data on greater than one million individuals.

Significantly, as described in FIRRMA and the proposed regulations, only certain direct or indirect investments in a TID U.S. Business will be “covered investments” subject to CFIUS review. To be subject to CFIUS review, the investment must afford the foreign person:

  • access to material non-public technical information;
  • membership or observer rights on, or the right to nominate an individual to a position on, the board of directors or equivalent governing body; or
  • any involvement, other than through voting of shares, in substantive decision making regarding sensitive personal data of U.S. citizens, critical technologies, or critical infrastructure.

The regulations continue to exclude from CFIUS review investments by limited partners that have only certain rights through a Limited Partnership Advisory Committee. 

Expanded Scope to Include Real Estate Investments

In addition to the expanded scope discussed above, FIRRMA also gave CFIUS the authority to review the purchase or lease by, or a concession to, a foreign person of private or public real estate that:

  • “is, is located within, or will function as part of, an air or maritime port…”
  • “is in close proximity to a United States military installation or another facility or property of the United States Government that is sensitive for reasons relating to national security;”
  • “could reasonably provide the foreign person the ability to collect intelligence on activities being conducted at such an installation, facility, or property; or”
  • “could otherwise expose national security activities at such an installation, facility, or property to the risk of foreign surveillance.”

To identify real estate transactions within the scope of CFIUS review, the Regulations (new 31 C.F.R. Part 802) (i) identify covered real estate in very specific geographic terms and (ii) define covered real estate transactions by rights acquired in covered real estate.

The regulations define “covered real estate” as real estate that:

  • Is, is located within, or will function as part of, a covered port; or
  • Is located within:
    • close proximity (within one mile) of certain military or government facilities or property identified in the regulations;
    • an extended range (within 99 miles) of other military installations identified in the regulations;
    • located within counties or geographic areas identified in connection with military installations identified in the Appendix to 31 C.F.R. Part 802;
    • located within any part of military installations identified in the Appendix, that is within the territorial sea of the United States.

Even if property is considered “covered real estate,” under the regulations not all types of transactions are considered covered transactions, such that CFIUS is authorized to review them. To be considered a covered transaction, the foreign purchaser must be afforded three or more of the following rights with respect to the property:

  • to physically access;
  • to exclude others from physically accessing;
  • to improve or develop; or
  • to affix structures or objects.

If a real estate transaction falls within CFIUS’ purview, the parties can agree to file a notice or declaration with CFIUS to try to gain assurance that the transaction will not be unwound. Such filing is not required for covered real estate transactions. It is important to note, however, that CFIUS has and will continue to retain the authority to assess and, if necessary, take action with respect to any covered transaction that gives rise to national security concerns on the basis of proximity to any government site and activity even if the transaction is not a covered real estate transaction. In other words, even if the real estate investment regulations are not implicated by a transaction, it is still important to evaluate the transaction in the context of the complete regulations.

Mandatory Filings for Transactions Involving a Substantial Interest of a Foreign Government.

FIRRMA mandates CFIUS filings when a foreign government would acquire a “substantial interest,” direct or indirect, in a TID U.S. Business (“substantial interest acquisitions”).

Substantial interest is still defined as a voting interest of 25%, direct or indirect, in a U.S. business by a foreign person and a voting interest, direct or indirect, of 49% or more by a foreign government (other than an excepted foreign state) in a foreign person. Any voting interest of a parent (one who holds at least 50% direct or indirect voting interest in an entity) will be deemed a 100% voting interest for purposes of calculating indirect ownership percentages. Unlike the proposed rule, the final rule disregards limited partner interests and instead focuses on certain circumstances where a foreign government’s interest in a general partner (or equivalent) would qualify as a “substantial interest” (the national or subnational governments of a single foreign state will be considered to have a substantial interest in such entity only if they hold 49 percent or more of the voting interest in the general partner).

The mandatory filing required is the new short-form declaration filing described below, although parties may choose to submit a long-form notice filing. Parties to transactions that fall under the mandatory filing requirements must submit their declaration or notice no later than February 13, 2020, or promptly thereafter if the completion date of the transaction is between February 13, 2020, and March 14, 2020; and 30 days before completion date of the transaction, if completion date is after March 14.

Mandatory Filing Exceptions

The final rule incorporates the following exclusions from the requirement for mandatory filings due to critical technology (these exclusions do not apply to mandatory filings required because of a substantial interest acquisition by a foreign government):

  • A U.S. business that is a TID U.S. business solely because the business produces, designs, tests, manufactures, fabricates, or develops critical technologies that are eligible for export, re-export, or transfer (in country) pursuant to License Exception ENC of the EAR (15 CFR 740.17).
  • A TID U.S. business in which a foreign person’s indirect investment in a TID U.S. business is held solely and directly via an entity that as of the completion date is
    • subject to a security control agreement, special security agreement, voting trust agreement, or proxy agreement approved by a cognizant security agency to offset foreign ownership, control, or influence; and
    • Operating under a valid facility security clearance pursuant to the National Industrial Security Program regulations.
  • A covered investment that is a covered investment only because the transaction became subject to CFIUS jurisdiction under the three-year retroactive disqualification of an excepted investor, discussed later on.
  • An investment by an investment fund managed exclusively by, and ultimately controlled, by U.S. nationals.

The regulations also continue to exclude certain investments by investment funds and investments in air carriers that hold a certificate issued under section 49 U.S.C. § 41102, from all mandatory filing requirements (due to critical technology as well as acquisition of a substantial interest by a foreign government).

Shorter “Declarations” for Voluntary Filings

FIRRMA created a process for a short-form CFIUS filing called a “declaration.” See our September briefing for more information about the timing and what is required of the declarations. One potential benefit to filers is that declarations do not require detailed personal information about the directors, officers, and owners of the foreign investor, the gathering of which can often delay the filing process. However, one drawback is that CFIUS is not required to make a final determination on a declaration, and therefore parties may not receive a safe harbor from future review.

Parties that foresee CFIUS scrutiny or seek formal conclusion of CFIUS review before closing will likely continue to submit a full notice in lieu of a mandatory declaration to avoid potential delay.

The First Members of the White List Have Been Announced

When CFIUS proposed a white list of foreign investors excepted from the regulations in certain circumstances, it warned in the preamble to the proposed regulations that, in the beginning, this list likely would be very short—a warning that was confirmed by the final regulations. CFIUS has selected three eligible foreign states: Australia, Canada, and the United Kingdom. The Committee states that they identified these countries “due to aspects of their robust intelligence-sharing and defense industrial base integration mechanisms with the United States.” These three countries will be excepted foreign states for two years, starting February 13, 2020. This list may expand or contract in the future.

Investors from these excepted foreign states may be considered “excepted investors” if they meet certain additional criteria.  A “covered investment” (i.e., a non-passive investment in a TID U.S. business) by an “excepted investor” will not be subject to CFIUS review. Excepted investors will also not be subject to the mandatory filing requirements related to critical technology.  Note they will not be excepted from the rules establishing CFIUS review of covered control transactions.

To qualify as an excepted investor, the investor must be either a foreign national of an excepted foreign state, a foreign government of an excepted foreign state, or a foreign entity organized and with its principal place of business in an excepted foreign state and with minimum excepted ownership by persons who themselves essentially qualify as excepted investors. Several past and future missteps may disqualify someone as an excepted investor, including having violated certain U.S. laws or regulations (including Office of Foreign Assets Control and export control regulations) or having committed a violation of a mitigation agreement. Interestingly, missteps or changes in status within three years after parties have closed the transaction may retroactively disqualify someone as an excepted investor. CFIUS may then choose to review the closed transaction, but parties will not be required to file with CFIUS.

Filing Fees

As of now, no fees exist for filing a CFIUS notice. FIRRMA authorized the Committee to assess and collect fees with respect to covered transactions for which a written notice is filed. The Treasury Department indicated it will publish a separate proposed rule implementing the Committee’s fee authority at a later date.

Key Considerations

Companies considering making or receiving foreign investments should be acutely aware of key takeaways:

  • On February 13, 2020, CFIUS will implement the full scope of its authority under FIRRMA to include covered investments in critical infrastructure and sensitive personal data, in addition to the previously implemented authority to review covered investments in critical technology.
  • On February 13, 2020, CFIUS will implement its authority to review real estate transactions that may impact national security. Covered real estate is identified with geographic specificity to certain listed locations.
  • Public comments on the definition of “principal place of business” must be submitted by February 18, 2020.
  • Canada, Australia, and the United Kingdom are excepted foreign investors as of February 13, 2020, for a period of two years. Investors from these countries may qualify for the “white list” as excepted investors. However, actions taken after the closing of a transaction can disqualify their excepted investor status and subject the transaction to retroactive CFIUS review.
  • Starting February 13, 2020, declarations will be mandatory for transactions that involve the acquisition of a substantial interest in a TID U.S. business by a foreign government.
  • Due diligence of both investors and investment targets should expand in depth and detail to ensure compliance with soon-to-be-implemented CFIUS regulations.
  • While the pilot program expires on February 12, 2020, the final rule integrated the mandatory declaration requirements of the pilot program.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.