CFIUS Reform is Here: What the Foreign Investment Risk Review Modernization Act of 2018 Means for Your Transaction

By: Gunjan Talati

The Committee on Foreign Investment in the United States (CFIUS) always seems to be in the news. There are expanding interpretations of national security, deals that get withdrawn, or even blocked. The mergers and acquisitions community pays attention to CFIUS and for good reason—if a transaction has CFIUS implications, that can delay or even derail the transaction. The latest news with CFIUS is the culmination of something that we’ve reported on: CFIUS reform. Earlier this week, the National Defense Authorization Act (NDAA) for Fiscal Year 2019 emerged from Congress with the Foreign Investment Risk Review Modernization Act (FIRRMA) included. While FIRRMA was originally introduced separate from the 2019 NDAA, it is now incorporated. The 2019 NDAA is expected to be signed by the President in the near future which means FIRRMA will become law. Accordingly, FIRRMA will soon mean substantive and procedural changes to the CFIUS process. (A primer on CFIUS as it stands today is available here.)

Expanding CFIUS’s Reach

A significant substantive change involves FIRRMA expanding the scope of “covered transactions” subject to CFIUS review. Under FIRRMA, a “covered transaction” would include:

  • Mergers, acquisitions, and takeovers involving a foreign entity that results in—or could result in—foreign control of a U.S. business. (This is CFIUS’s current scope.)
  • Purchases or leases of real estate near “sensitive” U.S. properties such as military bases and ports. (We explained the importance of national security considerations in real estate posts here.)
  • Transactions involving foreign investments into U.S. businesses working with

    • Critical infrastructure. Critical infrastructure includes a wide array of functional areas such as agriculture and water, utilities, telecommunications, and transportation.
    • Critical technologies. Critical technologies will include “emerging and foundational technologies” that will now be captured in the Export Control Reform Act of 2018 (also a part of the 2019 NDAA).
    • Sensitive personal data

  • Transactions structured to evade CFIUS review.

These changes will codify what has been in practice at CFIUS. CFIUS’s purview is national security and all of these “new” covered transactions have a link to national security.

Procedural Changes

FIRRMA also includes procedural changes to the way CFIUS reviews covered transactions. These changes lengthen the process but include additional avenues to notify CFIUS:

  • Declarations. FIRRMA also has provisions allowing for “declarations” limited to five pages to be submitted in lieu of notices for certain transactions. Exactly which transactions will allow for declarations and what has to be in those declarations will be a function of updated CFIUS regulations. CFIUS will be allowed to make a determination based on the declaration, request a complete notice, or notify parties that they cannot make a determination based on the declarations provided. As with most regulatory items, the devil will be in the details of the revised CFIUS regulations.
  • Timing.

    • As anyone that has been through a CFIUS filing lately will tell you, CFIUS is busier than it has ever been and parties are encountering substantial delays in hearing from CFIUS in response to draft filings. FIRRMA will now require CFIUS to either accept a complete filing or provide comments within 10 days of submission.
    • FIRRMA also extends CFIUS review process from its current requirement of 30 days to 45 days
    • CFIUS will still have an additional 45 days to investigate any filings needing additional review beyond the initial 45 days. Under FIRRMA however, CFIUS will have the ability to extend this investigation phase one time for an additional 15 days
    • In those exceptionally rare cases that are referred to the President for a decision, the President will continue to have 15 days to make a decision

  • Fees. FIRRMA will also now allow CFIUS to collect filing fees. The details regarding fees will come in the implementing regulations, but CFIUS will be required to take into account the impact of such fees on small businesses in preparing these regulations.

In addition to the changes we’ve described here, FIRRMA also includes provisions allowing for unilateral CFIUS review and expanded CFIUS authority for identifying covered transactions and mitigation plans. We’ll describe those in upcoming blog posts.

In sum, FIRRMA is making the CFIUS process longer and more expensive. We’ll continue to follow these developments and share our thoughts.

Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their