Five Fast Facts: New CFIUS Regulations Implementing FIRRMA Add a New Layer of Complexity to Foreign Investments in U.S. Businesses

While February 13th may seem like a day to scramble for a last minute Valentine’s Day gift, this February 13th ushers in new Committee on Foreign Investment in the United States (CFIUS) regulations implementing the requirements of the Foreign Investment Risk Review Modernization Act (FIRRMA).  The new regulations are dense and capture a number of functional areas.  Here are five fast “facts” that you need to be aware of now in order to protect your companies and transactions.   

1.  New Regulations Expand CFIUS Jurisdiction to Include Non-Controlling Foreign Investments in TID businesses (see definition below).

Before FIRRMA, CFIUS was largely focused on transactions where a foreign investor would control (or have the ability to control) a foreign business.  Under FIRRMA and CFIUS’s new regulations, that is not the case.  Now, CFIUS has jurisdiction of non-controlling foreign investments into U.S. businesses that are a TID business.  A TID U.S. business is one that:

  • Produces, manufactures, fabricates, designs, tests, or develops a “critical technology”— the “T” in TID;
  • That is involved with certain “functions” in “covered investment critical infrastructure”— the “I” in TID; and
  • Maintains or collects “sensitive personal data” of U.S. persons—the “D” in TID. 

As typical with CFIUS regulations, there are many defined terms with complex definitions.  For now, companies can remember TID as the trigger to dig deeper into whether a transaction involving foreign investment into a U.S. business warrants an examination of obligations under CFIUS regulations. 

Important to note is CFIUS’s increasing focus on data. “Sensitive personal data” has a long and dense definition in the new regulations but suffice it to say if your transaction involves a U.S. business that dabbles in data involving financial services such as banking and investments or life sciences fields such as genetic data and health information then you will need to closely vet your CFIUS obligations.

2.  New Regulations Continue to Require Mandatory Filings in Certain Instances

Until FIRRMA, CFIUS filings had largely been voluntary.  After FIRRMA, the government implemented a pilot program that required mandatory filings in certain circumstances.  The new regulations continue to require mandatory filings for transactions involving U.S. businesses that deal with “critical technologies.” Additionally, mandatory filings are now also required for foreign government investments in TID U.S. businesses including investments from sovereign wealth funds.  While there are exceptions to these requirements, companies involved with a transaction involving critical technologies or foreign government investments need to pause the brakes and determine whether a mandatory filing is required. 

3.  Fines are a New Way of Life

To enforce the “mandatory” in mandatory filing, CFIUS has the ability to issue fines to companies failing to make a required filing.  The fine for such failures can be up to $250,000 or the value of the transaction. 

4.  Parties can Submit Short-Form Declarations as an Alternative to Full Joint Voluntary Notices

It’s not all gloom in the regulations.  The new short-form declarations may ultimately provide companies a quicker, cheaper alternative to the joint voluntary notice process.  Deciding whether or not the short-form approach is appropriate for your transaction depends on numerous factors such as the parties involved, the nationalities of the parties, the nature of the U.S. business at issue, and the transaction structure.  Parties to a “riskier” transaction such as those involving a Chinese or Russian investment into a TID business may want to bypass the short-form declaration because of the high likelihood CFIUS would require a complete notice. 

5.  Investments From Certain Countries may be Exempt from CFIUS’s Expanded Jurisdiction

The new regulations identify Canada, United Kingdom of Great Britain, Northern Ireland, and Australia as “excepted foreign states.”  This means that certain investments from these countries may not be subjected to the expanded jurisdiction implemented by the new regulations.  A note of caution: the regulations carefully define the type of investments from these countries that are exempt.  If you don’t fall within those parameters, you can’t avail yourself of the exemption.  In considering where to seek foreign investment from though, this change may help companies narrow the list of countries they will be looking at. 

There’s a lot to unpack in all of these areas and in the regulations generally.  Additional posts will delve deeper into these regulations but a good rule of thumb is that if your transaction involves any foreign investment into a United States business, you should evaluate the CFIUS landscape. 

Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their