On April 21, 2008, the U.S. Department of the Treasury ("Treasury") proposed new rules relating to the procedures that the Committee on Foreign Investment in the United States (“CFIUS”) should use in reviewing (and potentially halting) foreign investments in U.S. companies based on a potential impact on national security.  See 79 Fed. Reg. 21861.  While Congress previously mandated that changes be made to the CFIUS process following the much ballyhooed Dubai Ports World controversy in 2006, the current rules are merely proposed, and are not yet final.  Treasury is accepting comments on the proposed rules until June 9, 2008.

Background and New Proposed Rules

In July 2007, Congress passed the Foreign Investment and National Security Act of 2007, Pub. L. No. 110-49 (Jul. 26, 2007; effective Oct. 24, 2007) (“FINSA”) (amending the Exon-Florio Amendment to the Defense Production Act of 1950 (codified at 50 U.S.C. App. § 2170)), which mandated an overhaul of the processes by which CFIUS reviews foreign investment in U.S. companies and requires remedial action, if necessary.  FINSA was prompted by the Dubai Ports World (“DPW”) controversy in 2006, wherein Dubai Ports World, a state-owned company in the United Arab Emirates (“UAE”), was set to assume management of numerous U.S. ports, but members of Congress claimed that such an action would compromise U.S. national security.

Prior to 2006, the ports in question were managed by a British firm, Peninsular and Oriental Steam Navigation Co. (“P&O”).  In 2005, DPW announced plans to acquire P&O, including its management operations at the U.S. ports.  DPW filed a voluntary notice with CFIUS as recommended by the regulations, alerting the U.S. Government of the pending transaction.  Following an investigation in which some concerns were raised about national security impacts, CFIUS ultimately approved the transaction in February 2006.

Shortly thereafter Senator Charles Schumer (D-NY) objected to the approval, threatening legislation to halt the deal.  Eventually, DPW diffused the situation by agreeing to sell P&O’s U.S. operations to a U.S. company, the Global Investment Group, thereby eliminating the risk of a foreign company (in this case, perhaps, a “more foreign” Middle-Eastern company, when compared to a “less foreign” British company) managing U.S. port security.  Still, Congress recognized that the permissive requirements of the Exon-Florio Amendment needed to be strengthened, and so it passed FINSA in 2007 to make CFIUS review mandatory for any foreign investments that might impair national security.

FINSA required a number of specific changes to the CFIUS foreign-investment review process.  Among other things, FINSA:

  • Codified the CFIUS committee structure, which previously existed pursuant to Executive Order 11858; the Committee consists of a number of leaders from the Executive Branch, including: (1) the Secretary of the Treasury; (2) the Attorney General; (3) the Secretary of Homeland Security; (4) the Secretary of Defense; (5) the Secretary of State; (6) the Secretary of Commerce; (7) the Secretary of Energy; (8) the Secretary of Labor; and (9) the Director of National Intelligence.
  • Required senior company managers (the CEO, or his designee) who are submitting information to CFIUS for review to certify the accuracy and completeness of all submissions; companies are also required to provide material updates to information already provided.
  • Required mandatory review of any “covered transaction” (a new term under the Act) when the transaction: (1) “threatens to impair the national security of the United States;” (2) is a “foreign government-controlled transaction” (another new term under the Act); (3) would result in a foreign company controlling “critical infrastructure” or “critical technologies” (yet two more new terms), and national security could be subsequently impaired; or (4) is otherwise recommended for review by CFIUS.
  • Allowed CFIUS to consider in making its ultimate recommendations potential national security-related issues, including impacts on critical infrastructure, critical technologies, and potential impacts resulting from foreign government-controlled transactions.
  • Permitted CFIUS to enter into tailored mitigation agreements with the foreign entity investing in the U.S., and allowed continuous monitoring of a company’s compliance.
  • Required the Director of National Intelligence to conduct his or her own independent review of the proposed transaction to assess national security threats and to ensure that national security is not compromised.
  • Required CFIUS to submit a certified report to Congress on the results of all “national security” reviews, and also granted Congress additional oversight authority over the CFIUS approval process.

Essentially, as amended, FINSA requires that, in order for a transaction to be approved, CFIUS must conclude that there are no unmitigated national security concerns in a proposed transaction, and that allowing the transaction to be completed will not compromise national security.

Summary of New Proposed Rules

Following is a summary of some of the key features of the proposed rules:

  1. New Definitions and Key Concepts.  FINSA and the proposed rules include a number of new terms and concepts that were not included in the prior regulations.  Ostensibly, these new terms help focus the scope of a CFIUS review, simultaneously allowing companies more predictability in the CFIUS process.  Some of the key terms or concepts include:
    • “Covered Transaction” – The new rules make clear that the scope of the regulations applies only to “covered transactions,” which applies to any transaction that “could result in control of a U.S. business by a foreign person.”  A “foreign person” includes any foreign national, foreign entity, or foreign government, including any U.S. entity that is subject to the control of a foreign person.  A “transaction” is construed broadly to include a merger, acquisition or takeover, including: (1) acquiring ownership interest in an entity; (2) acquiring or converting convertible voting instruments; (3) acquiring voting proxies; (4) forming a joint venture; and (5) entering into a long-term lease where the lessee makes substantially all business decisions as if it was the owner.  The proposed rules provide numerous examples of potential “covered transactions,” including certain types of lending transactions that could give rise to foreign control of a U.S. entity.  Helpfully, the proposed rules also identify numerous examples of transactions that are not “covered transactions” – i.e., transactions that do not require a company to file advance notice with CFIUS.
    • “Control” – The key to determining whether a CFIUS review is required revolves around the question of whether a foreign person has “control” over the U.S. entity.  The concept under the new rules remains essentially the same as under the old regulations, and the term remains loosely defined.  Treasury has observed that the definition “eschews bright lines” and requires a case-by-case assessment to determine whether “control” actually exists.  Consequently, CFIUS views control in functional terms, considering whether a foreign person has actual or potential authority to determine, direct, or decide important matters of business or policy affecting the U.S. company.  The proposed rules provide numerous examples of “control” (by majority, as well as minority, interests) that could trigger the CFIUS requirements.  However, the proposed rules are careful to consider that not all minority interests will necessarily result in “control,” and not all negative rights allow a foreign person to direct the day-to-day management of the U.S. business.  For instance, a foreign person is not considered to have “control” if it: (1) holds no more than a 10% interest and (2) holds the interest solely for the purpose of investment.   Treasury has reiterated the fact that these rules are designed merely to facilitate a review process and place checks on foreign influence in critical sectors, not “to impose barriers to foreign investment.”
    • “Foreign Government-Controlled Transaction” – The new rules both clarify the circumstances under which a “covered transaction” (that is, one where a foreign person will have “control” over a U.S. company) should be submitted to CFIUS for review – thereby triggering the 30-day review period – and also define a number of specific transactions that require additional investigation (and potentially an additional 45 days before a final decision is issued).  The first category of covered transactions requiring a mandatory investigation involves “foreign government-controlled transactions” – defined as “any covered transaction that could result in control of a U.S. business by a foreign government or a person controlled by or acting on behalf of a foreign government.”  For purposes of this definition, investments by sovereign wealth funds are considered investments by a foreign government.  This new concept responds directly to some of the criticisms raised during the Dubai Ports World controversy where the UAE-owned company would have been directly responsible for U.S. port security.
    • “Critical Infrastructure” and “Critical Technology” – The second category of covered transactions that require a mandatory investigation involve U.S. companies that are involved in “critical infrastructure” and “critical technologies.”  “Critical infrastructure” refers to systems and assets that “are so vital to the United States that the incapacity or destruction of the particular systems or assets … would have a debilitating impact on national security.”  “Critical technology” refers to specific products or technologies that are specially modified for military use (defense articles, defense services, and technical data under the International Traffic in Arms Regulations, 22 C.F.R. Parts 120-130), and those products or technologies restricted for foreign export under multilateral export control regimes, including nuclear and biochemical restrictions (as defined under the Export Administration Regulations, 15 C.F.R. Parts 730-774).  This definition would, as a matter of course, apply to a large segment of the defense and homeland security industry, requiring a mandatory investigation for these “covered transactions.”
  2. Filing a Voluntary Notice and Pre-Coordinating with CFIUS.  As under the prior regulations, the CFIUS system continues to be based on voluntary notices filed by the parties to a covered transaction.  Remember that CFIUS recommends filing a voluntary notice only if the transaction qualifies as a “covered transaction;” if it is not a “covered transaction,” then no notice is required or contemplated.  To the extent the parties are unsure of whether a particular transaction falls within the scope of the CFIUS regulations, they are encouraged to err on the side of caution and submit a voluntary notice nonetheless.  CFIUS reserves the right to initiate unilaterally a review and investigation if a transaction that is not voluntarily noticed falls within the scope of the regulations.

The new regulations make clear that pre-coordination before filing a voluntary notice is preferred.  The 30-day review period begins once a complete notice packet is “accepted” by CFIUS.  Note that this means that submitting an incomplete packet does nothing but delay the process.  For this reason, CFIUS encourages companies to pre-coordinate as to what kinds of information are required and what would constitute a “complete” notice, including (as appropriate) submitting a “draft” notice for comment.  The proposed rules make clear that not only does pre-coordination smooth the 30-day approval process, but it also ensures that CFIUS has a complete view of the transaction and has received all of the information it needs to conduct a thorough review.

While voluntary notices are not new, the proposed rules expand the types of information that CFIUS expects to be filed with a voluntary notice packet.  Such new materials include:

  • Substantive details about the transaction, including the nature of the transaction, the scope of foreign control, and identification of foreign persons involved in the transaction;


  • Additional information regarding ultimate and intermediate parents of the foreign person making the acquisition;


  • Corporate organizational charts;


  • Transaction value information;


  • Identification of other persons with a role in the transaction;


  • Descriptions of prior filings with CFIUS and relationship of the transaction and parties to prior CFIUS reviews;


  • Additional information regarding contracts with and goods supplied directly or indirectly to the U.S. Government;


  • Additional product information;


  • A description of all export-controlled “critical technologies” held by the U.S. company, including any subsidiaries involved in critical technologies;


  • Identification of any special government rights over the foreign person making the acquisition;


  • Description of any agreements among foreign persons to act in concert with respect to parties to the transaction;


  • Personal identifier information for certain key personnel (which Treasury promises will be destroyed after the CFIUS review process is complete).

Companies are expected to file complete and accurate notices with CFIUS, and senior management is expected to certify that its submission packet is truthful and complete.  Failure to supplement a filing with material updates could be cause for reopening the transaction for review, not to mention exposing individuals to potential civil or criminal penalties under the regulations.

  1. Mandatory Investigations.  For certain covered transactions specifically identified by FINSA, an additional investigation is required, giving CFIUS an additional 45 days to issue its final recommendation.  This applies to any transaction that: (1) threatens to impair the national security of the United States; (2) involves a “foreign government-controlled transaction;” (3) would result in a foreign company controlling “critical infrastructure” or “critical technologies,” and national security could be subsequently impaired; or (4) is otherwise recommended for review by CFIUS.  Following the investigation, CFIUS may recommend no action be taken (allowing the transaction to proceed, complete with any mitigation agreements negotiated with the parties), or it may forward a recommendation to the President, deferring to his final approval.  Historically, less than 1% of transactions submitted for review have been forwarded to the President for final decision.

Hopefully, if the voluntary notice was properly pre-coordinated with CFIUS, this investigation is merely a formality, allowing CFIUS to document the necessary information supporting its ultimate report to Congress.  However, if a company did not plan ahead, an investigation could result in a significant vetting by CFIUS, and could add significant risk to the transaction.

  1. Withdrawal of Notice.  While the new rules continue the practice of allowing companies to voluntarily withdraw a filed notice, they also require CFIUS take certain steps with regard to the withdrawn notice.  In particular, CFIUS must track the withdrawn transaction, and CFIUS must also establish interim protections, as appropriate, to protect national security concerns identified during the review or investigation process completed prior to the withdrawal.
  2. Potential Penalties.  The new rules add a new section enumerating potential penalties for individuals who make a material misstatement or omission in connection with a CFIUS filing, or who fail to comply with the terms of a mitigation agreement.  Such penalties include:
  • Civil fines up to $250,000 per violation;


  • Potential “liquidated damages,” as specified in the mitigation agreement (such a provision may be required by CFIUS as a condition for approval);


  • Other civil or criminal penalties that may arise from an individual’s false certification or other false statement.

Support from Industry of New Proposed Rules

In publishing the proposed rules, Treasury highlighted that the rules were drafted in consultation with a broad scope of stakeholders – including Congress, the investment community, foreign diplomatic communities, and private industry.  In fact, Treasury even hosted a number of open meetings, the most recent of which was held on May 2, 2008, to solicit feedback on the proposed rules, and it also extended the comment period on the proposed rules until June 9, 2008.  Thus far, a number of large business organizations – Business Roundtable, The Financial Services Forum, Organization for International Investment, and the U.S. Chamber of Commerce – have already announced their support, collectively praising the new rules for laying out an effective roadmap as to when and how the CFIUS process is required.  The rules, industry has noted, do not present a formidable barrier to foreign investment, which they state supports more than 5 million American jobs with an annual payroll of $335.9 billion.

Additionally, industry has praised Treasury’s decision to keep information contained in all CFIUS filings confidential.  Treasury hopes to smooth the process by encouraging pre-filing disclosures and pre-transaction reviews, as opposed to post-transaction, unilateral actions, which investors clearly would prefer to avoid.  Such a process, both Government and industry seem to agree, will provide more clarity and predictability to investors, and speed the process as a whole.


Despite the Dubai Ports World controversy and the enactment of FINSA, Treasury has stated that these proposed rules should not reflect an increased burden on industry.  In fact, Treasury has noted that, while CFIUS has received more notices of pending transactions in recent years, this climb is largely attributable to the increasing globalization of U.S. businesses and a rise in foreign wealth generally.  Treasury expects that it will still investigate only about 10% of all transactions filed with CFIUS, and that the revised rules will not unduly restrict foreign investment in the U.S. – a sentiment apparently shared by industry.

Given the fact that the U.S. defense market is the largest in the world, and given the fact that the depressed U.S. dollar currently makes foreign investment in U.S. companies an attractive option, we will undoubtedly continue to see focused attention on the CFIUS review process.  In fact, the Italian aerospace company Finmeccanica SpA announced this week that it has agreed to purchase DRS Technologies – a U.S. aerospace company specializing in electronic systems for defense, law enforcement, and homeland security – for $5.2 billion.  Given the fact that Finmeccanica is approximately one-third owned by the Italian government, perhaps the pending DRS transaction (expected to close in the fourth quarter of 2008) will prove the first and most visible test of FINSA and the new CFIUS rules.

Regardless, the practical impact of the new rules on most foreign investors does not appear to differ that much form the prior rules:

  • As an initial matter, the proposed rules offer greater clarity as to what constitutes a “covered transaction.”  If the proposed transaction is not a “covered transaction,” then the CFIUS process will not apply.  However, if you are unsure, you probably want to file a voluntary notice with CFIUS just to be safe.
  • Along these same lines, U.S. companies expecting to be “controlled” by a new foreign investor are well advised to coordinate with CFIUS, to identify potential mitigation plans, and to submit a voluntary notice well in advance of the contemplated closing date.
  • According to estimates from Treasury, most transactions submitted for review (approximately 90%) will not be investigated, and after the 30-day window is complete, businesses should be able to proceed with the transaction with minimal risk.
  • For those transactions involving U.S. companies involved in “critical infrastructure,” “critical technologies,” or industries affecting national security, or for transactions involving investment by a foreign government-controlled entity, the CFIUS investigation process is mandatory.  This could add up to an additional 45 days to the process and result in additional scrutiny from Congress (and potentially the media), but it should not necessarily frustrate the transaction.  So long as the U.S. company and the foreign investor have considered appropriate mitigation plans to minimize the impact on national security and are willing to work with CFIUS to reach an agreeable solution, there is little reason that the transaction would not be allowed to proceed.  After all, as Treasury has repeatedly emphasized, the CFIUS process is not designed to impose barriers to foreign investment.
  • As under the previous rules, companies should continue to provide accurate, complete, and updated information to CFIUS to ensure a speedy review, certifying compliance with the new rules.  Failure to provide complete, accurate, or updated information may force CFIUS to “reopen” a review, to halt a transaction (potentially), and also to recommend civil or criminal sanctions arising from false certifications and false statements.

Companies should be proactive in coordinating with CFIUS prior to filing any required notice, creating an appropriate mitigation plan (if necessary), and filing any ultimate notice as required under the regulations.  In that connection, experienced advisors familiar with the legal terrain are a key and necessary part of this process.  Given the fact that the President can unilaterally terminate any transaction that has not already been reviewed when there is a potential impact on national security, and given the fact that politicians such as Senator Schumer can rain down uncontrolled media fire on a controversial transaction, companies should take the bull by the horns and ensure that they take a proactive stance on CFIUS compliance.  The issue of CFIUS compliance should be included on every pre-merger due diligence checklist, and should be taken seriously.

Click here for additional practical information on CFIUS compliance, and click here for other issues relating to foreign investment.

Authored by:

Lucantonio N. Salvi




David S. Gallacher