Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
The new guidelines from CFIUS signal the regulator may be willing to take a more muscular approach as US companies are put on alert
The Committee on Foreign Investment in the United States (CFIUS) - the US Government’s foreign direct investment (FDI) regulator - recently issued its first-ever CFIUS Enforcement and Penalty Guidelines (the Guidelines). They outline how the regulator will assess the scope of, and potential penalties for, violations of regulations governing CFIUS reviews of proposed acquisitions of and/or certain investments in US businesses by non-US parties. The regulator will also assess breaches of mitigation agreements or undertakings entered into between deal parties and the US Government as a condition for CFIUS transaction clearance.
The new Guidelines address:
The Guidelines are non-binding and do not create new obligations on foreign acquirers/investors or on parties involved in the CFIUS process. Nevertheless, the Guidelines are an unmistakable signal that CFIUS will continue its increased vigilance with respect to non-notified transactions and potential lapses in mitigation agreement compliance.
CFIUS is empowered to investigate and impose civil monetary penalties and other remedies for violations of the laws that govern the CFIUS review process. In addition, the regulator can impose penalties for violations of mitigation agreements, or other conditions or orders, that the US Government requires as a condition for foreign ownership of a US business operating in critical technologies or other areas important to US national security. In the wake of the Foreign Investment Risk Review Modernization Act of 2018, CFIUS established its Office of Monitoring & Enforcement, which investigates certain transactions not previously submitted to CFIUS for review and enforces penalties for violations of CFIUS regulations and mitigation agreements. It is these enforcement efforts that the Guidelines are intended to address.
According to an accompanying US Treasury Department statement, the Guidelines will “provide the public with important information about how CFIUS will assess whether and in what amount to impose a penalty or take some other enforcement action for a violation of a party’s obligation, and factors that CFIUS may consider in making such a determination, including aggravating and mitigating factors.”
The Guidelines in particular address the following:
Conduct that may constitute a violation
The Guidelines identify three types of acts, or omissions, that may constitute a CFIUS violation:
Information sources on which CFIUS may rely in assessing whether a violation has occurred
Per the Guidelines, “CFIUS considers information from a variety of sources, including from across the [US] government, publicly available information, third-party service providers (eg, auditors and monitors), tips, transaction parties, and filing parties.” In particular, CFIUS employs/relies upon the following:
Unfolding of the CFIUS penalty process
CFIUS regulations (see, eg, 31 C.F.R. § 800.901) set forth the process by which CFIUS is authorised to consider and impose penalties. The Guidelines highlight the key milestones and timelines in that process, including issuance of a written “notice of penalty” which states the alleged violation, the amount of any monetary penalty, and the information CFIUS considered in determining a violation occurred. A party may challenge the penalty notice via a reconsideration petition, which CFIUS must consider prior to issuing any final penalty determination.
Assessment of aggravating and mitigating factors
The Guidelines are clear that the finding of a violation “will not necessarily lead to a penalty or other remedy,” and information published to date by CFIUS (in anonymised form) reflects only two monetary penalties, a $1 million fine in 2018 for repeated breaches of a CFIUS mitigation agreement, and a $750,000 penalty in 2019 for violation of an interim CFIUS order restricting access to protected data. CFIUS retains discretion “in determining when a penalty is appropriate, including by considering applicable aggravating and mitigating factors,” the relevance and importance of which will depend on the specific facts and circumstances at issue. Examples of aggravating and mitigating factors include the following:
As noted, the Guidelines do not vest CFIUS with additional investigation and enforcement authority. Nor do the Guidelines limit the ability of the US Government to seek civil or criminal penalties that may be applicable under other laws, and CFIUS may refer a matter to the US Department of Justice or other enforcement authorities where it deems appropriate. CFIUS acknowledges that “vast majority of those who come before CFIUS abide by their legal obligations and work collaboratively with [CFIUS] to mitigate any national security risks arising from the transaction.” But is clear from the Guidelines CFIUS will use its authority to ensure compliance with overall CFIUS process.
We’ll send you the latest insights and briefings tailored to your needs