• On April 11, 2024, the U.S. Department of the Treasury released a Notice of Proposed Rulemaking to amend the Committee on Foreign Investment in the United States regulations with the aim to meaningfully strengthen and expand CFIUS’s existing compliance and enforcement functions.
• The NPRM is yet another example of the U.S. government ratcheting up its national security toolkit to address concerns arising from international trade and foreign investment, and using CFIUS to do so.
• The NPRM proposes to amend the CFIUS regulations that authorize CFIUS to gather information about transactions, mitigate national security risks of transactions, and penalize those that violate CFIUS’s rules or otherwise fail to comply with their obligations to CFIUS. To that end, under the NPRM, CFIUS would gain enhanced authority to request information about non-notified transactions, parties to a CFIUS filing would be required to respond to proposed mitigation terms on a fixed time frame, and civil monetary penalties would be expanded.

On April 11, 2024, the U.S. Department of the Treasury (“Treasury”) released a Notice of Proposed Rulemaking (“NPRM”) to amend the Committee on Foreign Investment in the United States (“CFIUS”) regulations with the aim to meaningfully strengthen and expand CFIUS’s existing compliance and enforcement functions. In the corresponding press release, Assistant Secretary for Investment Security Paul Rosen noted that this enhancement would “more effectively deter violations, promote compliance, and swiftly address national security risks in connection with CFIUS reviews. These updates reflect lessons learned in the course of our monitoring, compliance, and enforcement work and build on the 2022 CFIUS Enforcement and Penalty Guidelines.” The NPRM is yet another example of the U.S. government ratcheting up its national security toolkit to address concerns arising from international trade and foreign investment, and using CFIUS to do so. This NPRM follows the Treasury having released its first CFIUS Enforcement and Penalty Guidelines in 2022.

Chaired by the Treasury, CFIUS is authorized to review certain transactions by or with any foreign person including those that could (1) directly or indirectly result in foreign control of a U.S. business, (2) involve a foreign person gaining certain noncontrolling rights in a subset of particularly sensitive U.S. businesses, and (3) involve certain particularly sensitive real estate. For transactions involving certain sensitive U.S. business technology—known as “critical technology”—or certain levels of foreign government ownership, parties may be required to make a mandatory filing with CFIUS regarding the transaction. Otherwise, CFIUS will review transactions on its own accord or based on transaction parties’ voluntary filings. If CFIUS identifies a national security risk during its review of a transaction, it may negotiate and enter into and enforce agreements with the transaction parties or impose conditions on the transaction parties to mitigate the risk. This NPRM proposes to amend the CFIUS regulations that authorize CFIUS to gather information about transactions, mitigate national security risks of transactions, and penalize those that violate CFIUS’s rules or otherwise fail to comply with their obligations to CFIUS.

Key Takeaways

CFIUS Would Gain Enhanced Authority to Request Information About Non-Notified Transactions and in Other Situations

For transactions for which parties have not submitted a CFIUS filing (known as “non-notified transactions”), CFIUS currently has the authority to request information necessary to determine whether it can review such a transaction, i.e., whether the transaction is a “covered transaction” or a “covered real estate transaction.” The NPRM would explicitly expand this authority, more clearly allowing CFIUS to request information from the transaction parties and others regarding not only CFIUS’s jurisdiction to review a non-notified transaction, but also whether the transaction may raise national security considerations and whether the transaction meets the criteria for a mandatory declaration.

Accordingly, the NPRM proposes expanding both the substance covered by CFIUS’s information requests and who would be the targets of such information requests. Under the NPRM, the substantive focus of CFIUS’s information requests would address national security considerations and mandatory filing issues, which are distinct areas from CFIUS’s ability to review a transaction. The NPRM also proposes expanding who must respond to CFIUS’s information requests for non-notified transactions. CFIUS’s current investigatory authority is limited to requesting information from transaction parties, and the NPRM proposes providing CFIUS the authority to send such information requests to “other persons” as well. Together, these proposed changes would meaningfully enhance CFIUS’s ability to gather information from parties both directly and indirectly related to a non-notified transaction.

Practically, this expanded authority regarding information requests for non-notified transactions appears to be more of a clarification of CFIUS’s current practices. CFIUS already presently asks questions about non-notified transactions that relate to more than CFIUS’s jurisdiction, and parties typically oblige in providing responses, even if not technically required. However, CFIUS having the explicit authority to ask expanded questions and require responses could play out in different ways. On one hand, CFIUS may use this authority to ask an even wider variety of questions outside of the formal review process that, under the current regulations, transaction parties or others could argue they do not have to respond to. Under the proposed rule, those parties and others would be obligated to respond to such requests, potentially making CFIUS a more burdensome regulatory consideration than it has been in the past. On the other hand, through answering more extensive questions, transaction parties and others may be able to more effectively head off issues that CFIUS previously would have required the parties make a full filing to address—such as whether the transaction represents a national security risk or whether the parties failed to make a mandatory filing. This outcome could actually spare transaction parties from making a CFIUS filing and being subject to a formal CFIUS review.

Along with non-notified transactions, the NPRM also proposes expanding CFIUS’s ability to ask questions and require responses of transaction parties and others when: (1) seeking information to monitor compliance with or enforce the terms of a mitigation agreement, order, or condition, and (2) seeking information to determine whether any person has made a material misstatement or omitted material information during the course of a previously concluded review or investigation. CFIUS currently asks questions in these circumstances, but the NPRM would obligate transaction parties and others to provide responses in such circumstances.

The NPRM also strengthens CFIUS’s enforcement mechanism for ensuring it receives answers to its information requests by amending the basis by which CFIUS can issue a subpoena. To issue a subpoena, the proposed rule would require CFIUS to deem a subpoena “appropriate” to compel responses to its information requests if parties do not voluntarily respond. This is a change from CFIUS’s current subpoena power, which requires that CFIUS deem a subpoena “necessary” to obtain the sought-after information. In practice, CFIUS does not often flex its subpoena power in light of parties generally voluntarily responding to information requests, but by lowering the threshold to issue a subpoena, CFIUS may be signaling its intent to more frequently issue, or threaten to issue, subpoenas. The ability for CFIUS to more efficiently issue subpoenas could incentivize parties to voluntarily respond to CFIUS information requests even more than they do at present.

Parties to a CFIUS Filing Would Be Required to Respond to Proposed Mitigation Terms on a Fixed Time Frame

If CFIUS identifies national security concerns while conducting a review of a transaction, CFIUS will seek to resolve such concerns by proposing mitigation terms to the transaction parties. Under statute, CFIUS has 45 days to complete an investigation of a transaction, which includes the finalization of any mitigation terms. In order to facilitate CFIUS’s ability to meet this 45-day timeframe, the NPRM proposes requiring transaction parties to respond to proposed mitigation terms within a three-business-day time period. The current CFIUS regulations do not specify a timeframe to respond to mitigation terms, meaning that this change would create an obligation on transaction parties to respond to CFIUS on a fixed time frame, similar to how such parties must respond to information requests that occur as part of a national security review on a fixed time frame.

Through proposing a deadline for parties to respond to mitigation terms, Treasury appears to be focusing on having CFIUS complete investigations more efficiently, perhaps to lower the number of transactions that must be withdrawn and refiled. Withdrawing and refiling a CFIUS filing may occur when CFIUS does not complete its investigation phase within 45 days. Under this proposed amendment, parties to CFIUS filings could see less instances of drawn-out CFIUS reviews that require withdrawing and refiling. However, the parties to a CFIUS filing are not the only actors that can impact the timeline to finalize mitigation measures and complete an investigation, with CFIUS itself also being responsible for timely proposing and negotiating mitigation measures. While the proposed timeline for responding to proposed mitigation measures will put more pressure on transaction parties, whether the timeline actually makes investigations more efficient may largely depend on whether CFIUS acts promptly as well.

Civil Monetary Penalties Would Be Expanded

In order to increase deterrence and properly penalize violations, the NPRM proposes increasing the maximum penalty CFIUS may impose per transaction and broadens the scope of penalized actions, noting that transactions that implicate CFIUS are often valued in the billions.

• For the submission of a declaration or notice with a material misstatement or omission, the NPRM would increase the maximum penalty amount to $5,000,000 per violation, from the current $250,000 per violation.

• For the failure to submit a mandatory declaration, the NPRM would increase the maximum penalty per violation to $5,000,000 or the value of the transaction, whichever is greater. Currently, this penalty per violation is $250,000 or the value of the transaction, whichever is greater.

• For violations of material provisions of mitigation agreements, material conditions imposed by CFIUS, or orders issued by CFIUS, the NPRM would increase the maximum penalty amount per violation to the greater of $5,000,000, the value of the transaction, or the value of the party’s interest in the U.S. business at the time of the violation or time of the transaction. Currently, this penalty per violation is a maximum of $250,000 or the value of the transaction, whichever is greater.

Additionally, the NPRM proposes granting CFIUS the new authority to impose a civil monetary penalty for material misstatements and omissions made outside of an active CFIUS review, including when the misstatement or omission occurs in the context of CFIUS’s monitoring and compliance functions. Such circumstances would include communications related to responding to CFIUS’s information requests regarding non-notified transactions, as well as communications related to mitigation agreements, conditions, or orders imposed. Notably, under the NPRM, transaction parties and others would be required to respond to inquiries from CFIUS in these areas, requiring such responses to be handled deliberately to confirm accuracy.

Along with expanding CFIUS’s ability to impose civil monetary penalties, the NPRM also proposes providing a more extensive timeline for parties to request reconsideration of a penalty notice. Specifically, the NPRM increases the time for a party to submit a petition for reconsideration of a penalty from 15 business days to 20 business days, and similarly increases the time for CFIUS to assess a petition and issue a final determination from 15 business days to 20 business days.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.