Client Alert

Congress to Consider a Broad Overhaul of CFIUS

09 Nov 2017

Yesterday, bipartisan coalitions in both the House and the Senate announced new legislation that would substantially overhaul current law governing the Committee on Foreign Investment in the United States (CFIUS) and the standards by which foreign investments in U.S. businesses are reviewed. The law would dramatically expand CFIUS’ authorities, and would affect a broad range of transactions — particularly in high-technology sectors. Companies could also be required to pay filing fees of up to $300,000 for each transaction.

The proposed legislation comes amid rising concerns by Administration officials and members of Congress about foreign investments in and acquisitions of high-technology industries, particularly by Chinese businesses. It was announced just as President Trump was arriving in China, where topics of discussion are sure to include trade and foreign investment policy.

The proposed Senate bill—which is 79 pages long and is titled “The Foreign Investment Risk Review Modernization Act” — is sponsored by Senators John Cornyn (R-TX) and Dianne Feinstein (D-CA), and has several other co-sponsors from both parties. The House bill was introduced by Rep. Robert Pittenger (R-NC) and also has a bipartisan lineup of co-sponsors. Although the text of the House bill was not available as of this writing, Rep. Pittenger’s website describes it in the same terms as the Senate bill.

Expansion of CFIUS Jurisdiction

The proposed legislation would substantially broaden CFIUS’s focus and strengthen its enforcement capabilities. As such, it could impose new obstacles for foreign investors and U.S. businesses conducting transactions with them. At least some parts, however, codify existing practices. Most significantly, the legislation would devote more focus and enforcement authority to transactions in high-technology sectors. In this regard:

  • CFIUS would have authority to review certain transactions involving “critical technologies” — a term that would be updated to include “emerging technologies” that could be essential for the United States to maintain or gain a technical advantage against rival “countries of special concern.” As a result, any foreign investment in a company that develops “critical technologies” would presumptively be covered by CFIUS, unless the investment is passive.
  • In a significant new development, CFIUS would further have the authority to review any contribution by a U.S. “critical technology company” of its intellectual property (along with associated support) to a foreign company, including through an arrangement such as a joint venture.
  • Similar rules would apply in “critical infrastructure” industries — a term defined to include various systems and assets that are vital to national security. The Department of Homeland Security has designated 16 different critical infrastructure sectors — ranging from manufacturing to electrical grids to the financial services sector. Accordingly, any foreign investment in a critical infrastructure company would presumptively be covered by CFIUS, unless the investment is passive.
  • For an investment to be considered “passive,” it cannot give the foreign person any membership — or (notably) even observer rights on the target company’s board or any involvement (other than through voting of shares) in substantive decision-making. The transaction also cannot afford the foreign person the ability to access certain types of non-public information possessed by the U.S. business.

Cybersecurity Concerns

The proposed legislation would also place a heavy emphasis on cybersecurity and information security concerns:

  • CFIUS would be required to evaluate whether any covered transaction is likely to create or exacerbate any cybersecurity vulnerabilities in the United States. CFIUS would also have to consider whether a transaction could expose personally identifiable information or other sensitive data of U.S. persons to a foreign government or foreign person in a manner that could threaten national security. Given the vast extent to which both emerging and established U.S. businesses’ technology (whether in ecommerce, data analytics, personal healthcare, gaming / entertainment, finance or other sectors) currently involves the access to and use / analysis of such data of U.S. persons, the impact of this requirement on proposed investments and acquisitions is likely to be profound.
  • CFIUS would have to assess whether the transaction could allow a foreign government to gain new capabilities to engage in malicious cyber enabled activities against the United States — “including such activities designed to affect the outcome of any election for Federal office.”


Other measures would strengthen CFIUS’s overall enforcement authorities:

  • CFIUS review would be required in certain circumstances if the foreign investor is partially owned by a foreign government. Specifically, notice would be required if the transaction involves (1) a foreign person’s acquisition of a 25% or greater voting interest in a U.S. business, and (2) the foreign acquirer is at least 25% owned by a foreign government.
  • CFIUS would also be empowered to write regulations requiring that other types of covered transactions be submitted for review.
  • CFIUS could suspend a proposed or pending covered transaction that poses a risk to national security for the duration of the investigation process, in which case the parties would not be able to close the transaction while CFIUS’ review is pending.
  • Notably, CFIUS could designate a country as a “country of special concern” if it “poses a significant threat to the national security interests of the United States.” In evaluating covered transactions, CFIUS would have to consider (among other factors) whether the transaction could give an industrial or technological advantage to a country of special concern, and whether the transaction involves a country of special concern that has a strategic goal of “acquiring a type of critical technology” possessed by the target company.
  • The law would empower the President not only to suspend or prohibit a transaction, but to “take any additional action the President considers appropriate” to address the national security risk identified during the review of the transaction.
  • The law sets out detailed requirements for mitigation plans, including that they must specify enforcement mechanisms. If the parties have agreed to use any kind of third-party monitor, the monitor cannot owe a fiduciary duty to any party to the transaction.
  • The new enforcement mechanisms would be funded by CFIUS’s ability to charge companies fees for processing transactions. The law would give wide latitude to set those fees — at a maximum of 1% of the total transaction value or $300,000, whichever is less. The various agencies that comprise CFIUS would also be given special hiring authority.

Process Revisions

The legislation substantially revises the CFIUS filing and review process. Some of these revisions could potentially benefit businesses:

  • Most significantly, parties could submit a declaration with only “basic information” for certain types of transactions.
  • CFIUS could “white-list” certain countries so that any transaction where the foreign party is a person or business in that country does not need to be approved by CFIUS.
  • Ordinary filings would need to be made at least 90 days prior to closing. Filings made through shorter declarations would have to be submitted 45 days in advance of closing.
  • CFIUS’ initial review period would be expanded from 30 to 45 days. The subsequent 45-day investigation period could be extended by CFIUS for 30 days.
  • A party to a transaction can initiate judicial review proceedings based on constitutional claims. But only constitutional claims could be heard — leaving it unclear whether parties could contend that CFIUS or the President have acted outside of the statute’s scope. The U.S. Court of Appeals for the D.C. Circuit would have exclusive jurisdiction to hear such claims.  However, the court’s only options would be to affirm any actions taken by CFIUS or the President, or to remand the case to CFIUS for further consideration. The U.S. government would be allowed to submit ex parte, in camera materials to the court, including any classified information.

It is premature at this stage to predict what the bill’s prospects are for becoming law and when. But given the lineup of bipartisan co-sponsors and statements by several Trump administration officials, including Treasury Secretary Steven Mnuchin, that the CFIUS process needs to be strengthened, this legislation will certainly be worth monitoring carefully as the 2017 legislative session begins to draw to a close.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.