Client Alert

CFIUS Issues Final Regulations Governing National Security Reviews of Foreign Investment in the United States


On November 14, 2008, the Committee on Foreign Investment in the United States (“CFIUS”) issued its final regulations governing national security reviews of foreign investments in U.S. businesses, formally implementing amendments adopted by the Foreign Investment and National Security Act of 2007 (“FINSA”) to the Exon-Florio Amendment to the Defense Production Act of 1950.  The final regulations follow the issuance by CFIUS of the proposed regulations on April 21, 2008, and public comments and hearing on the proposed regulations, and will become effective 30 days after publication in the Federal Register.

Overview of FINSA

FINSA permits the President of the United States to block acquisitions, mergers, or takeovers of U.S. companies or assets by foreign-owned or foreign-controlled entities when, in the President’s view, such transactions threaten the national security of the United States.  Parties to a transaction subject to FINSA (referred to in the regulations as a “covered transaction”) may voluntarily file a notification with CFIUS to give the U.S. Government an opportunity to review the transaction and address any potential national security concerns. 

CFIUS Structure and Process

CFIUS is an interagency committee chaired by the Secretary of the Treasury and composed of various representatives of the executive branch of the U.S. Government, including the Attorney General and the Secretaries of Homeland Security, Commerce, Defense, State, and Energy.  The Director of National Intelligence and the Secretary of Labor serve as ex officio members of CFIUS.  Additional members can be added as deemed appropriate by the President or the CFIUS chair.

FINSA provides for a 30-day CFIUS review of a covered transaction to determine the effect of the transaction on national security, and to address any threat posed by such transaction.  CFIUS designates a “lead agency” to conduct the review (however, each CFIUS member is involved).  The CFIUS review can be extended into an additional 45-day investigation in cases where the transaction:

  • threatens to impair national security and that threat has not been mitigated prior to the conclusion of the initial 30-day CFIUS review;
  • involves a foreign government-controlled acquiring entity; or
  • could result in foreign control over critical infrastructure. 

In addition, an extended investigation can be undertaken at the recommendation of the lead agency and with the concurrence of the other CFIUS members.

To address congressional concern over appropriate accountability for CFIUS decisions, FINSA requires that a high-level official of the Department of the Treasury and the lead agency certify to Congress that there are no unresolved national security issues.  For example, for transactions involving foreign government ownership or critical infrastructure, the Deputy Secretaries of the Treasury and the lead agency must certify that the transaction does not threaten national security in order for the transaction to be cleared within the initial 30-day review.  If a 45-day investigation is initiated and any national security concerns remain unresolved at the end of such investigation, the transaction must be referred to the President, who then must make a determination within 15 days on whether to approve or block the transaction. 

Final CFIUS Regulations

The final regulations (to be set forth at 31 C.F.R. Part 800 and replace the existing regulations) will apply to covered transactions entered into after the effective date of the regulations.  The regulations in large part mirror the April proposed regulations and codify existing CFIUS practice and procedures, and add certain clarifications and examples in response to public comments received on the proposed regulations.  The main focus of the regulations is with respect to the administrative aspects of CFIUS reviews and investigations. 

Significantly, the regulations do not define “national security.”  Rather, CFIUS will review each covered transaction on a case by case basis to evaluate whether any national security concerns may be presented by the transaction based on the factors set forth in FINSA (for example, whether the transaction involves critical infrastructure or activities affecting national defense or homeland security).  In the CFIUS statements accompanying the final regulations, CFIUS noted that it “will continue its practice of focusing narrowly on genuine national security concerns alone, not broader economic or other national interests.”  As a practical matter, however, it may be difficult for CFIUS to distinguish between economic interests and national security interests.

The regulations do provide some guidance with respect to two other threshold issues:  whether the transaction involves the acquisition of “control” or “critical infrastructure.”

The regulations define “control” in functional terms as having the “power, direct or indirect, whether or not exercised, through the ownership of a majority or a dominant minority of the total outstanding voting interest in an entity, board representation, proxy voting, a special share, contractual arrangements, formal or informal arrangements to act in concert, or other means, to determine, direct, or decide important matters affecting an entity...” 

It is important to note that the regulations do not provide (and in fact have never have provided), an exemption based solely on whether an investment is 10% or less in a U.S. business.  The regulations do recognize the concept of “passive investment” and provide that if a foreign person holds 10% or less of the voting interest in a U.S. business interest solely for the purpose of passive investment, then the transaction would not be a covered transaction.  Thus, it is possible that a less than 10% investment may result in a holding of control; similarly, a greater than 10% investment may, depending on the specific facts, not be deemed to constitute control. 

Thus, whether “control” exists in a particular transaction will depend on the specific rights to be held by the foreign entity. 

Critical Infrastructure
This is defined in the regulations as “a system or asset, whether physical or virtual, so vital to the United States that the incapacity or destruction of the particular system or asset of the entity over which control is acquired pursuant to that covered transaction would have a debilitating impact on national security.”  Given this broad definition, many types of transactions may be deemed to involve critical infrastructure.  Therefore in evaluating whether a particular transaction may warrant a CFIUS filing, the parties will need to determine whether the U.S. business involved in the transaction holds assets that may be deemed to be critical infrastructure.


Although submitting false information to a governmental authority has always been subject to penalties, the regulations provide for civil penalties of up to $250,000 for (a) submission of a material misstatement or omission in a notice to CFIUS or making a false certification and (b) each violation of a material agreement entered into with CFIUS or specific conditions imposed on the parties.  In addition, the regulations make it clear that mitigation agreements can provide for liquidated damages. 

Enforcement and Policy Considerations

In announcing the final regulations, Treasury Secretary Paulson noted that “[T]he final regulations issued today strengthen the CFIUS process in a manner that reaffirms America's longstanding policy of openness to investment, consistent with the protection of our national security.”  This has long been the policy position of the U.S. government with respect CFIUS reviews of the potential national security implications and considerations of foreign investment.  However, the effect of FINSA and the final regulations is likely to be that a greater number of transactions will be notified to CFIUS, and such transactions, in particular those involving foreign government interests and critical infrastructure, will be subject to enhanced scrutiny. 




Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.