The Committee on Foreign Investment in the United States has not yet issued regulations to implement key provisions of the Foreign Investment Risk Review Modernization Act, but the first half of 2019 has been active from an investment and enforcement perspective.
As the U.S. government works to implement FIRRMA and the Export Control Reform Act, investors and practitioners continue to grapple with the nuances—and shortcomings—of the critical technology pilot program initiated in November 2018.
In parallel, CFIUS has exhibited a new willingness to exercise its enforcement authority, through a series of post-completion divestment orders and the imposition of a first-ever monetary penalty for failure to comply with mitigation commitments. Although the past nine months hit the CFIUS world like a whirlwind, further changes are still to come.
Regulatory (Non) Developments
To date, the Treasury Department has not issued regulations implementing many key aspects of FIRRMA, including the provisions relating to investments in critical infrastructure companies, real estate investments, investments in U.S. business that maintain or collect sensitive personal identifier information (PII), or investments in which a foreign government will obtain a “substantial interest” in a sensitive U.S. business.
Similarly, the Commerce Department has not issued proposed or final regulations clarifying what “emerging and foundational technologies” will be subject to export control restrictions on a going-forward basis. The Commerce Department has issued an advance notice of proposed rulemaking identifying various categories of technology as “potential” categories of “emerging technology”; however, the category descriptions are broad and provide limited, practical guidance to U.S. businesses or their advisors.
Although FIRRMA did not extend CFIUS’s jurisdiction to pure technology transfers and licensing arrangements, the forthcoming export control restrictions—initiated by ECRA—foreseeably will address the U.S. government’s national security concerns over the foregoing categories of transactions, over which CFIUS currently does not have jurisdiction.
Under FIRMMA, the Treasury Department has until February 2020 to issue rules implementing the above-described measures, and the Commerce Department is expected to issue new rules under ECRA on or before the FIRRMA deadline. Once the final rules are issued, a significant number of previously unregulated transactions—including investments, licensing arrangements, and technology transfers—will be subject to U.S. regulatory review.
Critical Technology Pilot Program
The critical technology pilot program, initiated in November, represents a case study in the market shock that the forthcoming regulations implementing FIRRMA and ECRA are likely to inflict. For firms whose funds may qualify as foreign persons (as broadly defined for CFIUS purposes), the pilot program has promoted a top-to-bottom reassessment of investment strategy and pre-investment due diligence requirements, increasing the risk—and transaction costs—for parties that operate within, or seek to invest in, designated pilot program industries.
Even for U.S. investment firms, the pilot program has sparked rethinking of fundraising strategy, as well as heightened attention to negotiation of limited partnership agreements and related investment documentation.
Nevertheless, as certain key terms—including “emerging and foundational technology” and “material nonpublic technical information”—remain undefined, or only vaguely defined, the pilot program has had less bite than predicted. In practice, many parties negotiate contractual or side letter rights that remove one or more of the pilot program jurisdiction triggers, thereby eliminating the need for a mandatory CFIUS filing.
For prospective investors in sensitive U.S. businesses, the apprehension and cost prompted by the pilot program likely is only a microcosm of the changes still to come as the U.S. government implements the remaining aspects of FIRRMA and ECRA.
In recent months, CFIUS has exercised its authority to unwind transactions and enforce its mitigation orders in an uncharacteristically public and aggressive manner, possibly signaling a new, heightened era of CFIUS enforcement. For example, CFIUS forced Chinese gaming company Beijing Kunlun Tech Co. Ltd. to divest its majority interest in Grindr LLC, a popular dating application, more than three years after Kunlun’s initial investment. Similarly, CFIUS forced Chinese company iCarbonX, backed by Chinese investment conglomerate Tencent Holdings Limited, to divest its majority ownership in PatientsLikeMe, a patient network and research platform, over two years after iCarbonX’s initial investment.
These divestment orders apparently were driven by CFIUS’s concern over Chinese investors’ access to PII of U.S. citizens. In both cases, CFIUS required divestiture years after the investment, the strongest possible remedy that CFIUS could have required, signaling a commensurately substantial national security concern. CFIUS’s scrutiny of PII-related transactions is primed to increase once the forthcoming PII-related regulations take effect.
In addition, in late 2018, CFIUS imposed a $1,000,000 penalty against an unnamed company for breach of a CFIUS mitigation agreement, “including failure to establish requisite security policies and failure to provide adequate reports to CFIUS.” The action marked the first time that CFIUS has imposed a monetary penalty for failure to comply with mitigation requirements. Per CFIUS’s confidentiality rules, CFIUS’s announcement did not identify the penalized party. However, CFIUS’s first-ever issuance of a monetary penalty underscores that failure to comply with CFIUS directives can result in tangible penalties.
The past six months have been dramatic for investors and CFIUS practitioners, but the current commotion likely represents only a fraction of the changes yet to come. The forthcoming restrictions under FIRRMA and ECRA promise to create new complications—and costs—for a wide range of investments and business arrangements
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Ama Adams is a partner in the litigation & enforcement practice at Ropes & Gray in Washington, D.C.
Emerson Siegle is an associate in the litigation & enforcement practice at Ropes & Gray in Washington, D.C.
Brendan Hanifin is counsel in the litigation & enforcement practice at Ropes & Gray in Chicago.