CFIUS Enforcement Guidelines Signal Need for Tailored Compliance

On Oct. 20, the Treasury Department released first-ever enforcement and penalty guidelines for the Committee on Foreign Investment in the United States. These describe how to assess penalties for violations of CFIUS-related obligations, including failure to submit mandatory pre-closing filings.

This guidance emerges in the context of relatively scarce enforcement history, signaling that CFIUS is prepared to awaken its dormant civil penalty power.

Investors and US businesses can no longer assume their investment activities are beyond the committee’s long reach. It’s time for these entities to tailor compliance programs to CFIUS filing and mitigation requirements.

Committee Function

CFIUS is an interagency committee of the US government with authority to review certain foreign investments in US businesses for national security concerns.

For most transactions, the CFIUS process is voluntary, meaning that parties to a covered transaction are not required to seek CFIUS approval before proceeding with their transaction.

Although the process is largely voluntary, failure to notify CFIUS of a covered transaction can present significant risk where meaningful national security issues are involved.

Where parties to a covered transaction do not seek CFIUS pre-clearance, the committee is empowered to initiate its own review of the transaction, either before or after closing.

CFIUS may require parties to a covered transaction to enter into a mitigation agreement—or even recommend that the US president block a transaction entirely—if the committee determines that the foreign investment threatens to impair national security. Reviews can require disclosure of voluminous, detailed information to the committee.

The committee is authorized to impose monetary penalties of up to $250,000 or, for non-compliance with a mandatory filing obligation or breach of a mitigation agreement, up to the value of the underlying transaction (if greater than $250,000), in addition to mitigation conditions.

Guidelines

The guidelines describe aggravating and mitigating factors and signal how US and non-US investors may seek to manage CFIUS risk in connection with their investment activities.

Three types of violations are potentially subject to CFIUS enforcement—failure to submit a mandatory filing, non-compliance with CFIUS mitigation requirements, and submission of false certifications or material misstatements or omissions during a CFIUS review.

Under the guidelines, CFIUS enforcement proceedings will proceed in three stages. First, CFIUS will send the enforcement target a notice of penalty describing the suspected misconduct and proposed penalty amount.

Second, the target may within 15 days—or longer as determined by CFIUS—submit a petition for reconsideration, pleading any available defense, mitigating factors, or justification. Third, upon consideration of any petition for reconsideration, CFIUS will issue a final determination within 15 days.

CFIUS will consider aggravating and mitigating factors when determining penalties, including:

Impact of enforcement action on protecting national security, including by promoting future compliance by other parties.

• How the conduct impaired national security.
• Target’s degree of culpability—simple negligence, gross negligence, or willfulness.
• Frequency and duration of misconduct.
• Target’s level of cooperation, including self-disclosure or remediation.
• Target’s sophistication, familiarity with CFIUS, and compliance history, including policies and training to prevent violations.

Takeaways

In nearly 50 years, CFIUS has publicly reported only two penalties, both modest in scope—$1 million and $750,000—and relating to violations of mitigation requirements.

Although failure-to-file penalties were introduced in 2018, triggering considerable apprehension, CFIUS has not yet penalized any party for failure to comply with a mandatory filing requirement.

The guidelines were published approximately one month after President Joe Biden issued an unprecedented CFIUS-related executive order. This suggests a renewed commitment to use of the CFIUS review process to address national security risk, a concept that the committee construes increasingly broadly.

Aggravating and mitigating factors described in the guidelines suggest that CFIUS expects investors to dedicate resources to employee education and CFIUS-related due diligence of investment opportunities.

In practice, many repeat non-US investors already have developed and follow CFIUS-focused protocols to expedite review, assessment, and filing determinations for investment opportunities.

However, these considerations are not limited to non-US investors. For example, US sellers and businesses should consider the national security risks presented by prospective acquirers.

This assessment can be increasingly complex given CFIUS’s practice—recently endorsed by executive order—of considering risks that do not specifically arise from the transaction under review. For example, an otherwise non-threatening foreign party may be perceived to present risk due to its relationships—e.g., customers—with countries or parties of concern.

Similarly, the CFIUS definition of a US business encompasses US operations and subsidiaries of non-US-organized and headquartered businesses. As a result, even transactions between foreign buyers and sellers may trigger CFIUS jurisdiction where the target business includes a US footprint.

Conclusion

The guidelines signal that CFIUS intends to revamp its enforcement approach and impose monetary penalties for non-compliance with CFIUS filing obligations and mitigation requirements.

Investors and US businesses should consider themselves on notice and, to the extent not already in place, consider developing CFIUS-focused protocols or checklists to avoid inadvertent non-compliance.

US regulators have a history of pursuing enforcement actions against market-leading firms across industries. Access to resources, commercial sophistication, and experience make for an attractive enforcement target, due to the opportunity to send a message to other industry participants, and larger firms’ ability to pay larger penalties.

While smaller investors and US businesses are not immune from CFIUS enforcement, experienced, well-resourced, and/or active investors may be the subject of increased scrutiny.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Write for Us: Author Guidelines

Author Information

Ama Adams leads Ropes & Gray’s global anti-corruption and international risk practice, is managing partner of the Washington, D.C. office, and a partner in the litigation and enforcement practice.

Brendan Hanifin is a partner in Ropes & Gray’s litigation and enforcement practice, specializing in international risks.

Emerson Siegle is an associate in Ropes & Gray’s litigation and enforcement practice.

Kurt Fowler contributed to this article.