Key Issues For Pending CFIUS Rulemaking

The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), enacted on August 13, 2018, represented the first major reform in a decade of national security reviews conducted by the Committee on Foreign Investment in the United States (CFIUS). Only certain portions of FIRRMA, have been implemented to date. Although interim regulations were published in October 2018, many of FIRRMA’s key provisions are not yet in effect, and other provisions in effect now and subject to the interim rules may be implemented differently once final regulations are issued.

All FIRRMA amendments to Section 721 of the Defense Production Act of 1950 (Section 721) are to go into effect no later than the earlier of (i) 18 months after enactment or (ii) 30 days after CFIUS has published a notice that it has put in place all the “regulations, organizational structure, personnel, and other resources necessary to administer the new provisions.” Practically speaking, since many of FIRRMA’s provisions depend on clarification in the regulations, final CFIUS regulations should be published no later than mid-January of 2020, so they can take effect in February 2020, or 18 months after FIRRMA’s enactment.

Similar to when CFIUS developed new regulations implementing FIRRMA’s predecessor law in 2007-2008, the Foreign Investment and National Security Act of 2007, CFIUS is expected to release draft rules and allow 30 days for public comment before issuing final regulations. There is a likelihood, in the event of a shutdown of the U.S. government, that CFIUS may issue another set of interim regulations implementing all of FIRRMA’s provisions by the February 2020 deadline, as the processes of drafting regulations, collecting comments from the public, and considering those comments would be interrupted.

Ten key issues to be addressed in the forthcoming regulations will include the following:

Definition of “U.S. business.”

CFIUS’s jurisdiction extends to a variety of transactions between a foreign party and a “U.S. business.” Prior to FIRRMA, Section 721 gave CFIUS jurisdiction over transactions that could result in foreign control of “any person engaged in interstate commerce in the United States.” In CFIUS’s definition of “U.S. business” in the 2008 regulations, CFIUS narrowed the scope of its jurisdiction to cover “any entity . . . engaged in interstate commerce in the United States, but only to the extent of its activities in interstate commerce” [emphasis added]. FIRRMA codifies many elements of the 2008 regulations but does not include the highlighted phrase in its definition of “United States business.” If the final FIRRMA regulations do not restore this language to the definition, CFIUS may be able to assert jurisdiction over entire multinational enterprises with U.S. activities — not just their U.S. components.

Definition of “control.”

In its 2008 regulations, CFIUS’s definition of “control” was intentionally imprecise, giving CFIUS greater flexibility in interpreting the definition and making it more difficult for parties to structure transactions around CFIUS jurisdiction. Now that CFIUS has expanded jurisdiction over noncontrolling investments involving critical technology, critical infrastructure, and personal information of U.S. citizens, CFIUS may be empowered to provide a more specific definition. For example, instead of enumerating just six minority shareholder rights that do not qualify as controlling, the FIRRMA regulations may expand the list to include a more typical range of minority investor protections that do not result in control in any practical sense.

Clarification of “safe harbor” for certain investment funds

FIRRMA exempts from CFIUS jurisdiction certain indirect, noncontrolling investments undertaken by foreign investors through U.S.-managed investment funds. CFIUS made a first attempt at implementing this provision in the context of its “pilot program” requiring mandatory filings for critical technology investments, but the pilot program regulations were neither consistent with the language in FIRRMA, nor did they reflect the practical realities of investment fund management. The final FIRRMA regulations offer an opportunity to correct this. Most importantly, CFIUS should seek to clarify when the general partner, managing member, or equivalent manager of an investment fund is a “foreign person”, disqualifying the fund from the safe harbor. U.S. funds often have offshore entities serving as general partner, though the actual fund manager may still be a U.S. citizen, and certain U.S. investment funds have more than one manager, only some of whom may be U.S. citizens. The FIRRMA regulations should address these common situations. In addition, as noted above, a more practical definition of noncontrolling minority investor protections would be helpful, particularly in the context of funds’ investor advisory committees.

Definition of “substantial interest.”

FIRRMA, in a departure from previous law, now requires the submission of CFIUS filings for transactions involving the acquisition of a “substantial interest” in U.S. businesses engaged in critical technology, critical infrastructure, or personal information, if a foreign government holds a “substantial interest” in the acquirer. FIRRMA requires substantial interest to be defined in regulations, but notes that with respect to noncontrolling investments, ownership of less than 10 percent will not be viewed as a “substantial interest.” CFIUS is still permitted, in the context of “substantial interest” of a foreign government, to consider a broad range of government rights with respect to the acquirer. Thus, even if a foreign government holds less than 10 percent of an acquirer, the FIRRMA regulations may allow CFIUS to determine that a foreign government has a “substantial interest” if it holds a “golden share” in the acquirer or has other control rights established by law.

Definition of “critical infrastructure.”

FIRRMA expands CFIUS’s jurisdiction to include noncontrolling foreign investments in U.S. businesses engaged in providing or maintaining “critical infrastructure.” In addition, CFIUS filings will now be required for certain investments in critical infrastructure businesses in the United States if a foreign government has a substantial interest in the investor. The U.S. government’s definition of critical infrastructure is quite broad in practice, though FIRRMA, consistent with the previous language of Section 721, describes it generally as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security.” FIRRMA charges CFIUS with further definition of the term through regulation; moreover, in the context of noncontrolling investments, FIRRMA requires the regulations to limit and give examples of the types of critical infrastructure that should be subject to CFIUS’s expanded jurisdiction over such transactions.

Real estate issues

In addition to codifying some current CFIUS regulations, FIRRMA codifies and expands certain existing CFIUS practices, such as consideration of national security risks arising from proximity between real estate acquired or leased by a foreign party and sensitive U.S. government facilities.

  • Exceptions for “urbanized” real estate. FIRRMA generally exempts from CFIUS’s jurisdiction real estate transactions in “urbanized areas,” subject to exceptions to be prescribed in regulations based on consultations with the Department of Defense. These exceptions could involve a variety of factors, such as sensitive public- and private-sector tenants, proximity to sensitive government sites, or residential use by civilian or military U.S. government personnel.
  • Definition of “U.S. government facility.” FIRRMA permits CFIUS to review transactions involving real estate “in close proximity to a . . . facility . . . of the United States Government that is sensitive for reasons relating to national security.” The FIRRMA regulations may now have to define “U.S. government facility,” in which case it will be interesting to note whether certain categories of “special use airspace” to which access is restricted due to military training, spaceflight, or other sensitive activities will qualify. Inclusion of special use airspace within the definition may be necessary in order for CFIUS to maintain its jurisdiction over real estate transactions close enough to such airspace to enable visual or electronic surveillance activities.

Nexus between personal data of U.S. citizens and national security

Another area in which FIRRMA seeks to codify and expand the existing CFIUS practice is by mandating the consideration of transactions involving the sensitive personal data of U.S. citizens. Historically, CFIUS focused on protecting the personal data of U.S. citizens with national security responsibilities. Over time, in light of several high-profile database breaches affecting a broad range of U.S. citizens, CFIUS has seemingly viewed the protection of all U.S. citizens’ personal data as a de facto national security issue. FIRRMA seeks to have CFIUS state this policy clearly or to delineate between different types of personal data in the forthcoming regulations; the expansion of CFIUS’s jurisdiction and newly required CFIUS filings only apply to investments in U.S. businesses that maintain or collect the personal data of U.S. citizens if that data “may be exploited in a manner that threatens national security.”

Preferential treatment of investors from certain countries

FIRRMA requires CFIUS to issue regulations narrowing the definition of “foreign person” for the purpose of limiting the application of expanded jurisdiction over real estate transactions and noncontrolling investments in U.S. businesses engaged in critical technology, critical infrastructure, or personal data. Specifically, CFIUS must create categories of foreign persons to whom these provisions of FIRRMA will not apply, based on how an investor is tied to a foreign country or government and whether that connection could affect U.S. national security. The challenge for CFIUS, in carrying out FIRRMA’s mandate, will be to create categories of qualifying foreign persons that allow CFIUS to focus its resources and efforts on transactions presenting possible U.S. national security risks, but without creating wide loopholes allowing potentially threatening investors to avoid CFIUS scrutiny.

Definition of “contingent equity interest.”

Prior to the enactment of FIRRMA, CFIUS generally did not assert jurisdiction over most issuances of nonvoting convertible securities and other contingent equity interests. In most cases, CFIUS jurisdiction arose only when the conversion or similar rights were exercised and resulted in a foreign acquisition of substantial voting and governance rights in the U.S. business. FIRRMA changed this, expanding the definition of “investment” to include “acquisition of . . . contingent equity interest, as further defined in regulations” [emphasis added]. In its pilot program regulations, CFIUS limited the definition of contingent equity interest to a financial instrument that “is convertible into an equity interest with voting rights.” This definition (unless “convertible” is interpreted beyond its normal financial and legal usage) does not include widely issued instruments such as stock options and warrants that technically are not converted, but under which purchase rights are exercised. Other types of securities and rights may also fall outside the definition of “convertible” but may, in practice, have the same net effect. Convertible securities and other forms of contingent equity were used in the past to enable parties to complete the transfer of economic rights while delaying the transfer of governance rights until the CFIUS process had run its course. If the forthcoming rulemaking continues to define contingent equity interest narrowly, CFIUS may be indicating to parties that it remains comfortable with some form of these “two-stage” transactions.
While the issues described above are particularly notable because of their potentially broad effects on future transactions, the FIRRMA regulations will likely include many nuances that need to be interpreted in the context of the facts of each transaction. Parties contemplating cross-border transactions should therefore monitor the development of these rules and seek qualified counsel for assistance.