CFIUS: New Foreign Investment Review Regulations



Cathleen D. Cimino-Isaacs and James K. Jackson | Congressional Research Service


On September 17, 2019, the Treasury Department proposed regulations for public notice and comment to implement key parts of the Foreign Investment Risk Review Modernization Act (FIRRMA) (Title XVII, P.L. 115-232), which ”strengthens and modernizes” the national security review of foreign direct investment (FDI) transactions by the Committee on Foreign Investment in the United States (CFIUS) (under P.L. 110-49). CFIUS is an interagency body comprising nine Cabinet members and others as appointed. The draft regulations initiate provisions that would affect how certain real estate and noncontrolling investments will be scrutinized. These regulations were widely anticipated by various stakeholders for clarifying key aspects of FIRRMA.

While various provisions of FIRRMA became effective upon enactment in August 2018, the Act also required CFIUS to take certain actions within prescribed deadlines for various programs, reporting, and regulations. The proposed regulations are to be finalized by February 2020. Treasury also launched a pilot program in October 2018 related to transactions involving critical technology—the proposed regulations would not change the program. The FIRRMA-amended CFIUS process maintains the President’s authority to block or suspend proposed or pending foreign “mergers, acquisitions, or takeovers” that could result in control of U.S. entities, including through joint ventures, that threaten to impair national security. The proposed regulations expand and clarify new authority for CFIUS to review certain real estate and other noncontrolling foreign investments on the basis of threats, vulnerabilities, and consequences to national security.

Reviews of noncontrolling investments are limited to U.S. businesses (referred to as “TID businesses” for Technology, Infrastructure, and Data) that: (1) produce, design, test, manufacture, fabricate, or develop one or more critical technologies; or (2) own, operate, manufacture, supply, or service critical infrastructure (28 subsectors specified); or (3) maintain or collect sensitive personal data. One major aim of the proposed regulations is to “provide clarity to the business and investment communities with respect to the types of U.S. businesses that are covered under FIRRMA’s other investment authority.” The regulations would limit the application of the expanded review process to certain categories of foreign persons, introducing new terms such as “excepted investor” and “excepted foreign state” for noncontrolling transactions.

Parties involved in these new covered transactions can choose between providing voluntarily, a short (not to exceed five pages) written declaration to receive expedited consideration or potential approval by CFIUS, or the traditional longer written notification. A declaration is mandatory however, where a foreign government has a “substantial interest” (see below). The proposed regulations specify the content and filing processes for declarations and notices; misstatements or omissions are subject to a fine of $250,000 per violation. FIRRMA also authorizes CFIUS to impose fees and to create a mandatory filing process: those areas would be covered in future proposed regulations.

One concern of some stakeholders has been the potential impact of CFIUS’s expanded jurisdiction on smaller U.S. businesses that rely on foreign investment. Treasury indicated that it could not project the economic impact of reviewing certain real estate transactions, but it estimated that the change was not expected to have a “significant economic impact on a substantial number of small entities.” Similarly, regarding noncontrolling equity investments, Treasury concluded that less than one percent of U.S. small businesses likely would be subject to a review.

Real Estate Transactions

CFIUS’s expanded jurisdiction over certain real estate (land and structures) transactions includes the purchase or lease by, or a concession to, a foreign person of certain private or public real estate located in the United States. Real estate transactions are defined as those that accord the investor certain fundamental property rights. In particular, the provision focuses on real estate that is in proximity of certain airports, maritime ports, and other facilities and properties of the U.S. Government that are sensitive for national security reasons (military installations include 190 facilities located across 40 States and Guam). CFIUS additionally retains the authority to review any transaction that raises national security concerns on the basis of proximity to sensitive sites and activities.

The regulations specify various definitions, such as:

  •  Stipulated airports: As defined by the Federal Aviation Administration (FAA), major passenger and cargo airports based on volume and “joint use airports” that serve civilian and military aircraft;
  • Close proximity: Areas within one mile of a relevant military installation or other facility or property of the U.S. Government;
  • Extended range: Areas between one and 100 miles;
  • Facilities located within designated counties, according to Appendix A; and
  •  Off-shore ranges: Within 12 nautical miles of the U.S. Excepted real estate transactions include: (1) certain real estate investors, defined as those with a substantial connection to certain foreign countries and who have not violated U.S. laws; (2) housing units; (3) urbanized areas and urban clusters (both defined by the Census Bureau); (4) commercial office space (with some exceptions); (5) retail trade, accommodation, or food service establishments; (6) lands held by Native Americans and some Alaskan Natives; and (7) certain lending and contingent equity transactions.

Requirements for filing a voluntary declaration or written notice are similar to those for other investment transactions. The regulations define an excepted foreign investor through various criteria, including holding the right to 5% or more of the profit of the investing foreign firm, or the ability to exercise control.

Noncontrolling Equity Investments

CFIUS’s expanded authority under FIRRMA directs it to review investment transactions whether or not the investment conveys a controlling equity interest in cases where a foreign person has: (1) access to information, certain rights, or involvement in the decisionmaking of certain U.S. businesses involved in critical technologies, critical infrastructure, or sensitive personal data (i.e., TID businesses); (2) any change in a foreign person’s rights, if such change could result in foreign control of a U.S. business or a covered investment in certain U.S. businesses; and (3) any other transaction, transfer, agreement, or arrangement, designed or intended to evade or circumvent the CFIUS review process.

In the first category, CFIUS can review noncontrolling investments if they afford a foreign investor:
1. access to any “material non-public technical information” in the business’ possession;
2. membership or observer rights on the board of directors (or equivalent body); or
3. involvement other than through voting of shares, in “substantive decisionmaking” regarding the business.

The proposed regulations further define the terms “material non-public technical information” and “substantive decisionmaking.” The regulations also clarify circumstances under which CFIUS can review an indirect investment through investment funds. As discussed, this new authority is limited to so-called “TID U.S. businesses.”

The proposed FIRRMA regulations elaborate a number of important definitions that define and constrain the scope of CFIUS’s reviews. The term, “critical technologies” reflects the definition provided in FIRRMA that covers various items, including “emerging and foundational technologies,” which are to be subject to export controls, pursuant to the Export Control Reform Act of 2018. Regarding “critical infrastructure,” the application of CFIUS’s new jurisdiction is limited to 28 subsectors listed in an appendix (such as telecommunications, energy, and transportation), and specific business functions. “Sensitive personal data” that may be exploited to threaten national security includes 10 categories of data maintained or collected by U.S. businesses that (1) “target or tailor” products or services to “sensitive populations,” like U.S. government personnel; (2) maintain or collect data on more than one million individuals; or (3) have a demonstrated objective to maintain or collect data on more than one million individuals as part of its primary product or service. Notably, genetic information is included in the definition, regardless of these parameters. Other types of data include financial, geolocation, health, and others. Treasury emphasized that these parameters were drafted to provide as much clarity and specificity as possible to businesses. These specifications do not constrain CFIUS’s traditional review of any transaction resulting in foreign control of a U.S. business.

The regulations do not target any particular country for greater scrutiny by CFIUS—a major topic of congressional debate during consideration of FIRRMA. FIRRMA did however, mandate criteria that exempts certain categories of foreign investors from CFIUS’s expanded jurisdiction. These criteria include the principal place of business and incorporation, as well as ties to certain eligible countries. Treasury is to publish a list of criteria for determining a limited number of “excepted foreign states”—a status to be determined by the Treasury Secretary and a supermajority of CFIUS member agencies. One major factor is whether that country is “utilizing a robust process to assess foreign investments for national security risks and to facilitate coordination with the United States on matters relating to investment security.” Treasury is to delay implementation of this requirement to allow countries to enhance their review processes. “Excepted investors,” however, would not be exempt from CFIUS’s review of controlling transactions.

Under FIRRMA, the process of notifying a transaction to CFIUS remains largely voluntary, but FIRRMA provided new authority to require a declaration, an abbreviated filing, with basic information on the transaction. A declaration is mandatory for transactions in which a foreign person has a “substantial interest” in a U.S. business, and a foreign government holds a “substantial interest” in the foreign entity making the investment. Notably, the regulations specify a voting interest (direct or indirect) threshold for “substantial interest” of 25% between a foreign person and U.S. business and 49% or greater between a foreign government and foreign person. (Any voting interest of a parent entity in a subsidiary is deemed to be a 100% voting interest.) The proposed rule would also implement FIRRMA’s mandate that CFIUS take certain actions in response to a declaration.

Issues for Congress

The new CFIUS regulations may raise a number of issues for Congress, including:

  • Are the additional CFIUS regulations affecting new and existing FDI in the United States? Would the amended review process potentially delay or expedite approvals?
  • What impact are CFIUS’s additional authorities and regulations regarding reviews of FDI in critical infrastructure, critical technologies, and emerging technologies having on CFIUS activities?

For more information, see CRS In Focus IF10952, CFIUS Reform: Foreign Investment National Security Reviews, and CRS In Focus IF11135, Deadlines, Programs, and Regulations Mandated by FIRRMA.


To read original report, click here