New guidelines may portend increased enforcement over foreign investment that implicates U.S. national-security concerns

On October 20, 2022, the Department of Treasury, which houses the Committee on Foreign Investment in the United States (CFIUS), adopted the first-ever CFIUS Enforcement and Penalty Guidelines. The guidelines represent the first written guidance related to how CFIUS will evaluate potential enforcement actions related to the myriad laws and regulations governing foreign investment in the U.S.

Background

Created in 1975, CFIUS is an inter-agency committee that reviews certain foreign-investment transactions (“covered transactions”) and advises the president on national-security risks that arise from those transactions. In general, covered transactions are defined as transactions — mergers, acquisitions, or takeovers — with any foreign person that could result in control of a U.S. business by a foreign person.

If CFIUS finds a national-security threat, the president has the power, under certain circumstances, to block the investment or require mitigating steps. In 2020, regulations under the 2018 Foreign Investment Risk Review Modernization Act took effect, which broadened CFIUS’s scope and modernized the review process. Long an obscure agency, CFIUS became more widely known in recent years due to its role in investigating the acquisition of Musical.ly, a social-media digital video platform by ByteDance, the Chinese owner of TikTok, the massively popular social-media app. The acquisition raised national-security concerns about Chinese government access to user data.

CFIUS’s Newly Issued Guidelines

Given CFIUS’s past obscurity, the guidelines appear to be an effort to increase its visibility and make the committee’s process more transparent. It may also suggest increased enforcement activity to come.  

The guidelines are divided into four sections: (1) a description of what constitutes a violation; (2) the information CFIUS considers and how that information is obtained; (3) the penalty process; and (4) aggravating and mitigating factors.

1. Types of Conduct That May Constitute a Violation

The guidelines address three categories of acts or omissions that may constitute a violation that is subject to penalty:

  • Failure to timely submit a mandatory declaration or notice;
  • Conduct that is prohibited by or fails to comply with CFIUS mitigation agreements, conditions, or orders; and
  • Material misstatements in or omissions from information filed with CFIUS and false/materially incomplete certifications filed during the CFIUS process.

2. Sources of Information

The guidelines also detail the various sources of information that CFIUS considers when determining if a violation has occurred, including requests for information (RFIs), self-disclosures, tips, and subpoenas. In determining what action to take, CFIUS will consider a party’s cooperation with RFIs and accept any exculpatory evidence, defenses, or justification that the party submits. As with most government self-disclosure protocols, the guidelines encourage voluntary self-disclosure and weigh the timeliness of that disclosure in any enforcement decision. But the guidelines do not indicate that self-disclosure will necessarily preclude or discount a proposed penalty.

3. Penalty Process

The guidelines describe the key steps in the penalty process, which are derived from CFIUS’s regulations, including 31 C.F.R. §§ 800.901 and 802.901. Those steps include:

  • Notice. CFIUS will send notice of penalty, which includes a written explanation of the conduct, any monetary penalties, the legal basis for concluding a violation has occurred, and aggravating and mitigating factors that the committee considered.
  • Petition for Reconsideration. Upon receiving notice, a party has 15 days to submit a petition for reconsideration to the CFIUS staff chairperson, which should include any defense, mitigating factors, or explanations. This time period can be extended upon showing of good cause. CFIUS will consider the petition before issuing a final penalty determination within 15 days of receiving it.
  • Final Penalty Determination. If no petition for reconsideration is timely received, CFIUS will issue a final penalty determination by notice to the party.

4. Aggravating and Mitigating Factors

Lastly, the guidelines provide a non-exhaustive list of various aggravating and mitigating factors that CFIUS considers in determining the appropriate penalty in response to a violation. CFIUS conducts a fact-based analysis, and the weight of each factor varies from case to case.

  • Accountability: The impact of the enforcement action on protecting national security and ensuring subject persons are held accountable for their conduct and incentivized to ensure compliance.
  • Harm: The extent to which the conduct impaired or threatened to impair U.S. national security.
  • Negligence, awareness, and intent: The extent to which conduct was the result of simple negligence, gross negligence, intentional action, or willfulness, and whether there was an effort to conceal or delay sharing information with CFIUS.
  • Persistence and timing: The amount of time that elapsed after the party became aware/had reason to become aware of the conduct before CFIUS became aware, and the frequency and duration of the conduct.
  • Response and remediation: Whether the party self-disclosed information, cooperated completely in the investigation, remediated the conduct promptly and completely, and reviewed the conduct internally to prevent its reoccurrence.
  • Sophistication and record of compliance: The party’s history and familiarity with CFIUS, resources dedicated to compliance and the compliance culture within the company, and measures in place to prevent conduct.

Conclusion

The new guidelines are non-binding and do not change the CFIUS’s authority. Nonetheless, they represent a notable step at raising the enforcement profile of the CFIUS. Given increased government scrutiny of foreign investments in the U.S. – especially involving China – and the implications they have on national security, more robust enforcement by CFIUS may be on the horizon.