The US Treasury Department published final regulations to implement FIRRMA, which greatly expanded the scope of CFIUS to review foreign investments in US businesses. The new rules clarify and revise proposed regulations issued by Treasury last September, and parties involved in any foreign investments in US businesses should carefully consider the application of these new rules.
On January 17, 2020, the US Treasury Department published final regulations to implement the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which greatly expanded the scope of the Committee on Foreign Investment in the United States (CFIUS) to review foreign investments in US businesses. The purpose for CFIUS reviews continues to be to determine if foreign investments in the United States pose US national security issues. The new rules clarify and revise proposed regulations issued by Treasury last September—see our previous On the Subject. The final regulations become effective on February 13, 2020.
Covered Control Transactions
Under FIRRMA and the new rules, CFIUS continues to have jurisdiction to review any transaction by or with any foreign person that could result in foreign control of any US business, including those carried out through a joint venture. The new rules continue as under existing rules to define “control” as the power— through ownership of a majority or dominant minority—to determine certain specified important operations of the US business. Any majority acquisition of a US business by a foreign entity would be a “covered control transaction” that continues to be within the scope of CFIUS’s review authority.
As discussed below, certain foreign investments, including covered control transactions, with substantial foreign interests and/or those involving certain types of US businesses, will now be subject to mandatory CFIUS review. Other covered control transactions will remain subject to CFIUS review upon voluntary notification, as under existing rules.
Under FIRRMA and the final implementing regulations, certain non-controlling foreign investments in a US business will also be subject to CFIUS review. The jurisdiction of CFIUS over such non-controlling investments is based on three factors: (1) the investor must be a “foreign person” or “foreign entity,” (2) the US business must have certain specified attributes, and (3) the foreign investor must have certain triggering rights in the US business.
1. The investor must be a foreign person. “Foreign persons” include foreign individuals, entities and governments along with entities that are controlled by foreign individuals or entities or in which a foreign government has a “substantial interest” of 49% of more.
As discussed below, FIRRMA imposes mandatory reviews for certain foreign investments. The final regulations carve out from mandatory filing requirements investments involving “excepted investors” from “excepted foreign states.” Treasury has initially designated only Australia, Canada and the United Kingdom as excepted foreign states for two years, through February 12, 2022. Investments in US businesses by nationals of these countries can still be reviewed by CFIUS at its discretion.
Under the final regulations, an “excepted investor” is one with at least 75% of its board members who are either US nationals or from an excepted foreign state. Foreign individual investors may be treated as excepted investors if they acquire no more than 10% of the US business.
2. The US business must have certain attributes. The foreign investor must invest in a “TID US Business”—a US business with critical Technology, critical Infrastructure or sensitive personal Data, as follows:
The production, development or testing of “critical technologies”:
Critical technologies are defined in FIRRMA generally as those technologies subject to US export license requirements under various US export control laws. The final regulations continue to reflect this definition, which includes “emerging” and “foundational” technologies that remain subject to review and further definition by the US Commerce Department.
The CFIUS Pilot Program, implemented in 2018 in Part 801 of the CFIUS regulations, imposed mandatory filing requirements for foreign investments in US businesses with critical technologies involving certain specified industries. The Pilot Program will end February 13, 2020, when the final regulations take effect, but the substance of the Pilot Program, including the mandatory filing requirement, has been largely maintained in the final regulations. CFIUS anticipates issuing additional proposed rules in the future that that would revise the mandatory review requirement from one based on specified industries (referenced by NAICS codes) to one based on export control license requirements.
The operation or ownership of “critical infrastructure”:
The final rules continue to define critical infrastructure as systems and assets so vital to the United States that their incapacity or destruction would have a debilitating impact on national security.
Like the proposed rules, the final regulations include an Appendix A that specifies the scope and operations of covered critical infrastructure, including internet network systems, telecommunication systems, submarine cable systems, specialty metals, defense production resources and others.
The collection or possession of “sensitive personal data” on US citizens:
Sensitive personal data covers identifiable data on individual US citizens in 10 specified categories, including health, financial and geolocation, among others.
A US business with these categories of data will be covered by the rules only if:
It targets or tailors products or services to certain populations (g., US military or national security employees), or
It maintains or expressly seeks to maintain such data on at least one million individuals.
Genetic test information is covered whether or not it meets the foregoing conditions.
3. The foreign investor must attain certain triggering rights in the US business. The foreign investor must receive one or more of the following rights in the US business:
Access to material nonpublic technical information regarding critical infrastructure or critical technology;
Seats, nomination rights, or observer rights on the board; or
Involvement in substantive decision-making of the US business regarding sensitive personal data, critical technology or critical infrastructure.
Mandatory and Voluntary Declarations
Parties to covered transactions are required to notify CFIUS and seek a review, either by filing a short-form declaration or a full notice, if the foreign investment in a US business meets the following criteria:
The foreign investor gains a 25% or greater interest in a TID US Business and such foreign investor is itself owned 49% or more by a foreign government, other than an excepted state, currently including Canada, Australia and the UK.
The foreign investor invests (in any amount) with the foregoing triggering rights in a TID US business that utilizes critical technologies itself in an industry specified in Appendix B to the new rules, or that designs any critical technologies specifically for use in one or more of those specified industries in Appendix B.
Note that Treasury intends to issue a revised rule at a later date that would replace the NAICS industry basis for the mandatory filing requirement with one based on specific export license requirements for the critical technology.
The final regulations allow parties to file voluntary declarations, rather than full notices, in certain types of transactions. Parties may consider voluntarily filing such short-form declarations, which generally are easier and possibly faster than full notices, for covered transactions that they consider pose no likely US national security issues.
A mandatory declaration must be filed at least 30 days prior to the closing of the transaction.
Special Note on Investment Funds
Under existing and proposed regulations, certain exceptions to CFIUS jurisdiction were made for selected types of foreign investments by funds investing in US businesses. However, these regulations were vague and created uncertainty for fund investors. The final regulations clarify the “investment fund exception” in the following two respects.
First, the regulations provide that CFIUS will determine the foreign status of a fund depending on the location “where the fund’s activities and investments are primarily directed, controlled, or coordinated by the general partner, managing member, or equivalent.” However, if the entity has represented its primary place of business as outside the United States, that location will determine its status as a “foreign entity” unless it can show otherwise.
Second, the regulations clarify that an investment by a foreign person in an investment fund that invests in a US business will not be considered a covered investment, as long as the fund is managed by a US general partner and the foreign investor’s rights are sufficiently limited.
Covered Real Estate Transactions
Treasury issued final FIRRMA regulations under new Part 802 of the CFIUS rules, to extend CFIUS review jurisdiction over certain real estate transactions. CFIUS will have the discretion to review, with some exceptions, any real estate transaction in which a foreign investor buys, leases or obtains a concession with respect to “covered real estate.”
The regulations define covered real estate as property:
Within most US air or maritime ports, or
Within close proximity to certain US facilities or military installations specified in Appendix A to the regulations.
In order to be a covered real estate transaction, the foreign investor must attain three or more of the following property rights: to access, to exclude access, to improve or develop, or to affix structures or immovable objects.
Mandatory declarations are not required for covered real estate transactions.
The final CFIUS rules impose new and complex definitions, policies and requirements. FIRRMA also authorized CFIUS to impose a filing fee, but Treasury states it will publish a separate rule for that at a later date. Parties involved in any foreign investments in US businesses should carefully consider the application of these new rules, including whether a mandatory filing and review is required.