More than a year ago, Congress dramatically changed the process by which the federal government scrutinizes corporate transactions for national security risks. Ever since, issuers and investment funds have been waiting for details of the overhaul to get ironed out. At last, they are about to get some clarity.
With the Foreign Investment Risk Review Modernization Act of 2018 (aka FIRMMA), Congress updated the work of the Committee on Foreign Investment in the United States (CFIUS), the body that reviews direct foreign investments in U.S. companies. CFIUS has scuttled five different transactions over its lifetime, from the purchase of a DOD-adjacent wind farm by Chinese nationals to a foreign investment in Grindr, the gay dating app. Since the creation of CFIUS in 1975, concern over security-threatening foreign investment has only intensified, and, as the Grindr example indicates, evolved.
FIRMMA is Congress’s attempt to keep pace with the times. The statute makes at least two major changes to the way CFIUS operates. It expands the universe of deals that CFIUS will look into, and also makes it mandatory to submit filings to CFIUS for certain deals. (Until now, filings have been made on a voluntary basis.) Congress outlined these changes only in broad strokes, however, leaving details to get worked on in a two-step regulatory dance.
The first of those steps is the now-underway pilot program, through which CFIUS has gained experience with the new guidelines. The second step, which has yet to occur, is the implementation of final regulations by February 13, 2020. That’s a whole football season away, but if CFIUS is going to meet the deadline, it will have to issue draft regulations to the public soon—maybe as early as this month.
There are at least three big open questions for the final regulations to address:
- Fast-tracking issues: In its pilot program, CFIUS has tested “declaratory filings,” which are shorter than full-blown CFIUS notices. They are supposed to let CFIUS approve quickly deals that don’t raise concerns, while satisfying parties’ mandatory filing requirement. Many, however, are finding that the short filings only give rise to additional questions, putting their utility in question. There’s also much curiosity as to whether CFIUS will designate “white lists” or “black lists” of countries or investors, giving them presumptive approval or extra scrutiny, respectively.
- Treatment of foreign limited partners in funds: Previously, CFIUS limited its review to transactions that could give control of a U.S. business to foreign interests. FIRMMA broadens CFIUS’s reach to include non-controlling investments, but generally allows foreign parties to make passive investments with investment funds without worry. Some have said the passage is ambiguous, however, and introduces confusion about the extent to which CFIUS covers situations in which a fund’s advisory board includes a foreign limited partner.
- Crossing the line on data: FIRMMA responds to digital-age threats by letting CFIUS review transactions involving U.S. businesses that participate in the “use, development, acquisition, safekeeping, or release of sensitive personal data of United States citizens.” Of course, that only raises the question of what is “sensitive” personal data.
CFIUS will have to answer these and other questions soon to make the February deadline. A lot is riding on the answers. Already, public companies have flagged the CFIUS changes as risk factors for their businesses. A search of the Intelligize database shows that alternative investment funds The Blackstone Group and Hamilton Lane have both brought up CFIUS in 10-Ks. Both, in fact, have used identical language, noting that the final regulations “may reduce the number of potential buyers” of companies they have invested in, and have “limited the ability of our funds to realize value from certain existing and future investments.”
Soon enough, they will know just how serious those concerns are.