Select Language:

Expanded CFIUS National Security Reviews

The Committee on Foreign Investment in the United States ("CFIUS" or "Committee") reviews transactions that result in control of U.S. businesses passing to foreign persons, to determine their effects on the national security of the United States. CFIUS has long had authority to recommend that a transaction be modified, suspended, or prohibited.
CFIUS's authority and recently expanded scope was given a statutory basis in October 2007, when the Foreign Investment and National Security Act ("FINSA")1 became law. In recent years the factors considered by CFIUS have changed, from solely national security concerns to issues relating to homeland security and its application to critical infrastructure. The CFIUS review also now encompasses assessments of the impacts on critical technologies, the long-term U.S. requirements for sources of energy and other critical resources, and the subject country's relationship with the United States, specifically on cooperating in counter- Reviews terrorism efforts and adherence to nonproliferation control regimes. In addition, the Committee is now directed to investigate every foreign government controlled transaction, unless it specifically determines that the transaction will not impair U.S national security.

The Committee also considers other factors that the President or Committee determine to be appropriate. History and Original Role of CFIUS CFIUS is chaired by the Secretary of the Treasury, and the Department of the Treasury's Office of International Affairs acts as the secretariat, which includes responsibility for coordinating reviews of transactions. It was formed by executive order of President Ford in 1975, issued under the Defense Production Act of 1950, with its original role being to provide information on foreign investments into the United States and to review those that might have major implications for U.S. national interests. In 1988, in response to concerns of Congress and the public about the impacts of increased foreign investment in U.S. companies on America’s economy and on defense industries, the Exon-Florio Amendment2 was inserted in the Omnibus Trade and Competitiveness Act. The amendment authorized the President to block a foreign acquisition if there is "credible evidence" that it will impair the national security and no other law authorizes the required protection. President Reagan delegated this authority to CFIUS.3

In earlier years, the Committee focused more on assessment of risks posed by foreign control to the capability of domestic industries to meet national defense requirements, the control of these industries by foreigners, sales of military equipment or technology to countries that support terrorism, missile proliferation, and proliferation of chemical, biological or nuclear weapons. However, foreign investment in U.S. businesses came sharply into focus as Congressional concerns about the adequacy of the CFIUS process grew following the 9/11 attacks and several high-profile transactions in 2005 and 2006 caused public and political controversy. Many of the changes to CFIUS codify practices developed in recent years. The intention behind CFIUS is not to alter the United States' generally open foreign investment climate nor to inhibit investment in industries that have no bearing on national security. However, CFIUS has operated under the authority, and has tended to reflect the attitudes and policies, of the President.

Foreign Investment and National Security Act of 2007 and the FINSA Regulations of 2008 FINSA became law on October 24, 2007, and the FINSA Regulations came into force on December 22, 2008. FINSA established CFIUS on a statutory basis for the first time and, as mentioned, codified the expanded factors the Committee considers when reviewing transactions, as well as establishing in law the practice of negotiating mitigation agreements with parties to transactions. It added more government agencies to its membership (and more were added by executive order in January 2008; over a dozen are now involved), and enhanced Congressional oversight of the process by requiring certified annual reports and reports of each review and investigation to be provided to Congress.

The 2008 Regulations make substantive changes to the 1991 Regulations, chiefly by clarifying and expanding key definitions and concepts, as well as administrative changes, although the core processes and timelines are not changed: Filing with CFIUS remains voluntary, but the information required to be submitted is significantly expanded; the informal practice of notifying CFIUS before making a filing is explicitly encouraged; a lead agency must be designated for each covered transaction; and sign-off must be at the level of deputy head of the lead agency or higher. "National security" remains undefined. Hence the Committee’s flexibility and discretion in reviewing national security-related issues is maintained. Procedure and Timeline under CFIUS Notification. The parties to a "covered transaction" voluntarily file notice stating that a U.S. corporation will become subject to foreign control, or CFIUS itself may unilaterally initiate a review. A "covered transaction" is any merger, acquisition or takeover by or with any foreign person that could result in foreign control of any person engaged in interstate commerce in the United States.4 While the information to be filed is extensive and burdensome, the benefit of filing is to obtain "safe harbor" against future blocking or unwinding action.

30-Day National Security Review. CFIUS must conduct a review of the covered transaction "to determine the effects of the transaction on the national security of the United States,"5 taking into consideration the enumerated factors. In essence, an assessment is made of (i) any vulnerabilities exposed by the transaction, focusing on the assets being acquired; (ii) the existence of any threat that these vulnerabilities may be exploited by someone with bad intentions coupled with the capability to do harm; and (iii) the likely consequences of successful exploitation of the target. During this period, the Director of National Intelligence is required to conduct a thorough analysis of potential national security concerns, ensuring that the intelligence agencies remain engaged. Reviews by CFIUS of the vast majority of covered transactions end here.

45-Day Investigation. Following the review, CFIUS must immediately investigate the effects of the transaction on the national security if the lead agency and CFIUS concur that it should investigate, or it is determined that the proposed transaction (i) threatens to impair U.S. national security and the threat has not been mitigated during the review; (ii) is foreign government-controlled (unless the Secretary of the Treasury and the head of the lead agency jointly determine that there is no impairment); or (iii) would result in foreign control of critical infrastructure and could impair national security, unless mitigated during the review. CFIUS is authorized to take any necessary actions to protect the national security.

Decision Within 15 Days of Completion of Investigation. The President must decide whether to suspend or prohibit the transaction (which includes the power to order divestment) " but only if there is "credible evidence" that the foreign acquirer might take action to impair the national security and there is no other law giving the President the authority to take such steps. The President’s decision is not subject to judicial review.

Mitigation Agreements

In the last decade, CFIUS developed a practice of negotiating (or imposing) agreements or conditions on parties to a covered transaction in order to mitigate perceived threats to the national security not addressed under other laws, so as to allow the transaction to proceed. While FINSA provides a statutory basis for the practice, the January-2008 Executive Order imposed a measure of control over mitigation agreements: It requires the lead agency to identify for the Committee the risk posed by the transaction based on factors including the threat, vulnerabilities, and potential consequences; and to set out the mitigation measures it believes are reasonably necessary to mitigate the risk. The approach of CFIUS and the lead agency to mitigation agreements is dictated by the particular circumstances of the transaction. The agreements range from commitment letters on specific issues of concern to formal national security agreements with binding commitments and liquidated damages for breach.

Agreements often include provisions requiring cooperation in the development and execution of a security plan; background checks on, or limiting involvement in certain sensitive tasks of, foreign personnel; notice of changes to key management positions; certification of export control compliance; customer lists; notifications of security incidents (such as cyber attacks); compliance with international, industry, or federal standards; and rights to visit the site and access books and records. Homeland Security is the lead agency most often a party to them. Efforts to monitor compliance with mitigation agreements once concluded have correspondingly increased. In 2006, sixteen mitigation agreements were entered into. The fourteen agreements in 2007 involved transactions in the manufacturing, energy, transportation-operations services, and information technology sectors. Three were full national security agreements. FINSA directs CFIUS to establish interim protections to address concerns and track actions taken by a party that withdraws a notice of a covered transaction.

CFIUS Guidance, December 8, 2008 CFIUS, for the first time, recently published guidance6 to U.S. businesses and foreign persons that are parties to covered transactions, as required by FINSA. The guidance notes that the types of transactions it has reviewed that have presented national security considerations relate to either or both the nature of the business or identity of the foreign person.

Nature of the Business. Many transactions involve foreign-controlled businesses that contract with the U.S. Government and have access to classified information. Others are transactions involving the energy sector at various stages of the value chain (i.e., exploitation, transportation, conversion to power, and supply of power to the U.S. Government and civilian customers); the transportation system, including shipping and aviation; critical infrastructure, including major energy assets (these are decided on a "case-by-case basis depending on the importance of the particular assets"7), production of advanced technologies with military applications; production goods subject to export controls; or transactions that could significantly affect the U.S. financial system.

Identity of the Foreign Person. Considerations have involved the record of the country on nonproliferation and national security-related matters, such as combating terrorism; track record or intentions of the foreign person and its personnel; where the transaction is foreign government controlled; whether the person has the capability to use its control to take action to impair security and whether it may seek to do so; the extent to which investment decisions are based on commercial grounds and are independent from the controlling government; the degree of transparency and disclosure of investment objectives; institutional arrangements and financial information; and the degree of regulatory compliance in countries in which they invest. CFIUS notes that it has reviewed "numerous foreign government-controlled transactions, determining that there were no unresolved national security concerns"8 (either the transaction was restructured or some form of mitigation agreement was required). The guidance reiterates the United States’ longstanding commitment to welcoming foreign investment.


In addition to suspending or blocking a transaction (or unwinding a consummated transaction), fines of up to $250,000 for filing false information or violating a mitigation agreement are provided for in the regulations. There are also penalties for withdrawing a voluntarily filed notice without CFIUS consent.

Key CFIUS Concepts

Control. No question of CFIUS review arises unless there is foreign control of a U.S. business. The test of control is whether the acquirer has the power, direct or indirect, and whether or not exercised, to direct or decide important matters affecting an entity. Examples are transfer of principal assets, reorganization, closing of facilities, and termination of contracts. While the FINSA regulations potentially cast a wider net than the previous regulations, through an expanded list of important matters, the analysis of control remains a functional one.

Where more than one foreign person has an interest, CFIUS considers whether they are related or have commitments to act in concert or whether both are controlled by a foreign government. Transactions which could result in control of a U.S. person, irrespective of the actual arrangements for control in place, are caught for example, in the case of a foreign person having power to appoint the board but deciding for the moment to leave the U.S. directors in place.

The FINSA regulations also expand the list of minority shareholder protections that are not deemed to confer control, recognizing that negative rights protect minority shareholders’ investment while not necessarily giving power to make strategic decisions. However, the Committee is not precluded from finding that the existence of these rights in combination with others does confer control. Voting securities amounting to less than 10% held solely for the purpose of investment are not covered if the person has no intention of directing business decisions.

The regulations reverse the previous presumption in relation to 50/50 joint ventures so that each party is now deemed to have control. U.S. Business. The acquisition must be of part of an entity or assets to constitute a business. A foreign corporation making a greenfield investment in the United States (e.g., arranging for financing and construction of a plant to make a new product, buying supplies and inputs, hiring personnel, purchasing technology, and purchasing shares in a newly incorporated subsidiary) will not have acquired the "business" of a United States person and the investment is not subject to CFIUS review. Critical Infrastructure. Critical infrastructure comprises systems and assets, physical or virtual, so vital to the United States that incapacity or destruction would have a debilitating effect on national security. National security is to "be construed so as to include those issues relating to homeland security, including its application to critical infrastructure." 9 The Homeland Security Act of 200210 sets out the primary mission of the Department as being to prevent terrorist attacks in the United States and reduce U.S. vulnerability, and to minimize the damage and to assist in recovery, from terrorist attacks. It defines critical infrastructure in much the same way as FINSA, except that it refers also to "impact on security, national economic security, national public health or safety, or any combination of those matters."11

CFIUS will not deem classes of assets or systems to be or not to be critical infrastructure. There is no elucidation in the regulations of the term "major energy assets."

Critical Technologies. Critical technologies are items essential to national defense or controlled under multilateral regimes for security or prevention of proliferation reasons, as well as those that are controlled for reasons of "surreptitious listening." Annual Report to Congress The public version of CFIUS’s now required Annual Report to Congress was released in December 2008.12 It contains the following information for 2007: Of all notices of transactions filed with CFIUS, 138 were deemed to be covered transactions. Of these, ten were withdrawn during review, and five of six transactions that were investigated were withdrawn during the investigation. Of these fifteen, thirteen provided new notifications that were concluded by CFIUS without action within the thirty-day review period, and the other two abandoned the transaction. For the one remaining transaction under investigation, structural changes were made, resulting in the foreign person no longer gaining control. Transactions subject to review in 2008 are thought to number around 165. Almost half of the notices filed in the 2005-2007 period involved U.S. businesses in the manufacturing sector (of which the bulk were computer and electronic products and transportation equipment), and over one-third in the information sector (of which almost half were professional, scientific, and technical services). Mining, utilities, and construction accounted for 9% (amounting to twenty-seven notices, of which fifteen related to electric power generation, transmission, and distribution).

Filing Considerations

The FINSA regulations require significantly more information be filed than the previous regulations. The Treasury Department estimates that about one hundred hours are required to prepare a filing. Where parties to a transaction are unsure whether or not it is covered by CFIUS, CFIUS encourages discussion with the Committee to assist in determining whether to file.

No information or documents filed with CFIUS may be made public, except as relevant for administrative or judicial proceedings. Ultimately, the judgment as to whether a transaction threatens U.S. national security rests within the President’s discretion. Persons considering transactions must exercise considerable judgment and discretion in determining whether to give notice.

* * *
The author David Lockhart is a Special Legal Consultant in the Project Finance team of Chadbourne & Parke LLP in Washington, D.C.

* * *

1 Foreign Investment and National Security Act of 2007, Pub. L. No. 110-49, 121 Stat. 246 (codified at 50 U.S.C. App. § 2170).

2 Exxon-Florio Amendment, 50 U.S.C. App. § 2170 (amending section 721 of the Defense Production Act of 1950), enacted by Omnibus Trade and Competitiveness Act of 1988, Pub. L. No. 100-418, 102 Stat. 1107.

3 50 U.S.C. App. § 2170(d)(4)(A).

4 50 U.S.C. App. § 2170(a)(3).

5 50 U.S.C. App. § 2170(b)(1)(A)(i).

6 See Guidance Concerning the National Security Review, 73 Fed. Reg. 74567-02 (Dec. 8, 2008), available at international-affairs/cfius/docs/ GuidanceFinal_12012008.pdf.


8 Guidance Concerning the National Security Review, 73 Fed. Reg. 74567-02, 74571.

9 50 U.S.C. App. § 2170(a)(5).

10 Homeland Security Act of 2002, Pub. L. No. 107- 296, 116 Stat. 2135 (codified at various sections of U.S.C.).

11 42 U.S.C. § 5195c(e).

12 CFIUS, ANNUAL REPORT TO CONGRESS (pubic version 2008), available at international-affairs/cfius/docs/FINSA_Annual- Report.pdf.


Sign up to receive our timely alerts and legal updates.

Recent Work

What we are working on at Masud & Company.

Masudco.comMasud & Company represents foreign investment firm in private equity firm formation.

Masudco.comMasud & Company represents internet company in asset based loan financing transaction.