On October 20, 2022, the Committee on Foreign Investment in the United States (CFIUS or Committee) issued novel Enforcement and Penalty Guidelines (Guidelines), which emphasize the enforcement aspect of its legal mandate. The Guidelines also provide increased transparency regarding when and how CFIUS will take action when facing potential violations of its statutory authority, Section 721 of the Defense Production Act of 1950, as amended (50 U.S.C. § 4565). While most of the new Guidelines’ content will not surprise those familiar with the Committee, the Guidelines are noteworthy for providing clear, written guidance regarding conduct that may constitute a violation, the Committee’s process for determining the appropriateness of penalties, and the factors used to determine applicable penalty amounts. The Guidelines’ release also appears to be coordinated with the Biden administration’s recent Executive Order 14083 (Sept. 15, 2022), which emphasized the critical role of CFIUS in supporting U.S. national security interests and noted critical areas and sectors that will be the focus of CFIUS’s attention. Given these new Guidelines (and CFIUS’s expanded budget), we expect CFIUS will be more aggressive in its non-notified transaction monitoring and enforcement efforts moving forward.
The following key aspects of the Committee’s new Guidelines are worthy of careful consideration.
Particular Categories of Conduct That May Constitute a Violation
According to the Guidelines, a subject person’s acts or omissions may constitute a violation when they fall within the following categories of conduct:
- Failure to file a mandatory declaration or notice in a timely manner. While the CFIUS notification scheme is largely voluntary, mandatory notification is now required as a result of changes implemented in 2020 by the Foreign Investment Risk Review Modernization Act (FIRRMA).
- Failure to comply with CFIUS mitigation agreements, conditions, or orders.
- Making material misstatements or omissions in filings with CFIUS. This also includes false or materially incomplete certifications made in reviews, investigations, CFIUS mitigation agreements, conditions, or orders. It further includes any misstatements or omissions provided during informal consultations or requests for information. This underscores the importance of confirming the accuracy of information in filings, responses to questions, and discussions with Committee staff.
The Broad Range of Information Sources Used for Determining Violations
CFIUS looks to a variety of information sources to determine whether a violation has occurred. Information sources include requests for information, self-disclosures, tips (including whistleblowers), information held by other U.S. government agencies, publicly available information, third-party service providers, etc. CFIUS will do its homework to verify the accuracy of information provided by a subject person.
Important Factors for Determining Penalties or Remediation
The Committee will engage in a fact-specific analysis to determine the appropriate penalty amount, based on the following six factors:
- Whether violators will be held accountable for their conduct and incentivized to comply in the future.
- The harm to U.S. national security.
- Whether the violation was the result of negligent or intentional conduct.
- Time frames for the violation (e.g., duration of conduct, when subject person became aware, etc.)
- Corrective actions taken by the violator.
- Compliance record of violator (e.g., past compliance with a CFIUS mitigation order, existing policies, familiarity with applicable laws and regulations, etc.).
These factors are generally consistent with aggravating and mitigating factors considered by U.S. regulators in other contexts. CFIUS will apply its enforcement discretion in deciding whether the imposition of penalties is warranted or whether other steps are more appropriate. For example, in cases where a subject person fails to comply with the requirements of mitigation agreement, historically CFIUS would impose remediation obligations in lieu of penalties, although this may change moving forward.
Encouragement of Timely and Complete Self-Disclosures
The Guidelines encourage subject persons to provide timely and complete self-disclosures of any conduct constituting a violation. While the self-disclosure process is not delineated in CFIUS regulations, reportedly the Committee will accept and consider self-disclosures, applying factors similar to many other U.S. government disclosure processes, such as how promptly the disclosure was filed and whether CFIUS or other government agencies were already aware of the disclosed conduct.
It has always been important for parties to conduct an analysis of whether filing with CFIUS, even on a voluntary basis, is warranted based on the facts of a proposed deal. With the Committee’s increased resources and attention to monitoring and enforcement, it is more important than ever.