CFIUS Issues Enforcement and Penalty Guidelines: A Contextual View | McCarter & English, LLP

Although announced two years earlier, Enforcement and Penalty Guidelines (the Guidelines) were finally released by the US Department of the Treasury (Treasury) as Chair of the Committee on Foreign Investment in the United States (CFIUS) on October 20, 2022. Pursuant to the Foreign Investment Risk Review Act of 2018, CFIUS has the mandate of identifying and mitigating certain national security risks while maintaining the US openness to foreign investment. This, in turn, requires CFIUS to enter into agreements or impose conditions on transaction parties to mitigate risks to national security that arise from a transaction (mitigation agreements). The Treasury’s Office of Investment Security (OIS) created the Monitoring & Enforcement office, which oversees these mitigation agreements and works with the other CFIUS member agencies to monitor transaction parties’ compliance with their obligations and take any appropriate enforcement action that may be required. OIS is also vested with enforcement authority pursuant to Section 721 of the Defense Production Act of 1950, as amended (50 U.S.C. § 4565).

Timing and Purpose

The Guidelines serve as welcome transparency to industry as to how violations will be assessed. They also introduce a self-disclosure mechanism akin to that familiar to export controls practitioners. They also are a caution to parties considering a CFIUS filing, as well as to those who have previously filed or failed to file, that OIS intends to vigorously exercise its enforcement in protecting national security interests and US technological lead time. We infer the foregoing from the most recent Annual Report to Congress, wherein CFIUS confirmed its intent to focus on improving compliance with mitigation agreements and conditions as well as to increase staffing dedicated to monitoring and enforcement.

The Guidelines ought to be viewed in concert with Executive Order 14083 (covered in the final portion of this note), which directs CFIUS to ensure that, in reviewing covered transactions, it considers evolving national security risks by, among other things, expanding on the factors identified in subsections (f)(1)-(10) of Section 721. Originally, Section 721 provided 11 enumerated factors that CFIUS “may . . . consider” when reviewing a covered transaction. The Executive Order expands the scope of existing Section 721 factors, requires CFIUS to consider new factors, and implements a periodic reassessment of review criteria.

Categories of Conduct That May Constitute a Violation

CFIUS articulated three categories of conduct that may constitute a violation:

  • Failure to timely submit a mandatory declaration or notice
  • Noncompliance with CFIUS mitigation requirements through prohibited conduct or any other failure to comply with a mitigation agreement, condition, or order
  • A material misstatement, omission, or false certification regarding any information submitted to CFIUS in connection with an assessment, review, investigation, or mitigation, including information provided during informal consultations or in response to information requests

Sources of Information Concerning Potential Violations

In determining whether a violation has occurred, CFIUS considers information from a wide variety of sources, including publicly available information, and tips generated from OIS monitoring and enforcement, transaction parties, and other government agencies. For example, CFIUS will often request information to support its monitoring of compliance with CFIUS mitigation requirements and conduct investigations. CFIUS encourages parties to submit self-disclosures when such parties believe conduct may constitute a violation. CFIUS considers the timeliness of any self-disclosure in determining the appropriate response to a violation. CFIUS may also use subpoena authority when necessary and appropriate.

Penalty Process

In determining whether a violation will trigger a penalty and at what level, CFIUS will follow the below steps:

  • CFIUS will send a notice of a penalty with a written explanation of the penalized conduct and the amount of monetary penalty imposed. The notice will consist of the legal basis for the penalty and any aggravating or mitigating factors that support the penalty determination.
  • The subject may submit a petition for reconsideration within 15 days. CFIUS will consider any such petition and issue a final penalty within 15 days of receipt of a petition.
  • If no petition is made, CFIUS will issue final notice of the penalty.

The foregoing are set forth at 31 CFR Part 800. Pursuant to §800.901 of Subpart I, CFIUS may issue civil penalties up to $250,000 per violation for material misstatements, omissions, or false certifications. Failure to comply with mandatory declaration requirements or violations of a material provision of a mitigation agreement incur a civil penalty not to exceed $250,000 or the value of the transaction, whichever is greater.

Aggravating and Mitigating Factors

CFIUS will engage in “a fact-based analysis” to determine a penalty amount in any particular case and may consider the following aggravating and mitigating factors:

  • Importance of accountability and future compliance
  • Extent of harm or threat of harm to national security
  • Degree of negligence, awareness, and intent
  • Persistence of conduct
  • Length of elapsed time between violation and CFIUS’s awareness
  • Presence of a self-disclosure
  • Extent of cooperation and remediation
  • Company’s record of compliance and level of sophistication

The Guidelines confirm that CFIUS seeks voluntary disclosures of potential violations and that timely disclosures will receive the most mitigation “credit.” The Guidelines provide that a disclosure should “take the form of a written notification describing all of the conduct that may constitute a [violation] and all of the persons involved.” As in export controls cases, parties may make an initial disclosure before conducting a full investigation and providing a more detailed final disclosure. In addition to the potential monetary or other penalties, parties should brace for significant reputational harm resulting from CFIUS’s publication of specific enforcement actions.

Executive Order Regarding Enhanced CFIUS Review

While it does not expand CFIUS’s authority, the Executive Order directs CFIUS to consider specific general concerns, highlighting areas that should receive immediate attention. If a transaction touches on these areas, enumerated below, industry ought to be very mindful of how to assess the CFIUS risks associated with prior or future covered transactions. The areas are as follows:

  • Advanced clean energy (such as battery storage and hydrogen)
  • Access to personal data, including big data businesses, data on persons’ health, digital identity, or other biological data
  • Artificial intelligence
  • Biotechnology and biomanufacturing
  • Climate adaptation technologies
  • Critical materials (such as lithium and rare earth elements)
  • Elements of the agriculture industrial base that have implications for food security
  • Energy industrial base
  • High-capacity batteries (including electric vehicle batteries)
  • Information and communications technology industrial base (including integrity of data in storage or databases or systems housing sensitive data)
  • Microelectronics
  • Pharmaceuticals and active pharmaceutical ingredients
  • Public health and biological preparedness industrial base
  • Quantum computing
  • Semiconductor manufacturing and advanced packaging
  • Transportation industrial base

The Executive Order notes that diligence should consider not only the present transaction but the broader market conditions (e.g., market concentrations, US short supply, foreign person relationships) and market trends (e.g., recent acquisitions by other participants, changes in ownership). Indeed, a covered transaction that might present minimal issues at the time of closing may be of serious concern as a result of broader market conditions, such as aggregate industry investment trends.

It stands to reason that industry contemplating transactions in these areas should conduct CFIUS assessments early in the deal timeline and consider a voluntary filing even if a mandatory filing isn’t triggered. This is prudent, since CFIUS has authority over any covered transaction, and said authority survives until the covered transaction is reviewed by and subsequently cleared by CFIUS. Given the spirit of the Executive Order, those parties that may have consummated transactions in these areas of concern but haven’t filed with CFIUS may wish to submit a post-closing voluntary filing to CFIUS.

It is encouraging to read in the most recent CFIUS Annual Report to Congress that 73 percent of declarations of covered transactions were cleared, and that number has been steadily increasing (up from 64 percent in 2020, and 27 percent in 2019). While 18 percent of declarations of covered transactions resulted in a request for written notice, that number is decreasing (down from 22 percent in 2020). Given the pattern, filing a post-closing voluntary filing may present an opportunity rather than a risk given the presumed uptick in reviews of non-notified transactions.

Given the steady stream of developments on the CFIUS front, we continue to encourage serious engagement and review of all covered transactions.

[View source.]