With Expanded Jurisdiction, CFIUS Emphasizing Enforcement, Outreach, Lawyers Say
The Committee on Foreign Investment in the U.S. is placing more of an emphasis on enforcement and outreach after the committee’s jurisdiction was expanded earlier this year, trade lawyers said. The lawyers also said they are noticing more transactions being notified to CFIUS, especially those that involve personal data and critical technologies.
CFIUS’s jurisdiction was expanded in February by the Foreign Investment Risk Review Modernization Act to allow the committee to review transactions involving certain sensitive technologies and personal data (see 2001140060). That has led to more filings, the lawyers said. “In the past, parties may have chosen to take the risk and not go in” to CFIUS, said Adelicia Cliffe, a trade lawyer with Crowell & Moring, speaking during an Oct. 26 webinar hosted by the law firm. But now their transactions may have a greater likelihood of being subject to mandatory filing requirements. “We're already seeing that there are more transactions being notified,” she said.
CFIUS is also placing more of a “focus on proactively looking for those transactions of concern,” which is leading to more committee outreach, Cliffe said. The committee is emphasizing reviews of Chinese investors -- particularly as China tries to take advantage of U.S. companies struggling due to the pandemic (see 2006230057) -- which may be leading to a drop in U.S.-China investment (see 2009170017). Cliffe said that she has seen “heightened scrutiny when China is the investing entity” and a “significant focus” by CFIUS on transactions involving emerging technologies and sensitive data. The Treasury Department and CFIUS did not comment.
Industry should also expect more of an emphasis from CFIUS on enforcing mitigation agreements, said Caroline Brown, a Crowell & Moring lawyer and former attorney-adviser with Treasury. Before companies go forward with a transaction that might be reviewed by CFIUS, they should think through what mitigation steps CFIUS may request, Brown said.
“CFIUS is likely going to tell you what it needs to mitigate any perceived threat anyway, and that's likely to be done on a very short timeline,” Brown said during the webinar. “So to the extent that you can think about these things ahead of time and think about what's feasible both in terms of resources and also in terms of what timeframe might be acceptable, that’s going to save a lot of headache in the end.”
Even companies that do not think they are subject to CFIUS reviews may be caught by the committee’s expanded jurisdiction over personal data, Brown said. “Nearly any consumer facing business today is collecting personal data,” she said, adding that even a small amount of collected data in the hands of a dangerous foreign actor could present national security risks. “If a target of investment doesn't have much data, or if it's publicly available anyway,” Brown said, “that doesn't mean CFIUS isn’t going to be interested in it.”
The Trump administration’s executive orders on WeChat and TikTok (see 2009180026) shows that the U.S. and CFIUS are “taking an expansive view of what it's concerned about,” Brown said. “Companies need to remain nimble and versatile with these new twists to trade controls.”