On April 11, 2024, the Department of the Treasury, as Chair of the Committee on Foreign Investment in the United States (CFIUS or the Committee), issued a Notice of Proposed Rulemaking (NPRM) announcing changes to certain procedures and civil penalty amounts in the CFIUS regulations. On the same day, which was also the first day of the 10th National Conference on CFIUS, Assistant Secretary for Investment Security Paul Rosen explained that the revisions to the regulations are designed to plug some holes and weaknesses in the Committee’s ability to enforce and expedite the processing of CFIUS filings. The NPRM is the first substantive update to the CFIUS regulations’ mitigation and enforcement provisions since the Foreign Investment Risk Review Modernization Act of 2018 amended CFIUS’s governing statute. In essence, the NPRM:
- expands the types of information the Committee can request from transaction parties and other persons;
- significantly increases (20x) the maximum penalty amount available for violations of the CFIUS regulations;
- expands the circumstances under which such penalties may be imposed; and
- introduces a timeline for petitions and mitigation agreements.
The public is invited to submit comments until May 15, 2024, either electronically through the federal government eRulemaking portal or through the mail.
In the following, we provide a brief overview of the proposed changes.
Information collection authority
Under the current rules, the Staff Chairperson, acting on the Committee’s recommendation, may only request the parties to a non-notified transaction to provide information necessary to determine whether the transaction is a “covered transaction” or a “covered real estate transaction.” Thus, CFIUS is only authorized to collect information to determine whether it has jurisdiction over a specific transaction. This authority, however, does not permit CFIUS to seek information that would enable it to determine whether a transaction meets the criteria for a mandatory declaration under Title 31, Code of Federal Regulation, Section 800.401, or information on whether a transaction may otherwise raise national security concerns
The proposed rules would amend sections 800.501(b) and 802.501(b) to expressly grant the Staff Chairperson the authority to request information from transaction parties and other persons regarding whether a transaction may raise national security considerations and, in the case of 800.501(b), information as to whether a transaction meets the criteria for a mandatory declaration under section 800.401. The stated purpose of this new authority is to avoid unnecessary filings and to increase efficiency, to the benefit of the parties and national security.
The proposed rule also amends sections 800.801(a) and 802.801(a) to require parties to provide information to CFIUS upon request in two other circumstances: (1) when the Committee seeks information to monitor compliance with or enforce the terms of a mitigation agreement, order, or condition, and (2) when it seeks information to determine whether the transaction parties made a material misstatement or omitted material information during the course of a previously concluded review or investigation.
Parties would be obligated to respond to such requests, failing which CFIUS may seek to compel responses by issuing a subpoena, if the Committee deems it appropriate (as opposed to the current requirement that the Committee must deem the issuance of a subpoena necessary).
Increase of penalty amounts
Under the current rules, Sections 800.901(a) and 802.901(a) of the regulations set the penalty amount for submitting a declaration or notice with a material misstatement or omission or the making of a false certification at a maximum of $250,000 per violation. CFIUS believes this amount is insufficient to cause parties to “deter violations and promote compliance,” particularly when the transactions are valued at hundreds of millions or billions of dollars. Section 800.901(b) currently sets the per-violation penalty for failure to comply with section 800.401 requirements pertaining to “mandatory declarations” (which excludes any real estate transaction) to the greater of $250,000 or the value of the transaction. Sections 800.901(c) and 802.901(b) set the penalty for each violation of material provisions of mitigation agreements, material conditions imposed by CFIUS, or orders issued by CFIUS at the greater of $250,000 or the value of the transaction. CFIUS noted that this penalty amount is not sufficient to encourage compliance, particularly in cases where the value of the transaction is low.
The NPRM proposes raising the maximum penalties to $5,000,000 per violation under sections 800.901(a) and 802.901(a); the greater of $5,000,000 or the value of the transaction per violation under section 800.901(b); and the greater of $5,000,000 or the value of the transaction (or the value of the party’s interest in the US business at the time of the violation or time of the transaction) per violation under sections 800.901(c) and 802.901(b).
The proposed rules would further expand the circumstances in which CFIUS may impose a civil monetary penalty. Currently, the provision applies to material misstatements or omissions in a declaration or notice or false certifications. Under the proposed amendment, CFIUS penalties also would apply to material misstatements or omissions in contexts outside of declarations and notices—in particular, responses to CFIUS’s requests for information related to non-notified transactions, certain responses to CFIUS’s requests for information related to monitoring or enforcing compliance, and other responses to CFIUS’s requests for information, such as for agency notices.
CFIUS clarified that it will notify parties in writing when their response to a particular communication may be subject to a penalty under sections 800.901(a)(2) and 802.901(a)(2) due to a material misstatement or omission. Such communications would include those relevant to requests for information related to non-notified transactions, failure to file a mandatory declaration, and compliance with, or enforcement, modification, or termination of a mitigation agreement, condition, or order imposed.
CFIUS anticipates that the relevant value of the transaction or interest would be determined through, for example, audited financial statements or other industry standard methods of valuation. CFIUS holds that this increase is warranted since the current penalty maximum may not sufficiently deter or penalize certain violations.
Procedural changes
Under current regulations, upon receiving notice of a penalty to be imposed, the subject person may submit a petition within 15 business days of receipt of such notice, subject to an extension through written agreement with CFIUS. Similarly, CFIUS has 15 business days to assess the petition and issue a final penalty determination. The proposed rule would extend both time frames to 20 business days.
The proposed rule would further amend the regulations to introduce a new provision imposing a three-business-day period for substantive party responses to proposed National Security Agreements (NSAs) proposing mitigation terms (both initial and subsequent proposals or revisions), unless the parties request a longer time frame, and the Staff Chairperson grants that request in writing. This new procedural time frame is likely to catch parties off guard. Previously, the CMAs would email the draft NSA to the parties and there was no specific time frame for the parties to respond. The obvious problem with a three-day period to respond is that the buyer or investor is likely to be a foreign entity and will likely lose a day just transmitting the draft NSA to a foreign jurisdiction (that is likely already closed for business when received), leaving only one day to discuss with counsel and other advisors and one day to prepare the comments and any revisions. To the extent that parties want to involve third-party advisors, monitors, and auditors in the process, they will need to get them involved early and put them on standby, so they are able to provide meaningful input during the investigation period when the NSA is negotiated. Given the nature and importance of an NSA, three days is not likely to be enough time for the parties to review, consider, and prepare meaningful revisions, particularly if there is disagreement among the parties. If the parties fail to respond within this period, CFIUS is authorized to reject any voluntary notice at any time after the notice has been accepted.
Outlook
The proposed rules show that CFIUS is determined to more effectively enforce its regulations and to broaden the scope of transactions that it can review. As Assistant Secretary Rosen noted during his presentation at the CFIUS conference, further changes can be expected. Going forward, companies seeking to acquire a US business should carefully review the CFIUS regulations to determine whether their transaction is subject to the regulations, since CFIUS authority is becoming increasingly broad, and the penalties for non-compliance will be substantial. Any business that expects to be impacted by the proposed new rules should carefully consider submitting comments until May 15, 2024.
For more information on the content of this alert, please contact your Nixon Peabody attorney or the authors of this alert.