New CFIUS regime has market scrambling for clarity

The recent enactment of CFIUS’s FIRRMA 2018 included updates and clarifications to the regulation. But it will still have firms visiting their lawyers for advice more often, and the list of transaction types covered is likely to increase.

On February 13, 2020, the Committee on Foreign Investment in the United States’ (CFIUS) Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) came into effect – and with it new regulations for how CFIUS plans to review inbound investments into the US, as well as mandatory reporting requirements for certain investments in business involved with what the committee deems “critical” technology, infrastructure and data.

The updated act has many in the private funds world rushing to their lawyers, according to Scott Flicker, chair of Paul Hastings’ Washington, DC office and leader of its Global Trade Controls Practice. “The fund community has become much more sensitive to, and aware of, the fact that CFIUS can be a barrier to their investment in the US when [funds] have foreign investors in the fund structure,” he told Private Funds CFO.

Flicker says firms would do well to ensure that “foreign participation [in their funds is] structured in a way that it limits the application of CFIUS to any investment that the fund might make.” That applies to pre-FIRRMA vintage funds, which “may not have been set up with sensitivity to limiting some of the rights of foreign investors,” he said.

Expanded jurisdictions with exemptions

The committee’s expanded jurisdiction includes non-controlling foreign investments into US businesses that develop critical technologies, perform “critical” infrastructure functions or collect or intend to collect “sensitive” personal data of more than 1 million US citizens, or TID (technology, infrastructure and data) businesses.

Such minority investments have to allow the foreign investor access to material non-public information or certain other rights, including observer rights on the board of the business or the right to nominate individuals to the board. The new rules also allow CFIUS to review certain real estate transactions involving land near airports and government and military facilities, adding a whole new category to what can and can’t be reviewed by the committee.

“With the passage of the [FIRRMA] statute, it’s really reached a new level,” Flicker said, adding that he’s getting calls from fund managers and investors alike trying to grapple with the regime’s effects on their funds and their activities.

Industry lawyers say that most CFIUS declarations in private equity will still be voluntary, but mandatory filings will now have to be made for some transactions 30 days before close (although CFIUS is expected to propose changes to this aspect of the regulation in the near future).

Scott Flicker

Declarations are mandatory if the deals meet two conditions: A transaction must result in a 25 percent or more, direct or indirect, voting interest in a TID business, and a single foreign government must (even if via several entities) own 49 percent or more, directly or indirectly, of the GP engaging in the transaction.

Foreign LPs are barred from participating on advisory boards that would grant them the ability to control investment decisions, gain access to material non-public information or otherwise have the ability to control the fund.

The committee also leaves exemptions for foreign investments coming from Canada, Australia and the UK with clean compliance records verified by CFIUS, although they do not extend to covered control transactions within those jurisdictions.

Of course, the expanded jurisdiction will have managers playing a more cautious role in fund structures and consulting their lawyers more often. But what is clear immediately is that large investments are no longer the only ones to worry about – as even minority investments with certain rights to information or governance in a TID business will now fall into CFIUS’s jurisdiction.

And, according to Flicker, the categories of business covered are likely to grow. He said there is a statutory mandate for the US Department of Commerce to establish CFIUS’s jurisdiction over ‘emerging’ and ‘foundational’ technologies. “The list of CFIUS sensitive technologies could start to grow in the future, and further increase the footprint of CFIUS over these transactions,” Flicker said, adding that such technologies as artificial intelligence, facial recognition and autonomous vehicles are potential candidates.

Flicker adds that although the list of exempt countries only comprises the UK, Canada and Australia, now, it could grow to include more NATO member states. But until then, transactions in funds with foreign investors or management could be subject to further review by CFIUS.


FIRRMA imposes a civil penalty of up to $250,000 per violation on parties who violate the CFIUS review process – that is, any party who submits a material misstatement or omission in a mandatory declaration or notice or who makes other false statements. Additionally, any person who fails to comply with the mandatory filing procedures may be liable for a civil penalty of up to $250,000 or the value of the transaction, whichever is greater.

When FIRRMA initially passed in August 2018, the committee also instituted penalties of $250,000 or the value of the transaction for those that violate, intentionally or through gross negligence, a material provision of a mitigation agreement entered into before October 11, 2018. There has been one enforcement case of such a violation so far, in April 2019 for a fine of $1 million, though CFIUS didn’t identify the party, which may not have been a fund. Further guidance is expected on penalty structure in upcoming rule proposals.