Skip to main content

Trade Compliance Flash: Final CFIUS Regulations Take Effect; New Era Begins for Review of Foreign Non-Controlling Investments and Real Estate Transactions

International Alert

On February 13, 2020, final regulations went into effect significantly expanding the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS or the Committee). Issued by the U.S. Department of the Treasury (Treasury), the new regulations represent the final meaningful step in the implementation of the Foreign Investment Risk Review Modernization Act (FIRRMA), which was enacted in August 2018 to combat the evolving national security threat posed by foreign investment in the United States against the backdrop of an increasingly globalized high-tech digital economy. As with many other aspects of current U.S. national security and trade policy, the perceived threat posed by China was a driving force behind FIRRMA's passage and the expansion of CFIUS's review powers.

In large measure, the final CFIUS implementing regulations adhere to the substance and structure of the proposed rules that were released for public comment in September 2019. The first of those two rules, which is set forth in Title 31, Part 800 of the C.F.R., revised aspects of traditional CFIUS jurisdiction over transactions that could result in control of a U.S. business by a foreign investor, but also spelled out the new elements of CFIUS's authority to review, most notably, certain non-controlling "other investments" by foreign persons in U.S. businesses related to critical technologies, critical infrastructure, or sensitive personal data under certain circumstances (known as "TID U.S. businesses" for Technology, Infrastructure, and Data). The second of those rules, which is set forth in Title 31, Part 802 of the C.F.R., established CFIUS's new jurisdiction to review certain types of real estate transactions in the U.S. and is mostly focused on specific sites—certain airports, maritime ports, and military installations—and the geographic areas in and around those sites. For a more detailed discussion of those rules, please see our prior trade flash on the topic.

Despite the consistency between the proposed rules and the final regulations, there have been some notable changes made in response to public comments. Those changes are detailed and discussed below. Further, the public comments reveal that, despite the best efforts of the Committee to provide a degree of clarity through its final regulations and accompanying guidance, there remain many areas of uncertainty as CFIUS now wields unprecedented power and influence with regard to cross-border transactions touching on the U.S. Below we also highlight some key takeaways and unanswered questions that are likely to impact U.S. businesses and foreign investors during the early stages of this new CFIUS era.

What Has Changed in Response to Public Comments?

With a few notable exceptions detailed directly below, the final CFIUS implementing regulations hew closely to the two proposed rules that were published for public comment in September 2019. In several instances, the Committee acknowledged public requests for modifications to the text of the proposed regulations but declined to make any changes in the final version. Instead, the Committee often inserted additional examples within the regulations to illustrate hypothetical transactions and demonstrate the ways in which new or revised concepts should be applied in practice. Certain key terms that are new to the revised CFIUS vernacular, including "sensitive personal data" and "TID U.S. business," now have numerous associated examples to assist the business and investing public in interpreting them.

Beyond those new illustrative examples, the following items were incorporated in—or in certain instances omitted from—the final regulations following the public comment period.

  • Defined criteria to qualify as "excepted investor" and identified initial "excepted foreign states": The final regulations create a narrow exception to CFIUS's expanded jurisdiction over certain non-controlling investments in TID U.S. businesses for "excepted investors" from "excepted foreign states." Specifically, CFIUS has promulgated a "whitelist" of excepted foreign states, the nationals, governments, and entities of which will be exempted from CFIUS review for non-controlling investments in TID U.S. businesses under certain identified circumstances. At present, the whitelist includes only three states: Australia, Canada, and the United Kingdom of Great Britain and Northern Ireland, all of which are guaranteed such status for two years. For now, at least, the United Kingdom does not include certain British Overseas Territories that are popular jurisdictions for incorporation of investment vehicles and other corporate entities, such as the Cayman Islands and the British Virgin Islands. The list of excepted foreign states may also expand to include other bilateral or multilateral U.S. allies—such as the Netherlands, Ireland, Switzerland, Germany, Japan, or South Korea—likely dependent on government-to-government negotiations between the United States and those governments.
  • Two types of transactions trigger mandatory filing requirements: Although the CFIUS process remains largely voluntary, there are two types of transactions that now have mandatory filing requirements in the form of declarations. First, a covered transaction resulting in the acquisition of a substantial interest in a U.S. TID business by a foreign person in which the government of a foreign state has a substantial interest. Investment funds and air carriers are not subject to the mandatory requirement, if certain identified criteria are met. Second, a covered transaction that is a covered investment in, or could result in foreign control of, a TID U.S. business involved with "critical technologies" under certain identified circumstances. The latter requirement replaces the former CFIUS pilot program that has been in effect since November 2018. In addition to certain investment funds and air carriers, the mandatory filing requirement relating to "critical technologies" is not applicable, if identified criteria are met, with respect to transactions concerning: excepted investors; indirect investments in a TID U.S. business that holds a facility security clearance or is subject to a foreign ownership, control, or influence (FOCI) agreement; and a TID U.S. business involved with a certain type of encryption technology.
  • Treatment of genetic information within "sensitive personal data" definition: Within the definition of "sensitive personal data," the final regulations clarify that "genetic information" excludes the results of individual genetics tests derived from databases maintained by the U.S. government and routinely provided to private parties as a part of certain public health research projects. 
  • "Principal place of business" definition: Because this term was undefined in the proposed rule, commenters suggested that a definition be included in the final regulations for the sake of clarity, especially with respect to investment funds managed and controlled by U.S. persons. The Committee agreed and drafted a definition based on the "nerve center" test used by U.S. courts in evaluating jurisdictional questions. The definition provides that a party's "principal place of business" is "the primary location where an entity's activities, or, in the case of an investment fund, where the fund's activities and investments are primarily directed, controlled, or coordinated by or on behalf of the general partner, managing member, or equivalent." Since this is a new definition, it is being implemented on an interim basis and may be amended based on comments received. 
  • Clarified "incremental acquisition rule": The "incremental acquisition rule" was expanded to include any additional interest or change in rights obtained by a foreign investor with respect to a U.S. business over which the foreign investor previously gained direct control as a result of a covered control transaction reviewed and approved by the Committee. In such cases, the subsequent incremental interest or rights obtained by the foreign investor would not be a covered transaction. The introduction of a new foreign investor, not part of the original covered control transaction, in the subsequent incremental acquisition could result in a finding of coverage.
  • Refined application to investment funds, including amending the definition of "substantial interest": FIRRMA mandated that CFIUS impose mandatory filing requirements for certain transactions where a foreign government obtains, directly or indirectly, a "substantial interest" in a TID U.S. business. Likely due to a large volume of low-risk, passive foreign government investment in TID U.S. business through pension, sovereign wealth, and other similar funds, the final regulations modify the previously proposed "substantial interest" rule to apply only when a foreign government owns the general partner, managing member, or equivalent in the foreign investor. Accordingly, CFIUS review will not be triggered by foreign government ownership when the foreign government's interested is limited to ownership in a limited partner, even if that limited partner owns more than 25 percent.
  • Modified exceptions for certain real estate investments in airports and maritime ports: The list of "excepted real estate transactions" was expanded to include the lease or concession of real estate in airports and maritime ports involving a foreign air carrier, meeting certain identified criteria, with a security program previously accepted by the U.S. Department of Homeland Security Transportation Security Administration (TSA). 
  • Refined geographic coverage relating to certain military installations: Beyond real estate transactions that are in "close proximity" to military installations, CFIUS also has authority to review covered real estate transactions within the "extended range" of certain military installations included in Appendix A to Part 802. In response to comments regarding the definition of "extended range" in the offshore context, the final rule substitutes "the outer limit of the territorial sea of the United States" in lieu of "no more than 12 nautical miles seaward of the coastline of the United States," as in the proposed rule.
  • No filing fees imposed… for now: Although FIRRMA authorizes filing fees equal to the lesser of one percent of the total value of the transaction or $300,000 in the case of covered transactions for which a notice is filed, the Committee has elected not to impose such fees at this time. However, in the preamble to the final regulations, Treasury has promised a separate proposed rule implementing CFIUS's fee authority at an unspecified later date.

Key Takeaways and Unanswered Questions

Although many aspects of the final rules leave important questions to be answered in the coming months and years, here are several that we believe to be particularly relevant in the near term. 

Will the new rules leave room for any China deals to gain approval from CFIUS? The staggering drop in Chinese investment in the U.S. in recent years—from $25 billion in 2017 to barely $3 billion in 2019—suggests that one of FIRRMA's primary goals may have been largely achieved in advance of the release of the final regulations. Because the Committee's tougher stance on Chinese investment has been heard loud and clear, the lingering question is what remains possible now and in the foreseeable future? Based on our recent experience, there are still opportunities for U.S. businesses, even those that will now meet the definition of a TID U.S. business, to take on controlling or non-controlling investment from China. As in any higher risk transaction notified to the Committee, early analysis of CFIUS's likely areas of concern, and a proactive strategy to anticipate and mitigate potential obstacles to approval, is critical. Likewise, ensuring that the foreign investors, whether they are wholly or partially Chinese owned or controlled, are prepared to be fully transparent about the ultimate beneficial owners, shareholders, senior managers, and board members and their respective ties to the Chinese government, if any, is also essential to a successful outcome. 

CFIUS has increased its scrutiny of historical transactions that were not notified to the Committee. Will that trend continue and will foreign investors fight back? Since before FIRRMA's passage, CFIUS has demonstrated a strong commitment to reviewing non-notified transactions that it believed may be within its jurisdiction. This is particularly true with respect to certain deals involving U.S. businesses in the technology and healthcare sectors implicating CFIUS's current focus on sensitive personal data. Now that new rules are in place to clarify the Committee's power to review such transactions, will that slow the trend of CFIUS's interest in historical deals? Given the limited resources of the Committee, much may depend on the increased volume of declarations and notices that are filed pursuant to the new rules. Nevertheless, do not be surprised if CFIUS continues to scrutinize older, non-notified transactions of high interest (e.g., with a large volume of sensitive personal data and/or with investment from China). If that trend continues, and despite the limited amount of CFIUS litigation over the years, it may only be a matter of time before a foreign investor facing a forced divestiture chooses a court battle with CFIUS instead. 

When the Commerce Department finally publishes regulations for "emerging and foundational technologies," what impact will that have on affected industries and companies? Although many speculated that the Commerce Department would publish an initial set of rules defining some, if not all, aspects of the new export controls applied to "emerging and foundational technologies," before CFIUS issued its final regulations, that did not happen. Consequently, U.S. businesses involved in, for example, the production or development of technologies likely to be impacted by those rules when they are eventually published because they may constitute "critical technologies"—such as, biotechnology, artificial intelligence, microprocessor technology, and position, navigation, and timing technology, to name just a few—remain in a state of limbo. Despite the uncertainty, and the current gap that exists in CFIUS's jurisdiction as a result, such companies, as well as foreign investors with interest in them, should be mindful of the Committee's strategic focus on this issue. Once the new rules do go into effect, mandatory CFIUS filing requirements, in the form of a declaration, will arise for scores of U.S. companies and foreign investors that may never before had to consider CFIUS. To the extent such parties are contemplating making or receiving non-controlling investments while this "critical technologies" regulatory void persists, it may be prudent to evaluate carefully any alternate bases for CFIUS jurisdiction and the potential benefits and risks of notifying the transaction to the Committee. 

How aggressively will CFIUS enforce its jurisdiction over transactions designed or intended to evade or circumvent the Committee's jurisdiction? Although this new addition to the scope of a "covered transaction" became effective immediately upon FIRRMA's enactment, it is really only now that the full scope of CFIUS's jurisdiction has been defined that the impact of this provision will begin to be felt and better understood. Notably, Examples 3 and 4 that follow the definition of a "covered transaction" set forth hypothetical scenarios illustrating attempts to circumvent CFIUS jurisdiction by having a U.S. person serve as a proxy for a foreign investor. Although helpful, these examples essentially identify instances of outright fraud where the foreign investor actively attempts to obscure its involvement in a deal by using a U.S. person to act in its stead without disclosing or acknowledging that fact. Not surprisingly, the guidance makes clear that such evasion attempts will result in a finding by CFIUS that the transaction is covered. The more interesting question, however, is what other instances of evasion or circumvention may CFIUS ultimately recognize as a trigger for coverage? Because neither "evade" nor "circumvent" are defined under the final regulations, it seems quite possible that CFIUS could come to the view that a wide variety of transactions, transfers, agreements, or arrangements could run afoul of this provision and result in coverage. For example, if CFIUS were to become aware of public reporting or commentary about the purposeful structuring of a specific transaction that was executed in such a manner to avoid CFIUS jurisdiction, would that rise to the level of evasion or circumvention? U.S. and foreign companies should be mindful of this consideration in structuring future investments and, relatedly, when describing or discussing such deals publicly.


For more information, please contact:

Timothy P. O'Tooletotoole@milchev.com, 202-626-5552

Caroline J. Watsoncwatson@milchev.com, 202-626-6083

Brian J. Fleming*

Collmann Griffin*

Aiysha S. Hussain*

Adam Harper**

*Former Miller & Chevalier attorney
**Former Miller & Chevalier law clerk



The information contained in this communication is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information, please contact one of the senders or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.

This, and related communications, are protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices, and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this presentation without prior written consent of the copyright holder.