On September 24, 2019, the US Department of the Treasury published proposed rules that, if adopted, would implement major changes to the process by which the Committee on Foreign Investment in the United States (CFIUS or the Committee) conducts its reviews. The proposed changes were mandated by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA). The proposed rules would revise and reissue Part 800 of Title 31 of the Code of Federal Regulations—the current primary CFIUS implementing regulations—and add a new Part 802, addressing real estate transactions subject to review by the Committee.
These are proposed rules and make no changes to either the CFIUS voluntary notice process under 31 CFR Part 800 or the FIRRMA pilot program under 31 CFR Part 801. The final rules could differ from the proposed rules in significant respects. However, they are noteworthy as a preview of how CFIUS is likely to address the complex challenges FIRRMA requires it to address. A comment period runs until October 24, 2019 for Part 800 on “covered investments” and until October 17, 2019 for Part 802 on “covered real estate transactions.” Affected businesses and industries should consider whether they wish to participate in this historic rulemaking process, which is certain to significantly impact the future of foreign investment in the United States.
Here, we present 15 key takeaways from the proposed CFIUS rules.
Proposed Part 800
- Introducing “covered investment” to broader CFIUS process
“Covered investments” in a US business—or investments that do not afford the foreign investor control of that business—are already a subset of covered transactions under the FIRRMA pilot program. The proposed rule would expand CFIUS’ review authority to include covered investments beyond those currently under the pilot program. Covered transactions based on traditional criteria of control will be called “covered control transactions.”
An investment may constitute a “covered investment” if it is in a business that engages in certain types of activity relating to critical technologies, critical infrastructure and sensitive personal data—called “TID US Businesses.” (TID is an acronym for “technology, infrastructure and data”). Covered investments include those that allow the foreign person access to material, non-public technical information of the TID US Business; membership or observer rights on a governing body; and involvement in substantive decision-making on certain types of matters regarding sensitive personal data, critical technology or critical infrastructure.
“Critical technologies” are defined in the proposed rule the same way as they are under the pilot program, to include items and services controlled under the International Traffic in Arms Regulations (ITAR), certain items controlled under the Export Administration Regulations (EAR), nuclear items, select agents and toxins, and emerging and foundational technologies (the control scheme for which, while required under the Export Control Reform Act of 2018 (ECRA), has yet to be promulgated). TID US Businesses include those that, like Pilot Program US Businesses, produce, design, test, manufacture, fabricate or develop one or more critical technologies. Critical infrastructure and sensitive personal data have received new proposed definitions.
- Critical infrastructure
Annex A to the proposed rule sets out, in two columns, types of infrastructure (Column 1) and types of functions or activities (Column 2). A US business must perform the functions or activities in Column 2 with respect to the infrastructure in Column 1 in order to be a TID US Business—and therefore for an investment in it by a foreign person to be a covered investment.
- Complex treatment for sensitive personal data
Businesses that maintain or collect, directly or indirectly, sensitive personal data of US citizens are within the definition of a TID US Business. But, given that most businesses collect data on individuals, including their own employees, the proposed rule seeks to strike an appropriate balance with respect to national security concerns. “Sensitive personal data” will be defined according to three elements—how it is maintained, the type of business that maintains it and what the data is.
First, sensitive personal data must be identifiable. Encrypted data that cannot be decrypted by the US business is not identifiable, nor is aggregated or anonymized data that cannot be disaggregated or de-anonymized by either the US business or the foreign person.
Second, businesses potentially within the scope of the rule are those that target or tailor products or services to personnel and contractors of any US executive branch agency or military department with intelligence, national security or homeland security responsibilities; those that have maintained or collected sensitive personal data on more than one million individuals at any point in the prior year; and those that have a demonstrated business objective to collect such data on more than a million persons and such data is an part of the business’ primary products or services.
Third, the data must be within specified categories or types: data that could be used to analyze or determine an individual’s financial distress or hardship; certain consumer credit data; certain insurance application data; data relating to an individual’s physical, mental or psychological health; certain non-public electronic communications; geolocation data; biometric information; data stored for generating a state or federal identification card; information relating to an individual’s security clearance or application for one; and certain genetic information. However, data maintained or collected by a US business concerning its own employees is excluded from the definition of sensitive personal data, unless the data pertains to security-cleared employees of US Government contractors.
- Covered transactions in bankruptcy are expressly subject to review
The proposed rule would make clear that a covered control transaction or a covered investment that arises under a bankruptcy proceeding or other form of default on debt is a covered transaction.
- Mandatory declarations
The proposed rule would require declarations for certain investments involving foreign governments. Subject to a carve-out for certain investment funds with foreign-person limited partners, parties to a transaction in which a foreign person is to acquire a “substantial interest” in a TID US Business (defined as voting interest of 25 percent or more) where a foreign government owns a “substantial interest” (defined as a voting interest of 49 percent or more) in that foreign business must file a declaration.
- Voluntary declarations
Parties to transactions that are not required to file a mandatory declaration under either the FIRRMA pilot program or the proposed rule’s mandatory declaration provision will have the option of filing a declaration instead of a notice. As in the pilot program, such declarations are intended to be more concise than a full notice. CFIUS also has 30 days—as opposed to 45 days—from receipt of a complete declaration to take certain actions. These include concluding all action with respect to the transaction, requesting that the parties file a notice or initiating a unilateral review of the transaction.
- Clearer benefit for stipulations
Interim changes to the CFIUS regulations promulgated in October 2018 allowed parties to a transaction to stipulate that it was a covered transaction and, if so, that it was a foreign government–controlled transaction. CFIUS’ guidance stated that providing such a stipulation could streamline certain aspects of the Committee’s review and result in fewer follow-up questions. Under the proposed rule, including a stipulation in a notice will require CFIUS to respond with comments or accept the notice as complete within 10 days of filing. This could reduce the time before the 45-day clock for CFIUS’ review of notices begins to run. It could also shorten the amount of time CFIUS takes to conduct a review.
- Framework for excepted foreign states and investors, but no implementation yet
FIRRMA required CFIUS to adopt policies that could exempt certain investments by foreign persons from review. The proposed rule establishes a framework for this, but it appears as though full implementation will take some time. Under the proposed framework, the Committee will identify certain “excepted foreign states,” but the designation of these states and their publication in the Federal Register may not occur for two years after the effective date of the final rule. Certain potential investors from those excepted foreign states may be considered “excepted investors,” pursuant to which an investment in a TID US Business would not constitute a covered transaction. This exclusion would apply solely to non-control investments, not to covered control transactions involving such persons.
Persons who are nationals exclusively of excepted foreign states (and the US) can qualify as excepted investors, as can foreign governments of excepted foreign states. In the case of business entities, the proposed rule contains a number of requirements that must be met to demonstrate that it and its intermediate and ultimate parent companies have a sufficiently strong connection to an excepted foreign state or the US to be an excepted investor. However, an investor can be disqualified from excepted status if it or any of its parents or subsidiaries have been the subject of certain enforcement actions by CFIUS, the Office of Foreign Assets Control (OFAC), the State Department, the Bureau of Industry and Security or the National Nuclear Security Administration; or if they have been convicted of a felony or entered a deferred prosecution or non-prosecution agreement with the Department of Justice with respect to a felony. Notably, if any of these disqualifying conditions occur within three years of completing the transaction, the transaction will become subject to review, and any member of the Committee can seek to initiate CFIUS review of the transaction.
- Investment funds
The FIRRMA pilot program introduced a clarification regarding certain investment-fund investments in pilot program US businesses. The proposed rule would expand this clarification to any investment in a TID US Business. The clarification would exclude from the scope of covered investments an investment by a foreign person that occurs indirectly through a fund that is managed exclusively by a general partner or managing member that is not a foreign person. For the exclusion to apply, the foreign limited partner must also not have certain control rights as to the fund or fund manager, or any of the non-control rights in the US business (including access to material non-public technical information) that would otherwise render a non-controlling investment in the US business “covered.”
Proposed Part 802
- Introducing “covered real estate transactions”
In addition to providing new rules for “covered investments,” FIRRMA also introduces new rules on “covered real estate transactions,” to be codified at 31 CFR Part 802. The new rules expand the scope of CFIUS jurisdiction to include certain kinds of transactions involving the purchase, leasing or concession to a foreign person of certain private or public real estate in the US, depending on its location. Under the prior rules, CFIUS had jurisdiction only to review an acquisition of real estate if it was part of a transaction that could result in control by a foreign person of a US business, which effectively did not include greenfield investments. Under the new rules, CFIUS would have jurisdiction over certain types of real estate transactions, even where they do not involve a US business.
- “Covered real estate”
Two general categories of real estate are subject to the new rule. The first includes real estate that is, is located within or will function as part of an airport or maritime port. The second category includes real estate that is within certain specified distances from various military installations and other properties of the US government that have national security significance. Facilities with greater sensitivity have a larger zone around them within which covered real estate may fall. The proposed rule identifies the types of facilities that are subject to these various covered zones, and also specifies particular facilities or geographic areas to which the various covered zones would apply in a four-part Appendix to proposed Part 802.
The smallest covered zone in which “covered real estate” may fall in relation to a facility is “close proximity,” or a mile from the boundary of the facility. Certain military installations are subject to an “extended range,” defined as 99 miles from the outer boundary of “close proximity,” or up to 12 nautical miles from the coastline where the extended range falls offshore. In the case of certain military installations (which largely—but not exclusively—fall in very rural areas), entire counties, towns or portions thereof are within the covered zone. Finally, the covered zone of numerous Navy offshore operating areas and ranges extends 12 nautical miles from the coastline.
- “Covered real estate transactions“
Transactions that involve covered real estate are subject to CFIUS jurisdiction if they involve (1) “any purchase or lease by, or concession to, a foreign person of covered real estate, that affords the foreign person at least three of the property rights listed in” the regulations; (2) a change in the rights of a foreign person with respect to covered real estate, if that change could result in the foreign person having at least three property rights listed in the regulations; or (3) any other transaction that is intended to evade CFIUS rules as they relate to real estate.
Applicable property rights include the right to physically access, exclude others, improve or develop, or attach structures or objects to the real estate. At least three of these four rights must exist for the transaction to be covered.
- Excepted real estate transactions
Proposed Part 802, like proposed Part 800, contains provisions that except investments by certain categories of investors associated with an “excepted foreign state” from review. It also excepts certain types of real estate from the definition of “covered real estate.” These exceptions include purchases, leases or concessions involving real estate within an urbanized area or urban cluster; single-housing units; land owned by or held in trust for certain Native American groups; and, under certain conditions pertaining to aggregate foreign ownership or tenancy, office spaces within a multi-unit commercial office building. They also include leases or concessions (but not sales) of real estate that falls within airports or maritime ports and is exclusively usable for retail trade, accommodation or food service establishments. Furthermore, to avoid multiple filing requirements, a real estate transaction that is also a covered transaction under Part 800 is excepted from proposed Part 802.
- Declarations optional for covered real estate transactions
Parties to a covered real estate transaction may file a declaration, but there is no mandatory declaration provision in proposed Part 802.
- No fees yet
FIRRMA authorized CFIUS to assess fees in connection with filings. The proposed rules do not include any provisions for fees.
Dentons’ Federal Regulatory and Compliance team continues to monitor the FIRRMA rulemaking process.
About Dentons
Dentons is the world’s first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world’s largest law firm, Dentons’ global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries