CFIUS’s Enforcement Authorities, Jurisdiction Over Real Estate Transactions Broadens
By Jaclyn Jaeger
The U.S. Department of Treasury, in two recently issued final rules, continues to refine and broaden the review and enforcement authorities of the Committee on Foreign Investment in the United States (CFIUS), including drastically raising monetary penalties for noncompliance.
The implications and significance of the final rules together cannot be overstated, as they broaden not only CFIUS enforcement authorities but also its jurisdiction in such a way that places many more transactions and transaction parties within the scope of its review.
This article highlights key provisions in the final rules, recent updates to CFIUS’s enforcement authorities, and practical risk mitigation lessons for foreign investors and U.S. businesses engaging in covered transactions.
CFIUS background
As an interagency body chaired by the Treasury Department, CFIUS has authority under Section 721 of the Defense Production Act to review certain foreign direct investments into the United States to determine whether they pose a national security risk. Under CFIUS’s jurisdiction, it may review:
• mergers, acquisitions, and takeovers by or with any foreign person that could result in foreign control of a U.S. business;
• certain noncontrolling investments by a foreign person in U.S. businesses involved in critical technologies, critical infrastructure, or sensitive personal data; and
• certain real estate transactions.
Notifying CFIUS of a covered transaction remains voluntary in most cases. The incentive for doing so is to receive a “safe harbor” from CFIUS, which limits the risk of CFIUS review once the transaction has cleared. Non-notified transactions could still be subject to CFIUS review once a deal closes.
Furthermore, CFIUS may enforce risk mitigation measures or even recommend to the President to block or order divestment of a transaction if CFIUS determines that mitigation of an identified national security risk is not adequate or appropriate. “If you get clearance, those post-closing actions are essentially off the table,” Akin partner Christian Davis told ACI Insights.
In-Person and Livestream Options Available
The Country’s Flagship Conference on New, Expanded Scope and Scrutiny of Foreign Direct Investments
In certain limited circumstances, filing a declaration with CFIUS is mandatory before closing a deal. This applies to covered transactions where a foreign government acquires a “substantial interest” in U.S. businesses that are involved with “critical technologies, critical infrastructure, or sensitive personal data;” and for covered transactions involving certain U.S. businesses that “produce, design, test, manufacture, fabricate, or develop one or more critical technologies.”
Evolving enforcement authorities
CFIUS’s enforcement authorities have continued to evolve over the years and will expand once again under a final rule issued by the Treasury Department on Nov. 26, 2024. Key provisions of that rule, which take effect on Dec. 26, 2024, are covered below.
Drastically increased higher maximum penalties. Monetary penalties resulting from a material misstatement, omission, or false certification increase from $250,000 to up to $5 million per violation. Penalties for a “material provision of a mitigation agreement” also drastically increase up to the greatest of $5 million; the value of the person’s interest in the U.S. business (or its parent) at the time of the transaction; the value of the person’s interest in the U.S. business (or its parent) at the time of the violation; or the value of the transaction filed with CFIUS.
The Treasury Department reasoned in the final rule that a higher maximum penalty for covered transactions would be more effective at deterring future violations. Additionally, it reasoned that the low transaction value of some transactions makes it an “inadequate cap for an appropriate penalty.” It further stated that each penalty will continue to be assessed based on “the nature of the violation” and “aggravating and mitigating factors surrounding the conduct” will continue to be considered.
The final rule affords parties up to 20 business days to submit a petition for reconsideration to CFIUS in response to a penalty notice, “including a defense, justification, or explanation for the conduct to be penalized.” CFIUS will then issue a final penalty determination within 20 business days of receipt of the petition.
Broader information requests. The final rule gives CFIUS authority to request and compel information not just from transaction parties but from “other persons” outside a transaction, to determine whether a transaction is a covered transaction; whether it raises a national security risk and, thus, needs CFIUS review; and whether a mandatory declaration should have been submitted.
Timothy Keeler, a partner at Mayer Brown and co-leader of the firm’s international trade practice told ACI Insights that the provision “clarifies the breadth CFIUS’s administrative subpoena authority to seek information from third parties of a transaction, including financial institutions.” Specifically, the Treasury Department stated in the final rule that it can envision seeking information from “banks, underwriters, or service providers to transaction parties.”
This provision “provides a means for CFIUS to obtain all the information it needs even if there are uncooperative parties to a transaction,” Keeler added. Requests for information can pertain to notified transactions or non-notified transactions.
Limited timeframe for responding to a mitigation proposal. Another significant provision in the final rule is that it gives the CFIUS staff chairperson discretion to impose a timeframe of “no fewer than three business days” for transaction parties to respond to a mitigation proposal for matters under investigation. This was the only significant change from the proposed rule, which originally explicitly specified a three-business day timeframe.
In exercising discretion, the staff chairperson may consider “the nature of the transaction, the time remaining in the investigation, and the transaction parties’ past responsiveness, among other factors,” the final rule states.
“Limitations on the time to respond to mitigation is problematic for parties because often you need more time to negotiate mitigation agreements,” Davis said. Some expressed this concern in the public comments.
CFIUS reasoned in the final rule that the timeframe for responding to a mitigation proposal is warranted due to instances in which transaction parties have been “relatively less motivated to respond promptly to a mitigation proposal.”
When parties go through a preclearance with CFIUS before closing a transaction, “they’re plenty incentivized to move quickly in a negotiation,” Keeler said. However, this is not always the case, leading some parties, intentionally or not, to slow-walk negotiations, he said.
The implications of the final rule are all the more significant when considered alongside the findings from CFIUS’s 2023 annual report to Congress. That report highlighted that CFIUS issued four civil monetary penalties for breaches of material provisions in mitigation agreements in 2023 — “double the number of penalties issued in CFIUS’s nearly 50year history,” according to the Treasury Department.
“We are more focused than ever on diligence, compliance, and enforcement of CFIUS authorities while improving efficiencies in our review of cases,” stated Assistant Secretary of the Treasury for Investment Security Paul Rosen.
