Treasury Issues Final CFIUS Regulations And Guidance On National Security Considerations

On November 14, 2008, the U.S. Department of the Treasury issued final regulations implementing the Foreign Investment and National Security Act of 2007 ("FINSA"), the statute that reforms the process by which the interagency Committee on Foreign Investment in the United States ("CFIUS") conducts national security reviews of mergers, acquisitions or takeovers of U.S. businesses by foreign persons. On December 8, 2008, Treasury published guidance regarding the types of transactions that CFIUS has reviewed that have presented national security considerations. Overall, the clear message of the final regulations and the guidance is that CFIUS will maintain broad discretion to conduct national security reviews of foreign investment on a case-by-case basis.

Final Regulations

The final regulations largely incorporate the proposed regulations issued in April, but do include some significant changes based on public comments from the trade community. Procedurally, the regulations clarify pre-filing procedures, revise information requirements and confirm the penalty structure for violations. Substantively, they provide guidance on the concept of "control" to clarify the scope of CFIUS jurisdiction, while maintaining broad definitions of key terms, such as "critical infrastructure" and "foreign government-controlled transactions," to afford CFIUS flexibility to review national security considerations on a case-by-case basis.

Procedural Issues


The proposed regulations made explicit the practice of encouraging parties to engage in pre-filing consultations with CFIUS. Some commenters requested more guidance on expectations for this pre-notification phase.

Although Treasury left the proposed regulations unchanged on this point, the preamble to the final regulations describes circumstances in which pre-filing consultations may be helpful, such as when a party has not previously submitted to CFIUS review. Specifically, Treasury recommends that parties inform the staff chairperson of the transaction and the date the notice may be filed, request a meeting with CFIUS staff, and provide a draft of the voluntary notice. The final regulations extend confidential treatment to all pre-filed information.

Information Requirements

Several commenters argued that the additional information requests in the proposed regulations were onerous and would discourage parties from voluntarily notifying transactions. Others found unreasonable the requirement that parties reply to follow-up requests from CFIUS within two business days.

The final regulations maintain many information requirements introduced by the proposed regulations, including questions about priority-rated contracts of the U.S. business, U.S. government licenses granted to the U.S. business and the foreign person's plans with respect to the U.S. business. However, the final regulations also clarify and narrow the scope of other information requirements. For example, they seek more generalized information on the value of the transaction and clarify the individuals for whom parties must submit biographical and other personal identifier information. Additionally, the final regulations ask parties to identify contracts over the past three years with U.S. government agencies with homeland security, national defense and national security responsibilities, instead of requiring information on all U.S. government contracts for this period. The final regulations extend the response time for follow-up requests to three business days.


FINSA and the proposed regulations provide for civil penalties of up to $250,000 per violation for intentional or grossly negligent submission of material misstatements or omissions in a notice or submission of a false certification. Violations of mitigation agreements may also result in civil penalties of up to $250,000 per violation or the value of the transaction. Treasury resisted calls to set a ceiling for penalties, noting that CFIUS retains the discretion to impose lower penalties, depending on the nature of the violation. The final regulations still afford parties the opportunity to challenge any decision to impose a penalty.

Substantive Issues

Covered Transaction

FINSA authorizes CFIUS to review "covered transactions," meaning mergers, acquisitions or takeovers that could result in foreign control of a U.S. business (any entity engaged in interstate commerce, but only to the extent of its activities in interstate commerce) to evaluate the effects of such transactions on U.S. national security. The final regulations make no substantive changes to the definition of "covered transaction," but clarify the scope of CFIUS jurisdiction in other provisions.

Treasury rejected calls to exclude 50/50 joint ventures from the definition of a covered transaction, concluding that such a joint venture is a covered transaction because both the U.S. and foreign partners would have equal control over the U.S. business. On the other hand, the final regulations confirm that greenfield investments are not covered transactions and further exempt asset acquisitions from this definition to the extent that the assets do not constitute a U.S. business. They also clarify that lending transactions are not covered transactions unless the foreign person acquires financial or governance rights characteristic of an equity investment. With respect to the so-called safe harbor for acquisitions of 10 percent or less of a U.S. company's voting securities that existed pre-FINSA, the final regulations clarify that such a transaction is not a covered transaction only when it is "solely for the purpose of passive investment." In adding the word "passive," the final regulations instruct that the exemption does not apply if the foreign person intends to gain control over the U.S. person. A new provision in the final regulations also confirms that incremental acquisitions of covered transactions previously cleared by CFIUS will not be considered new covered transactions.


With the proposed regulations, Treasury preserved the pre-FINSA functional concept of control, defining it as the ability to "determine, direct, or decide important matters affecting an entity." The proposed regulations provided several examples of "important matters," including major expenditures and the appointment or dismissal of officers. While the proposed regulations granted CFIUS broad discretion to conduct national security reviews, they provided some limitations on CFIUS's jurisdiction by identifying certain minority shareholder protections deemed insufficient to confer control over an entity. While most commenters appreciated CFIUS's need to retain flexibility in conducting its national security review, many recommended that the final regulations refine the concept of "control" to enhance the certainty of the process for foreign investors.

Like the proposed regulations, the final regulations eschew bright-lines as a threshold for control. Instead, CFIUS will continue to evaluate control on a case-by-case basis, considering such factors as the level of ownership interest and the rights that flow from ownership. Although the final regulations do not expand the list of important matters exemplifying control, they provide examples of influence that do not rise to the level of control, such as when a foreign person with a 13 percent interest in a U.S. business and several minority shareholder protections has no rights beyond appointing one of seven board members. The final regulations also add to the nonexclusive list of minority shareholder protections deemed insufficient to constitute control, with examples centered on rights that protect investment expectations and do not affect strategic business decisions or management. Finally, the final regulations illustrate CFIUS's focus on "control" versus ownership structure, offering examples that demonstrate how a limited partner's control of a partnership and a fund operated by that partnership depends on his ability to decide important matters affecting the entities.

Critical Infrastructure

FINSA presumes that transactions involving "critical infrastructure" implicate national security and, therefore, require stricter scrutiny, usually a 45-day investigation following the initial 30-day review. FINSA designated "major energy assets" as the only example of critical infrastructure. Despite expectations that Treasury would clarify FINSA's definition of "critical infrastructure," the proposed regulations generally mirrored the statutory definition, covering "systems and assets, whether physical or virtual, so vital to the United States that the[ir] incapacity or destruction . . . would have a debilitating impact on national security." The final regulations continue this case-by-case approach and avoid designating any class of systems or assets as falling under this definition or otherwise providing any examples of assets that qualify.

Foreign Government-Controlled Transactions

FINSA creates a heightened level of scrutiny for "foreign government-controlled transactions," which the proposed regulations defined as "any covered transaction that could result in control of a U.S. business by a foreign government or a person controlled by or acting on behalf of a foreign government." Several commenters observed that the broad definition of "control" could result in an arbitrary application of this concept and asked Treasury to further clarify the meaning of "foreign government-controlled transaction." In particular, comments from Chinese government and business entities argued that the definition was over-inclusive and discriminatory. The final regulations leave the definition of "foreign government-controlled transaction" unchanged.

CFIUS Guidance

Recognizing that FINSA does not define "national security," Treasury's guidance provides an illustrative list of covered transactions reviewed by CFIUS, both pre- and post-FINSA, that have presented "national security considerations" (facts and circumstances having potential national security implications). National security considerations raised by these transactions generally relate to: (1) the nature of the U.S. business, and/or (2) the nature of the foreign person acquiring control. Treasury makes clear that transactions falling under one or both of these categories do not necessarily pose a "national security risk" (whether the foreign person might take action that threatens to impair U.S. national security) but may implicate national security factors that CFIUS considers.

Under the first category, Treasury notes that transactions involving U.S. businesses with government contracts raise national security considerations. Transactions involving U.S. businesses with operations, products or services relevant to national security, irrespective of government contracts, also fall under this category and include those related to the energy, transportation, or financial sectors; U.S. critical infrastructure; the production of advanced technologies; and activities subject to U.S. export controls.

Under the second category, Treasury identifies transactions that present national security considerations based on the track record or intentions of the foreign person with respect to actions that could impair U.S. national security. For foreign government-controlled transactions, which are presumed to raise national security considerations, CFIUS considers, among other factors, the record of the country of the investor regarding nonproliferation and other national security-related matters. Moreover, the guidance indicates that CFIUS will take into account a variety of circumstances that may lessen the significance of foreign government control in a transaction, including the degree to which the investor's decisions are made on purely commercial grounds; the extent to which the investor's management decisions are independent from government control; and the investor's transparency with respect to investment objectives, institutional arrangements and financial information.


While the final regulations do not depart significantly from the proposed regulations, they incorporate some changes suggested by the comments and reflect Treasury's efforts to protect national security interests while encouraging foreign investment. Treasury's guidance underscores CFIUS's discretionary approach to national security review, while providing some visibility into the circumstances that have presented national security considerations. Both the final regulations and the guidance make clear that even as CFIUS carries out its responsibilities in the context of an open investment policy, it will conduct its national security review and determination according to the specific facts and circumstances of particular cases.

Published .