Will Proposed Law Improve CFIUS’s Ability to Protect National Security?

The Committee on Foreign Investment in the United States (CFIUS) aims to block or mitigate foreign investment in the U.S. that could endanger our national security. At the same time, CFIUS is directed not to restrict overall foreign inbound investment unduly. Is CFIUS meeting those potentially conflicting goals? If not, are there changes that would improve the committee’s performance?

The leading legislative proposal—the Foreign Investment Risk Review Modernization Act of 2017 (“FIRRMA”)—would address a number of CFIUS’s shortcomings. Unfortunately, however, the bill would create at least two significant new problems. The first is the needless erection of a second U.S. export control system that would be broader and less expert-driven than the existing one. The second is expansion of the committee’s jurisdiction to cover a broad range of outbound investment by U.S. firms.

The U.S. government long has encouraged foreign direct investment in this country. Foreign investment here accounts for nearly 5 percent of U.S. private output, and U.S. firms with majority foreign ownership employ nearly seven million workers (U.S. Dep’t. of Commerce, Economics and Statistics Admin., “Foreign Direct Investment in the United States” 6 (Oct. 3, 2017)). Such entities account for more than 15 percent of U.S. research and development spending and 23 percent of U.S. exports of goods (Id. at 2). With statistics like these, it’s no wonder that we encourage foreign investment here.

But foreign investment can have a darker side. It can give foreign investors and their governments access to some of our crown jewels—sophisticated technology with potential military applications, personal information that could be used for nefarious purposes, and access to such critical elements of our infrastructure as our electric power grid, to name a few.

The government’s method for distinguishing between “good” and “bad” foreign direct investment is prescribed by the Exon-Florio Act. The mechanism operates through CFIUS.

The CFIUS process

The statutory voting members of CFIUS are seven cabinet departments—Treasury (chair), Homeland Security, Commerce, Defense, State, Justice, and Energy (50 U.S.C. § 4565(k)(2) (Supp. III 2015)). Additional statutory members are one non-voting department (Labor), the non-voting Director of National Intelligence, and any other entity that the President may designate (Id). Seven units of the Executive Office of the President currently are designated as members or participants (Exec. Order No. 11858, § 3, reprinted at 50 U.S.C. § 4565 note (Supp. III 2015)).

The threshold question for parties to a transaction with a foreign or foreign-owned acquirer is whether it is a “covered transaction”—that is, a “merger, acquisition, or takeover … by or with any foreign person which could result in foreign control” of a U.S. entity engaged in interstate commerce (50 U.S.C. §4565(a)(3) (Supp. III 2015)). There are exclusions for transactions involving passive investments of less than ten percent, stock splits, certain loans, and the like (31 C.F.R. §§ 800.302-.303 (2017)).

The parties to a covered transaction must decide whether to file with CFIUS. Exon-Florio does not require filing, either before or after a covered transaction has been consummated (See id. § 800.401(a)). It does, however, offer a carrot and a stick to encourage voluntary pre-closing submission to the CFIUS process.

The stick is that if a covered transaction has not been through the process, it perpetually is in peril of a presidential order unwinding the deal (50 U.S.C. § 4565(d) (Supp. III 2015)). Such an action after a transaction has closed—especially months or years afterward—likely would be catastrophic.

The carrot is that absent (1) the submission of false, misleading, or incomplete information in connection with the CFIUS review or (2) a breach of CFIUS-imposed conditions, a transaction that has cleared CFIUS cannot be subjected to Exon-Florio-based blocking or unwinding at a later time (Id. § 4565(b)(1)(D) (by implication); 31 C.F.R. § 800.601 (2017)).

If the parties decide to file, they typically will consult with the CFIUS staff before formally instituting the process (See 31 C.F.R. § 800.401(f) (encouraging pre-filing consultation). The actual notice must contain extensive information about—

• the parties, including their most recent annual reports;
• the proposed transaction, including the purchase-and-sale documents;
• the assets being acquired;
• the anticipated value of the transaction;
• the target entity’s contracts with and sales to the U.S. government;
• the target entity’s products or technology subject to U.S. export controls; and
• the acquiring party’s owners, directors, and relationship, if any, to a foreign government (Id. § 800.402).

If the transaction is determined to be a covered transaction—a decision ordinarily made by the CFIUS staff at the Treasury Department—the basic criterion for the committee’s review is whether the foreign acquirer “might take action that threatens to impair the national security.” Id. § 800.501(a)(1). Exon-Florio sets out a non-exclusive list of considerations for the committee. These include:

• Whether the deal is a foreign government-controlled transaction.
• Any effect of the transaction on the ability of domestic industries to satisfy national defense production needs and the effect of foreign control of such industries.
• The potential effects of the transaction on sales of military items to problem countries.
• The potential effects of the transaction on U.S. critical technologies, critical infrastructure, and international technological leadership.
• The U.S. relationship with the acquirer’s country (particularly where the transaction is foreign government-controlled), with emphasis on that country’s record on nonproliferation, technology diversion, and counterterrorism.
• Whether the proposed transaction has implications for U.S. energy needs.
• Any other factors that CFIUS considers appropriate (50 U.S.C. § 4565(f) (Supp. III 2015)).

Once the notice is accepted by the committee staff, the CFIUS agencies begin a thirty day “review” period (31 C.F.R. § 800.502 (2017)). If any CFIUS member requests an investigation, or the deal is a foreign government-controlled transaction, or the acquisition would lead to foreign control of critical infrastructure, the matter ordinarily will proceed to the forty-five day “investigation” stage (50 U.S.C. § 4565(b)(2)(B), (D)(i) (Supp. III 2015); 31 C.F.R. § 800.503 (2017)). A committee decision not to proceed to the investigation stage ends CFIUS consideration of the transaction (31 C.F.R. § 800.504 (2017)).

The investigation stage is where difficult cases typically are addressed and resolved. This stage can include intense discussions within CFIUS, as well as between CFIUS representatives and the parties, about whether the transaction should be allowed to proceed and, if so, whether clearance should be conditioned upon mitigation or restructuring. In some cases, forty-five days isn’t sufficient and the parties are asked to withdraw and refile—an action that restarts the seventy-five day clock for review and investigation at zero (See id. § 800.507(a), (c)).

At the conclusion of an investigation, if CFIUS believes that a transaction should be blocked or cannot decide that issue, the matter is sent to the President for final decision (Id. § 800.506). In practice the latter condition almost never occurs, as presidents generally don’t like to receive “split recommendations.” Where an internal division exists, there is pressure to reach a unanimous decision or develop mitigation that will resolve the issue.

The President may prohibit any transaction as to which he finds credible evidence that (1) national security is threatened and (2) provisions of law other than Exon-Florio and the International Emergency Economic Powers Act, 50 U.S.C. §§ 1701-1706 (2012), will not provide adequate protection (50 U.S.C. § 4565(d) (Supp. III 2015)). The President has fifteen days to announce a decision (Id.) and the statute provides that his action is not subject to judicial review (Id. § 4565(e)).

Importantly, CFIUS takes the position that it can impose conditions on the withdrawal of a notice, whether or not the parties refile or plan to do so (31 C.F.R. § 800.507(c)(1) (2017); see 50 U.S.C. § 4565(l)(2)(A) (Supp. III 2015) (by implication)). That is, although filing a notice is voluntary, parties who do file may have conditions imposed on them even if they ultimately do not see the CFIUS process through to conclusion. The extent of CFIUS’s authority to impose conditions is unclear and CFIUS has in some cases imposed onerous conditions even where the parties decided not to proceed with the transaction. Parties take this risk into account in deciding whether they should file or take their chances on a presidential unwinding order at some future time.

Shortcomings of the Current CFIUS Process

While serving as Under Secretary of Commerce for Industry and Security (2010-17), I participated in many CFIUS deliberations and was involved intimately with the CFIUS process. While practicing law from 1981 until 2010, I experienced the process from the outside as well. I see a number of shortcomings in the existing process.

For one thing, CFIUS simultaneously is too broad and too narrow. It’s too narrow in that it doesn’t cover “greenfield” transactions—that is, transactions that don’t involve foreign acquisition of an existing U.S. entity. For example, if a foreign entity wishes to buy a U.S. company located just outside a critical military base so that it can, say, install electronic listening devices there, the purchase is subject to Exon-Florio. See
Ralls Corp. v. Committee on Foreign Investment in the United States, 758 F.3d 296 (D.C. Cir. 2014). If, on the other hand, the same foreign entity purchases a vacant parcel of land in the same location, builds a new structure, and installs electronic listening devices, Exon-Florio does not apply. The same is true where a foreign entity establishes a new business rather than acquiring an existing one, even if that new business is going to engage in, say, high technology manufacturing.

Although the CFIUS annual report addresses whether there is evidence of coordinated strategies for technology acquisition, (see, e.g., Committee on Foreign Investment in the United States, Annual Report to Congress (2015) (public/unclassified version) (“2015 Report”) at 27-31), that review is retrospective (31 C.F.R. § 800.209 (2017)). In its day-to-day review process, however, CFIUS examines each individual transaction without reference to other transactions that might be related. A particular acquisition may appear benign when examined in a vacuum but look considerably less innocent when considered as one of a series of similar transactions. By looking only at individual deals, one at a time, and not at potentially related transactions as a whole, CFIUS may be examining the trees while overlooking the forest.

Some argue that CFIUS’s charter should be extended to cover situations where the foreign party does not acquire “control” of the U.S. target—for example, transactions where the foreign party acquires a minority interest that is less than controlling and the establishment of joint ventures between foreign and U.S. entities. It’s also been suggested that CFIUS should be authorized to examine such joint ventures when they will be doing business entirely outside the U.S., at least in instances where technology transfer might be part of the arrangement.

CFIUS “focuses solely on any genuine national security concerns raised by a covered transaction, not on other national interests” (Guidance Concerning the National Security Review Conducted by [CFIUS], 73 Fed. Reg. 74567, 74568 (Dec. 8, 2008) (“Guidance”)). Some say, though, that CFIUS should look at broader concerns, such as acquisitions that might affect the U.S. economy adversely even where they don’t raise traditional “national security” issues.

But expanding CFIUS’s portfolio in this manner might jeopardize the United States’s contention that Exon-Florio comes within the “essential security” exception to such pacts as the General Agreement on Tariffs and Trade, the World Trade Organization, and numerous bilateral treaties of friendship, commerce, and navigation (See, e.g., James Mendenhall, “The Evolution of the Essential Security Exception in U.S. Trade and Investment Agreements,” in Sovereign Investment: Concerns and Policy Reactions 346-47 (Karl P. Sauvant et al. eds. 2012)).

At the same time, CFIUS is in some respects too broad. The CFIUS statute doesn’t define “national security.” Neither do the implementing regulations (31 C.F.R. pt. 800 (2017)). The extensive statutory list of considerations is only illustrative (50 U.S.C. §4565(f) (Supp. III 2015) (“may … consider”)), and the final item on the list is “such other factors as [CFIUS] may determine to be appropriate, generally or in connection with a specific review or investigation,” (id. §4565(f)(11)).

The phrase thus is almost infinitely expandable to cover situations with few if any implications for national security as the term commonly is understood. The official CFIUS stance is that its review is narrow in scope (Guidance at 74568 (“narrow focus on national security alone”)), but in practice, “national security” means whatever the agency members of CFIUS decide in a given case.

For example, some agencies have recommended that CFIUS block proposed purchases of agricultural producers, on the theory that a foreign owner might poison the American public. Surely there are easier ways to introduce poison into our food, air, or water if someone wishes to do that.

I recall one case where a security agency gave as a reason for blocking the transaction the fact that one party had voluntarily disclosed some middling export control infractions. Ironically, the senior official pressing that argument had come into the government from a major company that recently had paid a large fine for more egregious export control violations.

In another case, the agency opposing an acquisition cited as a negative that an individual involved in the transaction had served in his nation’s army. Given that most young people in the individual’s country—one of many U.S. allies that has conscription—serve in the military, it wasn’t much of an argument, yet it was propounded as evidence that the purchase would threaten our national security.

The CFIUS process sometimes focuses on a transaction because something about it seems unorthodox to a member agency. Such an element may raise a legitimate national security caution flag but it also may reflect commercial or tax considerations that are no concern of CFIUS. Unfortunately, those who participate in CFIUS deliberations sometimes lack an in depth understanding of corporate transactions or of the potentially legitimate aims of the transaction under review. That makes it difficult to determine whether the seemingly unorthodox element raises legitimate national security concerns.

This problem is compounded by two other aspects of the process. The statute allows thirty days for the initial review, forty-five days for an investigation (if one is conducted), and fifteen days for presidential consideration. 50 U.S.C. § 4565(b), (d) (Supp. III 2015). This is too short for tough cases.

Moreover, notification to parties only “upon completion of all action,” (id. § 4565(b)(6)), frequently comes too late to allow responsive revision of the transaction before the case must go to the President for decision. The result can be rushed consideration by the agencies and last-minute requests that parties withdraw and refile in order to give CFIUS sufficient time to do the job right. In 2016 CFIUS adjusted its informal internal procedures to (1) bring potentially problem cases to the attention of presidentially appointed officials earlier in the process and (2) let the parties know sooner what concerns are being expressed within the committee. These are positive changes that should be retained.

Another shortcoming is that CFIUS’s confidentiality provisions (id. § 4565(c)), make it difficult to consult with allied governments about proposed transactions that partially occur in those countries or could have a material effect there. Such consultations can help inform CFIUS about the transaction as well as give the U.S. and its allies the ability to harmonize their handling of the case if they desire to do so.

The CFIUS statute envisages mitigation as an alternative to blocking a transaction altogether. Id. § 4565(l). Mitigation that consists of, say, dropping one element of a transaction or selling part of the target company to a more acceptable purchaser ordinarily doesn’t require ongoing monitoring and hence doesn’t raise resource issues. But mitigation that involves establishing trustee arrangements or internal monitors requires continuing oversight by the government. That in turn requires the use of government resources to monitor compliance with the mitigation conditions.

The lack of funding for monitoring is a significant disincentive to using the latter type of mitigation as an alternative to blocking. Even the Defense Department, despite spending more than $400 million annually on military bands (see Ellen Mitchell, “The Pentagon’s Battle of the Bands,” Politico, May 22, 2016, https://www.politico.com/story/2016/05/pentagons-bands-battle-223435 (visited Dec. 1, 2017)), routinely pleads poverty when the issue arises. The CFIUS executive order states only that the lead/monitoring agency “shall seek to ensure that adequate resources are available for such monitoring” (Exec. Order No. 11858, §7(d), reprinted at 50 U.S.C. § 4565 note).

The Proposed Foreign Investment Risk Review Modernization Act

When considering possible fixes for CFIUS, one must remember that ours is a relatively open society. Consequently, there are many and varied means of collecting information, gaining proximity to military installations, and the like. For example, the Department of Homeland Security recently expressed concern that commercial drones, manufactured in China and used here in activities such as monitoring civilian infrastructure, might be transmitting the information they collect to the Chinese government (Paul Mozur, Drone Maker From China Clashes With U.S. Over Data, N.Y. Times, Nov. 30, 2017, at B1). And Senator John Cornyn (R-Texas), who’s sponsoring legislation to expand CFIUS’s jurisdiction (discussed below), readily concedes that intellectual property is stolen through means such as cyber theft as well as through corporate transactions, and that “CFIUS is only part of the answer” (Sen. John Cornyn, Keynote Address, “Implications of China’s Growing Power for the U.S.,” Center for Strategic and International Studies (Nov. 14, 2017) (Q&A following prepared remarks), https://www.csis.org/analysis/morning-keynote-implications-chinas-growing-power-us (visited Dec. 5, 2017) (“Cornyn Keynote Address”)). Accordingly, it’s a tall order to expect any legislation or regulations to make illegal, let alone prevent, every potential national security risk.

Several bills to revise the CFIUS process are pending in Congress. The leading measure was introduced Nov. 8, 2017, by Sen. Cornyn with nine bipartisan co-sponsors: Foreign Investment Risk Review Modernization Act, S. 2098, 115^th Cong. (2017) (“FIRRMA”). A House counterpart, H.R. 4311, was introduced the same day by Rep. Robert Pittenger (R-N.C.) with six bipartisan co-sponsors.

FIRRMA would address some CFIUS shortcomings. Regrettably, it would create several new problems that could have an adverse effect on outbound as well as inbound investment.

The bill would broaden the definition of “covered transaction” to include not only mergers, acquisitions, and takeovers by foreign parties but also such “greenfield” and other transactions as—

• purchases or leases of real estate near military or other sensitive facilities in the U.S.;
• non-“passive” investments in U.S. “critical technology” or “critical infrastructure” entities, even if insufficient to constitute “control” and even if as limited as the right to nominate one member to a large corporate board of directors; and
• contributions by U.S. critical technology companies of intellectual property and “associated support” to foreign persons, regardless of the type of business arrangement (aside from “an ordinary customer relationship”) and regardless of whether the arrangement involves doing business within the United States (FIRRMA § 3).

The first proposed expansion is a positive step that would overcome part of the “brownfield” limitation of the existing CFIUS coverage. As pointed out above, it makes no sense to restrict foreign purchases of existing entities located near national security facilities while at the same time placing no limitations on foreign creation of new entities in the identical locations.

The second proposed expansion—to non-passive investments in critical technology companies, even where the investments don’t constitute “control”—assumes incorrectly that our export control system is ineffective. Even where a foreign person assumes control of a U.S. entity, the export control rules continue to apply in full force. The fact of ownership does not entitle a foreign person to gain access to technology that requires a license for export to the owner’s home country. Given the influences that can accompany control, however, CFIUS often decides that export controls alone may be insufficient protection. In a control situation, that can be reasonable. But where the investment doesn’t meet the broad definition of “control”—namely, “the power, direct or indirect, … to determine, direct, or decide important matters affecting an entity,” (31 C.F.R. § 800.204(a) (2017))—it seems questionable to assume that the U.S. company will risk the draconian sanctions under our export control rules by giving a foreign investor access to restricted technology.

Remember, blocking foreign investment is not cost free. It deprives U.S. companies of needed capital and deprives Americans of the opportunity to work at such companies. Even putting aside the needless duplication and expansion of our export controls that the bill would create (discussed below), authorizing CFIUS to block investments that won’t give the foreign party control of the target company may be a bridge too far.

Note that the term “critical technology company” would include not only businesses that develop, produce, manufacture, or design critical technology but also those that trade in, test, or service such technologies (FIRRMA § 3). Thus, the second proposed expansion would cover, for example, a non-controlling foreign investment in a computer servicing business that merely repairs such items or a distributor of consumer electronics who doesn’t even remove them from their packages. This definition would cover an immense number of enterprises, including many small businesses that have only a marginal involvement with critical technology.

The third proposed expansion of “covered transaction” would take CFIUS far beyond its traditional role of regulating inbound foreign investment. It would reach joint ventures, licensing, and other arrangements involving U.S. critical technology companies where “intellectual property and associated support” will be provided to a foreign person, even if the transferred property or support doesn’t include any “critical technology.” As one knowledgeable industry observer has put it, “A system of technology control that stops American firms from doing business abroad will not advance national security interests if it simply hands markets to foreign competitors—many of whom are equally adept in advanced technologies” (Letter from Christopher A. Padilla, Vice Pres., Government and Regulatory Affairs, IBM Corp., to U.S. Senators John Cornyn, Diane Feinstein, and Richard Burr (Nov. 9, 2017), at 1 (copy in author’s possession)). This vast expansion of CFIUS’s portfolio would cover a host of data and services that the government has concluded need not be subject to export controls. As such, its burden would outweigh substantially any protection it might offer our national security.

These problems with the second and third expansions would be compounded by the bill’s creation of a parallel export control system that is broader than the existing one. Under FIRRMA, “critical technology” would include not only technology subject to existing export controls but also any other technology that CFIUS thinks should be controlled.

Our export control system is administered by the Commerce, State, and Energy departments, plus the Nuclear Regulatory Commission; certain toxins and agents are controlled by the Agriculture and the Health and Human Services departments (7 C.F.R. pt. 331 (2017) (Agriculture); 9 C.F.R. pt. 121 (2017) (same); 10 C.F.R. pts. 110 (NRC), 810 (Energy) (2017); 15 C.F.R. pts. 770-774 (2017) (Commerce); 22 C.F.R. pts. 120-130 (2017) (State); 42 C.F.R. pt. 73 (2016) (HHS)). The Defense Department is intimately involved in the administration of the Commerce, State, and Energy controls, including decisions on which technology should be controlled.

These controls occupy more than 1100 pages of the Code of Federal Regulations and include an excruciating amount of technical detail. They reflect extensive technical and policy consultations among a host of agencies and, in many instances, with friendly foreign governments as well. Those consultations determine which technology is of sufficient national security concern to warrant export controls. Perforce, a decision not to control particular technology reflects a considered determination, by experts in the career civil service, that the technology either lacks national security implications or is so widely available that controls would be ineffective. As the Supreme Court has noted, “[s]anctions are drawn not only to bar what they prohibit but to allow what they permit.” Crosby v. National Foreign Trade Council
, 530 U.S. 363, 380 (2000).

Our existing export controls are of daunting breadth and complexity. Even more important, they reflect careful calibration of which technologies merit control. FIRRMA would upend this system, however, by expanding the list of “critical technologies” to include “emerging technologies” that CFIUS, which lacks technical expertise, thinks may have national security implications (See FIRRMA § 3). CFIUS shouldn’t tread where the technical experts who staff our export control agencies will not.

Sen. Cornyn contends that having CFIUS add to the list of controlled technologies is necessary because multilateral controls (i.e., those agreed upon with our allies) can’t keep up with rapid technological development (Cornyn Keynote Address). But the existing U.S. export control system needn’t await multilateral agreement before adding a control; indeed, it already contains numerous unilateral controls (See, e.g., 15 C.F.R. § 738.2(d) (2017) (explaining how to distinguish between unilateral and multilateral control entries on Commerce Control List)). Moreover, the Obama administration’s Export Control Reform initiative made it quicker and easier to impose interim controls on emerging technologies while the executive branch decides how they should be controlled for the longer term (77 Fed. Reg. 22191 (Apr. 13, 2012) (creating new Commerce Control List entry 0Y521 for temporary controls)).

Moreover, the current CFIUS caseload is several hundred cases a year (E.g., 2015 Report at 17 (387 cases over a three-year period)). Adding all cases of outbound investment by “critical technology” companies involving the transfer of “intellectual property” that may not be subject to export controls, plus inbound investments that do not come within the broad existing definition of “control,” would vault that caseload into the thousands or tens of thousands.

CFIUS already has difficulty getting its work done in a timely manner. FIRRMA would authorize—but not actually fund—additional resources (FIRRMA § 19). Given the current appropriations climate, it is unrealistic to expect that CFIUS would receive sufficient resources to address its expanded caseload in timely fashion. As a result, many transactions as to which there is no substantive concern may founder because of the long waiting periods that will result.

The legislation would not alter the voluntary character of notification to CFIUS but would retain the carrot and stick outlined above. “National security” would include homeland security and critical infrastructure, but would not be defined further (Id).

Exon-Florio does not distinguish among countries and the consistent position of the U.S. government has been that each transaction is considered without presumptions based upon the acquirer’s country. That is, the acquirer’s country is taken into account but its relevance is considered on a transaction-by-transaction basis. FIRRMA would change this by creating a category of “countries of special concern,” defining them as countries “that pose[] a significant threat to the national security interests of the United States” (Id). CFIUS could maintain a list of such countries but would not be required to do so (Id). This is unobjectionable but probably unnecessary, as CFIUS already distinguishes among countries.

FIRRMA would revise and add to the considerations for CFIUS in deciding whether a proposed transaction would threaten national security (Id. § 15).

• Weighing the ability of domestic industries to meet defense requirements would be augmented by adding whether the transaction is likely to increase reliance upon foreign suppliers.
• Consideration of U.S. technological leadership would be augmented by adding U.S. “industrial” leadership and measuring whether the transaction is likely to reduce that leadership “relative to any country of special concern.”
• Consideration of implications for energy assets would be expanded by adding “transportation assets.”
• Would the transaction add to the cost of equipment and systems needed for national security?
• Would the cumulative share of a given market held by foreign persons raise national security concerns? This would address a CFIUS shortcoming addressed above, namely the failure to consider the cumulative effect of transactions that might not raise national security concerns when viewed individually.
• The acquirer’s history of “complying” (presumably focused upon non-compliance) with U.S. law and adhering to agreements with the U.S. government would be another new consideration.
• Is the transaction likely to expose sensitive information, such as personally identifiable information, genetic information, and the like, in a manner that would threaten national security?Might the transaction create or exacerbate cybersecurity vulnerabilities?
• Is the acquirer from a country of special concern that has a “strategic goal of acquiring a type of critical technology that [a U.S.] party to the transaction possesses”?
• Might the transaction facilitate crime or fraud with national security implications, or expose non-technical national security or law enforcement information? (Id.)

The bill would allow parties to shortcut the existing CFIUS process by filing an abbreviated notification at least forty-five days before the closing of the proposed transaction (Id. § 5). CFIUS would then decide whether the transaction is so clearly acceptable that no further review is warranted (Id). Adding this option would help ensure efficient use of the committee’s scarce resources by allowing earlier elimination of non-controversial cases.

FIRRMA would provide expressly that absent the submission of false or misleading information in the course of the CFIUS review of a transaction, a transaction that has cleared the CFIUS process may not be re-reviewed by the committee (Id. § 7). Currently this safe harbor is only implied by the statute (see 50 U.S.C. § 4565(b)(1)(D) (Supp. III 2015)), though it is stated expressly in the implementing regulations (31 C.F.R. § 800.601 (2017)). As a matter of good government, the safe harbor should be made truly safe by including it in Exon-Florio.

The legislation would extend from thirty to forty-five days the time for completing the CFIUS “review” stage (FIRRMA § 8). It would leave the “investigation” period at forty-five days but would allow CFIUS to add as many as thirty more days (Id). These would be positive changes. As noted above, the current time line often is too short to allow the process to go forward in a rational and efficient manner. Allowing CFIUS to extend the review and investigation periods further in individual cases, with the consent of the parties, also would be a good idea.

The bill would permit the sharing of CFIUS information with foreign governments, “pursuant to appropriate confidentiality and classification arrangements” (Id. § 12). This would be another worthwhile alteration of the current CFIUS rules. Transactions coming before the committee often are transnational in nature or would have material effects on allied countries. The U.S. government should have the option of consulting with such countries.

FIRRMA would expand considerably the authority of the committee to act independently of the President. Specifically, the committee would be able to suspend a proposed or covered (i.e., already completed but subjected to CFIUS review after the fact) transaction during the course of the CFIUS review (Id. § 16). As noted above, the committee has taken the position that it can impose conditions upon a covered transaction even where the parties decide to abandon the deal and withdraw their CFIUS notice (31 C.F.R. § 800.507(c)(1) (2017); see 50 U.S.C. § 4565(l)(2)(A) (Supp. III 2015) (by implication)). This assertion has not been tested in court but FIRRMA would resolve the issue by expressly granting CFIUS this authority (FIRRMA § 16). This power would be a two-edged sword. Although it would enable CFIUS to address instances where potentially sensitive information may have become available to the acquirer even before the transaction has closed, it also would be a disincentive to filing with CFIUS in the first place.

Congress’s “authorizing” committees and the legislation they write ordinarily cannot make funds available. That is the prerogative of the appropriations committees and the appropriations process. FIRRMA is no exception. That said, it would pave the way for adequate funding of CFIUS by—

• authorizing presidential funding requests earmarked for CFIUS, as opposed to CFIUS’s current funding out of general appropriations for Treasury and the other CFIUS member agencies;
• authorizing CFIUS to impose fees, based upon the value of each proposed transaction, for Exon-Florio filings;
• establishing a separate fund to hold those fees and making the fund available for CFIUS activities to the extent permitted by appropriations legislation; and
• authorizing the CFIUS chair (Treasury) to transfer money from the CFIUS fund to other agencies for their conduct of CFIUS activities (Id. §§ 19, 21, 24).

Actually providing the requisite funds would have to await the appropriations process but FIRRMA at least would lay the groundwork. This is a positive development. Mitigation often can save an otherwise problematic transaction but the government must expend resources to ensure that the mitigation is carried out.

FIRRMA, then, is a mixed bag. It addresses a number of CFIUS’s existing shortcomings but risks creating several significant and potentially crippling new ones. Sen. Cornyn, Rep. Pittenger and their co-sponsors should be thanked for the improvements but Congress should address the problematic aspects of the bill before it becomes law.