CFIUS Releases 2019 Annual Report
The Committee on Foreign Investment in the United States (CFIUS or the Committee) recently released its annual report to Congress for calendar year 2019.
The report provides revealing information as to how the Committee has been implementing its new authority under the Foreign Investment Risk Review Modernization Act (FIRRMA), which was enacted in August 2018 as part of the Fiscal Year 2019 National Defense Authorization Act (NDAA). The report also covers President Trump’s executive order blocking Beijing Shiji from acquiring StayNTouch and reveals that notices of transactions involving Chinese acquirers fell significantly in 2019 as Chinese investment in the United States continued to trend downward amid rising U.S.-China tensions.
Highlights of the 2019 Annual Report
CFIUS filings remained steady. CFIUS received 231 written notices of covered transactions in 2019, up just slightly from 2018, when it received 229 notices. The number of notices has followed a steady upward trajectory over the last ten years; in comparison, CFIUS received just 65 notices in 2009. In addition to the 231 notices, CFIUS also received 94 short-form declarations submitted under CFIUS’s Critical Technologies Pilot Program.
The number of investigations declined. Of the 231 notices filed in 2019, 113, or about half, proceeded to the investigation stage. This is a meaningful decline compared to recent years. FIRRMA lengthened the initial CFIUS review period from 30 days to 45 days, and the report notes that this extended review period “substantially reduced the proportion of notices proceeding to investigation in 2019.”
No investigations were extended. FIRRMA authorized CFIUS to extend the 45-day investigation period for one 15-day period in “extraordinary circumstances.” As in 2018 (when the provision first went into effect), no investigations were extended under with this provision in 2019, highlighting that CFIUS does not intend to make frequent use of the new rule.
Time periods for reviewing and accepting notices. CFIUS reported that the average number of business days from when a draft notice was submitted to when CFIUS provided comments on the draft notice was 10.6 days, which exceeded its 10-day target period due to a backlog of filings resulting from the government shutdown in late 2018 and early 2019. The average number of business days between the submission of a formal notice and CFIUS’s acceptance of the notice was 7.8 days. The average number of days it took CFIUS to complete reviews and investigations were 45 and 85 calendar days, respectively.
Chinese investments are on the decline. While acquisitions by Chinese investors represented the largest number of notices from 2017 to 2019, accounting for approximately 20 percent of all notices filed during that period, in 2019 China lost the top spot. Notices of Chinese acquisitions in 2019 dropped by more than half compared to 2018. The largest number of notices last year were from Japanese investors, which accounted for approximately 20 percent of all notices filed in 2019.
Withdrawals fell. In 2019, CFIUS approved 30 withdrawals, a drop of approximately 55 percent from 2018. Parties did not withdraw any notices during the review period – all of the withdrawals came during the investigation period. In half of these instances, parties filed a new notice in 2019. Parties to three notices filed new notices in 2020. In eight instances, the parties abandoned their transactions after CFIUS informed them it was unable to identify mitigation measures that would resolve CFIUS’s national security concerns or the parties were unwilling to accept CFIUS’s proposed measures. In four instances, parties withdrew their notices and abandoned their transactions for commercial reasons.
President Trump unwound Beijing Shiji’s acquisition of StayNTouch. CFIUS referred one transaction to the President in 2019. In March 2020, President Trump issued an executive order prohibiting Beijing Shiji’s acquisition of U.S. cloud-based hotel management software company StayNTouch on the grounds that the Chinese company and its Hong Kong subsidiary “might take action that threatens to impair the national security of the United States.” The executive order directed Beijing Shiji to immediately refrain from accessing hotel guest data through StayNTouch and to divest its ownership of the company within 120 days.
Critical Technologies Pilot Program. CFIUS’s Critical Technologies Pilot Program first implemented FIRRMA’s mandatory filing requirement with respect to certain non-controlling, non-passive foreign investments in U.S. businesses that produce, design, test, manufacture, fabricate or develop one or more “critical technologies.” 2019 represents the first and only full calendar year in which the Critical Technologies Pilot Program remained in effect, as the program has since been superseded by new regulations that went into effect earlier this year. CFIUS assessed and took action with respect to 94 declarations submitted under the pilot program in 2019. CFIUS requested that parties to 26 declarations file a written notice; informed parties to 32 declarations that it was unable to complete action on the basis of the declaration; and notified parties to 35 declarations that it had completed all action with respect to the transaction. Japanese investors accounted for the most declarations filed in 2019 (15 percent), followed by Canada (13 percent) and the United Kingdom (12 percent). China accounted for just 3 declarations (3 percent).
CFIUS imposed mitigation on transactions that were withdrawn and abandoned. FIRRMA authorized CFIUS to impose mitigation measures not only in cases where CFIUS has cleared the transaction to proceed, but also in cases where a party has voluntarily chosen to abandon the transaction. In 2019, CFIUS adopted mitigation measures with respect to 28 notices, or approximately 12 percent of all notices filed. CFIUS also adopted mitigation measures to address residual national security concerns with respect to five notices, or approximately 2 percent, that were voluntarily withdrawn and abandoned. Examples of mitigation measures that CFIUS negotiated and adopted in 2019 include the following:
- Prohibiting or limiting the transfer or sharing of certain intellectual property, trade secrets or know-how;
- Establishing guidelines and terms for handing existing or future U.S. government contracts, customer information, and other sensitive information;
- Ensuring that only authorized persons have access to certain technology, U.S. government, company, or customer information, and that the foreign acquirer will not have access to systems that hold such information;
- Ensuring that only U.S. citizens handle certain products and services and ensuring that certain activities and products are located only in the United States;
- Establishing a Corporate Security Committee and other mechanisms to ensure compliance with all required actions, including the appointment of a U.S. government-approved security officer or member of the board of directors and requirements for security policies, annual reports, and independent audits;
- Notifying, for approval, security officers or relevant U.S. government parties in advance of foreign national visits to the U.S. business;
- Security protocols to ensure the integrity of goods or software sold to the U.S. government;
- Notifying customers of the change of ownership;
- Assurances of continuity of supply for defined periods, and notification and consultation prior to taking certain business decisions, with certain rights in the event that the company decides to exit a business line. Establishing meetings to discuss business plans that might affect U.S. government supply or national security considerations;
- Exclusion of certain sensitive assets from the transaction;
- Ensuring that only authorized vendors supply certain products or services;
- U.S. government notification and approval in connection with an increase of ownership or rights; and
- Divestiture of all or part of the U.S. business.
Manufacturing and Finance, Information, and Services Were Leading Industry Sectors. More than 80 percent of notices filed in 2019 were either in the Manufacturing (44 percent) or Finance, Information, and Services sectors (39 percent). Nine percent of notices were in the Mining, Utilities, and Construction sector, and eight percent of notices were in the Wholesale Trade, Retail Trade, and Transportation sector. The relative proportions of notices in each sector have not changed dramatically in the last decade. Within manufacturing, 38 percent of notices pertained to the Computer and Electronic Product Manufacturing subsector, showing a continued interest in technology-related transactions.
Evidence of a coordinated strategy to acquire critical technology companies. While CFIUS concluded that it was unable to provide a meaningful unclassified summary of the U.S. intelligence community’s assessment of whether there is a coordinated strategy to acquire critical technology companies, CFIUS noted that foreign governments, including those of countries with close ties to the United States, are likely to use a range of collection methods to obtain critical technologies. The report notes that “[f]oreign intelligence services and threat actors working on their behalf continue to represent the most persistent and pervasive cyber intelligence threat tied to economic espionage and the potential theft of U.S. trade secrets and proprietary information.”
Wiley has an unparalleled CFIUS and national security practice that draws on senior government-level experience with CFIUS member agencies and numerous representations of domestic and international companies in complex transactions involving nearly every industry sector subject to CFIUS review. Should you have any questions regarding the 2019 CFIUS report please do not hesitate to contact one of the members of our CFIUS and national security practice listed on this alert.
Nicole Hager, a Law Clerk at Wiley Rein LLP, contributed to this article.