Hannah Newman

Associate Editor

Loyola University Chicago School of Law, JD 2024

On October 20, 2022, the panel that reviews foreign investment in the United States for national security concerns published its first ever enforcement guidelines. The Committee on Foreign Investment (CFIUS) in the United States, has never had written guidelines on this topic. While this is the first guidance issued by CFIUS, the guidelines reflect the increased focus on monitoring and enforcement which has been evident since the passage of the Foreign Investment Risk Review Modernization Act of 2018. This continues the trend toward more enforcement relating to foreign investments and more concern surrounding compliance with terms of agreements meant to mitigate national security risks.

What are the guidelines?

The new guidelines provide specific details as to how CFIUS will use their enforcement power, which specifically includes the, “power to levy steep penalties when a company missteps in the review process or after, including failures to comply with the terms of an agreement meant to mitigate a national security risk.” The guidelines outline the categories of violations which would draw attention, including failing to notify the panel about a transaction, not complying with a mitigation settlement, and materially misstating something. Additionally, the guidelines provide a very transparent and public roadmap for how violations will be assessed and processed. The penalty process includes notice, where CFIUS will provide notice to the party alleged to have committed a violation which then moves to contest and assessment, where the party my submit a petition for reconsideration. The guidelines also establish a self-disclosure mechanism for violations, which parallels the mechanisms other agencies have established. However, it does not offer specific incentives for these disclosures. There are also both mitigating and aggravating factors included, which will help CFIUS develop an appropriate response to any violation. These factors include: accountability and future compliance, harm, negligence and awareness, intent, persistence and timing, response and remediation, and sophistication and record of compliance.

Is this a step in the right direction for national security?

Along with these guidelines, CFIUS has added more personnel to their arsenal, which further exhibits the heightened concern for compliance and enforcement. Additionally, when deciding on penalties, the committee will take into account both compliance resources as well as compliance culture. These guidelines, along with the second Monaco Memo, encourage companies to be proactive and forthcoming in interacting with the committee.

These guidelines come in conjunction with CFIUS’s review of TikTok and its relationship with Chinese parent, ByteDance, and possible violations stemming from this relationship. Additionally, President Biden has exhibited concern for other deals which may give China and other global economic rivals access to critical technology. Furthermore, these guidelines come after an Executive Order from President Biden, working to ensure that the foreign investment review process maintains responsive to an evolving national security landscape and the nature of the investments that pose related risks to national security. The Executive Order, from September, was the first ever presidential directive defining additional national security factors for CFIUS to consider in evaluating transactions. The Executive Order has been labeled as part of the Biden-Harris Administration’s strategy to maintain economic and technological leadership within the United States economy, with respect to protecting national security. Specifically, the Executive Order directed the committee to consider the following five set of factors; supply chain resiliency, U.S. technological leadership, aggregate industry investment trends, cybersecurity, and sensitive data. These factors provided by the Biden-Harris Administration had a strong influence on the recently published CFIUS guidelines.

In conclusion, many agencies have taken steps toward emphasizing compliance out of concern for national security risks. It is becoming more prevalent, with the evolving financial, technology, and banking sectors, to increase the significance of compliance with guidelines accordingly to ensure safety. It is important to make these guidelines, those released by CFIUS and other governmental agencies, as transparent and clear as possible. The more transparent the guidelines are, the easier it will be for organizations and individuals to comply with the guidelines. Ultimately, the more organizations and individuals comply with these guidelines, the safer transactions will be and less risk will be involved.