M&A Guide to CFIUS: Deciding Whether to Submit Voluntarily to CFIUS Review

Article 2 of 4

As discussed in a prior article in this series, the Committee on Foreign Investment in the United States is authorized to review certain cross-border mergers, acquisitions and investment transactions and to recommend that the US President take action to mitigate any perceived national security concerns with transactions it reviews. Such action may include ordering that a transaction be prohibited from closing or even unwound post-closing.

In light of this broad authority, and because CFIUS review is in many respects a voluntary regime, parties to a foreign investment transaction must assess whether the particular circumstances of their contemplated transaction warrant the submission of a voluntary notice to CFIUS or whether to forego voluntary CFIUS review instead. This article discusses this decision making process and the factors that CFIUS counsel weigh when advising parties whether to voluntarily submit to CFIUS review.

Conducting CFIUS diligence

Making an informed decision about whether to submit to voluntary CFIUS review begins with a determination about whether the transaction is subject to CFIUS jurisdiction (i.e., whether it is a "covered transaction"). If it is, CFIUS counsel must conduct focused, multidisciplinary diligence to determine whether the transaction implicates potential US national security issues. Where potential security concerns are evident, the parties must consider implementing measures to preemptively mitigate those concerns and decide whether the circumstances of the transaction (including the parties' respective tolerance for risk) warrant the submission of a Notice to CFIUS to seek the Committee's approval of the transaction. Regardless of whether the parties decide to submit a CFIUS Notice, CFIUS counsel can help their clients negotiate appropriate transaction terms to allocate CFIUS-related risk among the parties.

Diligence issues related to the foreign buyer or investor

As an initial matter, parties to a covered transaction will need to consider the identity and nationality of the foreign buyer(s) or investor(s). This inquiry is not always as simple as it initially may appear, as CFIUS cares about not only the foreign entity that is directly party to the transaction, but also the entities in its upstream ownership chain, including major shareholders and investors. Thus, in cases where a buyer or investor is organized in the United States but ultimately owned or controlled by a foreign individual, entity or government, CFIUS will regard the buyer or investor to be a "foreign person" for the purpose of establishing jurisdiction to review the transaction.

Parties should anticipate that transactions involving entities from certain countries (e.g., China and Russia) would receive closer scrutiny from CFIUS than those involving entities from allied countries (e.g., NATO member countries or major non-NATO allies such as Australia, Japan and South Korea). For example, in December 2016, President Obama blocked the sale of Aixtron, a US subsidiary of a German semiconductor company, to a Chinese entity. However, in October 2017, CFIUS cleared the sale of part of Aixtron's semiconductor business to a South Korean entity, Eugene Technology Co. CFIUS also will give closer scrutiny to transactions in which the foreign buyer or investor is owned or controlled by a foreign government (e.g., state-owned entities or sovereign wealth funds).

In addition, the parties should consider, and be prepared to articulate, the buyer's or investor's strategic purpose for the transaction and its plans regarding the acquired US business post-closing. These issues will inform the Committee's security threat assessment. With respect to the business purpose of a transaction, CFIUS will consider whether the transaction is commercially sound or if it instead suggests a pretext or an ulterior motive on the part of the buyer or investor (e.g., to gain access to sensitive technology that is not otherwise readily available to it). Regarding the buyer's or investor's plans for the target company post-closing, CFIUS will consider a host of issues with the potential to impact national security, including any plans to eliminate R&D or manufacturing facilities in the US, plans to change product quality or to consolidate or sell product lines, and plans to modify or terminate contracts with the US government.

CFIUS diligence should not be limited to the parties' activities and plans in the United States but also should consider the foreign buyer's or investor's global business activities. For example, CFIUS will consider the foreign party's track record of compliance with US sanctions and export control laws and the implications of potential non-compliance once the acquired US business is under foreign control. To the extent a foreign buyer or investor has been investigated or fined for violations of US international trade laws, such circumstances may be viewed as indicative of the foreign party's intent or ability to comply with such restrictions in the future.

Diligence issues related to the US business

The specific focus of CFIUS diligence with respect to a US business will vary depending on the nature and size of the business and the extent of its activities in US interstate commerce. Certain key issues, however, routinely tend to arise in analyses of potential national security concerns.

• Export control issues: Initial CFIUS diligence on the US business typically begins with a review of the company's products, services and technology and considers whether foreign control of or access to the same could present national security concerns. A key part of this analysis involves determining the extent to which the target's products, services and associated technology are controlled for export purposes under the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). While an export control analysis is by no means dispositive of CFIUS risk, all else being equal, highly controlled products, services and technology tend to indicate greater CFIUS risk.
• Sensitive industries and information: While an export control analysis often is an indispensable element of a CFIUS analysis, a product, service or technology need not be subject to US export control in order to be regarded as sensitive by CFIUS. Indeed, US national security concerns are evolving rapidly as certain emerging technologies mature. Accordingly, transactions without export control implications may nevertheless attract CFIUS scrutiny where the technology in question is of strategic importance to the US economy or where the technology has potential military applications. Transactions involving semiconductors, artificial intelligence, autonomous vehicles and even virtual reality applications are of increasing interest to the Committee. For instance, in September 2017, a consortium of investors led by NavInfo Co., a Chinese entity, abandoned a 10% investment in HERE Technologies, a US digital mapping company working on products to support autonomous vehicles, due to failure to receive CFIUS clearance after a nine-month review process.

• CFIUS also will consider whether the US business controls (or has facilities proximate to) critical US infrastructure, such as those related to agriculture, water supply, public health, telecommunications, cyber operations, energy generation or transmission and transportation. A US business's access to sensitive information on US persons, including personal identifier information, personal health information and financial data, also may raise CFIUS concerns. As a recent example, in January 2018, Ant Financial Services Group, a Chinese entity, abandoned its proposed $1.2 billion acquisition of MoneyGram International, citing a failure to receive CFIUS clearance after a review process lasting nearly 11 months. Security concerns regarding foreign access to data on US persons were likely at issue in the CFIUS investigation of the proposed acquisition.

• US government contracts and connections: CFIUS counsel also typically will review the US business's current and recent contracts with the US government, including whether the target company has contracts with agencies that have defense or homeland security responsibilities (e.g., Department of Defense, Department of Homeland Security, Department of Energy and Department of Justice). The existence of government contracts involving access to classified information or other sensitive government data and so-called "priority-rated" contracts under the Defense Priorities and Allocations System will tend to indicate increased CFIUS risk. Note that even if the US business currently does not have any such contracts, CFIUS will consider whether any prior government contracts would have given the US business any special expertise, insight or know-how regarding sensitive US government operations or interests.

Weighing the potential benefits and costs of voluntary CFIUS review

Careful CFIUS diligence will arm the parties and their counsel with information regarding the nature and scope of potential security issues and possible mitigation measures to address those issues. When deciding whether to voluntarily submit a CFIUS Notice, the parties also should consider the respective benefits and costs of submitting to or foregoing voluntary CFIUS review.

Submitting to CFIUS review

The primary benefits of submitting to voluntary CFIUS review are the opportunity to proactively participate in discussions with the government regarding what mitigation measures, if any, are appropriate to address perceived national security concerns and the prospect of immunity from future interference from CFIUS once the Committee confirms there are no unresolved national security concerns.

Parties that voluntarily notify CFIUS of their transaction have an early opportunity to frame potential national security considerations and proactively participate in discussions with the Committee about how such concerns should best be addressed. Where parties forego voluntary CFIUS review, they will be in a reactive posture in the event CFIUS has concerns with the transaction and therefore likely in a weaker position to shape any mitigation that the government deems necessary to address such concerns.

With respect to immunity, once a transaction has received CFIUS clearance (i.e., once CFIUS formally determines there are no unresolved national security concerns with the transaction), the transaction is immune to future interference under the CFIUS regime.

Generally speaking, the chief costs of submitting to CFIUS review include legal fees and related expenses of navigating the CFIUS review process, potentially significant delays in the transaction timeline and the costs of complying with any measures that CFIUS may require to mitigate perceived national security concerns with the transaction (e.g., divesting sensitive assets or implementing policies to prevent the foreign buyer or investor from accessing sensitive information of the target). In the extreme case where CFIUS identifies security concerns but cannot identify adequate mitigation measures, it may prohibit a transaction in its entirety.

• Legal fees and related expenses: Because the process of preparing and submitting a CFIUS Notice is a joint effort undertaken by both parties to a transaction, the parties ordinarily will retain separate CFIUS counsel and pay for their respective expenses. These expenses typically represent the costs of (i) conducting CFIUS diligence and analyzing the transaction to determine whether a CFIUS Notice is warranted, (ii) preparing and submitting the Notice document and (iii) working with CFIUS during the Committee's review of the transaction. Depending on the particular circumstances of the transaction and the parties' respective leverage, however, the parties can contractually shift CFIUS risk and expenses (e.g., by agreeing that the foreign purchaser or investor will pay for CFIUS-related costs).
• Transaction delays: Submitting a transaction to CFIUS review can sometimes lead to a significant extension of the closing timeline. Recent history suggests that, as a general matter, parties should allot at least three months for the first phase of a CFIUS review. This phase should be thought of as including: (i) two to four weeks (sometimes more) to prepare a draft of the Notice document for informal review by the Committee; (ii) three to four weeks (sometimes more) for the informal review of the draft Notice by the Committee, including responding to the Committee's requests for additional information to supplement the Notice document; and (iii) 30 days for the formal "initial review" by CFIUS.

• Upon the conclusion of the 30-day initial review, CFIUS has discretion to initiate a subsequent 45-day "investigation" to consider or address perceived national security issues. Thus, in cases where CFIUS undertakes an investigation, the total review timeline easily can extend to five months or longer. In both 2015 and 2016, CFIUS initiated investigations of approximately 46% of transactions following the initial 30-day review period, according to statistics released by the Committee. Note that such investigations are required where the foreign investor or acquirer is determined to be a foreign government-controlled entity.

• While the 30-day and 45-day periods for initial reviews and investigations are helpful guideposts when thinking about a transaction timeline, they do not offer parties any certainty. As a practical matter, the timeline for a CFIUS review is not bound by those periods and can extend far longer in some circumstances. In cases where CFIUS cannot resolve perceived national security concerns within the designated time periods, the Committee can request that parties withdraw and refile their Notice to allow for more time. When the parties withdraw and refile their Notice, the regulatory clock is reset at Day 1 of the 30-day initial review period. As discussed above, Ant Financial abandoned its proposed acquisition of MoneyGram after a CFIUS review process lasting nearly 11 months, during which the parties withdrew and refiled their CFIUS Notice three times.

• Mitigation measures: To the extent CFIUS identifies perceived national security concerns with a transaction under its review, the Committee may require the parties to take actions to mitigate those perceived risks as a condition of clearing the transaction. Common mitigation measures include requiring the acquired US business to be managed by US persons and/or to implement security policies and procedures tailored to the particular circumstances of the transaction and/or requiring the parties to divest sensitive assets, business or product lines, technology or information from the transaction. Complying with mitigation measures can alter the parties' bargained-for-exchange and can have implications for the value of the transaction.

Foregoing CFIUS review

Under the CFIUS regulations, covered transactions that are not voluntarily notified to CFIUS prior to closing remain subject to CFIUS review for at least three years if the Committee determines that the transaction implicates national security concerns. Parties to a covered transaction that choose to forego CFIUS review therefore risk exposing their transaction to government interference post-closing without the opportunity to frame any security issues for CFIUS and receive feedback from the Committee in connection with the review process.

To the extent CFIUS initiates a review of a transaction post-closing (i.e., after the foreign investor has taken control of the US business and is in possession of potentially sensitive technology or information), the parties may face harsher mitigation measures than they otherwise would have in connection with a review initiated by a voluntary Notice. Thus, a chief cost of foregoing voluntary CFIUS review is the prospect that the Committee will impose mitigation measures on the parties when the parties' ability to influence such measures may be diminished. While post-closing CFIUS risks theoretically can be allocated contractually (e.g., in the terms of a merger agreement), the foreign investor or buyer – having paid for the target company or its assets – often will bear the majority of that risk.

To the extent there are benefits associated with foregoing CFIUS review, those benefits can be expressed as avoiding the fees, related expenses and closing delays discussed above. While those potential benefits can be meaningful, they should not be determinative of the parties' decision about whether to voluntarily notify CFIUS of a covered transaction. Rather, any decision to forego CFIUS review also should be based on an analysis of the potential national security issues presented by the transaction. Where the parties fairly determine that any such security risks are minimal and/or mitigatable by the parties, they may reasonably decide that the expense and delay associated with a voluntary CFIUS review are not warranted.

Making a CFIUS recommendation

The multidisciplinary diligence efforts described above will inform counsel's views as to whether a transaction raises meaningful potential national security issues sufficient to warrant submitting a voluntary CFIUS Notice. The nature and degree of perceived security risk, in turn, will equip counsel to advise the parties with respect to mitigating those security issues and allocating CFIUS risk between the parties.

In cases where the parties decide to submit a voluntary Notice of the transaction to CFIUS, counsel can formulate strategies to preemptively mitigate security issues and navigate the review process with minimal delay and disruption to the parties' bargained-for-exchange. In cases where the parties decide to forego voluntary CFIUS review, counsel can recommend mitigation measures to reduce the likelihood that the Committee will seek to review the transaction post-closing.

The next article in this series will discuss ways that CFIUS counsel can help parties to a covered transaction minimize and allocate CFIUS risk with contract terms and by taking proactive measures to mitigate potential national security concerns.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.