The Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMAâ€), just signed into law as part of the John McCain National Defense Authorization Act of 2018 (“NDAAâ€), will change significantly the way in which the Committee on Foreign Investment in the United States (“CFIUSâ€) reviews foreign investments. It expands the definition of transactions covered by the process, makes the review process mandatory for certain of these transactions, and imposes a filing fee equal to the lesser of $300,000 or one percent of the value of the transaction.
Prior to FIRRMA, the definition of a “covered transaction†set forth in section 721(a)(3) of the Defense Production Act was “any merger, acquisition, or takeover … by or with any foreign person which could result in foreign control of any person engaged in interstate commerce in the United States.†The new law expands this definition to cover certain real estate transactions. In addition, a covered transaction now includes certain investments, even if they do not result in foreign control, in U.S. businesses that are involved with “critical infrastructure,†that have “critical technologies,†or that maintain or collect sensitive personal data on U.S. citizens.
The real estate transactions that are covered are those that are part of an air or maritime port or are in close proximity to a military installation and that could result in an opportunity for foreign surveillance of that military installation. Exempted from these covered real estate transactions are purchases of single housing units or transactions in urbanized areas as defined by the Census Bureau.
The investments in critical infrastructure, critical technology companies, or companies with sensitive personal data that are covered are those that will give the foreign entity access to “material non-public technical information.†Additionally, these investments will be covered transactions if they will give the foreign entity membership on the board of directors, observer rights or nomination rights. Finally, a non-controlling investment transaction will be a covered transaction if it gives the foreign entity any involvement, other than through voting of shares, in “substantive decisionmaking†involving sensitive personal data, critical technologies or critical infrastructure.
Of particular interest to readers of this blog is the definition of critical technologies which includes most, but not all, items that are subject to export controls. All items on the United States Munitions List are critical technologies. Most items on the Commerce Control List are critical technologies with the exception of items that are only controlled for anti-terrorism (AT), Firearms Convention (FC), crime control (CC) or encryption (EI). So, companies that make handcuffs (ECCN 0A982) are fair targets for foreign acquisition without CFIUS review but those that make triethanolamine (ECCN 1C350.c.10) for shampoo and cosmetics are not. Critical technologies will also include “emerging and foundational technologies,†which is a new and yet unpopulated category of export-controlled items described in the Export Control Reform Act of 2018, which was also enacted as part of the NDAA.
FIRRMA creates a new filing called a “declaration†(as opposed to a “notice,†the term both before and after the new legislation for the voluntary filing that commences CFIUS review). The declaration, which is not subject to the $300,000 or 1% fee, is meant to be a short document and no more than 5 pages. And although declarations can be voluntarily filed, they will be mandatory where “a foreign government has, directly or indirectly, a substantial interest†in a covered transaction. Any party required to file the mandatory declaration may, at its own option, file a regular, and longer, notice of the transaction instead. Prior to FIRRMA, involvement by a foreign government would force a 45-day CFIUS investigation after the initial 30-day review period but would not require any mandatory filings.
In response to the declaration, CFIUS may require the filing of the regular written notice (which will require the payment of the new $300,000 or 1% fee), may initiate a unilateral investigation, or may inform the parties that no further review is required. It may also state that it cannot make any decision based on the declaration and merely advise the parties of their right to file the standard written notice. Rather perplexingly, the new law states that CFIUS “may not require a declaration to be submitted … with respect to a covered transaction more than 45 days before the completion of the transaction.†Given that one response to the declaration is the initiation of the normal CFIUS process, which can given the statutory time frame take more than 45 days, it is not clear what this time limit means or how it is enforced.
The time frame for the review process has also been changed by the new legislation. Prior to the new law, the CFIUS process would consist of a 30-day review process, an optional 45 day investigation after the review, and then 15 days for the President to act after the investigation process was completed. The new law extends the initial review period to 45 days.
During the consideration of the bill in the House and the Senate, the two chambers took different approaches to the issue of “countries of concern,†largely in response to concerns about Chinese investment resulting in China pilfering U.S. technology. The House took a naughty list approach, calling out China, Russia and Venezuela by name while the Senate took the nice list approach, putting NATO countries and major non-NATO allies, among others, on the nice list. The new law takes the Senate nice list approach, but give CFIUS the authority to decide, based on national security considerations, which countries are on the nice list. The effect of this determination is that non-controlling investments in real estate or involving critical infrastructure, critical technologies or sensitive personal data by companies from countries on the nice list would not be covered transactions.