U.S. Treasury expands the scope of CFIUS investigative authority and updates civil monetary penalties

CFIUS Background

CFIUS is a U.S. Government interagency committee authorized to review certain transactions involving foreign investments in U.S. businesses and foreign purchases or leases of U.S. real estate in order to determine the effect of such transactions on the national security of the United States.

CFIUS has the authority to review (i) certain transactions that could result in a foreign person’s control of any U.S. business, (ii) a foreign person’s acquisition of a noncontrolling interest in certain types of U.S. businesses, and (iii) a foreign person’s purchase or lease of certain U.S. real estate in proximity to certain U.S. ports or military installations.

When CFIUS identifies national security concerns that arise as a result of a transaction within its jurisdiction, it is authorized to negotiate and enter into agreements with the transaction parties or impose conditions on the transaction parties to mitigate such national security concerns, as well as to enforce compliance with those agreements and conditions.

Summary of Final Rule

On November 26, 2024, Treasury published the Final Rule, which amends the CFIUS regulations in three key areas: (i) CFIUS’s authority to request information from parties and from certain third parties, (ii) CFIUS’s authority to impose deadlines for parties to respond to CFIUS mitigation proposals, and (iii) CFIUS’s authority to impose civil monetary penalties for certain violations. The Final Rule follows an April 15, 2024 notice of proposed rulemaking (“NPRM”).  Below we have summarized the changes to each category as implemented through the Final Rule:

Expanded Authority to Request Information

Under the current CFIUS regulations, the Committee has the authority to request information from parties to transactions that were not filed with CFIUS in order to determine whether a transaction is a “covered transaction” (i.e., whether the transaction falls within Committee jurisdiction). Under the Final Rule, CFIUS would have an expanded authority to request information from parties regarding not just whether a transaction is a “covered transaction,” but whether:

1. A transaction may raise national security concerns such that the Committee should review the transaction (assuming the transaction is a “covered transaction”);
2. A transaction triggered, or may in the future trigger, a legal obligation to submit a filing to CFIUS under the Committee’s mandatory filing programs; or
3. Parties to a transaction that the Committee has reviewed (a) are in compliance with any mitigation agreements or (b) have made any material misstatements or omissions to the Committee.

Moreover, under the Final Rule, CFIUS is authorized to request information for the foregoing reasons not just from the transaction parties, but also from third parties that may have information related to a transaction.

Finally, CFIUS will be granted enhanced subpoena authority under the Final Rule. CFIUS currently may issue subpoenas only if it deemed them “necessary”, but the Final Rule authorizes the Committee to issue subpoenas when deemed “appropriate”.  The Final Rule also allows CFIUS to issue subpoenas to the transacting parties as well as to “other persons” (i.e., third parties that are not transaction parties) that might have relevant information.

Taken together, the Final Rule provides a significant expansion of the Committee’s authority to request information regarding transactions or other matters that the Committee deems relevant to its national security assessment of transactions.

Timeframe for Responses for Mitigation Proposals

Under the NPRM, Treasury proposed an extendable, three business day deadline by which transaction parties must substantively respond to CFIUS risk mitigation proposals in matters that are under active review. Failure to meet this deadline would result in CFIUS rejecting the parties’ notice. This provision is similar to CFIUS’s existing deadline for responding to Committee information requests, and CFIUS’s stated rationale for this proposed timeline was to better enable the Committee to conclude its reviews within the statutorily-mandated timelines.

Treasury explains in the Final Rule that the Committee received public comments that objected to such a three-day deadline based on (i) the inability for parties to provide a substantive, thorough response to the Committee within this short time frame, (ii) the complexity of parties’ responses to CFIUS mitigation proposals, and (iii) concerns regarding the Committee’s lack of understanding of transaction parties’ business operations in CFIUS’s initial proposals. In response, the Committee has elected to exclude a mandatory three business day deadline for responses from parties to mitigation proposals in the Final Rule. Instead, the Final Rule allows for CFIUS, based on discretionary consideration of certain factors, “impose a time frame of no fewer than three business days” for parties to respond to a risk mitigation proposal. The Final Rule retains rejection of parties’ CFIUS filing as a potential remedy, at the discretion of the Committee, for delay in parties’ responses to CFIUS’s mitigation proposals.

Increasing the Scope and Magnitude of Civil Monetary Penalties

The Final Rule, consistent with the NPRM, substantially increases the civil monetary penalty amounts that CFIUS can impose for violations of certain obligations under the CFIUS regulations or obligations pursuant to CFIUS mitigation agreements, orders, or conditions. Changes to CFIUS’s civil monetary penalty provisions include:

1. Increasing the maximum civil monetary penalty for material misstatements or omissions in CFIUS filings to $5 million, from $250,000;
2. Increasing the civil monetary penalty for failure to submit a mandatory CFIUS filing to $5 million or up to the value of the transaction, whichever is greater (from $250,000 or up to the value of the transaction, whichever is greater);
3. Increasing the civil monetary penalty for violation of material provisions of mitigation agreements or material conditions imposed by CFIUS to $5 million or up to the value of the transaction, whichever is greater (from $250,000 or up to the value of the transaction, whichever is greater);

The Final Rule also expands the circumstances in which a civil monetary penalty can be imposed, in particular, to include violations of the CFIUS regulations stemming from a material misstatement or omission that is made to the Committee outside of the context of an active review of investigation of a transaction (e.g., a statement made to CFIUS related to the Committee’s monitoring and compliance functions).

In light of these increases and expansions to CFIUS’s civil monetary penalty authority, the Final Rule also extends the window within which parties may submit a petition for reconsideration to the Committee for a civil monetary penalty from 15 business days to 20 business days. The Final Rule also includes an analogous change to the number of days that CFIUS has to respond to parties’ petitions.

Authored by Anne Salladin, Brian Curran, Patrick Miller, Lorea Mendiguren, and Nicki Ghazarian-Foye.