On July 23, 2024, the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) released its annual report to Congress for calendar year 2023 (the “Annual Report”). CFIUS is an interagency body chaired by the Secretary of the Treasury that is empowered to review investment in the United States that could result in a foreign person acquiring control of, or in some cases, certain governance rights in connection with a minority investment in, a U.S. Business (as defined in 31 CFR § 800.252).

The Annual Report, together with other recent public actions, shows that the Administration continues to evolve its approach to addressing national security risks of global trade and investment transactions, and that the CFIUS review process remains an important consideration for participants in cross-border investment deals, despite a decrease in the total number cases reviewed by CFIUS compared to calendar year 2022. Several key takeaways from the Annual Report are discussed further below.

1. CFIUS is becoming more aggressive in carrying out its monitoring and enforcement responsibilities.

In October 2022, CFIUS published formal guidance  (the “Guidelines”) regarding the Committee’s authority to impose monetary penalties or seek other remedies in response to a party failing to submit a mandatory short-form declaration (“Declarations”) or joint voluntary notice (“JVN”), violating an applicable mitigation agreement, or making a material misstatement in, or omission from, submissions to CFIUS. As stated in the Guidelines, CFIUS does not issue penalties for every identified violation. Instead, CFIUS has discretion to determine whether a penalty is appropriate and considers factors such as a party’s voluntary disclosure of a violation and cooperation with any related investigation by CFIUS.

The Annual Report notes that the Committee issued four civil penalties in 2023 relating to violations of the terms of mitigation agreements between CFIUS and transaction parties, twice as many penalties as CFIUS had previously issued in its entire history. This sharp increase shows that CFIUS is prepared to be more aggressive in asserting its enforcement authority. This more aggressive posture extends beyond compliance with mitigation agreement terms specifically. The Annual Report also notes that CFIUS undertook “several” investigations regarding potential violations of mandatory filing requirements, resulting in the issuance of both formal determinations of non-compliance to parties and guidance regarding the Committee’s understanding of a transaction’s “completion date” for purposes of assessing mandatory filing compliance (i.e., the time period prescribed in the regulations by which a mandatory filing must be submitted). Finally, the Annual Report confirms that CFIUS continues to use special hiring authorities to bolster staffing levels for personnel dedicated to carrying out the Committee’s monitoring and enforcement responsibilities as well as other activities.

Parties should factor the Committee’s more aggressive enforcement approach into their assessments of potential CFIUS implications of proposed investments.

2. The number of JVNs and Declarations submitted to CFIUS decreased compared to recent years, but CFIUS continues to actively pursue “non-notified” transactions.

Year	Number of JVNs	Number of Declarations
2020	187	126
2021	272	164
2022	286	154
2023	233	109

 

As shown in the table above, the number of JVNs and Declarations filed with CFIUS in 2023 decreased significantly compared to 2022. Meanwhile, CFIUS continued to emphasize the identification and assessment of “non-notified” transactions (i.e., transactions subject to CFIUS’s jurisdiction for which parties did not proactively submit JVNs or Declarations).

According to the Annual Report, the Treasury Department opened non-notified inquiries for 60 transactions, and the Committee eventually formally requested filings from parties to 13 transactions in 2023, compared to 11 such requests in 2022. CFIUS, including individual member agencies, identified “thousands” of potential non-notified transactions for reviewthrough a variety of methods, including public tips, media reporting, congressional outreach, and proprietary databases. The Annual Report also notes that CFIUS has enhanced its processes for identifying non-notified transactions and “improved the sophistication of the Committee’s approach to launching inquiries and working though other channels to detect and assess national security issues posed by foreign investment.” Given the increase in formal filing requests based on non-notified inquiries and the Committee’s determination to continue to pursue non-notified transactions, parties to a transaction subject to CFIUS’s jurisdiction should carefully weigh the benefits and burdens of making a voluntary filing against the risks of disruption that could flow from foregoing a filing and then being contacted by Treasury after (and sometimes long after) the deal is closed.

3. The kinds of mitigation measures imposed by CFIUS continues to evolve to match the risks identified by the Committee.

The Annual Report also includes a list of measures and conditions that were adopted by CFIUS in 2023 in order to mitigate risks identified by reviewed transactions. Several of these measures and conditions were new compared to the same list in the Committee’s annual report for calendar year 2022, including:

• ensuring that computer networks are segregated;
• destroying sensitive information;
• ensuring that potential conflicts of interest involving third-party monitors, third-party auditors, security officers, and security directors do not arise or are disclosed to the CFIUS Monitoring Agencies (“CMAs”);
• establishing processes to review and approve contracts involving third parties before granting access to systems or data;
• notifying the U.S. Government prior to entering into agreements to collaborate with persons in certain countries; and
• ensuring that businesses notify customers regarding the identity of ultimate beneficial owners.

Additionally, the Annual Report’s list of monitoring and enforcement tools utilized by the Committee to ensure compliance by parties included the following items, which are new compared to the same list in the Committee’s annual report for calendar year 2022:

• required responses to CMA requests for information;
• regular communication with embedded security and compliance personnel and third-party monitors.

While these additional requirements and compliance tools are familiar to experienced CFIUS counsel, it is notable that the Committee has chosen to include them in the Annual Report as a signal to market participants of the types of obligations that may be imposed upon them if involved in a transaction that CFIUS assesses as posing a risk to U.S. national security. The requirement for responses to CMA requests for information specifically is further evidence that CFIUS is taking a more aggressive approach to compliance monitoring and enforcement, as discussed above, which parties should be cognizant of when assessing the potential CFIUS implications of proposed investments.