Last August, President Trump signed into law the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which was the culmination of significant reform efforts and broadened the scope of activity subject to CFIUS review. Of particular interest to private equity firms that accept foreign investment, the US government now has the ability to review certain investments even if they do not result in foreign control — specifically transactions involving critical infrastructure, critical technologies or sensitive personal data.
A variety of factors are relevant, such as whether the foreign investor would have access to material, nonpublic technical information, membership or observer rights on the board of directors, or involvement — other than by voting shares — in substantive decision-making. FIRRMA, however, added a clarification that exempts indirect investment by a foreign investor that is a limited partner when certain criteria are met. The test includes whether the fund is managed exclusively by a US general partner, and whether any advisory board or committee on which the foreign person sits has the ability to control any of the fund’s investment decisions, or other decisions made by the fund or the general partner.
The Treasury Department, which runs the CFIUS process, is now writing the final rule to implement FIRRMA and expects to publish a draft this Fall, with the final regulations taking effect in February 2020. In the meantime, the Treasury has also created a “pilot programme” under FIRRMA that focuses on investments in the development of critical technology in 27 specific sectors, including the manufacturing of semiconductors and R&D in biotechnology. Such investments now require, for the first time, the mandatory filing of a declaration providing CFIUS with at least 45 days’ notice prior to closing.
While CFIUS applies to all foreign investment, whether from Canada or the United Kingdom, or from China or Russia, the key questions to ask are the same: does a proposed transaction pose a threat to US national security and, if so, can that threat be mitigated? The answers to these questions, of course, depend on a variety of factors. The analysis CFIUS undertakes is based not just on input from the government agencies that comprise the Committee — including the departments of Defense and Homeland Security — but also on information from members of the intelligence community. All relevant data is considered as CFIUS reviews the nature of a transaction, as well as the motives and behaviour of both the foreign investor and the government of the country where the investor is based.
Recent news regarding CFIUS’ concerns with three transactions that have closed, involving Cofense, Grindr and PatientsLikeMe, should be read with this context in mind. With Cofense, a cybersecurity firm, CFIUS had concerns with the stake owned by Pamplona Capital Management, which is backed by Russian oligarch Mikhail Fridman. Concerns with Grindr and PatientsLikeMe revolve around a Chinese company obtaining access to sensitive personal data; while such data is not a new concern for CFIUS, FIRRMA makes it an explicit one.
CFIUS has also sent its strongest signal yet that it is serious about utilising its enforcement authorities. In April it posted, unpublicised, a notice that it had imposed a US$1 million penalty on a company last year for repeated breaches of a 2016 mitigation agreement with CFIUS. The government’s findings included the company’s “failure to establish requisite security policies and failure to provide adequate reports to CFIUS.”
What should private equity firms do?
As the CFIUS terrain becomes more complex, the stakes to get it right grow even higher. It is now vital for private equity funds to:
- Carefully assess all vulnerabilities: Investments that involve sensitive technology or data and countries of concern are going to elicit greater scrutiny. It is essential to engage in an in-depth, clear-eyed assessment with external advisers — including seasoned legal counsel and communications advisors — as soon as possible to ensure that a firm has anticipated any national security concerns and reviewed how they might be addressed, well before beginning CFIUS review and, ideally, before finalising a deal.
- Get smart on the politics: The political climate today can be especially unpredictable. It is critical to understand the context of a particular investment and anticipate how government officials, especially in the White House and Congress, may react, both during internal deliberations and if aspects of the CFIUS review become public.
- Develop and clearly communicate key arguments: No two transactions are ever the same. Based on all of the characteristics of a contemplated investment, including potential vulnerabilities and possible political reactions, it is important to evaluate which specific arguments may be the most compelling, and to build a persuasive narrative that can increase the chance of a successful outcome. Cogent arguments can also help build trust between CFIUS and the parties during review by demonstrating that the latter understand the national security implications at stake.
While much remains to be settled, it is clear that how investors position themselves and interact with CFIUS can help determine the outcome. SVC is ready to answer any questions you may have about the right strategic communications strategy and support you before, during and after a cross-border investment or transaction that may be subject to CFIUS review.
To learn more, visit sardverb.com or email firstname.lastname@example.org.