Treasury Issues Final CFIUS Regulations to Implement FINSA

On November 14, 2008, the U.S. Department of the Treasury issued final regulations to implement the Foreign Investment and National Security Act of 2007 (FINSA), the statute Congress passed last year to reform the process by which the interagency Committee on Foreign Investment in the United States (CFIUS, or “the Committee”) conducts national security reviews of mergers, acquisitions or takeovers of U.S. businesses by foreign persons pursuant to section 721 of the Defense Production Act of 1950 (the so-called “Exon-Florio” amendment).[1] While the final regulations largely incorporate the proposed regulations that Treasury issued in April, they include some significant changes to the proposed regulations based on comments and feedback received from the trade community. Overall, the clear message of the final regulations is that CFIUS will maintain its wide discretion to conduct national security reviews of foreign investment transactions on a case-by-case basis.

Background on FINSA and the Proposed Regulations

FINSA was enacted in response to U.S. public and political criticism of several high-profile transactions that raised concerns about the sufficiency and effectiveness of the CFIUS process in protecting U.S. national security in the face of foreign investment. Congress passed FINSA on July 11, 2007, and the law went into effect on October 24, 2007. On January 23, 2008, in response to concerns in the business community that FINSA could create barriers to foreign investment, President Bush issued an executive order reaffirming the importance of international investment to the U.S. economy and enhancing the role of economic agencies in the CFIUS process. Treasury issued proposed regulations to implement FINSA on April 23, 2008, and held a public meeting on the proposed regulations on May 2, 2008. During the period for public comment on the proposed regulations, which closed on June 9, 2008, Treasury received 25 written comments from various government and industry representatives across several countries. Over the past five months, Treasury has reviewed and evaluated more than 200 distinct comments received in the form of written and oral submissions.

The Final Regulations

Like the proposed regulations, the final regulations attempt to strike a balance between making the CFIUS process more transparent and predictable for foreign investors in acquiring U.S. businesses, and more flexible and discretionary for CFIUS in reviewing potential national security concerns associated with such transactions. While the final regulations largely reflect the procedural and substantive amendments to the current CFIUS process introduced by the proposed regulations, they are also partially responsive to some of the concerns voiced by interested parties during the comment period. With respect to procedural issues, Treasury has clarified pre-filing requirements, revised several information requirements and confirmed the penalty structure for FINSA violations. With regard to substantive issues, Treasury has provided additional clarification on the concept of “control”—the cornerstone of the CFIUS process—to provide guidance on the scope of CFIUS jurisdiction, while maintaining broad definitions of other key terms, such as “critical infrastructure,” “critical technologies” and “foreign government-controlled transactions” to retain CFIUS’s flexibility to review national security concerns posed by foreign control of U.S. business on a case-by-case basis.

The following summarizes key provisions of the final regulations.


1. Pre-filing

The proposed regulations made explicit CFIUS’s pre-FINSA practice of encouraging parties to engage in pre-filing consultations with the Committee. While most commenters were generally pleased with the pre-filing recommendation, some requested more guidance from CFIUS on expectations for this pre-notification phase.

Although Treasury did not revise the proposed regulations to provide the requested guidance, in the preamble language to the final regulations it describes some circumstances in which pre-filing consultations may be helpful, such as when a party to a transaction has not previously submitted to CFIUS review or when a transaction is unusually complex. Treasury recommends that parties engaging in pre-filing consultations with CFIUS inform the staff chairperson of the transaction and the date the notice may be filed, request a meeting with CFIUS staff and provide a draft of the voluntary notice. In response to several comments, the final regulations explicitly extend confidential treatment to information pre-filed with CFIUS, regardless of whether a notice is ultimately filed. These confidentiality provisions will continue to apply even when the transaction is no longer before the Committee.

2. Information Requirements

The proposed regulations increased the information that parties are required to submit to CFIUS as part of the notice. Although many of the proposed regulations’ new requirements codified questions that CFIUS had routinely asked parties after the submission of the notice, several commenters argued that the information requests were onerous and would discourage parties from voluntarily notifying transactions. Many commenters also objected to the proposed regulations’ requirement that parties reply to follow-up requests from CFIUS within two business days, characterizing this short response time as unreasonable.

Treasury has responded to these comments by amending the proposed regulations to clarify and narrow the scope of the information requirements. For example, the final regulations seek more generalized information on the value of the transaction (i.e., “a good faith approximation of the net value of the interest acquired”), rather than requesting a specific statement of the full transaction value and a description of how it was derived. In addition, the final regulations ask parties to identify contracts with U.S. government agencies with homeland security, national defense and national security responsibilities over the past three years, instead of requiring information on all U.S. government contracts during that time period. The final rule also provides clarification with respect to the individuals for whom the parties must provide biographical information and other personal identifier information by identifying a single group of subject individuals, including—

  • members of the board of directors and officers of the foreign person engaged in the transaction
  • its immediate, intermediate and ultimate parents
  • any individual with an ownership interest of 5 percent or more in the foreign person and its ultimate parent.

The final regulations limit the information on foreign military service required for these individuals.

Significantly, the final regulations maintain many of the information requirements introduced by the proposed regulations, including questions related to the priority-rated contracts of the U.S. business, the cyber-security plans for protecting the U.S. business, licenses granted by U.S. government agencies to the U.S. business and rebranding of the U.S. business’s products by another company. Moreover, the final regulations continue to include questions related to the foreign person’s plans with respect to the U.S. business, with Treasury rejecting suggestions that these issues have no bearing on national security interests and expressing the contrary position that a foreign person’s intentions could be central to the national security analysis.

In the preamble language to the final regulations, Treasury also offers parties the opportunity to petition CFIUS in writing during pre-filing consultations to modify or waive specific information requirements, making clear that such action should be reserved for special cases in which an information request would place an extraordinary burden on the parties and the modification would not impair the full and efficient review of the transaction. For example, Treasury explains that CFIUS may consider a request from a small business to submit a certified translation of only portions of its annual report, rather than a certified translation of the entire report. Treasury provides the caveat that CFIUS will not consider waiving the requirements for personal identifier information of key personnel. The final rule extends the response time for follow-up requests from CFIUS to three business days and clarifies that legal public holidays in the United States are not counted as business days.

3. Penalties

Consistent with FINSA, the proposed regulations provided for civil penalties of up to $250,000 per violation for intentional or grossly negligent submission of material misstatements or omissions in a notice or submission of a false certification. Moreover, for violations of mitigation agreements reached with the U.S. government, the proposed regulations authorized CFIUS to seek civil penalties of up to $250,000 per violation or the value of the transaction. At least one commenter expressed concern that the threat of civil penalties would discourage foreign parties from investing in the United States, while another recommended that CFIUS align the penalty structures for false filings and violations of mitigation agreements, so that civil penalties would not exceed $250,000 per violation. Treasury resisted calls to set a ceiling for penalties, noting that CFIUS retains the discretion to impose less than the maximum penalty identified in FINSA, depending on the nature of the violation. Like the proposed regulations, the final regulations afford parties the opportunity to submit a petition for reconsideration of any decision to impose a penalty.


1. Covered Transaction

Under FINSA, CFIUS is authorized to review “covered transactions,” meaning mergers, acquisitions or takeovers that could result in foreign control of a U.S. business (defined as any entity engaged in interstate commerce in the United States, but only to the extent of its activities in interstate commerce), in order to evaluate the effects of such transactions on the national security of the United States. The proposed regulations generally included certain joint ventures and long-term leases as covered transactions, but excluded start-ups and greenfield investments. The final regulations do not make any substantive changes to the definition of “covered transaction,” but offer some clarifying language about what transactions are covered by FINSA in numerous other provisions.

For example, the final regulations confirm that the creation of a joint venture is a covered transaction to the extent that it involves the contribution of a U.S. business over which a foreign person could gain control. Treasury rejected calls to exclude 50/50 joint ventures from the definition of a covered transaction because both partners would have equal control over the U.S. business. On the other hand, the final regulations confirm that greenfield investments are not covered transactions and further exempt asset acquisitions from the definition of covered transactions to the extent that the assets acquired by the foreign person do not constitute a U.S. business. They also clarify that lending transactions are not covered transactions unless the foreign person acquires financial or governance rights characteristic of an equity investment. With respect to the so-called “safe harbor” for acquisitions of 10 percent or less of a U.S. company’s voting securities that existed pre-FINSA, the final regulations provide additional clarification that such a transaction is not a covered transaction only to the extent that it is “solely for the purpose of passive investment” (emphasis added). By adding the word “passive” to the language in the proposed regulations, Treasury instructs that the exemption does not apply to a transaction if the foreign person intends to gain control over the U.S. person.

The final regulations also include a new provision addressing transactions in which a foreign person acquires an additional interest in a U.S. business that was previously the subject of a covered transaction. The relevant language confirms that incremental acquisitions of covered transactions previously cleared by CFIUS will not be considered new covered transactions.

Some commenters requested that CFIUS regularly provide redacted descriptions of noticed transactions, along with descriptions of CFIUS’s assessment of whether they qualified as “covered transactions,” to provide additional clarity on the meaning of the term. However, Treasury rejected this suggestion, citing significant potential national security and confidentiality concerns.

2. Control

With the proposed regulations, Treasury preserved the pre-FINSA functional concept of control, defining it generally as the ability to “determine, direct, or decide important matters affecting an entity.” The proposed regulations provided several examples of “important matters,” including major expenditures or investments, the appointment or dismissal of officers or senior managers and the selection of new business lines or ventures for the entity. While the proposed regulations granted CFIUS broad discretion to conduct national security reviews, they did provide some limitations on CFIUS’s jurisdiction by excluding certain transactions from the definition of “covered transactions,” as described above, and by identifying certain minority shareholder protections deemed insufficient to confer control over an entity. While many commenters signaled their appreciation of CFIUS’s need to retain flexibility in undertaking reviews, they recommended that the final regulations make the concept of “control” more precise in order to enhance the certainty of the CFIUS process for foreign investors.

Like the proposed regulations, the final regulations eschew bright-lines as a threshold for control. Instead, they make clear that CFIUS will continue to approach its national security review responsibilities on a case-by-case basis, evaluating control issues based on a variety of considerations, including the level of ownership interest, the rights that flow from such ownership, the restrictions on the exercise of such rights and all other relevant facts and circumstances. Although the final rule does not expand the list of important matters exemplifying control, it clarifies the concept of “control” in a number of other ways, such as by providing additional examples of circumstances in which influence does not rise to the level of control. These examples include—

  • the situation of a foreign person with a 20 percent interest in a U.S. business and an irrevocable passivity agreement, having the right to prevent the U.S. business from entering into contracts with majority investors
  • the situation of a foreign person, with a 13 percent interest in a U.S. business and several specified minority shareholder protections, having the right to appoint one of seven board members, but no other positive or negative rights.

The final regulations also provide examples that illustrate CFIUS’s focus on “control” versus ownership structure (such as private equity or limited partnership). In this regard, the final regulations offer examples demonstrating how a limited partner’s control of a limited partnership and a fund operated by the partnership depends on his ability to decide important matters affecting the entity. When two limited partners, with a 49 percent interest each, have the authority to select the fund’s representatives on the boards of the fund’s portfolio companies and to veto major investments of a general partner with a two percent interest, the general partner and the limited partners each have control over the limited partnership and the fund. However, when the general partner alone has the authority to determine important matters affecting the partnership and the fund, he controls the partnership and the fund.

In addition, the final rule adds to the nonexclusive list of minority shareholder protections deemed insufficient to constitute control, with examples centered on rights that protect investment expectations and do not affect strategic business decisions or management of an entity, including the power to prevent an entity from voluntarily filing for bankruptcy or liquidation.

Given the centrality of the “control” concept to CFIUS review, some commenters urged CFIUS to create a mechanism for providing pre-filing determinations on this issue. Treasury rejected instituting such a pre-notification proceeding to make threshold determinations about foreign control, saying it would substantially burden the CFIUS process.

3. Critical Infrastructure

Under FINSA, transactions involving “critical infrastructure” are presumed to implicate national security and, therefore, require stricter scrutiny, including, in most cases, a 45-day investigation following the initial 30-day review. FINSA designated “major energy assets” as the only example of critical infrastructure. Although some U.S. and foreign industry representatives anticipated that CFIUS would clarify FINSA’s definition of “critical infrastructure,” the proposed regulations generally mirrored the statutory definition, covering “systems and assets, whether physical or virtual, so vital to the United States that the[ir] incapacity or destruction . . . would have a debilitating impact on national security.” The final regulations continue this case-by-case approach towards identifying critical infrastructure and avoid designating any class of systems or assets as falling under this definition or otherwise providing any examples of assets that could meet this definition. Accordingly, CFIUS will continue to address whether a targeted business qualifies as “critical infrastructure” by considering national security effects of its incapacity or destruction on a case-by-case basis.

4. Critical Technologies

FINSA provides that CFIUS must consider the national security-related effects of a transaction on U.S. critical technologies. The proposed regulations defined the term “critical technologies” in relation to existing regulatory regimes dealing with sensitive goods, technologies and services, including items controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), nuclear equipment and materials, and select agents and toxins. The final regulations do not make any substantive changes to the definition of the term in the proposed regulations, affording CFIUS the flexibility to consider a wide range of assets under this definition.

5. Foreign Government-Controlled Transactions

FINSA also creates a heightened level of scrutiny for “foreign government-controlled transactions,” which the proposed regulations broadly defined as “any covered transaction that could result in control of a U.S. business by a foreign government or a person controlled by a foreign government.” Several commenters observed that the broad definition of “control” could result in an arbitrary application of this concept and asked Treasury to further clarify the meaning of the term “foreign government-controlled transaction.” In particular, comments from Chinese government and business entities, which represented nearly one-third of all written comments submitted, argued that the definition was over-inclusive and discriminatory, with one commenter noting that the proposed regulations reflected “enshrouded protectionism” and “self-evident hostility to ‘foreign government-controlled’ transactions.”

The final regulations make no changes to the definition of “foreign government-controlled transaction” from the statute and the proposed regulations. Treasury rejected calls to exclude from the scope of “foreign government-controlled transactions” entities owned by a foreign government that operate on a purely commercial and market-driven basis, explaining that such an application was inconsistent with the language of FINSA. However, Treasury indicated that CFIUS would clarify in future guidance that it does take into account whether a foreign government-controlled entity operates on a purely commercial or market-driven basis in reviewing national security concerns associated with foreign government-controlled transactions.

* * * * *

While the final regulations do not depart significantly from the proposed regulations, they incorporate some changes and clarifications suggested by the comments and reflect Treasury’s efforts to protect national security interests while encouraging foreign investment. Like the proposed regulations, the final regulations make clear that CFIUS will consider transactions on a case-by-case basis, conducting its national security review and determination according to the specific facts and circumstances of particular cases.


[1] The final regulations are pending publication in the Federal Register. They are available on the Treasury Department’s Web site at This final rule will take effect 30 days after its publication in the Federal Register.



For more information, please contact—

Edward L. Rubinoff 202.887.4026 Washington, D.C.
Tatman R. Savio 202.887.4564 Washington, D.C.