CFIUS doesn’t mean Chinese companies can’t invest in the US

CFIUS is examining more Chinese companies investing in US businesses, but this does not mean CFIUS will block all such transactions: in fact, the majority are still approved. Chinese companies considering investments involving critical technologies or sensitive personal data must plan ahead and carefully consider their approach to minimize CFIUS risk.

An interagency panel, CFIUS, reviews foreign investments in, or acquisitions of, US companies for national security risks. If CFIUS determines such risks cannot be mitigated, it may block a transaction, or if the transaction has been completed, direct the foreign owner to divest from the US business.

Recently, the US government has identified the government of the People’s Republic of China as a significant counterintelligence and economic espionage threat. As a result, CFIUS has increasingly focused on Chinese investment in US businesses, particularly involving sensitive data, critical technology, or critical infrastructure. Due to this emphasis on data and technology, tech companies in particular are exposed to CFIUS risk.

Following the 2018 regulatory changes, CFIUS now may review any minority investment in US businesses that: 

• Produce, design, test, manufacture, fabricate, or develop one or more Critical Technologies;
• Perform certain functions related to Critical Infrastructure; or 
• Maintain or collect, directly or indirectly, Sensitive Personal Data of US citizens.
• The capitalized terms are all defined in the regulations and together are referred to as a TID US Business with TID standing for Technology, Infrastructure, and Data. 

CFIUS may review minority investments in TID businesses if the investment provides the foreign party:

• Access to Material Nonpublic Technical Information;
• Membership or observer rights on, or the right to nominate an individual to a position on, the board of directors (or equivalent); or
• Any involvement, other than through voting of shares, in substantive decision making related to the US company. 

Additionally, CFIUS must be notified of certain transactions. Those involving US businesses that produce, design, test, manufacture, fabricate, or develop Critical Technologies require a CFIUS filing if US regulatory authorization is required to export the Critical Technology to the foreign investor. In other words, a foreign investor must determine if the company’s technology would normally be subject to a US export license. If so, it must notify CFIUS. 

A companion law to FIRMMA requires the US government to review export control requirements for emerging and foundational technologies, which is expected to result in increased license requirements for US exports to China. 

It’s not a ban 

Although risk has increased, Chinese companies can still invest in the United States. In many cases, foreign investment poses no national security risks that would warrant CFIUS intervention. Although the “T” in TID, refers to technology, only a few companies will qualify as TID US businesses that trigger the closest CFIUS scrutiny.  

However, some evidence suggests that FIRRMA may have put a damper on Chinese investment in the US. The 2019 CFIUS report indicates a marked decrease in China-based notice filings, although this also corresponds with an overall decline in Chinese investment in the US amid global economic uncertainty. While the confidential nature of the CFIUS process makes data-gathering difficult, public disclosures of CFIUS matters since 2019 indicate there have been at least 16 filings by Chinese companies. Of those, CFIUS approved six, President Trump blocked one, and the rest either remain pending or there has been no public disclosure of their disposition. Because of the sensitive nature of the information provided to CFIUS, CFIUS does not publicly disclose its decisions; thus, we gathered the above information from corporate disclosures. 

Notably, during the same time, CFIUS clearances that involve “mitigation agreements,” conditions on the deal monitored by the US Department of Justice, have increased. The Assistant Attorney General for National Security, who oversees the process, has indicated that this increase in mitigation measures rather than blocking transactions is likely to continue. He cautioned, however, that investment from companies owned by foreign governments or in countries that are not allied with the US may present trust issues that make mitigation measures unlikely to alleviate national security concerns. 

Given the recent tensions between the US government and the Chinese government, China-based investors may face an uphill battle to convince CFIUS of their ability to mitigate national security concerns, particularly involving acquisitions of TID US businesses. However, this is not impossible. For example, even if the US business involves Critical Technology, the Department of Commerce already may have licensed that technology to China for a particular purpose such that the investment does not create additional risk, or an agreement to restrict use of the technology may be sufficient. Also, it may be possible to restrict access to data or to facilities in a way that sufficiently mitigates risk.

Should you continue to invest?  

With expanded jurisdiction and new mandatory filing requirements, CFIUS risk is greater than ever for Chinese investments in US tech companies. Even when companies may not be required to file with CFIUS, many choose to do so voluntarily to obtain clearance and avoid a future requirement to divest. Obtaining clearance at the time of the transaction matters more than ever because FIRRMA also has provided more resources for CFIUS to review non-notified transactions (transactions that were completed without a CFIUS filing), potentially disrupting the investment.

Investors should consider their goals. For parties not seeking to control the US company, and who are willing to take a passive role or invest as a limited partner with restricted access to sensitive technical information or data, CFIUS risk is much less. It’s possible that CFIUS may not even review the transaction.

Additionally, while FIRRMA enjoyed bi-partisan support, the Biden administration may herald a change in CFIUS policy over time. We are still waiting for appointments to the Treasury Department offices that manage the CFIUS process. Once they are filled, we will have a better sense whether there has been a change in the risk calculation for certain foreign investment transactions.

Chinese companies should evaluate CFIUS risk early to identify the likelihood of any US national security vulnerabilities as well as to determine whether a mandatory filing is required, or whether a voluntary filing would be prudent. Additionally, companies should consider proactive steps to address likely CFIUS concerns, such as investing as a limited partner with no control of the US business, or restricting foreign access to technology or data. With proper planning and collaboration, Chinese tech companies can successfully navigate this complex regulatory framework to make the acquisitions and investments to improve and grow their businesses. After all, CFIUS still approves the vast majority of the transactions it reviews.

Reprinted with permission from the May 5, 2021, issue of TechNode. © 2021 TechNode. All Rights Reserved.