On October 20, 2022, the U.S. Department of the Treasury, as Chair of the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) released the first-ever CFIUS Enforcement and Penalty Guidelines (the “Guidelines”).
CFIUS has the dual-mandate of identifying and mitigating certain national security risks while also ensuring that the U.S. remains hospitable to foreign investment. CFIUS has the authority to review any transaction resulting in the potential control of a U.S. business by a foreign party, as well as certain non-controlling investments in more sensitive businesses involved in activities relating to critical export-controlled technologies, critical infrastructure or sensitive personal data. If CFIUS concludes that a particular transaction under its review could threaten national security, it has the authority to mitigate such transaction; if the Committee is unable to identify adequate mitigation, it may recommend to the President of the United States that the transaction be blocked or unwound.
Section 721 of the Defense Production Act of 1950, as amended, authorizes the Committee to impose monetary fines and pursue other remedies for violations of Section 721, regulations promulgated thereunder, mitigation orders, conditions or agreements pursuant thereto (each, a “Violation”). The Guidelines provide the public with information about how the Committee assesses Violations, the amount of any penalties imposed, and which factors will be considered by the Committee in making such determinations, including aggravating and mitigating factors.
In connection with the release of the Guidelines, Paul Rosen, the Assistant Secretary of the Treasury for Investment, said, “The vast majority of those who come before CFIUS abide by their legal obligations and work collaboratively with the Committee to mitigate any national security risks arising from the transaction; however, those who fail to comply with CFIUS mitigation agreements or other legal obligations will be held accountable. Today’s announcement sends a clear message: Compliance with CFIUS mitigation agreements is not optional, and the Committee will not hesitate to use all of its tools and take enforcement
action to ensure prompt compliance and remediation, including through the use of civil monetary penalties and other remedies.”
Types of Conduct That May Constitute a Violation
The Guidelines outline three types of conduct which may constitute a Violation:
- Failure to File. Failure to timely submit a mandatory declaration or notice, as applicable.
- Non-Compliance with CFIUS Mitigation. Conduct that is prohibited by or otherwise fails to comply with CFIUS mitigation agreements, conditions or orders (“CFIUS Mitigation”).
- Material Misstatement, Omission or False Certification. Material misstatements in or omissions from information filed with CFIUS, and false or materially incomplete certifications filed in connection with assessments, reviews, investigations or CFIUS Mitigation, including information provided during informal consultations or in response to requests for information.
The Guidelines also state that a penalty will not necessarily be assessed in connection with all aforementioned Violations, as aggravating and mitigating factors will be taken into account through an individualized, fact-based analysis. Some aggravating and mitigating factors mentioned in the Guidelines are:
- Accountability and Future Compliance: impact of the enforcement action on ensuring accountability and incentivizing future compliance.
- Harm: extent to which the conduct impaired national security.
- Negligence, Awareness and Intent: whether the conduct resulted from negligence, intentional action or willfulness; efforts to conceal or delay notification to CFIUS; seniority of the personnel involved.
- Persistence and Timing: length of time elapsed after discovery of the conduct; frequency and duration of the conduct; length of time Mitigation was in place; date of the transaction at issue.
- Response and Remediation: self-disclosure; cooperation with CFIUS; remediation of the conduct; any internal review of the conduct.
- Sophistication and Record of Compliance: sophistication of the applicable actors with CFIUS and Mitigation, including resources, policies, training, etc. dedicated to compliance; past history of compliance.
Sources of Information on Which CFIUS Relies
The Guidelines further state that the Committee will rely on many factors when determining whether a Violation has occurred, including from across the U.S. government, publicly available information, third-party service providers (e.g., auditors and monitors), tips, transaction parties and filing parties. The Committee will in many instances make requests for information but also strongly encourages any person who engaged in conduct that may constitute a Violation to submit a timely self-disclosure. The CFIUS Monitoring and Enforcement Team also maintains a website through which persons who suspect a Violation has occurred may submit tips, referrals or other relevant information.
Penalty Process
In the event the Committee determines to impose a penalty for a Violation, such penalty will be assessed in accordance with 31 C.F.R. §§ 800.901 and 802.901, or, for certain older transactions, in earlier regulations, as applicable. The subject of a notice of penalty may submit a petition for reconsideration to the Committee within 15 business days of receipt of such notice of penalty, which petition will be considered by the Committee before it issues a final penalty determination.
Key Takeaways
The Guidelines released today are another step in the Committee’s continued focus and messaging around mitigation and enforcement. In other settings, including the Inaugural CFIUS Conference hosted by CFIUS in June 2022, CFIUS noted that enforcement actions and penalties are not intended to be punitive but instead are aimed at incentivizing prospective compliance with CFIUS regulations and with any agreements made with the Committee. The Guidelines setting out aggregating and mitigating factors also are consistent with the Committee’s emphasis that parties understand the commitments that they are agreeing to undertake and maintain open communication with the Committee.
Simpson Thacher & Bartlett is experienced in navigating the complexities of the CFIUS review process and continues to monitor the relevant regulatory developments.