Follow us

On August 13, 2018, President Trump signed the Foreign Investment Risk Review Modernization Act (FIRRMA) into law as part of the National Defense Authorization Act.

FIRRMA significantly expands the jurisdiction and powers of the Committee on Foreign Investment in the United States (CFIUS), which is tasked with reviewing any acquisition of US businesses by non-US parties that could impact US national security. Though tougher draft legislative measures have had bi-partisan advocacy for a number of years, FIRRMA's enactment follows months of escalating trade tension between the US and China, and increasing concern over Chinese investment in key US technology companies.

While FIRRMA is a less restrictive response than some had anticipated, it will bring a renewed level of scrutiny to foreign investments into the US. Most notably, FIRRMA:

  • Expands CFIUS jurisdiction to include:
    • Non-controlling investments in US companies holding critical technology and infrastructure or personal data of US citizens, where such investments emanate from countries that pose a particular national security concern to the US; and
    • Changes to non-US investors' existing ownership interests in US companies that result in control of those businesses.
  • Revamps to the CFIUS jurisdiction to add:
    • A permissive declaration process aimed to expedite clearance of transactions with less significant national security concerns; and
    • A mandatory declaration process required where the acquirer is state-owned and the acquisition would give a non-US government a "substantial interest" in US critical infrastructure or technology, or in US citizens' personal data.

Questions about how CFIUS will implement FIRRMA remain. While certain provisions will take effect immediately or within 18 months, many of the details must await the issuance of new regulations by CFIUS, a process that can take months, if not years, to complete. That said, FIRRMA has clearly codified into law the recent heightened CFIUS scrutiny of transactions by non-US deal parties, particularly in the technology, telecom and infrastructure sectors.


CFIUS is a US government committee comprised of representatives of various US government departments and agencies tasked with reviewing "covered transactions" that could result in the control of a US business by a non-US party to determine whether the acquisition presents a threat to US national security.

While "national security" continues to be largely, and intentionally, undefined by regulation, national security will often be viewed as impacted where the US entity being acquired is involved in the provision of critical infrastructure or technologies (e.g., major energy assets, communications or IT services, transportation, mining, manufacturing, chemicals, ports, food and agriculture, etc.).

Parties to a transaction may undertake a voluntary submission to CFIUS, generally before closing, and provide the substantial information that CFIUS regulations require (e.g., information regarding the transaction's scope, purpose and value, the target's assets, the parties identities and significant shareholders, etc.). The submission is "voluntary" in that failing to make a submission to CFIUS does not violate US law. That said, CFIUS is authorized to initiate its own reviews, and can do so even after closing. If there is a possible CFIUS issue, the parties often consider the prior voluntary submission route.

Many transactions are cleared unconditionally. If a transaction does present national security concerns, CFIUS can require the parties to adopt "mitigation" measures. For example, the pre-closing disposal, or the secure ring fencing, of certain US assets. Where the security risks cannot be resolved through an agreement with the parties, CFIUS will refer the case to the President and recommend that the transaction be blocked or unwound. Formal Presidential action is usually quite rare, however, as most parties elect to withdraw from a deal unlikely to receive CFIUS clearance.

FIRRMA's Expansion of CFIUS Jurisdiction

Wider Scope of "Covered Transactions"

CFIUS is currently authorized to review "covered transactions" under which non-US persons obtain "control" of US businesses. The US business need not be the direct target of the transaction, and so a non-US target company with subsidiaries, branches or operations in the US can be within CFIUS jurisdiction. The definition of control is the ability to determine, direct or decide important matters affecting an entity (i.e., there is no specific percentage interest or board seat threshold).

This has not changed. But FIRRMA expands the definition of covered transactions to include: changes in foreign investors' existing ownership stakes in US companies that result in control of the US business or would constitute a non-controlling "other investment" (see below); real estate purchases near sensitive national security facilities, such as ports and military installations (which codifies current CFIUS practice); transactions in connection with bankruptcy; and transactions designed to "evade or circumvent" CFIUS review.

Critically, FIRRMA creates a new category of covered transactions deemed "other investments," which are non-controlling investments by non-US persons in US businesses holding critical US technology, critical US infrastructure, or sensitive personal data of US citizens that could be exploited to threaten national security. Such "other investments" must also allow access to a US company's "material non-public technical information," excluding financial information; give directorship or observer rights on a US company's board; or grant decision-making authority, other than through voting shares, regarding sensitive personal data, critical technologies, or critical infrastructure. This expanded jurisdiction over non-controlling investments is qualified, however, and FIRRMA instructs CFIUS to develop regulations to limit application only to investments from countries of concern (i.e., that present a national security threat to the US).

Certain Exclusions for Investment Funds

With respect to investment fund transactions, FIRRMA provides that an indirect investment by a non-US person in a US business, via an investment fund that affords the non-US person membership as a limited partner or equivalent on an advisory board or a committee of the fund, will not be considered an "other investment" for CFIUS purposes, provided that: the fund is managed exclusively by a US general partner or managing member; the advisory board or committee does not have the ability to control investment decisions of the fund or decisions made by the general partner or managing member; the non-US person does not otherwise have the ability to control the fund; and the non-US person does not have access to material non-public technical information as a result of participation on the advisory board or committee. This FIRRMA exclusion marks a departure from more recent CFIUS efforts to scrutinize foreign investments in US business via private equity and related investment funds.

FIRRMA's Changes to the CFIUS Review Process

Revised Review Timeline

Under prior procedures, deal parties normally first engage with CFIUS by submitting a draft filing in advance of formal filing. A formal CFIUS notice filing is then made and is subject to a mandatory 30 day initial review period, followed in some cases by a 45 day fact investigation period if national security risks could not be resolved in the initial review. If CFIUS cannot resolve or recommends a deal be blocked, the transaction is referred to the President, who has 15 days to make a determination (though Presidential review is rare).

After FIRRMA, CFIUS is required to provide comments on a draft filing within 10 business days and to accept formal filings within 10 business days (or else advise if such filings are deemed incomplete) – but only if the filing parties accept and stipulate that the deal is a "covered transaction" and thus within CFIUS' jurisdiction. This provision will take effect within 18 months.

In addition, FIRRMA extends the initial review period from 30 to 45 days, with immediate effect. The secondary investigation period remains 45 days, though FIRRMA permits CFIUS to extend this by another 15 days under "extraordinary circumstances" (which CFIUS is to define by regulation).

Imposition of Filing Fees

At present, no fee accompanies a CFIUS filing. FIRRMA authorizes CFIUS to issue regulations to impose a filing fee of 1% of the deal value (capped at US $300,000). In addition, CFIUS is required to study the "feasibility and merits" of an additional fee for priority review of CFIUS notices.

Short-Form and Mandatory Declarations

FIRRMA adds a new filing mechanism called declarations. A permissive declaration will allow parties to receive CFIUS feedback without engaging in a full notice and review process by submitting a short-form declaration containing "basic information regarding the transaction." This will most likely be useful for deals that could be caught but do not appear especially sensitive. CFIUS will then have 30 days to either clear the transaction or request that the parties file a formal notice.

In addition, and in what looks like a departure from the long-standing position that CFIUS review was "voluntary," FIRRMA will require a mandatory declaration for any transaction in which a non-US government would, directly or indirectly, secure a "substantial interest" (excluding investments of less than 10% voting interest) in a US business that deals with critical infrastructure, critical technologies or sensitive data. CFIUS can waive this requirement if it decides that the investment is not directed by a non-US government, and the non-US acquirer has a "history of cooperation" with CFIUS.

Filing fees would not apply to short-form or mandatory declarations. CFIUS must promulgate regulations regarding declarations, so these requirements will not take effect immediately.

Like many terms in FIRRMA, "substantial interest" is not yet fully defined, and awaits CFIUS regulation. However, non-US investors, in which non-US governments have an interest, should expect to disclose various information about their ownership interests, particularly if they are investing in the US technology or critical industrial sectors.

Additional FIRRMA Reforms

CFIUS Suspensory Authority

FIRRMA codifies certain historical CFIUS practices with respect to national security risks. For example, FIRMMA confirms that CFIUS may continue to impose mitigation requirements on parties that voluntarily abandon covered transactions, and may impose interim mitigation requirements while it reviews completed transactions to address national security risks. Moreover, FIRRMA provides CFIUS with the authority to suspend covered transactions that pose national security risks pending the completion of CFIUS review.

Information Sharing

CFIUS is required to establish a "formal process" for the exchange of information with governments of countries that are US "allies or partners" to protect the national security of the US and those countries. This may facilitate the harmonization of governmental action on investments and technology that could pose national security risks, provide for the sharing of information with respect to specific technologies and the entities acquiring such technologies, and include regular consultations and meetings with friendly governments.

Increased CFIUS Publication Requirements (including as to Chinese investment)

CFIUS currently issues an annual report to the US government that, at least with respect to the publicly-available version, broadly reviews CFIUS filings and deal activity, but gives little to no information regarding the deal parties or specific transactions.

FIRRMA now requires the report to include (among other things) a list of all notices filed and all reviews or investigations of covered transactions completed during the period, along with a description of the outcome and basic information on each party, statistics regarding the number of declarations submitted, the time required to complete each review, and the number of notices withdrawn by deal parties. This should enable greater transparency in the CFIUS review process.

In addition, FIRRMA requires the US Department of Commerce to issue a report in August 2020 (and every two years through 2026) on "foreign direct investment transactions made by entities of the People’s Republic of China in the United States." This report is to include a breakdown of Chinese investments based on deal value and business sector, a list of companies incorporated in the US purchased through government investment by China, and an analysis of patterns in Chinese investments and the extent to which those patterns align with the objectives outlined by the Chinese government in its "Made in China 2025 plan."

FIRRMA also calls on the US Department of Homeland Security to issue, by August 2019, a report assessing the national security risks of investments in US freight and passenger rail systems by non-US state-owned or state-controlled entities.

Judicial Review

The findings and decisions of CFIUS and the President remain immune from judicial review, though the process applied in reaching a determination can be subject to a due process (constitutional) challenge. FIRRMA now provides that such civil action must be brought in the federal appellate court in Washington, DC.

Key contacts

Joseph Falcone photo

Joseph Falcone

Partner, New York

Joseph Falcone
James Robinson photo

James Robinson

Partner, New York

James Robinson