Upping the Stakes on CFIUS Mitigation Compliance and Enforcement: Monitoring Agency Perspectives

In the few years since implementation of Foreign Investment Risk Review Modernization Act, the Committee on Foreign Investment in the United States (“CFIUS”) has required implementation of dozens of National Security Agreements (“NSAs”) in order to mitigate national security risk associated with covered transactions.  These NSAs typically require that the transaction parties implement specified actions and compliance controls aimed at reducing identified risks arising from non-U.S. transaction parties’ control of or access to sensitive data, technologies, infrastructure, or supply chain, or other national security-sensitive concerns.  NSAs also frequently provide for third party audits and/or third party monitoring in order to assure the efficacy of controls.

In October 2022, CFIUS issued new Enforcement and Penalty Guidelines (“Guidelines”), which apply to instances where parties fail to comply with an NSA or mitigation order, make a material misstatement or omission to CFIUS, or fail to file a mandatory declaration regarding investment in a critical technology business or by a foreign sovereign-controlled entity (“Non-Notified Transactions”).  These Guidelines follow closely on an executive order and National Security Strategy and re-emphasizing the U.S. Government’s policy focus on asserting regulatory authorities to secure sensitive equities from exploitation risk.  CFIUS leadership recently stated intent to use all of the tools and enforcement authorities available to ensure prompt compliance and remediation, and there are some reports of impending NSA enforcement action.   

An expert panel, including current and former CFIUS officials from the U.S. Departments of Defense, Energy, and Treasury, will discuss CFIUS compliance and enforcement expectations and developments.  The panel will address numerous NSA compliance-related issues, including:

• What is the significance of the Guidelines? – 5 minutes
• How do they affect compliance expectations? – 5 minutes
• What are Guidelines principal provisions, particularly with regard to NSA compliance? – 5 minutes
• What are the CFIUS Monitoring Agencies’ expectations regarding NSA compliance? – 5 minutes
• When does compliance enforcement become a relevant consideration? – 5 minutes
• What are recent trends relating to CFIUS mitigation? – 5 minutes
• What are the principal concerns and preferred approaches with regard to mitigation at each of the CMAs? – 5 minutes 
• What are the biggest challenges for a CFIUS mitigated entity? What are some successful strategies to address them? – 5 minutes
• What is the role of key personnel in mitigation agreements (including Security Officers, Directors)? – 5 minutes
• What are CMA expectations and innovations regarding third party oversight? – 5 minutes
• What is the appropriate/most effective role for counsel in CFIUS mitigation and enforcement? – 5 minutes
• What are the prospects of further compliance and enforcement guidance in the future? – 5 minutes

Who Should Attend:  Counsel and key personnel (compliance and security personnel; executives and directors; IT security; risk managers) in NSA-mitigated entities; outside counsel and advisors to such entities; investors and their advisors in such entities; professional service experts and anyone interested in the dynamic foreign investment regulation environment

Program Level: Update

Prerequisites: None

Advanced Preparation: None

Faculty:

Christopher D. Berlew

U.S. Department of the Treasury

Randall Cook

Ankura Consulting Group

Michael Hein

U.S. Department of Energy

Scott C. Jansen

BakerHostetler LLP