On November 18, 2024, the Department of the Treasury, as the Chair of the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”), issued a Final Rule entitled, “Amendments to Penalty Provisions, Provision of Information, Negotiation of Mitigation Agreements, and Other Procedures Pertaining to Certain Investments in the United States by Foreign Persons and Certain Transactions by Foreign Persons Involving Real Estate in the United States.” The Final Rule, which was published in the Federal Register on November 26, 2024,[1] revises CFIUS’s existing authorities in the context of non-notified transactions, mitigation agreement negotiations, and the imposition of civil monetary penalties. Our analysis of the prior Notice of Proposed Rulemaking (“NPRM”) issued in April 2024 can be found here.
We note that these changes were driven by the current political leadership in charge of the CFIUS process. While the changes are now codified into regulation—and in many instances reflect the practice of the Committee at a career staff level—the degree to which the revisions have a practical effect within the CFIUS process may be influenced by the political leadership in the incoming Trump Administration. Given that, it is premature to say whether certain of the more significant amendments—such as the expansion in the Committee’s subpoena authority, the response timeline on mitigation agreements, and the penalty amounts—will be aggressively used by the Committee moving forward.
Summary of the Final Rule
CFIUS’s Authority to Request Information and Require Responses
Under Section 721 of the Defense Production Act, as amended, 50 U.S.C. § 4565, and Parts 800 and 802 of Title 31 of the Code of Federal Regulations, CFIUS is authorized to identify covered transactions and covered real estate transactions that have not been notified or declared to the Committee (commonly referred to as “non-notified transactions”). The current regulations (Parts 800 and 802) also address parties’ obligations to respond to those inquiries and certain requests for information. The Final Rule strengthens these authorities (or codifies existing CFIUS practice) by:
-
Expressly authorizing CFIUS to request information to determine if a non-notified transaction triggered the mandatory filing requirement or otherwise implicates national security considerations;
-
Requiring parties to provide information to CFIUS when CFIUS seeks information to monitor compliance with or enforce the terms of an existing mitigation agreement, order, or condition;
-
Requiring parties to provide information to CFIUS when it seeks that information to determine whether transaction parties have made a material misstatement or omitted material information during the course of a previously concluded review or investigation (including in circumstances where the review ended with CFIUS rejecting the parties’ notice); and
-
Broadening CFIUS’s subpoena power by revising the current language of the regulations—which states that CFIUS can issue subpoenas “[i]f deemed necessary by the Committee”—to allow CFIUS to issue a subpoena when simply deemed “appropriate” by the Committee.
As we noted in our analysis of the NPRM in April, many of these provisions reflect and codify CFIUS’s existing practices. The changes likely result from isolated instances in which parties have declined to respond to questions from CFIUS regarding non-notified transactions on the grounds that CFIUS’s questions to the parties did not strictly relate only to CFIUS’s jurisdiction. We do not, however, expect that the changes will materially impact CFIUS’s decision-making in non-notified reviews. It is conceivable that the Committee may choose to lean more heavily on its broadened subpoena power by comparison to its present question-and-answer process with non-notified transaction parties; such a change would represent a meaningful shift in the dynamic between CFIUS and the parties to the transactions it regulates. As we noted above, however, whether the Committee pursues such a significant shift may turn on the perspectives of the political leadership of the Trump Administration, the vast majority of whom at a sub-Cabinet level have yet to be nominated.
Timeframe for Responding to Mitigation Proposals
The Final Rule grants the Staff Chairperson discretion to impose deadlines—which can be no shorter than three business days—for parties to “substantively respond” to Committee mitigation proposals when negotiating national security agreements. In assessing whether to impose a deadline, the CFIUS Staff Chairperson may consider such factors as:
-
The statutory deadline for completing an ongoing CFIUS review;
-
The risk to national security that CFIUS assesses as arising from the covered transaction;
-
The parties’ responsiveness to CFIUS;
-
The nature of the transaction;
-
The appropriateness of suspending, or imposing conditions on, the covered transaction; and
-
Other factors that the Staff Chairperson determines to be appropriate in relation to a specific transaction.
Transaction parties could request extensions to these deadlines. If they fail to respond within the prescribed timeframe, CFIUS would have the authority under the Final Rule to reject the notice under review.
As we observed earlier this year, a mandatory three-business-day deadline for responding to mitigation proposals generally would be unworkable in practice. Although flexibility in establishing deadlines could address the occasional delays caused by unresponsive parties, it is our experience that delays far more often stem from mitigation proposals from the government that (i) arrive very late in the CFIUS review process, and/or (ii) fail to comprehend the far-reaching—and sometimes unintended—impacts they would have on the transaction parties and the business thesis for the transaction in question. Such mitigation proposals often require extensive analysis and revision by the transaction parties on a timeline that necessarily is longer than three business days. The challenges presented by the timing and character of mitigation proposals could be meaningfully reduced by earlier, more collaborative engagement between CFIUS and transaction parties on potential mitigation conditions during the review process.
Civil Monetary Penalties
Parts 800 and 802 set forth the amounts for civil monetary penalties that the Committee may impose for various actions or omissions, including (1) submission of a declaration or notice with a material misstatement or omission, or the making of a false certification; (2) failure to comply with the requirements for mandatory CFIUS filings (Part 800 only); and (3) violations of orders issued by the Committee, material provisions of mitigation agreements, or material conditions imposed by the Committee.
The Final Rule enacts significant modifications to these provisions. Specifically, the revisions increase the amount of potential civil monetary penalties as follows:
-
For material misstatements, omissions, or false certifications, the maximum penalty rises from $250,000 to $5 million per violation.
-
For failing to meet mandatory filing requirements (Part 800), the maximum increases from $250,000 to the greater of $5 million or the transaction’s value per violation.
-
For violating mitigation agreements, orders, or conditions, the maximum penalty rises from the greater of $250,000 or the value of the transaction to the greater of $5 million, the transaction’s value, or the value of the violating party’s interest in the U.S. business at the time of the violation or the time of the transaction (in each case, per violation).
Additionally, the Final Rule expands CFIUS’s authority to issue civil monetary penalties for material misstatements and omissions to additional contexts outside of declarations and notices. The Committee will have the authority to issue such penalties in connection with material misstatements and omissions related to:
-
Information requests related to non-notified transactions;
-
Responses to certain information requests from CFIUS concerning compliance with mitigation terms; and
-
Other Committee information requests, such as agency notices.
Finally, the revisions update the timeline for parties to submit a petition for reconsideration of a penalty by the Committee. Under the Final Rule, the parties have 20 business days to submit such a petition, and the Committee has 20 business days to assess the petition and issue a final penalty determination.
These provisions, as we previously noted, represent a major change to CFIUS’s penalty powers, and apparently result from a determination by CFIUS that the optimal way to increase compliance and deter violations is to increase the Committee’s ability to hit transaction parties in the pocketbook. Yet compliance issues in our experience typically arise not from intentional violations but rather from human error or misunderstanding of the meaning of mitigation terms (which often have been negotiated in great haste). We are skeptical that stricter penalties will in practice enhance compliance.
Changes from the NPRM
The Final Rule closely tracks the NPRM issued in April, despite the fact that Treasury received a number of comments from the public. The key change that the Final Rule implements with respect to the NPRM is that the Final Rule does not implement the automatic three-day response deadline originally proposed in the NPRM. As we noted earlier this year, the NPRM proposed requiring parties to “substantively respond” to “proposed risk mitigation terms” within three business days or risk the rejection of their voluntary notice. In response to this proposal, public comments indicated there are “specific challenges in negotiating effective mitigation terms that a U.S. business can operationalize within a three-day, broadly applicable time frame.” Nevertheless, the preamble to the Final Rule stresses CFIUS’s experience with “relatively less motivated” parties whose “delayed responses have impeded the Committee’s ability to address national security risk and fulfill its statutory obligation to complete an investigation in 45 days.” Accordingly, and as noted above, the Final Rule authorizes the Staff Chairperson to exercise discretion to impose a deadline for responding to mitigation proposals that is no less than three business days, and outlines factors that the Staff Chairperson will take into account in assessing whether to impose a deadline. The Final Rule maintains the ability for parties to seek extensions.
Application of the Final Rule
Finally, the preamble to the Final Rule offers some guidance regarding the applicability of the amendments.
-
The Final Rule provisions regarding CFIUS processes will apply to all Committee actions that occur after the effective date of the Final Rule, which is December 26, 2024 (30 days following publication in the Federal Register).
-
Provisions regarding the Staff Chairperson’s ability to impose mitigation proposal response deadlines will not apply for cases under review as of the effective date.
-
The increased maximum civil penalty provisions will apply only to agreements which are “executed after” the Final Rule’s effective date. Conduct not governed by an agreement, condition, or order—such as a material misstatement or omission made to the Committee—will be subject to enforcement under the Final Rule provisions after the effective date.
-
The 20-day response timeline to penalty notices and petitions for reconsideration will not apply to those which are pending as of the effective date, but the timeline will apply for any notices of penalty issued by CFIUS after the effective date.
If you have any questions concerning the material discussed in this client alert, please contact members of our CFIUS practice.
[1] 89 Fed. Reg. 93179 et seq. (Nov. 26, 2024).
Back
