Here at Kabealo PLLC we had been publishing weekly-ish updates about the gyrations in the international trade system. We always had a strong emphasis on the “ish” part of weekly-ish. In truth, things got very busy around here, and we prioritized direct outreach to parties who want CFIUS expertise over the general marketing mailers.

Which is to say—apologies to those who have missed us. Things have been great on this end, but an update is overdue.

Here we are, almost a year since Congress passed—in spectacularly bipartisan fashion—the Foreign Investment Risk Review Modernization Act. In November 2018 the first major regulatory push under the new statute went into effect, the “Critical Technology Pilot Program.” About a week later, Commerce published an Advanced Notice of Proposed Rulemaking to define certain “emerging” technologies that will be more heavily regulated once definitions are worked out. The first proposed definitions for a subset of these categories will be released in a few weeks. We are told that a separate ANPRM setting forth a list of “foundational” technologies is also forthcoming shortly.

All of this is widely available context, including on our site. The question is, what’s really going on? Here is the Kabealo PLLC view—summarizing what’s happened with respect to CFIUS reform and, perhaps foolishly, predicting what is likely to emerge over the next 6-12 months.

Of course—if any of this raises any questions, give a shout.

Where we’ve been:

The Pilot Failed to Launch. Early reports suggested that policymakers were expecting several hundred or even thousands of filings under the Critical Technology Pilot Program. That simply has not happened for several reasons: One, the defined categories were fairly narrowly drawn. There is still plenty of investment in the “technology” space, and many of the investments are in areas closely adjacent to, but not directly in, the twenty-seven categories designated by the Pilot Program. Two, the lack of definitions of “emerging” and “foundational” technologies left a massive hole in one of the triggers for filing. Three, where a transaction may be subject to the Pilot Program, parties are filing under the old regime. In practice, there is little benefit to filing under the Pilot Program. The review process is at least 45 days, and there is a high probability (some have said approximately 80-90%) that at the end of the 45-day period, CFIUS will not clear the transaction. This leaves the parties with the option of re-filing under the old regime—which they could have done from the outset—or closing without CFIUS clearance after having put themselves on the regulatory radar. In other words, a lot of time and expense for an 80-90% chance of downside risk. Most practitioners are advising parties to skip the Pilot Program filing and proceed directly into the ordinary course joint voluntary notice to CFIUS.

The minnow bit the whale. When passing FIRRMA, policymakers in particular sought to gain insight into overseas investment in early-stage technology companies in the US. These are not companies that are used to being regulated by the federal government. Now that there is a set of transactions that trigger a filing requirement, the analysis is always the same, “Am I required to file with CFIUS?” If the answer is no, the natural assumption is that the transaction cannot be of highest priority to the CFIUS agencies. For companies that need an influx of capital just to survive until their next round of funding, there is no appetite for delay or for voluntarily entering into a compliance relationship with the federal government. While there are reasons this line of reasoning can be flawed, the decision inevitably reduces to a risk calculation. Addressing the theoretical risk of enforcement action is rarely worth the certainty of delay and additional cost for early-stage companies. The effect, however, is that the very targeted mandatory filing program has, at least in some instances, abrogated companies’ willingness to file under the traditional voluntary program—perhaps an unintended consequence that CFIUS will address in the re-write of the regulations.

Where we’re going:

If at first you don’t succeed, re-write your regulations. FIRRMA provides CFIUS the authority to make certain categories of filings compulsory. Expect CFIUS to paint with a broad brush here. The minimal effect of the Pilot Program to increase filings—despite dire warnings by industry, and regulators’ own expectations—will be taken as an object lesson that, to fully capture the types of transactions it wants to see, CFIUS will have to cast a broad net. 

May the enforcement not be against you.Various CFIUS agencies are building out their enforcement capabilities, including by establishing enforcement offices and hiring dedicated staff. The funds are available and the agencies know that the reform effort will fail if there is not a meaningful risk of enforcement. Already there have been a number of high-profile enforcement actions in areas that a casual observe may not view as “core” to U.S. national security (healthcare and a dating app). Additionally, CFIUS imposed a first-of-its-kind $1 million civil penalty against a party that failed to comply with the terms of an agreement it had struck with the government years before. In pursuit of non-notified transactions, CFIUS is casting a wide net. Last week Treasury posted a notice that it was seeking subscriptions to PitchBook, considered the Bible for the VC and private equity communities, to build out its knowledge of investment activity. Imagine getting a nice write up in PitchBook’s daily newsletter for a successful Series B, only to be contacted by CFIUS the next day. (Hat tip to our friends at Control Risks for that piece of intelligence.)

How in tarnation do you do fund formation? FIRRMA contained a wonderful sleight of hand: it informed U.S. funds that, so long as their LPs did not have significant governance rights or access to material nonpublic information, their investments wouldn’t trigger CFIUS jurisdiction. The beauty (or nightmare) was in the negative implication—investments by U.S. funds could, under certain circumstances, trigger CFIUS jurisdiction. This set off a frenzy of questions about how to structure funds and limit LP rights to avoid triggering CFIUS jurisdiction. Lurking behind it all was the concern that too high a percentage of foreign capital committed to a fund could cause it to be viewed as foreign for CFIUS purposes. CFIUS will seek to clarify a number of aspects of its treatment of investment funds in the draft of the final regs—but, again, that “clarity” may not come in the form funds are looking for.

The devil is in the data.For a litany of reasons—from consumer protection to safeguarding the “fuel” of machine learning algorithms—data has emerged as a significant area of concern for various CFIUS member agencies. FIRRMA highlights foreign access to consumer data as an area of concern for CFIUS. Expect the draft of the final regulations to take an expansive position on how foreign access to U.S. consumer data will factor in to CFIUS reviews. This firm believes that access to enterprise data may also come into focus and receive treatment in the final regs. Given that almost every company with an online presence—including humble solo practitioners with mailing lists—collects email addresses, this is an area that will create a lot of mostly unwelcome surprises.

A listless proposal.As you’ve gathered, the view here is that CFIUS is likely to approach its regulatory mandate aggressively. At the same time, CFIUS—apart from anything industry may want—will seek to limit its administrative burdens in ways that don’t materially increase the risk that it is declining jurisdiction over transactions that it could want to see. Much has been made of the possibility of a “white list” of companies or countries that, having exhibited good behavior, are exempted from certain filing requirements.

This firm sees that as a quixotic pursuit. One—leadership within companies changes frequently. A reliable industry partner today may well pursue a riskier business strategy in the future. Same with countries—in particular as jockeying for geopolitical primacy between the U.S. and China continues, and even the U.S.’s staunchest allies turn to China for investment and economic partnership opportunities. And even within friendly countries, there are always specific companies that are bad actors.

What would work, however, is an arrangement with companies that enter into mitigation agreements to lessen their regulatory reporting obligations so long as they remain in compliance with their agreements. A component of those mitigation agreements would make companies summarily report their investment activity to CFIUS. On that basis, CFIUS could request to see a filing where necessary, without subjecting every acquisition to full reporting requirements. This provides CFIUS ongoing visibility into a company’s investment activity, and the ability to act when necessary, while avoiding giving a blank check to companies or countries.

From “servant” to “agent”.The agency formerly known as the Defense Counterintelligence and Security Agency has been the scene for a huge amount of bureaucratic wrangling. First, DSS absorbed the background check function once held by the infamous Office of Personnel Management. As DSS’s mission shifted, the agency got a new moniker: The Defense Counterintelligence and Security Agency, or DCSA. The expectation is that DCSA will continue to evolve, via its partnership with security-cleared government contractors—into an agency with a more active counterintelligence role. When viewed in light of the current administration’s fury over alleged industrial espionage by China and other nations, DCSA seems a good fit to step into the void.

Don’t let your attorney try this at home. I posted a link to this FT article a few days ago. Demand for quality CFIUS attorneys is near peak. It will hit fever pitch when CFIUS releases a draft of its final regulations—and will continue that way for the next 18 to 24 months, until consensus interpretations on the regulations emerge. The supply of qualified CFIUS attorneys remains quite low. Only a few firms practice in this area full time. Another 25 to 50 put out mailers and “have a guy” who has done a filing or two. Be careful with that latter group. These issues are too rapidly changing, the specific concerns of each member agency are too varied, and, most of all, the manner in which companies can effectively address concerns through mitigation are too subtle, for most freelancers to provide solid representation. Also, once a review starts to go off track, it is extremely difficult to repair the damage. Some of the most prestigious firms in the world outsource the CFIUS components of their transactions to specialists—it is simply too risky to learn on the job. (Yes, this is a statement that is 100% in this firm’s interest. We are advocates after all.)

Trade war update:

In the past we closely followed the vicissitudes of the President’s multi-theater trade wars. In some ways, much has changed since our last publication, and in others, virtually nothing has. The prediction here is that a trade truce with China is not coming anything soon. The U.S. demand that China put a stop to alleged IP abuses cuts to the core of China’s development strategy over the past 30 years. The President may relinquish that demand in search of an election-year deal, but having spent so much time building the case against Chinese technology as a national security threat, he would be seen as surrendering on a central component of his first four years in office—and one where both Republicans and Democrats are generally united behind him. It is bad for a sitting president to get outflanked on a bipartisan basis—although admittedly this President has defied all political “truths” since before entering office.

In addition, the administrative state appears to have arrived at a consensus to dramatically curtail the exports of technology to China. The strategic rivalry between the U.S. and China, and the rift regarding the future of technological leadership is real and is not going away. Just this week the Washington Post reported  that internal documents at Huawei, which were leaked by former employees, confirmed that the company assisted in the buildout of North Korea’s wireless network, despite U.S. and international prohibitions on doing business with the regime. This followed reports of confirmation that Huawei employees were tied to the Chinese intelligence service. Similarly, due to concerns of surveillance, the U.S. is reportedly moving to ban acquisition of Chinese equipment in the busing and rail industries. Whatever the details of any trade deal, it will be hard for the U.S. to overcome perceptions that Chinese companies either pose a threat to U.S. technological leadership or pose a direct espionage threat. This is a problem that will take years to overcome, and will certainly continue on after a trade deal is reached.  

China’s response to date has been relatively muted. Most noticeably to the investment community, China’s investment in the U.S. has plummeted by almost 90%, as this NYT article describes—complete with an incisive quote by a Kabealo PLLC professional.

But: China won’t stand for dismal economic growth for long. Even if, as some argue, U.S. policy didn’t actually cause China’s growth to slow, Xi Jinping would be foolish not to blame the U.S. for Chinese economic woes or, more precisely, acknowledge the credit that President Trump seeks.

We should prepare for a more aggressive response by China in the summer and fall of 2020. This may play into the President’s re-election strategy, which relentlessly seeks to unify his base against enemies, real or alleged.

We will update as circumstances—and time—warrant!