It was a huge week in the world of CFIUS, trade and cyber security. Here are some of the top stories:
Trump’s One-China policy:
In addition to a number of other trade actions, which include a 25% tariff on Chinese steel imports and a 10% tariff on Chinese aluminum, the Trump administration has directed the Department of the Treasury to promulgate rules for reviewing investments from Chinese acquirers. While potentially similar to the current CFIUS review process, this is a significant departure from longstanding foreign investment policy of “country neutral” reviews. It appears that this China-specific policy is a countermeasure against China’s own highly restrictive market access policies, which include requirements that foreign firms partner with domestic Chinese companies and turn over sensitive intellectual property to the domestic Chinese company. The concept of “market reciprocity” has been central to discussions of trade policy reform in recent years.
WSJ coverage here.
Those are trade fightin’ words:
In response to the tariffs on up to $60 billion on Chinese steel and aluminum, China prepared its own set of tariffs on up to $3 billion of U.S. goods, from fruit and pork to recycled aluminum and steel pipes. The Chinese response appears aimed at President Trump’s base of political support. Chinese ambassador to the U.S. Cui Tiankai said, “If somebody imposes a trade war on China, we’ll fight to the end.” Meanwhile, a Chinese Commerce Ministry spokesman accused the U.S. of “setting a vile precedent.”
Washington Post coverage here.
WSJ coverage here.
NYT coverage here.
CFIUS budgeting: A bigger piece of the smaller pie:
A thoughtful piece over on The Hill recognizes that, despite cuts generally to government budgets, several CFIUS agencies are proposing line-item commitments of more of their agencies’ funds to CFIUS. It goes without saying (or not) that allocating more money towards CFIUS when aggregate dollars are being cut underscores the critical role CFIUS has assumed in international trade and national security policy.
While some Hill talk indicates that the passage of the Foreign Investment Risk Review Modernization Act (FIRRMA) may be imminent, at least some are forecasting passage no earlier than August. Rep. Andy Barr (R-KY), the chairman of the House Financial Services subcommittee, anticipates sending a bill to President Trump’s desk in August.
Read here (subscription required).
Barbarian at the very expensive gates:
Following the Trump administration’s block of Broadcom’s bid for Qualcomm, there is discussion on Wall Street about former Executive Chairman Paul Jacobs of Qualcomm exploring a management buyout of the mobile chip maker. Current analysis indicates a 20/30 billion equity check would be required—in the range of the entire purchase price of the legendary 1988 KKR acquisition of RJR Nabisco.
Critical infrastructure exploits, Part I:
In a rare move, in connection with the administration’s sanctions against 23 Russian hackers, the FBI publicly fingered the Russians as having exploited U.S. critical infrastructure, in both the energy (including nuclear power stations) and aviation sectors. While extraordinary in its own right, parties to transactions in critical infrastructure sectors should expect searching reviews by CFIUS, with the potential for mitigation around cybersecurity plans, even if the buyer is friendly.
Critical infrastructure exploits, Part II:
Although only the fiercest skeptic would assume that the U.S. would invent an accusation against Russian hackers, the U.S. Computer Emergency Readiness Team (US-CERT) released specific details regarding Russian exploits in a joint technical alert. The alert alleges malicious activity “Since at least March 2016,” including the following tactics, techniques and procedures:
- spear-phishing emails (from compromised legitimate account),
- watering-hole domains,
- credential gathering,
- open-source and network reconnaissance,
- host-based exploitation, and
- targeting industrial control system (ICS) infrastructure.
US-CERT/DHS joint technical alert here.
Why buy what you can steal:
With all the focus on the administration’s efforts to clamp down on Chinese trade policies that pressure companies into turning over valuable IP, it bears noting that market transactions–even transactions in distorted markets–have the benefit of being transactions. Enter rogue regimes. The Trump administration today announced sanctions against an Iranian network of hackers, in what is said to be one of the largest state-sponsored hacking campaigns ever prosecuted by the United States. The hackers allegedly accessed hundreds of university, corporate and government networks in the U.S. and abroad, and exfiltrated more than 31 terabytes of data and intellectual property (more than 3 times the entire content of the Library of Congress).
Washington Post coverage here.
Politico coverage here.