New CFIUS Rule Proposes 'Substantially' Higher Max Penalties, Expanded Powers
The Treasury Department is preparing to issue a proposed rule that could expand the powers of the Committee on Foreign Investment in the U.S., allowing CFIUS to impose higher penalties and collect a broader array of information from parties involved in non-notified transactions. The rule also could give CFIUS broader subpoena abilities, expand the circumstances in which it may fine a company, set timelines for responses to mitigation proposals, and more.
The proposed rule, released by Treasury April 11 but not yet scheduled for publication in the Federal Register as of press time, is the “first substantive update to the mitigation and enforcement provisions of the CFIUS regulation” since the Foreign Investment Risk Review Modernization Act became law in 2018, Treasury said.
The proposed changes will “more effectively deter violations, promote compliance, and swiftly address national security risks in connection with CFIUS reviews,” said Paul Rosen, the agency’s assistant secretary for investment security, who hinted at the proposals in September (see 2309150038).
“These updates reflect lessons learned in the course of our monitoring, compliance, and enforcement work and build on the 2022 CFIUS Enforcement and Penalty Guidelines,” he said, referencing the Treasury document that outlined how CFIUS decides on violations, where the committee gets its information and other steps it takes during the penalty process (see 2210200042 and 2211030047).
The agency will accept public comments, due 30 days after publication of the notice in the FR.
Treasury said one proposed change could help CFIUS enforcement by “substantially increasing” maximum penalty violations from $250,000 per violation to $5 million per violation. Some transactions valued at more than $5 million could face a higher penalty per violation, Treasury said.
The agency said it wants the ability to impose higher penalties because its current $250,000 per violation penalty ceiling “may not sufficiently deter or penalize certain violations.” The agency said companies making multimillion-dollar deals -- or even multibillion-dollar deals -- are sometimes able to structure the transaction in a way that is “purported to be valued at zero dollars," which undercuts CFIUS' maximum penalty authority.
“If a transaction has a low value (or a valuation of zero dollars), then the value of the transaction becomes irrelevant for penalty purposes, and the maximum penalty becomes $250,000 per violation, which the Committee has determined may be an insufficient deterrent or penalty,” the agency said. “A higher maximum penalty stated as an absolute dollar amount is therefore needed.”
CFIUS would be able to impose those penalties for violations of “obligations under the CFIUS statute and regulations” along with breaches of CFIUS agreements, orders and other conditions the committee places on a deal. The new max penalties would apply only to violations that take place on or after the effective date of a future rule that finalizes these changes.
The rule also proposes a “new method” for determining the maximum possible penalty for violating a CFIUS mitigation agreement or order, and it proposes expanding the list of circumstances in which a penalty may be imposed. Treasury said CFIUS regulations allow it to penalize companies for “material misstatements or omissions” in a declaration or notice filed with the committee, but under its proposed change, CFIUS would also be able to penalize firms for material misstatements or omissions “in contexts outside of declarations and notices.”
Those could include a company’s responses to CFIUS requests for information as part of a non-notified transaction -- which are transactions that companies don’t voluntarily disclose to the committee -- along with certain responses to other CFIUS requests for information. “The Committee anticipates such communications to include those relevant to requests for information related to non-notified transactions, failure to file a mandatory declaration, and compliance with, or enforcement, modification, or termination of a mitigation agreement, condition, or order imposed,” the rule said.
Another proposed change could allow CFIUS to formally request more information from parties in a non-notified deal. Under the proposal, the parties would be required to provide CFIUS information about whether the deal raises national security concerns or meets the criteria for a mandatory declaration.
Allowing CFIUS to gather this information from non-notified deal-makers would help the committee “prioritize transactions that parties were required to submit” under CFIUS rules. Treasury said the committee wouldn’t use this new authority to collect information “as a substitute for a review or an investigation, but rather for the purpose of preventing unnecessary filings and increasing efficiency in connection with filings for transactions that may present an extant risk, benefitting both the transaction parties and national security.”
The rule could also require parties to respond to CFIUS requests for information as it monitors their compliance with a mitigation agreement or order, and when CFIUS is investigating whether the parties omitted information during a “previously concluded” review. “The Committee currently requests information in both circumstances, but the regulations do not expressly obligate parties to respond,” the rule said. But under the change, parties “would be obligated to respond to such requests,” and if they don’t, CFIUS would be able to issue them a subpoena.
Another portion of the rule proposes changes to language in CFIUS regulations to allow the committee to more easily subpoena companies. The regulation currently states CFIUS may issue a subpoena if deemed “necessary” by the committee, but Treasury wants to change that language to: “if deemed ‘appropriate’ by the committee.”
Requiring CFIUS to “determine the appropriateness of a subpoena, rather than the necessity,” will “enhance operational efficiency,” Treasury said.
Another proposal could extend the time frame under which companies can appeal penalty notices and the time in which CFIUS must respond to those appeals. Both time frames would be increased from 15 to 20 business days, the rule said, adding that CFIUS “routinely grants extensions” to the current timeline and will likely continue to do so under the change.
Treasury also is considering putting in place an “extendable timeline” for parties to respond to CFIUS “risk mitigation proposals.” Parties would have three business days to submit a “substantive” response to the proposed mitigation terms unless they request more time. A “substantive” response should include either an “acceptance of the terms, a counterproposal, or a detailed statement of reasons that the party or parties cannot comply with the proposed terms, which may also include a counterproposal.”