Michael Rose (firstname.lastname@example.org) is a Partner and a leader of Grant Thornton LLP’s National Governance Risk and Compliance practice in Philadelphia, Pennsylvania, USA. Steve Siemborski (email@example.com) is Managing Director at Calfee Strategic Solutions in Washington, DC.
This is the second of a three-part series on complying with the new law on foreign investment in the US. In this article, National Security Agreements (NSAs) are discussed. NSAs are the contractual outcome of the rigorous process for having direct foreign investment transactions approved by the US.
The Committee on Foreign Investment in the United States (CFIUS or the Committee) reviews transactions of direct foreign investment in a US entity for national security risks. This review addresses the risk that technology or intellectual property might be transferred outside of the US as a result of being acquired by a foreign entity. Broad and modern powers were granted to CFIUS under the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA or the Act). It expanded CFIUS oversight, nearly doubling the list of national security factors for CFIUS to consider in its risk reviews.
As a result, US companies considering investments from foreign entities and foreign corporations looking to invest in the US should prepare for a significant CFIUS review process. A pilot program became effective on November 10, 2018, specifying North American Industry Classification System (NAICS) codes, industries, and technologies for some transactions dealing with critical technologies. The pilot program does not address critical infrastructure or assembled personal information. It is generally expected that CFIUS annual filings will multiply from hundreds to over a thousand in 2019.
Beyond the 27 industries called out in the Act’s pilot program, many other companies may be affected:
Investment funds that invest capital and have a degree of oversight and control.
Real estate companies and funds that may have critical infrastructure—including government offices—in their portfolios.
Financial institutions and data processing companies that hold assembled personal data on US citizens.
Autonomous vehicle manufacturers, designers, and component suppliers.