Michael Rose (email@example.com) is a Partner and a leader of Grant Thornton LLP’s National Governance Risk and Compliance practice in Philadelphia, Pennsylvania, USA. Steve Siemborski (firstname.lastname@example.org) is Managing Director at Calfee Strategic Solutions in Washington, DC.
This is the third of a three-part series on complying with the new law on foreign investment in the US. In this article, we describe how a sustainable CFIUS compliance function might be established using the Three Lines of Defense model.
The Committee on Foreign Investment in the United States (CFIUS) reviews transactions of direct foreign investment in a US entity for national security risks. This review addresses the risk that critical technology, intellectual property, critical infrastructure, or personal identifiable information might be transferred outside of the US as a result of investment or control by a foreign entity. The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA or the Act) expanded CFIUS oversight, nearly doubling the list of national security factors for CFIUS to consider in its risk reviews. As a result, US companies considering investments from foreign entities and foreign corporations looking to invest in the US should prepare for a significant CFIUS review process and ongoing compliance requirements.