In-House Counsel Need To Know: CFIUS Rules for Critical Infrastructure Are Coming, and They're Not What You Think
As the scope of national security scrutiny expands, lawyers say more and more companies may come under a regulatory microscope.
August 02, 2019 at 01:22 PM
6 minute read
The original version of this story was published on Corporate Counsel
Deadlines are fast approaching for drafting and implementing new rules for national security reviews of foreign investments in “critical infrastructure” in the U.S., and investors may be surprised at their extended reach, lawyers said.
Last year’s Foreign Investment Risk Review Modernization Act overhauled the law governing national security reviews by the Committee on Foreign Investment in the United States, which can recommend blocking or modifying transactions. Among other things, the act expanded jurisdiction under critical infrastructure to include non-passive, non-controlling investments in 16 sectors.
“There’s been a lot of surprises in recent years in the kinds of deals they consider national security, and probably more surprises in store,” said Arent Fox national security partner David Hanke in Washington, D.C. He said the law’s reach extends to companies in the health care sector, agriculture and transportation among others—”where people might not typically think of national security.”
“It’s going to open up these kinds of companies to CFIUS reviews as covered transactions potentially, depending on the facts and the regulations,” Hanke said.
The full package of regulations is set to take effect is next March. But it remains to be seen how U.S. Treasury officials and CFIUS will define key terms, such as “control,” “foreign entity” and “foreign person,” in proposed draft regulations due this fall.
The CFIUS panel may have signaled its general thinking recently by ordering the unwinding of a completed deal involving a private equity investment with foreign capital in a U.S. cybersecurity company that helps major U.S. corporations protect themselves from email phishing attacks.
Many stakeholders want more clarity, judging from comments submitted during the pilot program comment period for critical technology last year, Hanke said. He expects the CFIUS regulators to strive for “bright-line” rules rather than the more flexible ones that existed before the legislative overhaul.
But Damara Chambers, co-leader of the national security practice at Vinson & Elkins in Washington, D.C., said “there has been some effort by members of Congress to suggest to Treasury that they narrow the definition of critical infrastructure to what would be truly dangerous to the security of the United States. Right now it is in the eye of the beholder what is truly critical infrastructure.”
FIRRMA also covers foreign investment in critical technology and sensitive personal data. The act requires mandatory filing for CFIUS review of many more types of deals than in the past, including minority stakes in certain ventures.
Hanke, a former staff member of the U.S. Senate Select Committee on Intelligence, and U.S. Sen. John Cornyn, R-Texas, who sponsored the FIRRMA legislation, warned that dealmakers will have to watch the rulemaking process closely. Hanke was a principal staff architect of the bipartisan bill, which was initiated under the previous administration before the ramping up of current trade conflicts with China. He joined Arent Fox in January.
“You think ports, power grid and transportation. [But] people don’t think about health care and election infrastructure. There is a lot of flexibility to define this in a broad way if they so choose,” Hanke said.
Under FIRRMA, the CFIUS panel is empowered to review even minority stakes in deals involving foreign investment in industries and companies “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety,” under a presidential directive, according to the U.S. Department of Homeland Security.
Hospitals, for instance, could be swept up in the definition of “systems and assets” in the statute, Hanke said. The agencies represented on the panel also might include companies that play key roles in supplying or supporting military bases and other key national security facilities, he said.
In addition to U.S. defense-related industry, FIRRMA treats dams, manufacturing, information technology, energy, communications, chemicals, government, nuclear facilities, water and wastewater treatment as critical infrastructure. The designation also applies to financial services, health care, food and agriculture and transportation security. Additionally, emergency services, commercial services—including shopping centers and lodging—and transportation are covered.
“Folks may be blindsided by some of this,” Hanke said. For instance, foreign investment in companies that make voting machines could now draw extra scrutiny. “That’s of great concern in Congress,” he said.
Reuters reported July 28 that BlackRock Inc., the multinational investment management firm, was in advanced talks to buy out the 47% share of cybersecurity company Cofense Inc. that was owned by private-equity fund, Pamplona Capital Management, at the CFIUS panel’s demand. The Leesburg, Virginia, software company provides businesses with defenses against email phishing attacks.
The committee didn’t publicly disclose the reason, but reports suggest that the likely cause was that Russian billionaire Mikhail Fridman is a major investor in Pamplona Capital. The Wall Street Journal reported Wednesday that Pamplona had failed to meet a deadline for selling its stake in the company and the panel had informed the companies they could be fined.
CFIUS is concerned about the relationship between foreign investors and their governments if the governments are considered national security concerns, CFIUS lawyers said. A request for comment by the Treasury Department wasn’t returned. Emails to Pamplona Capital and Cofense also weren’t returned by deadline.
“I think it is keeping in the theme of where CFIUS has been going after transactions where data is a significant issue,” said Chambers, who maintained a CFIUS practice at Covington & Burling for 14 years before moving to Vinson & Elkins. ”It doesn’t have to involve a foreign government to be a risk.”
Read More:
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All'Don't Be Afraid to Dumb It Down': Top Fed Magistrate Judge Gives Tips on Explaining Complex Discovery Disputes
Trump's Lawyers Speak Out: 'The President Had the Confidence to Retain Me'
The Week in Data Nov. 10: A Look at Legal Industry Trends By the Numbers
Trending Stories
- 1Cravath Elevates 7 to Partnership, Up From Last Year
- 2Kline & Specter Hit With Lawsuit From Another Former Associate
- 3USPTO Director Kathi Vidal Announces Resignation Ahead of Administration Change
- 4As Gen AI Acceptance Grows, Lawyers Race to Mitigate Risks
- 5Decisions Have 'Real-Life Consequences': Juvenile Court Judge Considered for Appellate Bench
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250