Foreign direct investment (FDI) into the United States has continued unabated in 2016, with Chinese buyers leading the charge. Most of these acquisitions fall into the $1 billion-plus range, but China is also looking to the middle market to gain a strategic foothold in the U.S. And as foreign investment in the U.S. continues to swell, so too does regulatory scrutiny of cross-border transactions.
A critical element of FDI is the involvement of the Committee on Foreign Investment in the United States (CFIUS). Chaired by the U.S. Secretary of the Treasury, this interagency task force within the U.S. government is responsible for the review of FDI that could result in the control of a U.S. business or critical assets, evaluating the impact of such transactions on national security.
The complexity of navigating the regulatory process has increased in tandem with international interest in taking advantage of U.S. resources and innovative technologies. These deals are making headline news more frequently, with national security concerns highlighted front and center for the general public―putting transactions, timelines, security assessments and compliance measures in the spotlight.
While transactions in many industries are subject to CFIUS review, companies in the aerospace and defense, manufacturing, critical technologies, and natural resource industries file the majority of notices. However, only a small fraction of those notices (less than 10 percent) warrant binding mitigation measures.
The CFIUS review process typically begins with the parties to the transaction filing a joint voluntary notice to the committee. Although filing a notice is voluntary, CFIUS can unilaterally initiate a review of a covered transaction in critical infrastructure if the parties do not file. The timing of a CFIUS review is an important consideration for parties when negotiating a deal and any relevant closing conditions.
The review begins with a 30-day initial assessment period, at which point a determination can be made. If there are unresolved concerns, however, the committee may initiate a 45-day investigation period. Subsequent to the investigation, if CFIUS is unable to reach a consensus on the transaction, a 15-day presidential review period begins, with the president rendering a final decision. Notably, a presidential decision has only occurred once in the last six years, ordering the divestiture of a wind-farm project involving Ralls Corporation.
According to its 2014 annual report to congress, CFIUS reviewed 147 covered transactions, with 52 of those cases entering the 45-day investigation period. A total of 627 notices were filed with CFIUS from 2009 through 2014, resulting in 244 transactions investigated and 67 withdrawn during some stage of the review and/or the commencement of an investigation. Of particular interest within the annual report, the intelligence community has expressed moderate confidence that one or more countries or companies have implemented a coordinated strategy to acquire U.S. companies in critical technologies where the U.S. is the leading supplier.
CFIUS Red Flags
What constitutes a national security threat? U.S. businesses that may come under scrutiny include those that:
- Are in the defense, security and national security-related law enforcement sectors
- Provide products and services to the government with potential security or defense applications
- Constitute "critical infrastructure," e.g., energy production or transportation
- Have access to classified or sensitive government information
- Engage in activities subject to U.S. export controls
- Are in proximity to U.S. government facilities
Over the past few years, the scope of "national security" has been expanded to include U.S. economic interests and cybersecurity concerns, as well as a much broader definition of "critical infrastructure." For example, M&A activity in the semiconductor industry may be scrutinized because of U.S. dependence on the availability of chips for communication devices and transportation.
Compliance as Strategy
Strategic approaches within organizations typically rely on the level of dynamism in an industry. Cross-border M&A deals involve comprehensive due diligence and analysis of the competitive landscape, as well as working to achieve synergies between the parties. With billions of dollars flowing into the United States annually through foreign acquisitions and investments, making the most of those business opportunities requires an essential component: compliance as strategy.
Organizations exploring a potential transaction typically focus on strategic approaches for position, leverage and opportunity. However, if a foreign buyer is targeting a U.S. company in critical infrastructure, that transaction should involve a comprehensive regulatory compliance strategy, ideally with buy-in from all parties.
Independent of one another, strategy and compliance are difficult commercial objectives to achieve, requiring a coordinated approach within the organization. Implementing compliance as a strategy at the inception of the transaction allows the organization to identify resources within the value chain and use synergistic resources to maintain a compliance posture. Through the validation of these core resources, the compliance framework will act as a catalyst to strategy as leverage and opportunity, shaping growth processes and alliances to reach organizational objectives.
Organizations can meet transactional objectives by leveraging existing resources—while augmenting with outside resources as appropriate—to develop a coordinated strategy across business lines. The approach should underscore that any proposed mitigation activities are operationally aligned, ensuring that the financial and operational implementation of the strategies supports the commercial reasonableness of the transaction.
To bridge the gap between depth and breadth of experience within operating segments, organizations should leverage all personnel resources, including:
- Logical security
- Physical security
- Network / Information Technology
- Supply Chain Management / Product Lifecycle
Breaking down silos is imperative to compliance when dealing with CFIUS, as the cost to an organization is often less obvious than a direct monetary outflow. Operational impact, other than cost-based, may also drive decisions during deal discussions or mitigation procedures. Internal business line inefficiencies, redundancies of testing and reporting requirements, communication breakdowns, access restrictions and customer experience impact all require equal weight.
With this synergistic mindset, organizations must proactively address national security risks so as to reduce the security optics of the transaction. This strategy can include: (1) assessing appropriate risk, vulnerabilities and probability of occurrence; (2) identifying security issues and establishing a mitigation plan; (3) tactically implementing a comprehensive compliance strategy; and (4) ensuring transparency in the transaction and/or mitigation from a commercial reasonableness standpoint.
As billions of dollars are invested each year into the United States, companies must use compliance as strategy to balance commercial reasonableness objectives with national security concerns. The inflow of funds into the resource-rich U.S. infrastructure will continue to grow, and as critical technologies, natural resources and the overall economic strength of the U.S. are considered, compliance will remain a potential bottleneck to deal activity.
Organizations should evaluate the national security implications of transactions at the onset of the deal, and engage early and aggressively to address any potential issues with a coordinated strategy. Cross-border M&A has evolved to a point of multi-disciplinary teams and cross-functional projects deploying simultaneously within an organization to ensure a comprehensive security posture. With regulatory compliance remaining a key area of focus for the U.S. government, organizations should plan ahead and expect to deploy resources effectively to address CFIUS concerns.
John Lash is a Senior Manager at BDO Consulting. He provides critical strategic advice at the intersection of business, technology and operations, developing innovative solutions during times of change and transformation where budget, reputation and performance outcomes are at risk. He is a member of BDO’s National Security Compliance practice, evaluating and advising on CFIUS and cross-border M&A transactions.