Regulations & EHS&S

The scrutiny of foreign direct investment: CFIUS 101

By Michael Kennedy of Kennedy Law and Policy in Washington, DC - 9th August 2019

Life science and data-based companies should be aware that new US laws that scrutinize direct foreign direct investments have already impacted life science businesses, in particular ones that involve critical technologies and sensitive data, says Michael Kennedy of Kennedy Law and Policy in Washington, DC.
On 13th August 2018 President Trump signed “The Foreign Investment Risk Review Modernization Act of 2018” (FIRRMA), which rebalanced the Committee on Foreign Investment in the United States (CFIUS). The CFIUS is an inter-agency committee that reviews the national security implications of foreign investments in US companies or operations. It is responsible for enforcing foreign direct investment that could have national security interests.
For example, PatientsLikeMe, a US-based online service provider that helps patients find people with similar health conditions,1 is being forced to find a buyer after the US government ordered its majority owner, a Chinese firm, to divest its stake. Although it is early, companies and investors may want to pay attention to the new CFIUS pilot program, the new compliance scheme and the re-examining of direct foreign investment in the centrifuge of pharmaceutical, biotechnology and data companies.
As a flexible framework of national security measures and a tool for overall national security policy, CFIUS is intended to adaptable, but its scope is yet to be solidified.
The passage of FIRRMA was based upon concerns that, ‘‘the national security landscape has shifted in recent years, and so has the nature of the investments that pose the greatest potential risk to national security”.2 As a result, the US Congress restructured the CFIUS as a flexible framework of national security measures intended for China and foreign direct investment. The CFIUS process has been expanded to review additional transactions, including critical and emerging technologies, critical infrastructure, noncontrolling investments and – most importantly – data. Key takeaways of FIRRMA include:
  • The scope of transactions is Global: To adapt to the global applicability of transactions, the definition of “US business” is intentionally broadened to include “a person engaged in interstate commerce in the United States.” This extends the committee’s jurisdiction to any business anywhere in the world as long as that business provides goods or services into the US.
  • Involvement of “emerging and foundational technologies”: Foreign investors and life science companies need to assess whether they: (i) fall within that definition; (ii) those technologies are used in, or designed specifically for, certain US industries; and (iii) the proposed financing transaction is within the scope of CFIUS’s pilot program.
  • CFIUS filing is now mandatory: For transactions falling within the scope of the pilot program, companies must submit a declaration to CFIUS at least 45 days prior to closing.
  • Significant penalties for noncompliance: Transaction penalties are steep and could be subject to civil penalties of up to the value of the transaction.
  • Life science technologies are still being determined for compliance: “Emerging and foundational technologies” will be identified under the Export Control Reform Act of 2018 (ECRA) and more life science-related technologies might be added to the scope of the CFIUS pilot program. 
The Department of Treasury promulgated interim regulations through FIRMMA via a pilot program that began on 10th November 2018. The pilot program impacts the ability of foreign parties to influence the rapid pace of technological change in certain US industries, including the pharmaceutical and biotech industry. It also makes effective FIRRMA’s mandatory declarations regarding transactions that fall within the scope of the pilot program – which includes 27 industries involved in critical technologies.  Mandatory declarations, authorized under FIRRMA, are a key change to the CFIUS process, which has historically been voluntary. Failure to submit a mandatory declaration under the pilot program can result in significant penalties – up to the value of the transaction. This program is in effect until no later than 5th March 2020, at which time final regulations will have been instituted.
China: CFIUS’s new target and blocked transactions
Since the 1970s, China has embarked on an ambitious program of reform, Made in China 2025, and it has rapidly transformed itself into the second largest economy in the world. However, according to the US government, this growth has been achieved in significant part through aggressive acts, policies and practices that fall outside of global norms and rules (collectively termed “economic aggression”).
In 2018, the US announced a series of trade enforcement actions involving China stemming from three investigations conducted by the US government involving steel, solar panels, and critical technology. In each instance, China retaliated against US enforcement actions with reciprocal tariffs. In total, over $250 billion worth of US imports from China and $110 billion worth of US exports to China are subject to these tariffs.
In regard to CFIUS, all deals which have been formally blocked by the US President were China-related, most recently the proposed acquisition of a Lattice Semiconductor by Canyon Bridge Capital, Broadcom’s bid for chipmaker Qualcomm and current controversies with Huawei.
The Foreign Investment Risk Review Modernization Act of 2018
FIRRMA modified and broadened the authorities by expanding the scope of foreign investments in the US subject to national security review. Although FIRRMA doesn’t specifically identify China, the focus of the bill stems from two urgent and compelling circumstances that are ancillary to China’s robust development of its technology and military economy:
  1. The ability and willingness of foreign parties to obtain equity interests in US businesses in order to affect certain decisions regarding, or to obtain certain information relating to, critical technologies
  2. CFIUS was previously authorized to review only transactions (mergers, acquisitions, or takeovers) that resulted in foreign “control”2 over a US business that threatens to impair the national security, or when the foreign entity is controlled by a foreign government, or it would result in control of any “critical infrastructure that could impair the national security.”
Prior to FIRRMA, CFIUS’s authorities did not sufficiently address the new and emerging risks that foreign direct investment can pose to US technological superiority. Consequently, CFIUS had no authority to prevent a foreign entity from acquiring a non-controlling interest in a US business that produces, designs, tests, manufactures, fabricates or develops critical technologies. FIRRMA now provides CFIUS new authorities to address the national security concerns that may arise from these investments, but those authorities were not immediately effective upon FIRRMA’s enactment.

Expanded jurisdiction 
In response to growing concerns that other types of cross-border transactions could present national security risks, and that parties were increasingly using those other transaction types to avoid CFIUS review, FIRRMA expands “covered transactions” to include foreign non-controlling investments in US critical technology or infrastructure.
Additionally, CFIUS now has expressed jurisdiction to review any “other investments” by a foreign person in any unaffiliated US business that produces, designs, tests, manufactures, fabricates, or develops critical technologies; or  such “other investment” will be covered only if it affords the foreign person: (i)  access to any material nonpublic technical information possessed by the US business; (ii) membership, observer, or nomination rights for the board (or equivalent body) of the US business; or (iii) any involvement, other than through voting of shares, in substantive decision-making related to sensitive personal data, critical technologies or critical infrastructure.2
Kennedy 2019-04.jpg
To adapt to the global applicability of transactions, the definition of “US business” is intentionally broadened to include “a person engaged in interstate commerce in the United States.” This includes all transactions in Europe.  It exceeds the current regulatory definition, which includes “but only to the extent of its activities in interstate commerce in the United States.” Now, the bill gives the Committee the authority to review an acquisition of any business anywhere in the world, as long as that business provides goods or services into the US.
FIRRMA includes notable CFIUS changes from its predecessor, with a clear focus on China. It provides a list of countries of “special concern”, and a biennial report to Congress on FDI transactions by Chinese entities. The report includes detailed breakdowns of foreign direct investments, a list of US companies purchased through Chinese government investment, and an analysis of Chinese investment practices in the US.2
  1. Farr C, Levy A. CNBC, 4th April 2019. (
  2. The Foreign Investment Risk Review Modernization Act of 2018, §1702(b)(4)
Michael Kennedy. Policy Advisor – Attorney at Kennedy Law and Policy in Washington, DC.
Kennedy Law and Policy provides companies, trade associations and coalitions with regulatory, legal and policy representation. With an active and consistent presence in Washington, DC, the firm is ideally placed to make critical decisions about reaching strategic business goals.