An Introduction to CFIUS: What You Need to Know When Considering an In-Bound M&A Strategy

The Committee on Foreign Investment in the United States (CFIUS) is tasked with reviewing the implications of foreign investments in U.S. companies on the national security of the United States. CFIUS is an interagency committee, chaired by the Secretary of the Treasury, and includes representatives from sixteen departments and agencies.

Initially formed to study foreign investments in the United States, the committee was tasked in the 1980s with reviewing, and rejecting, in-bound deals. Foreign investors should be aware that any company proposing a transaction with a U.S.-based entity is required to voluntarily notify CFIUS.

The following discourse is not legal advice. It is intended to provide an introduction to CFIUS, the review process, and aid foreign investors as they prepare for a transaction with a U.S. entity.

The CFIUS Review Process

Any company intending to enter into a transaction (minority/majority investment, acquisition, merger, etc.) with a U.S. entity is supposed to file a voluntary notice with CFIUS. However, it is not necessary for a notice to be on file for CFIUS to review a transaction. The Committee provides extra attention to transactions that involve critical infrastructure. This could include public health, telecommunications, defense, and advanced technology companies, among others. In 2018 the Foreign Investment Risk Review Modernization Act (FIRRMA) was approved and provides CFIUS with additional authority over particular types of Foreign Direct Investment (FDI), such as in real estate, from specific countries[1].

The CFIUS process begins when a company voluntarily submits notices of a transaction to the Committee. The Committee does not disclose that the parties have submitted the transaction for review. They are also prohibited from publicly disclosing information provided during the review process. Should the Committee determine that a particular transaction, whether pending or complete, could pose a risk to national security they have the authority to conduct a review. This applies even if the parties to the transaction have not submitted a voluntary notice.

In the initial phase CFIUS will enter a 30 day review period. During this time the Committee will issue a decision to authorize the transaction or request that a statutory investigation begin. Should an investigation be required the Committee will have an additional 45 days to approve the transaction or require divestment. During this time the Committee may request additional information from one or both parties. The requested information must be delivered within 3 business days, or longer if a written request for extension is approved.

The transaction will be approved if the Committee determines that it does not pose a national security risk, if any risks are mitigated or covered by other laws, or if the measures taken by the Committee to mitigate the risk are agreed upon by the Committee. Should the Committee be unable to approve the transaction at the end of the 45 day investigation they will refer the decision to the President. The President then has 15 days to make a public decision. Before reaching the President CFIUS will create a detailed analysis of the national security risks and concerns posed by the transaction. This analysis is confirmed by all CFIUS member agencies at a senior level.

Historically, a majority of the transactions submitted to CFIUS do not reach the statutory investigation stage. However, as the table below shows, the percentage of notices resulting in investigations has increased compared to historical averages. The percentage peaked in 2013 and has since come down.


Transactions that are approved to proceed by CFIUS will receive “safe harbor”, meaning that CFIUS and the President will not subject the transaction to another review.

While this review process may seem daunting, CFIUS does allow parties to submit a draft notice prior to ensure the review will proceed as smoothly as possible. Buyers who may not be completely sure as to if their filing is complete would be well advised to submit a draft first.

Covered Transactions

When entering into the CFIUS process the term “covered transaction” may be used. This is to describe any transaction submitted to the Committee for review or that could be reviewed by the Committee.

The following table provides a look at covered transaction by sector and year from the period 2009 – 2015.

CFIUS Covered Transactions[2]

Taking a closer look, the Manufacturing sector accounted for the largest percentage of transactions in 2015. Digging into the figures reveals that the Computer and Electronic Product Manufacturing subsector accounted for 33 of the reviewed transactions, or 49%.

Within the Finance, Information, and Services sector the Professional, Scientific, and Technical Services subsector accounted for 12 notices, or 29%, in 2015. The largest jump from 2014 to 2015, by percentage, was in the Telecommunications subsector. In 2014 Telecom represented only 8% of notices in the sector, but reached 17% in 2015.

Utilities received 11 transaction notices in 2015 and contributed more than 50% of the notices in the Mining, Utilities, and Construction sector.

The Committee also provides information as it relates to covered transactions by country. The following table highlights the five largest countries, by notices filed, for the period 2013 – 2015.


Notice of Withdrawal

Parties to a transaction are allowed to withdrawal their notice to CFIUS. This process requires the parties to submit a written request to the Committee that must then be approved.

Parties may elect to withdraw notice for multiple reasons:

  • The parties are unable to address the Committee’s concerns relating to national security and would like to withdraw notice to give themselves additional time to properly address the concerns. The parties then re-file once they believe the concerns are adequately addressed.
  • Material changes to the terms of the transaction may require a new filing notice.
  • The parties are abandoning the transaction for business reasons.
  • The parties do not agree with the mitigating measures requested by CFIUS and are electing to abandon the transaction.

In the event a withdrawal request is submitted and granted CFIUS will still track the transaction. Additionally, requirements may be placed on one or both parties to the withdrawn transaction.

The important takeaway for any potential buyer of a U.S. company is that you are permitted to withdraw your initial notice and then re-file.

Mitigating Measures

Should the Committee decide that a transaction may pose national security concerns they are able to recommend mitigating measures to the parties. These measures are legally binding and will be reviewed on an on-going basis to ensure compliance. The CFIUS agency tasked with monitoring compliance of mitigating measures will do so and report back to the Committee quarterly.

The following are a sample of mitigating measures adopted in 2015. This should serve as insight as to how the Committee thinks about these measures. These are not the only options available should your transaction require mitigating measures by the Committee.

  • Security protocols to ensure the integrity of goods or software sold to the U.S. Government
  • Guidelines for handling existing and future U.S. Government contracts, customer information, and other sensitive information
  • Ensuring only authorized persons have access to sensitive technology
  • Excluding certain sensitive assets from the transaction

Transactions of Special Importance

Thus far we have reviewed the process that CFIUS goes through to review and approve, or prohibit, a transaction. We will now address transactions that are of special importance to the Committee.

As with prior disclosures, this is not a complete list and new items will certainly be added as technology and national security concerns change over time.

When evaluation a transaction that would result in a foreign entity owning a U.S. company the Committee takes the following into consideration:

  • Does the business participate in the defense, security, or national security sectors?
  • Is the business involved in weapons or munitions manufacturing? Aerospace, satellite, or radar systems?
  • Does the business have access to classified U.S. Government information?
  • Does the business provide products and/or services to the U.S. Government or agencies of the government?
  • Does the business operate in close proximity to military or other sensitive facilities?

The Committee will also review the foreign buyer for the following:

  • Is the buyer under control of a foreign government?
  • Does the buyer hail from a country with a record of nonproliferation or other matters that raise concerns?
  • Does the buyer have a history of doing business in sanctioned countries?

It is clear that the Committee has many factors to consider in a relatively short span of time. Foreign buyers who are able to predict some of the questions and concerns that may be raised and preemptively allay those concerns may have a better chance at passing the review the first time around.

A Word on Critical Technologies

It seems as if technology permeates every sector today. Thus, it is appropriate to consider “critical technologies” and how they factor into the Committee’s review.

Critical technologies, as of this writing, include the following:

  • Defense articles or defense services covered by the United States Munitions List;
  • Items controlled for reasons of regional stability as well as those for reasons of national security, chemical and biological weapons proliferation, nuclear non-proliferation or missile technology;
  • Nuclear equipment, parts and components, materials, software and technology;
  • Agents and toxins specified in the Select Agents and Toxins regulations

When CFIUS is reviewing critical technologies they understandably must take very precise steps to ensure the national security of the United States is not jeopardized.

They will conduct an analysis to determine if a coordinated strategy to acquire critical technology companies in the U.S. exists and what evidence supports this finding. They will also seek to uncover if foreign governments have, or currently are, using espionage activities to obtain commercial secrets or critical technologies.

Simply because a target company operates in a critical technology industry does not mean CFIUS will deny the transaction. However, if you are a buyer contemplating a transaction with an entity operating in a critical technology sector it is important to understand the additional scrutiny that will be given to the transaction as well as your company and key personnel.

Timing Considerations

A CFIUS review process is not something to put off until the month before you want to close a transaction. If you are a foreign buyer you should be thinking about CFIUS from day one.

We’ve already mentioned that the initial review is 30 days, which can be followed by up to 45 days for an investigation. Should the matter be sent to the President up to 15 additional days could be required. Assuming the Committee doesn’t submit any requests for additional information during this period a buyer is optimistically looking at 90 business days.

It generally takes several weeks for the parties to a transaction to prepare the required information to submit the filing. Additional time for the review and feedback on a draft should also be considered. Given the rise of filings in recent years it is now taking CFIUS a week or more to respond with comments. In years with fewer filings comments may be sent in a week or less.

Finally, a buyer should factor in time for revisions and requests for information. If the Committee continues to see a rise in the number of filings each year the timeline described above could grow even longer.

The key takeaway is that both the buyer and seller should be in agreement to submit a filing to CFIUS as soon as possible. Both parties should also have an understanding that requests from the Committee will be treated as highly urgent and responses sent immediately.

This guide has introduced you to CFIUS, the review process, and some special considerations as a foreign buyer. While the team at InvestmentBank.com has worked with foreign buyers, we are not attorneys and highly recommend that buyers partner with a law firm experienced in CFIUS reviews. The process understandably requires a great deal of attention and thinking ahead. However, it is not impossible to navigate the process and consummate a successful transaction.


[1] https://home.treasury.gov/sites/default/files/2018-08/The-Foreign-Investment-Risk-Review-Modernization-Act-of-2018-FIRRMA_0.pdf

[2] https://www.treasury.gov/resource-center/international/foreign-investment/Documents/Unclassified%20CFIUS%20Annual%20Report%20-%20(report%20period%20CY%202015).pdf

Corbin Bridge on Linkedin
Corbin Bridge
Corbin Bridge is a licensed investment banker at InvestmentBank.com. He has prior experience assisting private companies in developing and executing acquisition strategies. Corbin works with middle-market corporate clients looking to acquire, sell, divest or raise growth capital from qualified buyers and institutional investors. His areas of interest include Blockchain, AdTech, and Entertainment. Reliance Worldwide Investments, LLC a member of FINRA and SIPC and registered with the SEC and MSRB. Corbin resides in Las Vegas, Nevada.
No Comments

Post A Comment