Rules Navigator

New rules outline CFIUS’s heightened enforcement powers

Treasury Department Building
Photo: Glowimages/Getty Images

Alexander Barzacanos

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Maximum penalties increased, enforcement ability expanded.

The Committee on Foreign Investment in the United States (CFIUS), an interdepartmental organization chaired by the Treasury Department, has had its new role fleshed out in a final rulemaking issued this week. This is the first new substantive change to CFIUS since its charter was revised by the Foreign Investment Risk Review Modernization Act in 2018.

The new rules describe a heightened enforcement capacity, which a Treasury press release described as a “scalpel to more quickly and effectively address national security risks that arise in CFIUS reviews.”

CFIUS typically monitors transactions between foreign and US entities, and is vigilant against deals that could undermine national security. Following its review, CFIUS will often only allow high-risk transactions to go through pursuant to national security agreements (NSAs).

Since 2018, CFIUS has been given fangs to penalize false certifications or breaches of its agreements with tough penalties for noncompliance. The new rules bolster CFIUS’s ability to investigate and pursue enforcement, and increase penalty amounts.

A different playbook

Previously, CFIUS was authorized to assess a maximum penalty of $250,000 per violation for misstatements during its review process, failure to comply with a filing requirement, or breach of a mitigation agreement (for example as part of an NSA). That cap will be increased to $5,000,000 per violation, and the circumstances under which fines can be imposed will be broadened.  

The new rules also expand CFIUS’s subpoena authority and authorize the creation of time frames for parties to respond to a request to enter into a mitigation agreement. The time frame to request reconsideration of a fine will also be increased.

New cop on the block

Recently CFIUS has begun to take a more enforcement-forward approach towards foreign investment that could jeopardize domestic security.

Between 2018 and 2019, CFIUS assessed two monetary penalties, its first since its creation in 1975. Six more enforcement actions were undertaken between 2022 and the present.

The same goes for CFIUS’s staffing and resources, which have been increased to keep pace with its new enforcement patterns.

CFIUS brought its largest enforcement penalty against T-Mobile in September, alleging that the German-controlled company failed to fully abide by its NSA during its merger with US-controlled Sprint.

T-Mobile’s NSA contained key provisions about safeguarding Americans’ data during the merger. According to the Treasury, T-Mobile accidentally leaked sensitive data to a third party and failed to timely report it, thus violating its NSA.

This led to CFIUS leveraging a $60m fine, though it gave the company credit for its remedial efforts and cooperation.  

The case was also notable because of CFIUS’s naming of the involved party, an element which usually goes undisclosed.

, ,

You may also like