In recent years, factors such as the desire to protect critical industries, cybersecurity threats and other geopolitical concerns have resulted in the global proliferation of foreign direct investment (“FDI”) reporting, screening, and review mechanisms. Dozens of countries have an FDI regulatory regime in place, and governments have shown an increasing willingness to deploy these regimes to review and potentially block or impose conditions on cross-border deals. Beyond FDI, policymakers in certain jurisdictions are considering the creation of outbound investment screening and/or review mechanisms, which could have far-reaching implications for global businesses. These regulatory regimes have important implications for, and add complexity to, the planning and execution of M&A transactions.
US FDI Reviews Reach Record Levels
In the United States, the Committee on Foreign Investment in the United States (“CFIUS”) reviews transactions involving foreign investors to determine whether the transactions pose a risk to US national security. CFIUS has broad authority to require changes to a transaction to address perceived national security concerns and also can recommend that the President block transactions—or even force divestitures after transactions have closed.
In 2018, the Foreign Investment Risk Review Modernization Act (“FIRRMA”) expanded CFIUS’s jurisdiction1 and introduced a new type of filing: short-form declarations. As compared to long-form notices (which require detailed information about the transaction and the parties, including the personal identifier information of the board of directors and senior officers of parties in the foreign investor’s ownership chain), declarations require only basic information about the parties and the transaction. Declarations are also assessed on a condensed timeline (30 days, once deemed complete) compared to notices (once deemed complete, notices are subject to a 45-day review period and, if necessary, a 45-day investigation period).
Regulations to implement FIRRMA were finalized in 2020, and CFIUS activity has climbed to record highs since. In 2021 (the most recent year for which data is available and the first full calendar year following FIRRMA implementation), CFIUS reviewed 164 declarations and a record 272 notices, an increase of almost 15 percent over the previous annual high.
Even with FIRRMA’s implementation, CFIUS continues to sharpen its focus and address new potential risks resulting from foreign investment. In September 2022, President Biden issued an executive order to provide detail and expand on the factors that CFIUS must use to evaluate foreign investments.2
Non-US FDI Regimes Have Grown and Expanded Their Reach
Outside of the United States, FDI has become an increased area of focus as well, whether through the introduction of new regimes or the tightening of existing rules.
The European Commission (“Commission”) introduced an FDI screening mechanism, which became operative in October 2020. This mechanism provides a framework under which the member state authorities of the European Union can notify other member states and the Commission when certain transactions raise the risk of being likely to affect security or public order in their territory (and possibly territories of their member states). While not an additional review or investigation tool of the Commission, the mechanism does facilitate the exchange of information between the authorities and provides the opportunity to raise questions on ongoing proceedings. This mechanism can apply to all investments from non-EU investors.
The newly-implemented FDI regime in the United Kingdom, the National Security and Investment Act 2021 (the “NSI Act”), creates a broad investment screening mechanism as of its entry into force in January 2022. The NSI Act applies to transactions that give a foreign acquirer control over entities that are active in the United Kingdom or supply goods or services to persons in the United Kingdom. Importantly for investors, the NSI Act requires mandatory notifications for transactions that fall within the scope of 17 defined key sectors, including, Artificial Intelligence, Communications, Computing Hardware, Data Infrastructure, Defense, Energy, Suppliers to the Emergency Services, Synthetic Biology and Transport, among others. Similar to CFIUS, the NSI Act provides authorities with the power to block, impose conditions on, delay the closing of, or unwind transactions.
The United Kingdom is not the only non-US jurisdiction that has tightened its rules recently. Amendments to German foreign trade laws have widened the scope of voluntary and mandatory notifications. Broadly speaking, notifications are mandatory if they relate to the defense, IT security, critical infrastructure or other national security-related areas. Depending on the sector of the target, the acquisition of as little as a 10-percent ownership interest can trigger mandatory filing obligations. The German authority can prohibit a transaction or order conditions.
Foreign investment rules in Australia have been similarly strengthened. Mandatory pre-closing filings are required in many circumstances—for example, if the target is a “national security business,” a category which includes businesses involved in or connected with critical infrastructure assets, the telecommunications sector and the defense sector and its supply chains. Acquisitions of an interest of only 10 percent can trigger a mandatory filing, and there are plans to broaden the scope of the mandatory filing requirements to include 11 additional sectors, including communications, data storage and processing, higher education and research, healthcare and medical products. The Australian authority can object to a transaction or impose conditions.
New Zealand’s FDI screening regime, which has been in place for several years, was expanded in 2021 to include additional investments involving strategically important businesses. Additionally, in Canada, there are plans to change the existing FDI regime—which allows for post-closing submissions—to one that includes a mandatory pre-closing filing requirement.
FDI Reviews and Blocked or Changed Transactions
The power of CFIUS and other FDI authorities to change or block transactions is not merely theoretical. In the United States, there have been a number of recent, well-publicized transactions that were blocked or abandoned due to CFIUS concerns, including nine transactions in 2021 that were abandoned by the parties following notification from CFIUS that it was unable to identify mitigation measures that would resolve its security concerns, or a proposal by CFIUS of mitigation measures that the parties chose not to accept. For example:
- In December 2022, CFIUS completed its review of a proposed $700 million investment by a Chinese company to build a corn milling project in Grand Forks, ND, approximately 12 miles from Grand Forks Air Force Base. While CFIUS ultimately determined that it did not have jurisdiction to review the investment, apparently because it did not involve an existing “U.S. business” and the Grand Forks Air Force Base was not among the list of designated sensitive facilities, the public controversy generated by the project and the national security review proved overwhelming; in early February 2023, the Grand Forks city council voted to cancel the project due to national security concerns.
- In December 2021, a Chinese private equity firm and Magnachip Semiconductor, Ltd., a South Korean semiconductor company, announced that they were abandoning their planned merger due to indications that CFIUS would refer it to the President to be blocked. CFIUS’s actions in this case were particularly notable in light of the company’s relatively small nexus to the United States. While none of their employees, tangible assets, or sales activities were located in the United States, the transaction did involve a US business entity, and the company was listed on the New York Stock Exchange, which provided CFIUS with the jurisdictional hook needed to effectively block the transaction.
Short of blocking a transaction, CFIUS has the authority to require broad mitigation to address national security concerns, including by prohibiting the sharing of technical information; limiting access to technology, systems, facilities, or sensitive information; requiring the appointment of CFIUS-approved security officers; limiting physical visits to facilities; requiring security protocols to ensure product integrity; requiring supply assurance agreements; and requiring the use of only authorized vendors by US businesses.
In recent years, CFIUS has utilized its mitigation authority liberally—even in instances involving foreign investors from countries allied with the United States. In 2021, CFIUS required mitigation in response to approximately 11-percent of the notices it reviewed. CFIUS has used its mitigation power to address perceived vulnerabilities in US businesses, including a marked increase following high profile cyberattacks on critical infrastructure (e.g. the Colonial Pipeline attack) and government systems (e.g. the SolarWinds attack). In a number of instances, CFIUS has required mitigation regardless of the country of origin of the foreign investor. Such mitigation typically involves transactions with per se sensitive US businesses or government infrastructure or perceived threat vectors thereto.
There have been several notable blocked transactions outside the United States as well, including five transactions in the United Kingdom since the NSI Act was enacted. Examples include:
- In November 2022, the UK government required the divestment of the UK’s largest semiconductor facility, Newport Wafer Fab, which had been acquired by China-backed Nexperia.
- In December 2020, the German government prohibited the acquisition of German company IMST GmbH, Kamp-Lintfort (“IMST”) by a Chinese investor. IMST is a telecommunication technology provider, which was considered to be a strategic company due to its technology-driven business, robust R&D activities and R&D cooperation with other companies in the field of R&D, the amount of public funding it had received and the target’s military nexus, alongside the acquirer’s activities in China and the support it provides to Chinese defense sector.
- In December 2022, the UK government ordered the divestiture of Upp Corporation Ltd., a fiber broadband provider. The company had been acquired in January 2021 by L1T FM Holdings UK Ltd., a UK entity owned by investment manager LetterOne Core Investments. Although LetterOne is a Luxembourg entity, its ultimate owners include sanctioned Russian individuals.
Like CFIUS, there are non-US FDI authorities using mitigation to address perceived threats. Since the NSI Act was enacted, the United Kingdom has imposed conditions on nine deals. Recently, the United Kingdom cleared the Inmarsat/Viasat transaction—which involved a US investor—on the condition that information protection protocols be introduced and with a commitment to ensure that both parties continue to provide strategic capabilities to the United Kingdom government.
Governments Consider Potential Outbound Investment Review
In addition to CFIUS’s record activity, US policymakers are also considering an outbound investment review mechanism. In March 2023, the Departments of Commerce and Treasury each issued reports on the status of their work to develop such a mechanism. These reports came following activity, including formal hearings, on the issue by congressional lawmakers in the previous few months. According to the reports, an outbound review mechanism is likely to focus on investments in certain countries of concern involving military or dual-use technologies and advanced technologies that are critical to US national security. Public reporting indicates that an executive order implementing the review mechanism is expected in the coming months.
Additionally, the European Commission has stated in its work program for 2023 (published in October 2022) that they will examine whether additional tools are necessary in respect of outbound strategic investment controls. No further information on the nature of the tools has been published yet but it seems likely that these will be aimed at protecting national security interests, and potentially relate to protecting against engaging in or supporting human rights violations.
Impact of FDI on Deal Planning and Execution
The proliferation of FDI regimes and reviews has important implications for M&A planning and execution. At the outset of transaction planning, it is important to identify the jurisdictions where an FDI filing is possible so that FDI reviews can be factored into how potential bidders are selected and viewed, the potential for extended deal timelines and deal certainty. Filing thresholds and the definition of sensitive industries vary by jurisdiction, as does the potential for a blocked deal or required mitigation, often requiring local counsel to be involved at an early stage of the transaction so that the risks are well understood. Where a filing is voluntary rather than mandatory, a seller may push the buyer to accept the risk of not filing to enhance closing certainty and speed. In any event, careful attention must be given to the covenants relating to the parties’ respective efforts to secure FDI approvals (including whether a buyer will accept divestitures or other mitigation remedies) and the consequences of failure to get a required approval (such as a termination fee or a carve out of a problematic jurisdiction). With the right planning and preparation, buyers and sellers should be well positioned to negotiate the relevant contractual provisions governing the FDI filing and review process applicable to the transaction.1FIRRMA’s changes included an expansion of CFIUS’s jurisdiction to cover certain non-controlling transactions, requiring mandatory filings for certain transactions involving sensitive “TID U.S. Businesses” (dealing in Critical Technologies, Covered Investment Critical Infrastructure, and Sensitive Personal Data) and providing CFIUS with authority to review transactions involving real estate near sensitive military bases and government facilities.
2In particular, this executive order directed CFIUS to focus on: the resiliency of critical supply chains and the vulnerabilities to supply disruptions that may occur as a result of foreign investments; whether a transaction involves manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to US technological leadership; aggregate industry investment trends (i.e. the cumulative national security effects over time of a series of investments in the same or related business or sectors); the cybersecurity risks posed by an investment and the effects of these risks on national security; and the effects of a potential investment on the sensitive personal data of US persons.