The Committee on Foreign Investment in the United States’ (“CFIUS”) annual report for activities conducted during calendar year 2022 shows another increase in activity, further emphasizing the committee’s active role in reviewing transactions involving foreign investors in the United States. The public version of the report, released on July 31, 2023, covers another eventful period for CFIUS, in which President Biden issued an executive order to expand on the risk factors for CFIUS to consider when evaluating transactions (see our Legal Update on the order), and CFIUS released its first-ever enforcement and penalty guidelines (see our Legal Update on these guidelines).
CFIUS reviewed or assessed a total of 440 covered transactions in 2022, a slight increase from 2021 (when it reviewed or assessed 436 covered transactions). For the first time since the practice was introduced in 2018, use of a short-form Declaration decreased slightly in 2022, when 154 Declarations were submitted, compared to 164 in 2021. This change may reflect a sentiment among investors and US business owners that CFIUS frequently responds to a Declaration by requesting that the parties submit a long-form Notice, and thus a safer course is to simply submit a Notice from the outset. The annual report lends credence to this theory; CFIUS requested a Notice for approximately one-third of the Declarations it assessed in 2022, up from approximately 18 percent in 2021.
The report shows no slowdown in the Notices that CFIUS reviewed, however. In 2022, CFIUS reviewed a record 286 Notices, up from the 272 it reviewed in 2021 (which was itself a record). CFIUS conducted a subsequent investigation for 162 of these Notices, an uptick compared to 2021, although still roughly in line with trends from previous years.
2022 also saw a marked increase in the number of Notices involving investors from Singapore. CFIUS reviewed 37 such Notices, accounting for about 13 percent of all Notices reviewed (by comparison, in 2021 investors from Singapore were involved in about 5 percent of the Notices that CFIUS reviewed). Investors from China also accounted for almost 13 percent of Notices in 2022, compared to roughly 16 percent in 2021.
The report also provides firm evidence for another trend that practitioners noticed anecdotally: CFIUS is requiring mitigation measures more frequently. While CFIUS required mitigation measures with respect to approximately 11 percent of Notices in 2021, this figure jumped to more than 18 percent in 2022 (52 of the 286 Notices filed). As in previous years, these mitigation measures included a range of restrictions intended to address perceived national security risks, including: prohibiting or limiting the transfer or sharing of intellectual property or technical information; establishing provisions for handling existing or future contracts with the US government; ensuring that only authorized persons have access to certain technology, systems, facilities, or sensitive information; restricting hiring of certain personnel; restrictions to address data storage locations; requiring the appointment of a CFIUS-approved security officer; and requiring regular meetings with CFIUS to address business plans that might raise national security considerations. In particular, we note that CFIUS has been requiring highly prescriptive measures intended to address perceived national security risks stemming from data security and data privacy considerations, including the access of a business to: health, biological, or other potentially sensitive data about US persons; information regarding US critical infrastructure assets; and access to source code of software sold to government or critical infrastructure customers.
As many expected, the annual report shows that CFIUS’s activity continued to increase in 2022, and such activity shows no signs of slowing. Given CFIUS’s increased prominence, foreign investors and US businesses alike should carefully consider it at all stages of the transaction process.