On October 20, 2022, the US Treasury Department released the first Committee on Foreign Investment in the United States (“CFIUS”) Enforcement and Penalty Guidelines (the “Guidelines”). The Guidelines provide visibility into factors CFIUS considers when assessing violations of CFIUS laws and regulations, and determining potential penalties. The Guidelines are applied by the Monitoring and Enforcement office, which is part of the US Treasury Department’s Office of Investment Security.
The Guidelines apply when CFIUS assesses the following violations:
- Failure to timely submit a mandatory filing with CFIUS regarding a proposed transaction
- Failure to comply with CFIUS mitigation agreements, conditions, or orders
- Failure to provide materially complete and accurate information to CFIUS in connection with a CFIUS filing or in the context of CFIUS mitigation
The Guidelines align with enforcement and penalty guidelines of the US Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the US Commerce Department’s Bureau of Industry and Security (“BIS”) that have been in place for a number of years. In assessing violations, CFIUS will consider factors that echo OFAC and BIS guidelines, such as parties’ cooperation with government agencies, voluntary submission of a self-disclosure, the parties’ sophistication in terms of familiarity with the regulations, the seniority of the parties’ personnel who know or should have known about the violation, and any attempts to conceal information from CFIUS. The Guidelines also address keys steps in the penalty process, which correspond to CFIUS’ regulations.
Aggravating and Mitigating Factors
In determining whether to impose a penalty or another remedy, CFIUS may consider the following list of factors:
- Accountability and Future Compliance – Whether the penalty would actually incentivize future compliance and protect US national security
- Harm – The degree to which the violation created risks to national security
- Negligence, Awareness, and Intent – The degree of knowledge and intent of the parties in committing the violation, which includes consideration of whether senior managers knew or should have known about the activity, and whether there were any attempts to conceal information from CFIUS
- Persistence and Timing: The frequency and duration of the parties’ violation; the length of time before the parties informed CFIUS; the length of time since the mitigation agreement became effective (in the case of a violation of CFIUS mitigation); the date of the transaction (in the case of a failure to file).
- Response and Remediation: Whether the parties submitted a voluntary self-disclosure and/or cooperated with CFIUS; the rigorousness of the parties’ remediation efforts
- Sophistication and Record of Compliance: the parties’ history and familiarity with CFIUS and past compliance/non-compliance, including the existence and sufficiency of compliance policies and procedures
Viewed in the context of a significant increase of CFIUS monitoring resources in recent years, the release of these Guidelines highlights the importance of implementing effective CFIUS-related compliance measures as part of a regulatory strategy for transactions subject to CFIUS’ jurisdiction. Such measures should help minimize a risk of running afoul of pre-closing filing requirements or mitigation agreements post-closing.