Welcome to a  sponsored podcast series where I am exploring how to navigate risk from the Committee on Foreign Investment in the United States (CFIUS), sponsored by K2 Intelligence Financial Integrity Network (K2 Intelligence FIN). Over this five-part series I will visit with David Holley and Him Das the co-leads of CFIUS Advisory Practice at K2 Intelligence FIN. We will consider navigating the CFIUS process through using business intelligence to identify CFIUS threats and vulnerabilities, CFIUS and compliance frameworks, CFIUS and cyber risk and access control, and effective monitoring for CFIUS. Today, in Episode 2, I visit with Him Das on navigating the CFIUS process through proactive management and compliance solutions.

What is CFIUS Looking For?

Das believes that any discussion with CFIUS is “essentially a two-way conversation between CFIUS and the parties to the transaction.” Moreover, through this process, CFIUS is trying to either seek information or clarify information presented to it. CFIUS is trying to sort through the filings and assess what the threats and vulnerabilities are presented by the transaction. To the surprise of no compliance professional, CFIUS will want to understand the underlying business rationale for the transaction. The Committee will pose a number of questions through the process may be intended to try to get at that business rationale.

CFIUS’s next goal is to understand and discuss with the parties what are the national security considerations. The national security issues are classified as security related issues so the parties may be required to do a little bit of guesswork in terms of trying to understand exactly what the national security considerations are and to think through how to manage appropriately. After CFIUS reaches an understanding on this national security component, it will negotiate mitigation terms with the parties. CFIUS will engage in a dialogue with the parties to see if there are ways to mitigate those national security concerns in a way that are consistent with a business interests. Das cautioned, “This could be a somewhat complicated process of engagement. That is why it is critical for parties to a transaction to have effective advisors, who are able to understand what the CFIUS process is, to understand what the issues CFIUS considers and to also understand what the dynamics are within the CFIUS interagency process.” From these discussion, CFIUS “will try to develop a term sheet for a mitigation agreement if they have concerns with the transaction.”

How do you begin a filing?

Das emphasized that it is absolutely critical to begin thinking about the CFIUS process and the information required when you begin to conceive of a transaction in the mergers and acquisitions (M&A) process. He stated, “It’s just never too early to start thinking about what the national security dimensions are because it might have an impact on the contours and the structure of the transaction and the manner in which the parties approach it. From the CFIUS compliance perspective, it starts at the point where you start talking about a transaction or an investment.” The more complex a transaction, the more likely it is to raise a significant national security sensitivities, or it might come from a sensitive foreign country so it is more important to begin thinking through the CFIUS issues and prepare a game plan for navigating the process. From there Das suggests that you begin a dialogue directly with CFIUS about the parameters of the proposed transaction so there are no surprises down the road.

From here you can decide if you want to make a Voluntary Declaration, which does not require as much information as the longer and more detailed process. This Voluntary Declaration process can as little as 30 days. However, in a more substantial transaction where there might be an investment by a foreign government involving critical technologies, sensitive or dual use technologies, critical technologies like semiconductors, avionics, robotics, potentially biotechnology and others; the process is likely a minimum of 90 days.

Compliance Frameworks

One of the keys Das related was to make sure you have a compliance framework in place to facilitate CFIUS approval. For businesses engaged with sanctioned countries or jurisdictions, where there is a high concentration of sanctioned actors, a large number of transnational criminal organizations or the potential for terrorist financing issues, it is important to have a robust sanctions compliance framework that meets the standards set forth by OFAC or any other appropriate agency and to have a culture of compliance around sanctions. CFIUS will look to whether or not a company and the foreign investor have a strong compliance framework. Das emphasized it is much more than having a paper compliance program in place. A company must fully operationalize compliance and then be able to document that operationalizing.

Please join us for our next episode, where we take a deep dive into CFIUS and compliance frameworks.

For more information on K2 Intelligence Financial Integrity Network and their CFIUS Advisory Services practice, click here.