Welcome to a  sponsored podcast series where I am exploring how to navigate risk from the Committee on Foreign Investment in the United States (CFIUS), sponsored by K2 Intelligence Financial Integrity Network (K2 Intelligence FIN). Over this five-part series I will visit with David Holley and Him Das the co-leads of CFIUS Advisory Practice at K2 Intelligence FIN. We will consider navigating the CFIUS process through using business intelligence to identify CFIUS threats and vulnerabilities, using a proactive approach to navigate the CFIUS process, compliance frameworks for risks under CFIUS and cyber risks and access controls under CFIUS. Today, in this concluding Episode 5, I visit with Him Das on effective monitoring and compliance officer solutions for CFIUS.

What is a monitorship and how does it work?

Generally, a monitor is used to assess and oversee a company’s compliance with relevant laws and regulatory actions. It can also be in respect to a written agreement with a prosecutor, such as the Department of Justice or with a regulatory agency, through a Deferred Prosecution Agreement (DPA), Non-Prosecution Agreement (NPA), Cease and Desist Order or other court approved regulatory Directive. Monitors can help organizations comply with a CFIUS mitigation agreements on an ongoing basis as well as help to assess compliance programs and internal controls to address help, remediate and avoid future problems. Ultimately, a monitor should be able to ensure, for both the government and the company, that whatever the mitigation agreement is, or the regulatory directive might be, it is complied with going forward. Moreover, Das believes, “it’s just important to have a strong and effective monitor who understands both the business as well as the regulatory demands.”

What does a monitorship look like under CFIUS?

Like every monitorship, the breadth and scope of one under CFIUS will depend on the circumstances. It could be for national security risks, mitigation requirements, changes to the transaction, the overall structure of the transaction or oversight mechanism. A monitorship can refer to the compliance framework to implement a Mitigation Agreement or an Order issued by CFIUS or even the President. The goal of any oversight mechanism or compliance framework is to “help the organizations comply with the requirements and to ensure there is effective trust, understanding and oversight being undertaken by the companies involved in the transaction. The US government led agencies for CFIUS that are monitoring and ensuring compliance with the mitigation agreement or CFIUS order have confidence that is being implemented.”

CFIUS, through a monitor, can require compliance policies and procedures across a full range of issues that might implicate the entire business. Das noted, “It might include cyber risk or access controls, the elements of the transaction, how data is held and even the appointment of additional personnel such as a security officer or a compliance officer. CFIUS could reach upward and require an independent Board member who is a US national, charged with overseeing the implementation of the compliance procedures that are in place. Once again, the monitor could oversee all of this going forward for a specific time frame.”

Preparation for a monitorship

We conclude by looking at what a company might do to prepare for a monitorship. Das said that parties to the CFIUS process need to be prepared to dedicate the resources and personnel to be able to work with a monitor and effectively implement the requirements imposed by CFIUS and overseen by the monitor. If you know your organization is deficient in areas of compliance, as diverse as information technology, cybersecurity or export controls or other areas. Das acknowledged, “it may have a fairly significant impact in terms of how the company does business from a day to day perspective” but it is better to start “sooner rather than later”.

Das reiterated that companies must dedicate the resources to implementing a monitoring and compliance framework. Equally important, “companies need to be prepared to create a positive environment to work with the monitor who will be assessing the company’s compliance program and compliance risks on a regular basis. The company needs to work to start off and maintain a positive relationship with the monitor as it can also turn into an adversarial one if it becomes a competitive relationship.” Das believes this means it is important for companies to find a monitor with experience, the ability to work with them in a broad range of environments that understands business imperatives, but also understand what the national security considerations.

A professional monitor is critical to fit these requirements so the company should use good judgement in the selection or recommendation process. However, the company must make sure from its position that it works very hard to keep the monitorship a positive one. Laying such groundwork before the monitor is formally appointed can go a long way to setting the expectations to be met during the monitorship and making it a successful one. Das said it all starts with “setting the tone from the top in terms of governance, delivered by the Board and by the senior management on down to the staff level. It requires appropriate risk assessment and risk and valuation. Also, in terms of new business lines, new technologies, new products, the geographic areas that the company might be entering. Communicate the message that ‘It’s going to work.’”

For more information on K2 Intelligence Financial Integrity Network and their CFIUS Advisory Services practice, click here.