The regulatory environment for cross-border investments will likely become less certain as the US government continues to implement major changes required by a law passed in 2018. Under the Foreign Investment Risk Review Modernization Act (FIRRMA), the Committee on Foreign Investment in the United States (CFIUS) now has greater authority to review foreign investments under stricter rules. The increased vigilance over more types of cross-border transactions doesn’t target specific countries. But the law comes as the trade war between the US and China intensifies, and as other parts of the world—including major European countries—increasingly question the risks and benefits of foreign investment.
This presents new considerations for dealmakers when it comes to integration planning. In one recent deal involving two semiconductor companies, CFIUS required the companies—one of which was based in the US—to keep their IT networks separate to limit access of “covered intellectual property” to specific personnel. This mandate could have set back the deal, restricting some employees’ access to an intranet critical for information sharing and other job functions involved in the integration of the two entities. In the end, however, the companies engaged in conversations with CFIUS before closing and were able to secure a waiver that allowed limited network and key system access.
Early talks with CFIUS will be even more critical to successfully address FIRRMA requirements. For example, one of the most significant changes under the law requires parties of certain cross-border transactions to submit notifications to CFIUS that a deal is being contemplated. Previously, the committee’s review process was generally voluntary. For some deals, it’s now mandatory.
FIRRMA also requires CFIUS to be notified of deals with “non-passive” involvement by foreign persons in the form of post-close control or the exercise of certain “non-passive” rights, such as board seats. If a transaction raises national security concerns, it will be critical for transactions to adopt mitigation measures through a National Security Agreement (NSA) to pass CFIUS reviews.
A key challenge for dealmakers is that current laws and regulations do not specifically spell out mitigation measures that may impact integration planning. As a result, dealmakers will need to proactively consider the potential national security risks associated with the deal and shape measures that are specifically designed to effectively address and mitigate these risks. For example, some functions and departments—particularly those housing sensitive information—may need to remain separate or divided for longer than anticipated, even while other parts of the companies become one.
CFIUS may restrict sharing access to IP databases and product development environments, which could complicate efforts to merge R&D and engineering departments. Other restrictions on access to systems, repositories or folders storing export-controlled information will likely impact how and when companies plan to combine their IT systems. Other physical access controls or travel restrictions may be put in place.
As CFIUS continues to develop regulations to implement FIRRMA, dealmakers will need to consider integration options earlier in the process and consider these questions: What are the minimum integration steps to successfully close a deal? And how much integration is realistic immediately post-close?
In the months after close, it will also be important to monitor and assess newly merged companies regularly, and pay particular attention to any agreed-to mitigation measures to demonstrate adherence to CFIUS requirements. Failure to comply with the terms of a NSA can lead to CFIUS re-examining a transaction, with potentially serious consequences for the parties and shareholders.
An effective way to navigate through the new regulations is to start conversations with CFIUS committee staff early, before formally filing a transaction for review, demonstrating what the parties are considering early on and the potential national security implications of a transaction. This is a crucial step, and dealmakers are uniquely positioned to stay ahead by also explaining the business rationale for the transaction.
Through this process, dealmakers can reassess the deal thesis based on CFIUS’s feedback requirements. They can also decide if they should continue pursuing the deal, assess the need for an NSA or mitigation measures, and refine their integration strategy where necessary.
Recall the earlier example where the newly merged semiconductor companies received a waiver from CFIUS to further integrate their networks. This was possible because the buyer had engaged in pre-filing conversations with CFIUS and developed a good working relationship with the committee staff. Further, they were able to document appropriate measures to safeguard controlled technology.