On October 20, 2022, the U.S. Treasury Department released the First Commission on Foreign Investment in the United States (“CFIUS”) Enforcement and Penalty Guidelines (the “Guidelines”). This guideline provides visibility into the factors CFIUS considers when evaluating violations of CFIUS laws and regulations and determining potential penalties. This guideline is enforced by the Office of Oversight and Enforcement, part of the Office of Investment Security of the U.S. Department of the Treasury.
The guidelines apply when CFIUS evaluates violations of:
- Failure to timely submit required filings with CFIUS regarding the proposed transaction;
- Failure to comply with CFIUS mitigation agreements, conditions or orders
- Failing to provide CFIUS with substantially complete and accurate information in connection with any CFIUS submission or in connection with any CFIUS mitigation;
The guidelines are consistent with enforcement and penalties guidelines that have been in place for many years by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) and the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”). In assessing violations, CFIUS considers factors such as the official’s cooperation with government agencies, the voluntary submission of self-disclosures, the official’s sophistication in terms of familiarity with the rules, and the official’s seniority. Consider factors that reflect BIS guidelines. Personnel who knew or should have known about the breach and any attempt to conceal information from CFIUS. The guidelines also address key steps in the penalty process that correspond to CFIUS regulations.
Exacerbating and Mitigating Factors
In determining whether to impose a penalty or another remedy, CFIUS may consider the following list of factors:
- Accountability and future compliance – Whether penalties actually encourage future compliance and protect U.S. national security
- harm – The extent to which the breach posed a risk to national security
- Negligence, Awareness, and Intention – the degree of knowledge and intent of the offending party; This takes into account whether senior management knew or should have known about the conduct and whether there was an attempt to conceal information from her CFIUS.
- persistence and timing: the frequency and duration of the party’s violations; length of time for the parties to notify CFIUS; time since the mitigation agreement entered into force (for CFIUS mitigation breaches); date of transaction (if failed to file).
- Response and remediation: Whether the party submitted a voluntary self-disclosure and/or cooperated with CFIUS.Severity of corrective efforts by parties
- Advanced compliance and recording: Party’s history and knowledge of CFIUS and past compliance/non-compliance (including existence and adequacy of compliance policies and procedures)
In the context of the significant increase in CFIUS oversight resources in recent years, the release of these guidelines is an important step toward implementing effective CFIUS-related compliance measures as part of a strategy for regulating transactions subject to CFIUS jurisdiction. Emphasizing importance. Such actions should help minimize the risk of violating pre-closing filing requirements or post-closing mitigation agreements.