Will FIRRMA increase the percentage of proposed deals that are investigated?
KELLY: Under FIRRMA, the new numbers won’t be comparable to the old. What the reform legislation did is create a category of “excepted” nations. There are three: the UK, Canada, and Australia—close intelligence-sharing allies. Deals from those countries will not be exactly “exempt,” but face a much lighter burden in review. That's a very significant change compared to what was even in operation this past year, where if you were a British technology firm you still had to do a filing. That change will make comparisons with the past difficult. Also in terms of numbers, it’s important to note that under the new regulations CFIUS will look at past deals much more than it did before, deals that went through without a CFIUS filing.
LEBSON: Retroactive reviews are an important issue. We’ve seen two recent examples where CFIUS has gone back and taken a look at closed transactions and prompted divestments related to them. The acquisition of GRINDR by a Chinese gaming company, Kunlun Group, was not submitted to CFIUS. It went through. It was public. It was published in newspapers. But CFIUS found out about it post-transaction and has told the company it must divest.
Another one involved a Chinese company that was in front of CFIUS regarding an unrelated transaction. They did not clear CFIUS approval and that transaction was abandoned. But then CFIUS went backwards, and took a look at other transactions that company had been involved in. CFIUS found that the company had purchased a building in New York that housed one of the police facilities responsible for the security of Trump Tower. CFIUS compelled the company to divest of that purchase, that real estate transaction, which had closed over a year prior.
That’s a significant case because it says that if you seek CFIUS approval and fail to get it, your earlier transactions could be exposed to scrutiny.
What role does your firm play in the process?
LEBSON: We provide what we call “red cell investigations,” which are essentially investigations of the foreign party, even though ultimately that might be our client. We emulate what a government risk assessor would do. We want to present our investigation to our client and say, “This what they might pick up. Do you have explanations? Or can you help us put this into some context so that we can understand if this is going to be a problem, or whether this is just something that needs additional explanation?”
After the red cell investigation, the next step is looking at the transaction itself. We’ll say, “This is a technology that is used in the following ways for national security.” Or, “The facility that you’re buying is right down the street from a military base, and there might be some concerns associated with that.”
Then we put in place a risk-mitigation plan that can be submitted to CFIUS along with the application that says, “We believe we understand what may concern you. We understand you can’t tell us because it’s classified. But based on our understanding, we’ve put together this plan, and would the steps we’re proposing be sufficient?"
We want to be really clear about something. If CFIUS has a national security concern, our goal isn’t to circumvent that. The goal here is to have a transaction go through without causing any risk to national security.
KELLY: If the CFIUS staff doesn’t believe the parties are sufficiently forthcoming, they can ask you to refile. If you get to a stage where they’re willing to approve with mitigations, then the parties begin to enter a phase with the government where they negotiate the terms of a national security agreement that will lay out what the deal parties must do to gain approval. This will often include requesting an independent, third-party analyst to come in, evaluate the risks posed by the deal, and propose a mitigation plan.
If a third-party analyst is retained as part of a national security agreement, that independent third-party analyst is directed to do what the government says. So even though it was the deal party that hired the third-party analyst, that analyst has a fiduciary responsibility to satisfy the government.
Once that analyst produces a mitigation plan, then typically there is a mandate as part of the agreement that you will hire a different independent third-party monitor to execute the mitigation and monitoring plan.
That’s a process that adds significant deal costs. What may have looked like a good, profitable transaction, now may look a little less attractive. This is where our expertise comes in, understanding the real nature of the government concern. What is the minimum threshold at which you feel you have satisfied the government’s concerns? You’re trying to simply identify a sufficiency threshold, and hopefully that doesn't wind up costing too much for the deal parties.
One often-overlooked important element is communication—helping explain who the foreign party is, introducing the party to an American audience that might have concerns. That should all be integrated into a legal strategy. But I would be very careful to choose a communications firm with CFIUS expertise. Communications, risk mitigation, and legal assistance are the three mechanisms for helping to steer a transaction through the CFIUS regulatory process and address any legitimate concerns that CFIUS may have.