On November 17, 2024, the Department of the Treasury (“Treasury”), in its role as chair of the Committee on Foreign Investment in the United States (“CFIUS” or “the Committee”), published a final rule (“Final Rule”) increasing maximum penalties for violations and expanding the Committee’s ability to compel parties to respond to information requests, among other revisions. The final rule becomes effective on December 26, 2024, and is very similar to the proposed rule, dated April 15, 2024, of which we wrote about in our article, Less Bark and More Bite? CFIUS Proposed Rule Enhancing Enforcement Capabilities. Below we discuss key updates and effects on transaction parties.
Penalty Increase
The CFIUS regulations previously provided for a $250,000 maximum penalty per violation, but the Final Rule increases the maximum penalty to $5 million per violation. CFIUS may levy penalties for submission of declarations or notices or other information to CFIUS with a material misstatement or omission, the making of a false certification, and the breach of a mitigation agreement. In the case of the failure to file a mandatory declaration, the maximum penalty is the greater of $5 million or the value of the transaction.
Importantly, the above outlined penalties are maximum amounts and per the Final Rule, “CFIUS will continue to take into account the aggravating and mitigating factors surrounding the conduct,” which often lead to less than the maximum penalty amount.
Regarding the timing of the new penalty increases, for transaction parties that are subject to a mitigation agreement (or similar condition), the penalty provisions in place at the time of the agreement will continue to be applicable. Other violations, such as a material misstatement or omission made to CFIUS, will be subject to enforcement under the revised penalty provisions of the Final Rule beginning December 26, 2024.
Increased Scope of Information Requests
The Final Rule expressly allows CFIUS to request information from unrelated third parties – including banks, underwriters, and other service providers – as well as the transaction parties. Importantly, these requests may not only originate from declarations or notices filed with the Committee but also in the context of non-notified transactions.
The Final Rule also expands the scope of information that CFIUS may request related to non-notified transactions. Previously, the Committee’s investigative powers in the context of a non-notified transaction were limited to determining whether a transaction is a covered transaction. The Final Rule allows CFIUS to “compel information to enable it to determine whether a transaction is a covered transaction, whether it may raise national security concerns such that the Committee should review it (if it is a covered transaction), and whether the transaction is of a type for which submission of a declaration was mandatory.”
These revisions will likely change the non-notified outreach procedure as well as increase the number of parties from whom CFIUS requests information.
Subpoena Power
In addition to expanding the type of information CFIUS may request and the parties from whom it may request it, the Final Rule also increases the Committee’s ability to use subpoenas to obtain such information. The Final Rule makes clear that, if it deems it appropriate, CFIUS may compel third parties to provide information regarding a transaction through the issuance of a subpoena. Previously, the Committee could issue a subpoena to compel information if it deemed it “necessary.” The Final Rule relaxes the Committee’s threshold for using its subpoena power to a deemed “appropriate” standard.
Mitigation Timelines
One item in the Final Rule that was changed from the proposed rule was the timeline for transaction parties to respond to the Committee’s proposals to mitigate national security risks. The proposed rule provided for a three-day turnaround for responses to mitigation proposals from CFIUS. After referring to multiple public comments related to the shortened timeline, Treasury described its decision to remove the three-day response timeframe from the Final Rule and instead allows for discretion from CFIUS through its Staff Chair. The Final Rule provides, “The Staff Chairperson may impose a time frame of no fewer than three business days for the party or parties to provide a substantive response to proposed risk mitigation terms, including revisions to such terms.” This change provides some flexibility to CFIUS to provide longer timeframes for responses to mitigation proposals, but it remains to be seen if and how CFIUS will use that flexibility in practice.
