New Articles

Treasury Proposes Filing Fees for CFIUS Voluntary Notices

CFIUS

Treasury Proposes Filing Fees for CFIUS Voluntary Notices

On Monday, March 9, 2020, the U.S. Department of the Treasury (“Treasury Department”) published a proposed rule in the Federal Register establishing a tiered filing fee system for parties filing voluntary notices with the Committee on Foreign Investment in the United States (“CFIUS”). The proposed rule accompanies other recently implemented regulations issued by the Treasury Department that implement the Foreign Investment Review Modernization Act of 2018 (“FIRRMA”), effective since February 13, 2020.  We have previously summarized the FIRRMA implementing regulations here and here.

FIRRMA expanded the scope of transactions subject to CFIUS review and modernized the review process. FIRRMA also authorized CFIUS to collect filing fees up to the lesser of 1 percent of the value of a transaction or $300,000. The proposed rule establishes a fee structure intended, according to the Treasury Department, to “not discourage filings and…allow parties to continue the practice of determining whether to file a voluntary written notice based on an evaluation of the facts and circumstances of the transaction.” The fees were set to only be a small proportion of the value of any transaction, in order to avoid discouraging voluntary filings. Under the proposed fee structure, the required fees are in proportion to the value of the transaction, as follows:

The same fee structure applies to both foreign investments under Part 800 and real estate transactions under Part 802. Fee requirements are only in place for voluntary CFIUS notices, however, and there are no filing fees for declarations or for unilateral reviews of transactions self-initiated by CFIUS. Accordingly, parties for whom the filing fee would be particularly burdensome, or parties engaged in low-risk transactions, can take advantage of the mandatory or voluntary declarations authorized by CFIUS under Parts 800 and 802.

The proposed rule requires parties to pay the fee at the time a notice is filed, so parties must calculate the total value of a transaction prior to filing. To calculate the value of a transaction, parties should include “the total value of all consideration that has been or will be paid in the context of the transaction by or on behalf of the foreign person who is a party to the transaction, including cash, assets, shares or other ownership interests, debt forgiveness, services, or other in-kind consideration.” Because transactions often include consideration paid in securities or non-cash assets, the rule provides the following guidance:

-Value on national securities exchange: value is calculated based on the closing price on the national securities exchange on which the securities are primarily listed on the trading day immediately prior to the date the parties file a notice with CFIUS. If the security was not traded the day prior to the date of filing, then the last published closing price will apply.

-Non-cash assets, interests, or services or other in-kind consideration:  value is calculated based on the fair market value as of the date the parties file the notice.

-Lending transaction: value is calculated based on the cash value of the loan or other similar financing arrangement.

-Conversion of contingent equity interest previously acquired by a foreign person: value is calculated including the consideration that was paid by or on behalf of the foreign person to initially acquire the contingent equity interest in addition to any other consideration.

-Real estate leases: value is calculated by the sum of fixed payments to be paid by the foreign person over the term of the lease; variable payments that depend on an index or rate over the term of the lease, measured by using the index or rate as of the date of the filing of the notice; and any non-cash or in-kind consideration to be provided by the lessee to the lessor over the term of the lease, as reasonably determined as of the date of the notice.

In light of the calculation requirements, the proposed rule also adjusts the content requirements for joint voluntary notices, requiring parties to provide the value of the transaction and the methodology used to calculate the value, along with the applicable fee.

Because parties are required to pay applicable fees at the time the notice is filed, CFIUS is authorized to delay its review until and unless the fee has been paid. In general, CFIUS will not require parties to submit double payments if it requires parties to withdraw and re-file a notice, absent a material change to the transaction or a material inaccuracy or omission in the initial filing. The proposed rule also allows for fee refunds in certain limited circumstances.

CFIUS will refund the filing fee if it later determines that the notified transaction is not a covered transaction, and it may issue partial refunds if parties can demonstrate that they paid a higher filing fee than required by the tiered fee structure. Notably, CFIUS has not indicated that it will refund the filing fees if a transaction is blocked.  Although CFIUS is also authorized to waive fees, it may only do so under “extraordinary circumstances relating to national security,” and the proposed rule states that it anticipates infrequent partial or total waivers.

The proposed fee schedule has not yet gone into effect, and it will only apply after the Treasury Department publishes its final rule.  Interested parties have until April 8, 2020, to submit comments on the proposed rule. Specifically, the Treasury Department has solicited comments from the public “on the impact of the proposed tiered fixed-fee structure and whether additional tiers or additional features should be considered.”

______________________________________________________________

By Ryan Fayhee, Roy (Ruoweng) Liu, Alan G. Kashdan, Tyler Grove and Sydney Stringer at Hughes Hubbard & Reed LLP

cybersecurity

Winter 2019 U.S.- China Cybersecurity Update

It is difficult to accurately speculate on the progress of U.S.-China trade negotiations, as media reports on the status of key policy proposals seemingly differ each day depending on the transparency and messaging agenda of the sources involved. However, what has been certain during the winter of 2019 is that major updates to U.S. and Chinese cybersecurity regulations are in the process of being implemented, and these developments stand to set key precedents for the intersection of applicable foreign investment and cybersecurity regulations in the U.S. and China.  

Building on our previous two articles regarding U.S. economic espionage concerns and updated U.S. foreign investment restrictions, this article will provide an overview of notable cybersecurity legislative and investigative developments that will likely dictate the near future of critical facets of U.S.-China relations in the 21st century, including (1) the implementation of China’s revised cybersecurity legislation known as the Multi-Level Protection Scheme (“MLPS 2.0”); (2) the Committee on Foreign Investment in the United States (“CFIUS”) reported investigation into the popular social media app TikTok; and (3) the race to implement 5G infrastructure and ongoing speculation regarding Huawei’s licensing status.

1. Implementation of China’s Multi-Level Protection Scheme (MLPS 2.0)

In 2017, China implemented comprehensive cybersecurity legislation commonly referred to as China’s Cybersecurity Law (“CCL”) in efforts to consolidate authority over and standardize regulation of the internet and cyberspace. The CCL includes strict prohibitions on how companies, particularly U.S. and other foreign companies, can store data and interact online.  For example, the CCL requires that network operators in China cooperate with and provide support to government agencies in support of safeguarding national security, and additional provisions have been passed in recent years under the CCL that provide broad authorizations for law enforcement agencies to inspect and monitor internet service providers and computer network data centers. Foreign companies and human rights organizations have criticized the CCL as regressive legislation that fosters state censorship and surveillance and lacks sufficient privacy protections.

Article 21 of the CCL codified China’s requirements for network operators to implement a cybersecurity “multi-level protection system” that includes mandates to implement and adopt certain technical measures and security protocols to monitor and record network activity. Article 37 imposes certain data localization requirements and requires “critical information infrastructure” operators to store personal information and important data gathered or produced within the mainland territory of China.

On December 1, 2019, MLPS 2.0 will take effect, and will impact how U.S. companies and other foreign companies can do business online and store electronic data in China. A draft of the new regulations was first released in June 2018, and the revised MLPS 2.0 incorporates three information security technology standards that in effect will broaden the Chinese government’s authority, particularly that of the Ministry of Public Security, to proactively supervise, manage, and enforce cybersecurity regulations and restrictions on companies operating in China.

The expanded monitoring and enforcement authorities that MLPS 2.0 provides the Chinese government has provoked increasing privacy concerns for foreign firms, particularly those handling sensitive data. The regulations provide stringent mandates on how foreign companies must secure their networks, utilize local sever systems, and cooperate with government authorities. As the new law enters into effect on December 1, 2019, it will be critical for U.S. companies operating in China to understand how the new laws will impact their operations. Companies that store and utilize sensitive personal data, U.S.-regulated technology or technological data, or proprietary intellectual property and trade secrets will have to ensure compliance with both U.S. and Chinese regulations governing privacy, export controls, and cybersecurity regulations. 

2. CFIUS Takes on TikTok

We previously provided an overview of the updated CFIUS regulations concerning foreign investment restrictions scheduled to take effect in the U.S. in February 2020. However, that does not mean that CFIUS, the inter-agency committee tasked with the authority to review, modify and reject certain types of foreign investment that could adversely impact U.S. national security, is dormant in terms of its current investigations. In fact, on November 1, 2019, Reuters reported that CFIUS has launched a national security review of the popular social media and video-streaming app TikTok, related to the acquisition of social media app Musical.ly (since rebranded as “TikTok”) by Beijing ByteDance Technology Co. in 2017 for $1 billion. TikTok earlier this year said that approximately 60% of its 26.5 million monthly active users are located in the United States.

U.S. lawmakers first raised national security concerns related to the TikTok platform, particularly its Chinese parent company’s collection of user data and purported censorship of user content.  For example, Senators Chuck Schumer and Tom Cotton sent a bi-partisan letter to the Acting Director of National Intelligence in October voicing concerns over TikTok’s data collection practices, highlighting Chinese laws that “compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party.” While it is unclear what the outcome of this particular review will be, it puts a spotlight on the types of industries and practices that CFIUS is currently scrutinizing and provides a useful case study for what types of mitigating measures we may see imposed by the Committee down the road.

The updated CFIUS regulations set to take effect in February 2020 expressly expand the jurisdiction of CFIUS to include reviews of non-controlling foreign investments in companies that store and have access to sensitive personal data of U.S. citizens. But the CFIUS review into TikTok is only the latest investigation by the Committee into burgeoning technology apps that store sensitive personal data. CFIUS has previously targeted the proposed acquisition by the Chinese Kunlun Group of the U.S. dating application “Grindr” for data privacy concerns regarding its individual users, and similarly forced the Chinese digital healthcare company iCarbonX to divest from it its investment in the U.S. healthcare startup “PatientsLikeMe.” 

These recent cases ultimately show that CFIUS is increasingly focused on the protection of the sensitive personal data of U.S. citizens in emerging technological applications, particularly when Chinese investment is involved.  All U.S. companies considering foreign investment will have to take heed of the current and soon-to-be updated CFIUS regulations and increase their due diligence efforts, particularly where Chinese investment is concerned.

3. 5G Supremacy: Timeline on Huawei Restrictions and Licensing Still Unclear

Finally, a critical ongoing area of U.S.-China cybersecurity relations is the debate over the role that China’s telecommunications leader Huawei will have in developing and implementing global 5G technology and data networks. Huawei was placed on the U.S. Department of Commerce “Entity List” over national security concerns in May 2019, which restricts U.S. companies from doing business with it, and a licensing regime was put into place for U.S. companies that seek to engage with Huawei and certain of its subsidiaries. While no such licenses have been issued to date, U.S. Secretary of Commerce Wilbur Ross recently indicated that at least some of the 260 license applications their office has received will be granted and issued shortly.  

U.S. critics believe that allowing Huawei to take the lead on 5G and similar data network equipment will potentially give the Chinese government the ability to collect data of the users of Huawei products. However, Huawei is a global leader in 5G technology, and despite pressure from the U.S. government, countries like Germany, Hungary, and Norway have decided against banning Huawei from their 5G networks. The inherent difficulties and concerns in having the global leader in 5G technology also be closely connected to the Chinese government is an issue that every country seeking to develop 5G infrastructure will have to address, and will likely be a focal point in the U.S.-China trade war as well as in global cybersecurity relations for years to come. 

If you have any questions about U.S.-China trade relations as it relates to CFIUS, cybersecurity regulatory compliance, or U.S.-imposed licensing restrictions, please contact a member of Baker Donelson’s Global Business Team below.

____________________________________________________________________
Joe D. Whitley is a shareholder at Baker Donelson and chairs the Firm’s Government Enforcement and Investigations Group. He can be reached at jwhitley@bakerdonelson.com. 

Alan Enslen is a shareholder with Baker Donelson and leads the International Trade and National Security Practice and is a member of the Global Business Team. He can be reached at aenslen@bakerdonelson.com. 

Julius Bodie is an associate with Baker Donelson who assists U.S. and foreign companies across multiple industries with international trade regulatory issues. He can be reached at jbodie@bakerdonelson.com. 

Frank Xue is an associate with Baker Donelson who assists Chinese clients with matters in the U.S. related to foreign direct investments, mergers and acquisitions, and private equity/venture capital. He can be reached at fxue@bakerdonelson.com. 

_______________________________________________________________________

1. CCL Translation: “Cyber-security Law of the People’s Republic of China,” Dezan Shira and Associates. https://www.dezshira.com/library/legal/cyber-security-law-china-8013.html.

2. CCL Article 9; see also Laney Zhang, China: New Regulation on Police Cybersecurity Supervision and Inspection Powers Issued, Library of Congress (November 13, 2018) (discussing Measures of Internet Security Supervision and Inspection by the Public Security Organs, (Sept. 15, 2018, effective Nov. 1, 2018)) https://www.loc.gov/law/foreign-news/article/china-new-regulation-on-police-cybersecurity-supervision-and-inspection-powers-issued/.

3. See, e.g., China: Abusive Cybersecurity Law Set to be Passed, Human Rights Watch (November 6, 2016) https://www.hrw.org/news/2016/11/06/china-abusive-cybersecurity-law-set-be-passed; China adopts cyber security law in face of overseas opposition, Reuters (November 6, 2016) https://www.reuters.com/article/us-china-parliament-cyber-idUSKBN132049.

4. Draft Cybersecurity Classified Protection Regulations, China Ministry of Public Security (June 27, 2018) http://www.mps.gov.cn/n2254536/n4904355/c6159136/content.html?from=timeline&isappinstalled=0.

5. See, e.g. Simone McCarthy, Will China’s revised cybersecurity rules put foreign firms at risk of losing their secrets?, South China Morning Post (October 13, 2019) https://www.scmp.com/news/china/diplomacy/article/3032649/will-chinas-revised-cybersecurity-law-put-foreign-firms-risk.

6. Greg Roumeliotis, Yingzhi Yang, Echo Wang, Alexandra Alper, Exclusive: U.S. opens national security investigation into TikTok, Reuters (November 1, 2019) https://www.reuters.com/article/us-tiktok-cfius-exclusive/exclusive-u-s-opens-national-security-investigation-into-tiktok-sources-idUSKBN1XB4IL.

7. Reuters,  How TikTok, Caught in U.S. Regulatory Crossfire, Rose to Global Video Stardom, The New York Times (November 4, 2019) https://www.nytimes.com/reuters/2019/11/04/business/04reuters-tiktok-cfius-factbox.html.

8. See, e.g. Senator Marco Rubio Letter to Secretary of Treasury Steven Mnuchin https://www.rubio.senate.gov/public/_cache/files/9ba023e4-2f4b-404a-a8c0 e87ea784f440/FCEFFE1F54F3899795B4E5F1F1804630.20191009-letter-to-secretary-mnuchin-re-tiktok.pdf

9. Senators Charles E. Schumer and Tom Cotton Senate Letter (October 23, 2019) https://www.democrats.senate.gov/imo/media/doc/10232019%20TikTok%20Letter%20-%20FINAL%20PDF.pdf.

10. See, e.g., Christiana Farr and Ari Levy, The Trump administration is forcing this health start-up that took Chinese money into a fire sale, CNBC (April 4,  2019) https://www.cnbc.com/2019/04/04/cfius-forces-patientslikeme-into-fire-sale-booting-chinese-investor.html; Echo Wang, China’s Kunlun Tech agrees to U.S. demand to sell Grindr gay dating app, Reuters (May 13, 2019) https://www.reuters.com/article/us-grindr-m-a-beijingkunlun/chinas-kunlun-tech-agrees-to-u-s-demand-to-sell-grindr-gay-dating-app-idUSKCN1SJ28N.

11. Huawei Entity List and Temporary General License Frequently Asked Questions, Department of Commerce (September 18, 2019) https://www.bis.doc.gov/index.php/documents/pdfs/2447-huawei-entity-listing-faqs/file

12. Philip Heijmans and Haslinda Amin, Ross Optimistic on China Deal, Trump Wants It Signed in U.S., Bloomberg (November 3, 2019) https://www.bloomberg.com/news/articles/2019-11-03/ross-optimistic-on-china-trade-deal-says-huawei-licenses-coming?srnd=premium.

13. See, e.g., Associated Press, Hungary Says Huawei to Help Build Its 5G Wireless Network, New York Times (November 5, 2019) https://www.nytimes.com/aponline/2019/11/05/business/bc-eu-hungary-huawei.html; Chloe Taylor, Germany set to allow Huawei into 5G networks, defying pressure from the US, CNBC (October 16, 2019) https://www.cnbc.com/2019/10/16/germany-to-allow-huawei-into-5g-networks-defying-pressure-from-the-us.html.

foreign investment

New Foreign Investment Restriction Regulations Cement CFIUS Reform

One of the emerging focal points of the U.S.-China trade war involves the implementation of updated foreign investment restrictions in key U.S. industries. 

On September 17, 2019, the Department of the Treasury issued proposed regulations to implement the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), legislation that sought to reform and expand the scope of foreign investment reviews conducted by the Committee on Foreign Investment in the United States (CFIUS). CFIUS, an inter-agency committee chaired by the Treasury Department with the authority to review, modify and potentially reject certain types of foreign investment that could adversely affect U.S. national security, has undergone a significant overhaul during the past year in the wake of FIRRMA becoming law in August 2018. It is now more vital than ever that companies understand how their business can be affected by the updated CFIUS regulations when they are seeking or negotiating a merger, acquisition, real estate investment or even a non-controlling investment from a foreign investor.

Typically, CFIUS reviews are voluntary and are conducted for merger or acquisition transactions where a non-U.S. company or a foreign government-controlled entity obtain a controlling interest in a U.S. company. If CFIUS determines that a covered transaction presents a national security risk, it has the authority to impose certain mitigating conditions before allowing the deal to proceed and can refer the transaction to the President for an ultimate decision. 

However, FIRRMA updated and expanded the scope of CFIUS jurisdiction to authorize reviews of additional types of non-controlling foreign investments based on the type of U.S. company involved. The implementing regulations proposed in September 2019 are set to take effect February 13, 2020, and while the CFIUS reform regulations are motivated by concerns directly related to China, the impact of FIRRMA will be felt globally and the new rules will not be tied to or affected by impending trade negotiations. U.S. businesses, particularly those involved in critical technologies, real estate, infrastructure and data collection or maintenance, must take heed of how the updated rules will affect their global business decisions moving forward.

New Regulations for TID Companies Effective February 2020

Effective February 13, 2020, CFIUS will be authorized to review “covered control transactions,” (all foreign acquisitions resulting in direct control in a U.S. business, which CFIUS already had jurisdiction over), as well as non-controlling “covered investments” by a foreign person in a U.S. critical technology, critical infrastructure or sensitive personal data company. The new rules refer to these as “TID U.S. Businesses” (Technology, Infrastructure and Data), or to be more specific, a company that engages in one of the following categories of activity: 

-produces, designs, tests, manufactures, fabricates or develops one or more critical technologies;

-owns, operates, manufactures, supplies or services critical infrastructure; or

-maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security.

“Critical technologies” include defense articles or defense services under the International Traffic in Arms Regulations, certain nuclear-related products regulated by the Nuclear Regulatory Commission Controls and certain technologies on the Commerce Control List under the Export Administration Regulations. In addition, “critical technologies” will include certain “emerging technologies” that are yet to be defined, and the Commerce Department’s Bureau of Industry and Security is currently reviewing at least 17 technology areas that are anticipated to result in new controls (including bio-tech, artificial intelligence, microprocessors, positional navigation and timing technology, quantum computing and additive manufacturing (3D printing)). 

“Critical infrastructure” includes key industry subsectors such as telecommunications, utilities, energy and transportation. “Sensitive personal data” is defined to include ten categories of data maintained or collected by U.S. businesses that (i) target products or services to sensitive populations (including U.S. military members and federal national security employees); (ii) collect or maintain such data on at least one million individuals; or (iii) have a business objective to collect such data on greater than 1 million individuals and such data is an integrated part of the U.S. business’s primary product or service. The categories of data include types of financial, geolocation and health data. 

Non-Controlling Covered Investments

Under the new regulations, CFIUS will be authorized to review non-controlling covered investment in TID U.S. Businesses. A “covered investment” includes scenarios where a foreign investor obtains:

-access to material non-public technical information;

-membership or observer rights on the board of directors or an equivalent governing body of the business or the right to nominate an individual to a position on that body; or

-any involvement, other than through voting of shares, in substantive decision making regarding sensitive personal data of U.S. citizens, critical technologies, or critical infrastructure.

Filing a CFIUS declaration for a non-controlling covered investment will remain a largely voluntary process, and parties will be able to file a notice or submit a short-form declaration notifying CFIUS of a covered investment in order to receive a potential “safe harbor” letter (after which CFIUS in most scenarios will not initiate a review of a transaction). 

However, if a foreign government holds a “substantial interest” in the foreign investor that obtains a “substantial interest” in a TID U.S. Business, a CFIUS filing will be mandatory. The updated regulations provide that a foreign government is considered to have a substantial interest in the foreign investor if it holds a 49% direct or indirect interest, whereas a foreign person will obtain a substantial interest in a TID U.S. Business if it obtains at least a 25% direct or indirect interest. CFIUS is also authorized to mandate declarations for transactions involving certain types of critical technology companies. 

The proposed rules also include a “white list” provision providing CFIUS the authority to designate certain “excepted investors” and “excepted foreign states” that may be eligible for an exclusion in connection with non-controlling covered investments. 

Global Impact: How Does This Affect My Business? 

The most important practical effect of the updated regulations is the breadth of U.S. companies standing to be impacted or affected by new foreign investment restrictions. U.S. businesses and industries that have previously never had to consider filing a CFIUS declaration, including healthcare companies, tech start-ups, related infrastructure industries, venture capital funds, emerging technology companies and manufacturers, and any company with access to sensitive consumer data, will now have to contemplate the implications of a CFIUS review when considering even passive foreign investment. Robust due diligence on potential investors will be more important than ever to ensure compliance with both mandatory and voluntary CFIUS declaration filings. Cross-border deals will be a costlier and more time-consuming process that will require acute attention to detail when drafting the contractual rights afforded to foreign investors. 

If you have any questions about the impact of the updated CFIUS regulations or how they may affect your company, please contact a member of Baker Donelson’s Global Business Team for additional information.

___________________________________________________________________

Joe D. Whitley is a shareholder at Baker Donelson, chair of the Firm’s Government Enforcement and Investigations Group and former General Counsel at the Department of Homeland Security. He can be reached at jwhitley@bakerdonelson.com

Alan Enslen is a shareholder with Baker Donelson and leads the International Trade and National Security Practice and is a member of the Global Business Team. He can be reached at aenslen@bakerdonelson.com

Julius Bodie is an associate with Baker Donelson who assists U.S. and foreign companies across multiple industries with international trade regulatory issues. He can be reached at jbodie@bakerdonelson.com