CFIUS Bites Back: Proposed New Enforcement Powers and Penalties

In an effort to give the Committee on Foreign Investment in the United States (CFIUS) more “bite,” yesterday the Committee published a Notice of Proposed Rulemaking (NRPM) in the Federal Register to enhance its procedures and strengthen its penalty and enforcement authorities.

The proposed rule represents the most significant expansion of CFIUS’s enforcement, monitoring, and penalty authorities since the finalization of the rules implementing the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).


CFIUS is a Treasury-chaired US government interagency body charged with reviewing certain foreign direct investment into the United States for national security risks. In 2018, the US Congress strengthened CFIUS’s authority by enacting FIRRMA, which represented the most sweeping overhaul of the operations and jurisdiction of CFIUS in its 44-year history. The Committee has jurisdiction over a range of transactions involving foreign persons, including acquisitions of control over a US business, some non-controlling investments in certain sensitive US businesses, and some real estate transactions close to certain sensitive facilities. If CFIUS identifies a national security risk arising from a transaction subject to its jurisdiction, it has broad authority to impose mitigation provisions or recommend that the President block the transaction or mandate divestment.

New Developments

Reflecting CFIUS’s “increased focus on monitoring, compliance, and enforcement,” the proposed rule expands the Committee’s information collection authorities and significantly expands potential civil monetary penalties for material misstatements and omissions. It also includes a number of changes to the Committee’s procedures.

Expanded Information Collection Authorities

The proposed rule significantly broadens CFIUS’s scope for requiring submission of information regarding transactions along three key vectors.

  • First, CFIUS would expand the scope of information that it may require parties to submit in relation to transactions that parties have not notified to the Committee (so-called “non-notified transactions”). The current regulations only expressly permit CFIUS to request information needed to determine whether a transaction is subject to its jurisdiction. The new rule would permit the Committee to request information to determine whether a transaction qualifies for a mandatory declaration. It would also enable CFIUS to request information to determine not just whether the transaction falls within the Committee’s jurisdiction, but also whether the transaction may raise national security considerations as well. Notably, the rule enables the Committee to require information from “other persons” in addition to the transaction parties.
  • Second, the proposed rule clarifies and make express CFIUS’s authority to require submission of information for monitoring and enforcement of mitigation agreements, orders, and conditions imposed on parties. It further enables CFIUS to request information needed to determine whether transaction parties made material misstatements or omissions of material information during a previously concluded review or investigation.
  • Third, the new rule would lower the bar for CFIUS to issue subpoenas. The current rule provides that it may do so when “deemed necessary by the Committee,” but the proposed rule provides that CFIUS may issue subpoenas when “deemed appropriate by the Committee.”

Expanded Penalties

The CFIUS regulations currently provide for penalties ranging up to the greater of $250,000 or the value of the transaction for failure to comply with mandatory declaration requirements or for the making of material misstatements or omissions in notices or declarations. The proposed rule makes two main changes:

  • First, it expands the coverage of the penalty provisions to include “material misstatements or omissions in contexts outside of notices or declarations,” such as requests for information regarding non-notified transactions or monitoring and compliance activities.
  • Second, it increases the maximum civil penalty. For material misstatements or omissions in notices and declarations, the maximum penalty increases to $5,000,000 per violation. For failure to comply with mandatory declaration requirements, the maximum penalty increases to the greater of $5,000,000 or the value of the transaction per violation. For violation of material provisions of mitigation agreements, material conditions imposed by CFIUS, or orders issued by CFIUS, the maximum penalty increases to the greater of (1) $5,000,000, (2) the value of the transaction, or (3) the value of the violating party’s interest in the US business.

CFIUS notes that it retains discretion to determine the appropriate penalty, which may be less than the maximum and that it will “will continue to take into account the specific facts and circumstances of the violation and relevant aggravating and mitigating factors as identified in the Committee’s Enforcement and Penalty Guidelines.”

Procedural Changes 

Finally, the new rule would make changes to certain CFIUS procedures, which could affect transaction parties. First, the regulations would impose new time limits for parties to respond to proposed CFIUS mitigation terms, set at three business days. Second, when a notice of penalty has been issued, the time for parties to submit and for CFIUS to respond to petitions would be increased from 15 days to 20 business days.


The new regulations demonstrate that CFIUS is intent on giving more bite to its authorities. The focus on procedural efficiency, including expanded authorities to request information at earlier stages, likely further reflects and expectation the CFIUS will continue to become more active and assertive. With higher potential penalties, parties to transactions should take extra care to ensure compliance with CFIUS filing requirements. Additionally, with curtailed timelines for negotiation of mitigation terms, parties to transactions that may be subject to CFIUS review should prioritize considering potential mitigation requirements as early as possible.

Finally, CFIUS is accepting comments to the proposed rule until May 15. Comments may be submitted electronically or by mail.


Continue Reading