PII aspects of Cfius update creating work for corporates

Author: John Crabb | Published: 11 Feb 2019

As the US government tries to lessen the threat to national security from China and other potential adversaries, new rules legislating how the agency tasked with monitoring foreign investment handles data is proving problematic for firms.

The section of the Foreign Investment Risk Review Modernization Act (Firrma) that has beefed up how US antitrust regulators look at personally identifiable information (PII) has significantly increased the workload for firms looking to complete cross-border M&A deals into the US.

The legislation requires an investigation for M&A transactions for companies that 'maintain(s) or collect(s) sensitive personal data of United States citizens that may be exploited in a manner that threatens national security’. This is a broad definition that requires a lot of consideration for a non-US domiciled company to consider before launching an M&A bid, or for a US company looking to be acquired. 

The senior...