For the first time in its history the Committee on Foreign Investment in the United States (Cfius) has issued a financial penalty to a company that breached the terms of its mitigation agreement. The $1 million fine makes a strong statement that the committee is willing to impose such punishments and is moving into the enforcement business.
While the recipient of the fine was not released, it is clear that Cfius is not going to wait behind the scenes after clearing an acquisition or investment on terms, but will take actions within its newly expanded authority where necessary.
"It is consistent with the message conveyed since the expansion of Cfius' jurisdiction; the ability to impose penalties for failures to make mandatory declarations is also part and parcel of an effort to emphasise and signal to investors, and investment targets alike, that it takes these regulations very seriously," says Ama Adams, partner at Ropes & Gray.
KEY TAKEAWAYS
For the first time in its history Cfius has issued a financial penalty to a company that breached the terms of its mitigation agreement;
The $1 million fine makes a strong statement that the committee is willing to impose such punishments and is moving into the enforcement business;
It is an example of Cfius taking advantage of its new amplified status as well as the resources it needed to take this kind of action;
While the penalty will be of significant interest for dealmakers and act as a reminder that Cfius communications are legally binding, it arguably could have gone further still.
"More importantly, when it clears transactions it expects the company to meet their mitigation measures and that they have agreed to," she added, because they were the initial conditions for clearing the transactions in the first place.
Following the introduction of the Foreign Investment Risk Review Modernization Act of 2018, this is an example of Cfius taking advantage of its new amplified status as well as the resources it needed to take this kind of action. An office has been set up to review mitigation agreements, to make sure that they are being fulfilled or complied with and to ensure that agreements that have been in place for many years remain up to date with current security concerns or national security risks.
"It is fair to say that they will be reviewing these types of agreements and potential actions more carefully going forward," says Adams.
|
|
"It is fair to say that they will be reviewing these types of agreements and potential actions more carefully going forward" |
|
|
See also: POLL: the changing face of Cfius
Although it did not announce the penalty with much fanfare, the report suggested that part of the issue was that the company had failed to implement the required security policies or provide updated reports to Cfius on numerous occasions. It is not clear from the report what exactly the security requirements were, but this could have ranged from establishing plans to limiting access to sensitive information or certain technologies to US citizens only, or ensuring that critical management decisions were made within the US alone.
The move is likely to come as a wakeup call to others that have agreed terms of mitigation following clearance from Cfius. "I think it will capture people's attention, it will remind them that those undertakings are legally binding," says Mario Mancuso, partner at Kirkland & Ellis. In the past Cfius has never forced the issue in this way. Companies would sign a mitigation agreement, receive clearance and then not pay too much attention to the terms bar a good faith effort to comply. Historically, companies may not have been overly worried about Cfius looking back to make sure that all the stipulations were being met.
"This penalty will cause people to reassess how parties think about mitigation. In fact, the penalty - in conjunction with Cfius reform which calls for more resources for Cfius - sends a signal to the M&A community to pay more attention," adds Mancuso. "Because if you do file and get cleared, Cfius is still going to pay attention to ensure that any conditions of the clearance are adhered to."
See also: Dealmakers struggle with tech M&A due diligence
From the perspective of the committee, and for the continued national security of the US, it is critical to the success of the continued clearance that parties maintain their obligations. The fine sends a message to companies whose clearance was pursuant to a mitigation to make sure that they are meeting these standards, and if there are any issues or potential foot-faults to make sure they are communicating them effectively.
More of a jab than a hook
While the penalty will be of significant interest for dealmakers and act as a reminder that Cfius communications are legally binding, it arguably could have gone further still.
"What would have had a greater deterrent effect is if the parties had been identified, and/or the penalty was higher. A million dollars is a lot of money for mortals, but probably just an inconvenience for large, sophisticated strategic or PE fund," says Mancuso.
This could very much be seen as a first swipe. Now that the committee has also identified under its trial programme the types of transactions for which a mandatory declaration must be filed, it is likely that Cfius is looking for a test case; a transaction that should have been filed, but was not, to move against accordingly with litigation.
Deterrence is a healthy compliment to regulatory action. Cfius has shown that because of its increased resources, it needs to signal to the market that it is active and that the market needs to independently comply or face consequences.
The message here is that Cfius has now entered the enforcement business.
See also: PII aspects of Cfius update creating work for corporates
