As we noted in our October SatMagazine article, to the extent a space- focused, U.S. company is considering foreign investment, regulatory authorities are likely to be more interested (relative to other industries) due to heightened national security concerns.
Most importantly, both sides in a deal (the U.S. business and the foreign party) should coordinate their assessments around America’s overarching foreign investment national security process—namely, the Committee on Foreign Investment in the United States (CFIUS). In this article, we discuss at a high- level what parties should consider when conducting CFIUS-related diligence.
What is CFIUS?
CFIUS is an interagency committee responsible for reviewing foreign investment into the United States. The Committee has broad discretionary power to determine whether such investments pose national security risks, and the CFIUS process can impact transaction timing and likelihood of closing. The Committee has authority to review a broad range of “covered transactions,” but only some covered transactions are actually filed with CFIUS.
The Committee has jurisdiction over many foreign acquisitions and investments. Many joint ventures and most convertible notes, licensing agreements, and debt issuances fall outside of the set of covered transactions—but—the rules are complex, and depending on the specific rights acquired, CFIUS can still have jurisdiction over some transactions in each of those categories. Moreover, the Committee has jurisdiction over any transaction that, in its opinion, has been entered into to evade its review—caution is always warranted.
How should parties approach CFIUS diligence?
The Committee has jurisdiction over thousands of transactions every year, but the level of diligence will vary based on a number of factors, including the size of the transaction, the parties’ particular level of sensitivity to CFIUS risk, and the parties’ CFIUS-related profiles.
Parties should, at minimum, seek to accomplish three main goals during any diligence review:
1. conduct a general assessment of CFIUS-related risk to help the parties determine how/if they should engage the CFIUS process
2. assess whether CFIUS has jurisdiction over the transaction
3. if CFIUS does have jurisdiction, assess whether a mandatory filing will be required before the transaction can close.
What is CFIUS looking for?
In general, once CFIUS has jurisdiction over a transaction, it has very broad discretion to determine how to view the transaction in terms of national security. Thus, transactions that do not necessarily appear to be of critical importance to national security may ultimately draw CFIUS’s focus.
CFIUS generally reviews transactions from the broad vantage point of analyzing the “threat” posed by the foreign investor or acquiror and the “vulnerability” of the U.S. business.
From a U.S. business perspective, though not an exhaustive list, vulnerability could be enhanced by: (i) novel or sensitive technologies; (ii) large volumes of data; (iii) significant relationships with the U.S. national security bureaucracy; (iv) significant business in countries that CFIUS considers hostile to U.S. interests; and/or (v) poor track record of securing technology.
Similarly, while not exhaustive, a threat from foreign parties could be enhanced by: (i) material links to countries of concern to CFIUS (e.g., in the current geopolitical climate, countries like China and Russia); (ii) poor track record of compliance at CFIUS; and/or (iii) risks that unwanted third parties would be able to access the U.S. business and their technology through such foreign investor.
What diligence should be conducted to assess CFIUS jurisdiction?
First parties should look for “control” factors. CFIUS has broad discretion to determine what constitutes control, but generally looks for any situation where a foreign investor/acquiror would have the power “to determine, direct, or decide important matters affecting an entity.”
For example, control could be identified in any transaction where the foreign investor has: (i) a veto over corporate decisions; (ii) a 10 percent or greater voting interest; or (iii) a board seat.
The passage of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) expanded CFIUS’s jurisdiction to non-controlling investments, whereby the foreign investor is receiving certain triggering rights into a “TID
U.S. business.” TID stands for critical Technologies, critical Infrastructure, and sensitive personal Data.
The triggering rights in question are the aforementioned control rights OR one of the following covered investment rights: (i) access to material non-public technical information regarding the target’s products or critical infrastructure;(ii) board membership, observer rights, or the right to appoint a board member; or (iii) involvement in decision-making regarding sensitive aspects of the company.
If the foreign investor is making a control or non-controlling investment into a TID U.S. business, CFIUS will have elective jurisdiction over the transaction.
That means CFIUS can elect to review the transaction infinitely (even imposing conditions on the transaction retroactively).
Next, the transaction parties should determine whether they will need to submit a mandatory filing to CFIUS before the transaction closes. Mandatory filings can occur under one of two rules: the “critical technology” or “substantial interest” mandatory filing rules.
• Under the “critical technology” test, the parties need to assess: (i) whether the foreign investor is receiving one of the aforementioned triggering rights; (ii) whether the U.S. business is working with “critical technologies”; and (iii) whether the foreign investor would need a permit or license to access the technologies of the U.S. business under U.S. laws and regulations.
• Under the “substantial interest” test, the parties need to assess: (i) whether the U.S. business is a TID U.S. business; (ii) whether the foreign investor will receive a 25 percent or greater voting interest (direct or indirect) in the TID U.S. business; and (iii) whether a foreign government holds a 49 precent or greater voting interest in that investor.
Notably, both the substantial interest test and critical technology test are conjunctive, meaning that all listed criteria must be present.
What diligence should be conducted once CFIUS’s jurisdiction is established?
On the U.S. business side, a non-exclusive list of diligence items might include:
• A review of proprietary products and technologies: In particular, an analysis of whether the U.S. business is a TID U.S. business, including the nature of its products and technologies, how and in what manner it collects data, and any relationship with infrastructure.
• A review of operations: This would include both key locations (where the company headquarters and subsidiaries are located, where research and development (R&D) is conducted, where the company employees are located) and the identities of major suppliers and customers (e.g., for space-focused companies, is NASA a major customer/partner?).
• A review of relationships with the federal government: This review should consider the level of nexus to the federal government, and particularly, connections to the U.S. national security bureaucracy, as close ties could materially raise the CFIUS risk profile. Questions to consider include federal government funding; contracting (direct or indirect), R&D collaboration, and classification of work (secret, top secret, etc.).
• A review of domestic licenses/special business areas of interest: Relatedly, does the company have federal licenses (e.g., FCC licenses) or controlled products (e.g., through International Traffic Arms Regulations (ITAR) and/or export control regulations)?
• A review of foreign relationships: Parties should consider the history of company relationships with foreign governments (including foreign military or intelligence relationships); business in sanctioned nations (e.g., North Korea, Iran, Syria, Burma, Cuba, etc.); and known partnerships with Chinese or Russian persons or entities (e.g., joint ventures, licensing agreements, or original equipment manufacturer (OEM) agreements). In the case of space- focused companies, it is often possible, if not probable, that there could be relationships with foreign governments.
• A review of previous interactions with CFIUS: Finally, the parties should determine whether the company has previously submitted any filings to CFIUS, the results of any such filings, and whether CFIUS has presented the company with any enforcement inquiries.
On the foreign side (and also non-exclusive):
• A general understanding of the investor/acquiror business: Similar to the diligence conducted on the U.S. business, parties will want to understand the profile of the investor/acquiror. For example, counsel should understand some combination of the general business of the investor; its key U.S. operations and customers; and any existing business with the U.S. government.
• Ownership: The parties will want to understand the ownership base of the foreign investor, including any owners above five percent; the potential nexus to investors from countries of concern to CFIUS; and/or any potential foreign government ownership.
• Foreign government relationships: The parties will want to understand any investor/acquiror relationships with foreign governments, including any military or intelligence relationships.
• Other items of national security interest: In addition to the variables above, the transaction parties will likely also want to get a sense of the following: any previous investor relationship or interaction with CFIUS; any business with sanctioned persons or in sanctioned countries; and any significant connections to China or Russia.
Conclusion
Conducting CFIUS-related diligence can be complex and nuanced, especially for space-focused companies that are likely to bring a heightened national security risk profile. Beyond the initial threshold question of whether CFIUS has jurisdiction over a transaction, the parties will need to wade through the range of considerations mentioned above to make an informed assessment of national security risk. In this space, working with experienced CFIUS counsel is a must.
Curt Blake
Author Curt Blake, Senior Columnist to SatNews Publishers, is Senior Of Counsel at Wilson Sonsini Goodrich & Rosati. He is an attorney and senior executive with more than 25 years of experience leading organizations in high-growth industries— and more than 10 years as the CEO of Spaceflight, Inc.— at the forefront of the New Space revolution. Curt has extensive expertise in strategic planning, financial analysis, legal strategy, M&A, and space commercialization, with deep knowledge about the unique challenges of New Space growth and the roadmap to success in the that ecosystem.
The views expressed in this article reflect those of the author himself and do not necessarily reflect the views of his employer and its clients.