This is part 3 of a five-part series with Tom Fox and the FCPA Compliance Report on mitigating risks within CFIUS compliance with business intelligence.
The United States imposes a broad range of economic sanctions, primarily for foreign policy or national security reasons. There are comprehensive sanctions with respect to certain countries, such as North Korea, Iran, Cuba, Syria, parts of Ukraine and the Crimea region. There are broad targeted sanctions on bad actors such as terrorists, transnational criminal organizations, and persons who are engaged in corruption or human rights violations (e.g., in Venezuela or Zimbabwe). And there are a range of sectoral sanctions that restrict or prohibit transactions with specific economic sectors in countries such as Venezuela or Russia.
Sanctions and Export Control
These sanctions play a part in the review process conducted by the Committee on Foreign Investment in the United States (CFIUS). The committee will often examine whether the investor or the investment partner complies with U.S. sanctions, to the extent that they are applicable, and attempt to understand whether or not the foreign investor presents a threat to national security. For example, if a foreign investor regularly engages in transactions with Iran and has violated or violates U.S. sanctions or export control laws by dealing with Iran, either through the U.S. financial system or by exporting U.S. origin items that do not have a commerce license and are subject to export controls, that presents a national security concern. Compliance with U.S. sanctions is important to obtaining CFIUS approval because, at the end of the day, U.S. enforcement only goes so far and ultimately the U.S. government agencies are going to rely on the trust established with the parties to the transaction. Companies undergoing a CFIUS review can use this as a key area of dialogue to help create credibility with CFIUS.
If an entity is involved in critical technologies, there will be a substantial government interest in the transaction. This means you can expect CFIUS to very closely evaluate the investment, to understand the national security threats and vulnerabilities. Some of the questions that may be posed are: What will be the foreign government involvement going forward? Is there a concerted foreign government effort to acquire sensitive technologies? Will there be a potential adverse impact to the U.S. supply chain? Will the acquisition be an overall threat in terms of U.S. leadership with respect to certain technologies? What particular sectors might be vulnerable to the new export control rules? These are all questions that CFIUS may pose—and companies under review should be ready to answer.
How to Mitigate Sanctions Issues
There are four key issues for companies going through the CFIUS process. First, each company must understand its technologies, what it manufactures, and what is used in that process from a supply chain perspective. Second, it is important for the company to understand the investor and its interest in the company and its technologies. Third, each company must evaluate whether or not there might be a national security threat of vulnerability or sanctions exposure. Finally, the company must understand the investor and what is in its investment portfolio to get a better understanding of whether or not they have strategic objectives with respect to a technology or range of technologies or a particular sector that might have some impact or implications with CFIUS.
After considering these four keys issues, organizations must consider appropriate mitigation—either by shaping the transaction in a way that prevents access by a foreign investor to material nonpublic information or by imposing appropriate access controls in business units engaged in sensitive technologies. Once that is done, a monitoring regime should be established or a security officer hired to ensure the remediation is followed. This type of framework will help build trust with CFIUS and demonstrate to CFIUS that the organization is thinking about the compliance framework and the future as well.
To listen to the next podcast in the series, please click here.