HOMELAND SECURITY ALERT: Foreign Investment in American Infrastructure Is About to Get A Lot Harder: CFIUS Reform Legislation Takes Effect October 24, 2007

    5 October 2007

    The attempted acquisition by Dubai Ports World (DPW) of major facilities at six U.S ports in 2006 was a political debacle. While the deal was approved by the Committee on Foreign Investment in the United States (CFIUS), it unraveled because of political concerns that the security risks of foreign control of critical infrastructure had not been given enough weight by CFIUS. DPW was not the only deal to focus the Congressional spotlight on foreign control issues. Others – including the unsuccessful 2005 bid by the Chinese national oil company CNOOC to buy the U.S. oil company Unocal and the acquisition of Sequoia Voting Systems of Oakland, California, by Smartmatic, a Dutch company contracted by President Hugo Chávez’s government to replace Venezuela’s elections machinery – snowballed demand for CFIUS reform.

    Not surprisingly, the result was a series of Congressional oversight hearings leading to legislative overhaul of CFIUS. The Foreign Investment and National Security Act of 2007 (FINSA) becomes effective on October 24, 2007 and now provides for CFIUS review of foreign control of “critical infrastructure,” potentially bringing far more transactions into question.

    What do companies need to know as a result of this new legislation and the DPW scandal? Substance and politics are equal players in this game, and ensuring that your politics are covered may be even more important than just winning CFIUS approval.

    What Changed?

    Given some of the initial legislative proposals, FINSA is regarded by many in the business community as the “least bad alternative” and an acceptable compromise. In some respects, it leaves the basic CFIUS process untouched. The decision of a party to notify CFIUS of a pending transaction remains voluntary, but CFIUS, as before, can initiate review itself. CFIUS still has just 30 days to review and clear a transaction, or to decide to investigate its national security consequences. CFIUS is still required to investigate any transaction in which the acquiring entity is controlled by a foreign government. Any investigation and resulting recommendation to the President still must be completed in 45 days, and the President remains the final authority for any decision to block or unwind a transaction. Beyond that, however, FINSA changes the rules in several important ways.


    FINSA significantly raises the stakes for all foreign investors seeking to acquire U.S. infrastructure. For the first time, CFIUS must investigate the national security implications of any transaction that would result in control of any critical infrastructure “of or within the United States” by a foreign person. “National security” is redefined expressly to include “homeland security.” CFIUS must also consider the independent views of the Director of National Intelligence. Investigations can only be waived by a joint certification by the Secretary of the Treasury and the head of the agency that is principally concerned that the transaction will not adversely affect national security. There is now mandatory reporting by CFIUS to Congress on its findings at the end of its 30-day review and again at the end of any investigation. Where CFIUS approval provided finality in the past, FINSA allows CFIUS to reopen review where it is claimed that there has been a breach of any agreement to mitigate national security concerns. If such a breach is found to have occurred, CFIUS can recommend that the President order an acquisition unwound even years after the deal was closed.


    CFIUS has until April 2008 to issue regulations. Until then potential foreign buyers of U.S. infrastructure will have little official guidance. FINSA defines “critical infrastructure” to be “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security.” Given FINSA inclusion of “homeland security” within “national security,” it is worth noting that the Homeland Security Act of 2002 extended the definition of “critical infrastructure” beyond the national security context to “national economic security, national public health or safety, or any combination of those matters.” Administration officials have stated that CFIUS will limit its review to the effect of critical infrastructure on what has traditionally been considered to be national security. It remains far from certain whether that intention will survive the first political storm.


    The practical application of these definitions to a particular asset to decide whether it is critical infrastructure unfortunately remains as much art as science. The Department of Homeland Security (DHS) is responsible for developing strategies for protecting critical infrastructure. It has identified various sectors that encompass high-risk elements of critical infrastructure, including energy (electrical, nuclear, gas and oil, and dams), trans­portation (air, highways, rail, ports, and waterways), water systems, the chemical and defense industries, food and agriculture, health systems and emergency services, informa­tion technology, telecommunications, and banking and finance. Obviously not all assets in these sectors will be critical, but this list provides some idea about how far FINSA has expanded the reach of CFIUS beyond its traditional defense and intelligence concerns.


    What Are The Risks?


    Under FINSA, the potential acquisition of a major power plant or energy transmission system, railway or port facility, chemical plant, or water treatment system by a non-U.S. entity must now be analyzed to determine whether CFIUS review should be sought. The risk of not doing so is that the transaction may have to be unwound or its terms substantially altered if it is subsequently determined to pose a risk to national or homeland security. That also means that agencies like the U.S. Departments of Transportation or Energy, which traditionally did not have a voice in this process, may become critical players along with CFIUS members like Commerce and State.


    Going before CFIUS is not itself without risks. Until regulations are issued and some experience is gained under FINSA, there will be uncertainty as to how CFIUS will interpret its new authorities. The CFIUS process necessarily entails some risk of delay. Despite the statutory deadlines, obtaining CFIUS approval can take several months. The terms of a deal may need to be adjusted, sometimes significantly, to mitigate any concerns that CFIUS might raise. The new requirement for CFIUS to report to Congress at each stage of its consideration increases the risk that political concerns may influence the outcome far more than in the days before Dubai Ports World.


    Even before FINSA becomes effective, transactions involving foreign investors have come under increasing scrutiny. Filings with CFIUS increased 75% between 2005 and 2006 and CFIUS greatly increased the number of second-stage investigations it undertook. Anecdotal evidence indicates that CFIUS has increasingly imposed conditions on its approval and informally blocked more transactions than in the past. These trends are likely to increase for sometime under FINSA, so these potential risks must be taken into account and managed carefully when considering any transaction that will result in foreign control of infrastructure.


    The Role of the Congress


    Finally, as Dubai Ports World demonstrated, managing these risks goes well beyond satisfying the concerns of the CFIUS member agencies. The CFIUS agencies approved the DPW transaction, but Congressional outrage forced DPW to unwind its acquisition of the U.S. port facilities. The politics of the deal will be as important, if not more so, than the substance in some ways.


    The Congress will focus like a laser on all deals that come through the CFIUS process for the foreseeable future. The inclusion of ‘critical’ infrastructure now means that more companies than ever need to worry about the concerns raised by Members of Congress in the informal process and review.


    While the mandatory reporting to Congress comes after CFIUS has made its recommendation, it is crucial that all companies consider strategic outreach to key committees in Congress even before filing with CFIUS. Companies will not be part of or included in CFIUS’s Congressional briefings, and will not be able to control the message or the discussion at that point.


    As the new legislation expands the number of agencies that may be brought in to the CFIUS review, and widens the types of “critical infrastructure” acquisitions on CFIUS’s plate, it also expands the number of oversight committees that will need to be briefed. This now includes committees like the House and Senate Homeland Security Committees and the House and Senate Transportation Oversight Committees, and depending upon the type of infrastructure asset, other committees such as Energy and Commerce—each run under the hands of a strong chairman who have very specific ideas about these type of deals.


    What does this mean? Potentially an equal number of advocates and detractors of these types of deals, and this only covers key committees. Recall with DPW that there were Members of Congress who did not sit on some of these committees but had an equal voice with those who were on the committees in the chorus against the deal. And this being Washington, professed “national security” concerns may mask more parochial concerns, such as the effect of a transaction on a competitor or the Member’s constituency.


    What to Do?


    Today, the effects of FINSA must be carefully weighed early in any planning for an acquisition of U.S. critical infrastructure by a non-U.S. entity. It maybe advantageous to go through the CFIUS process just to get a ruling from CFIUS that FINSA does not apply to the deal because that in itself can provide a measure of finality. Even if you choose not to file formally with CFIUS, it may be advantageous to be able to point to informal discussions with CFIUS staff on whether the deal might have national security implications. No matter what, early outreach to Congress and informal briefings will still be critical. Remember, as DPW found out, the Court of Public Opinion as defined by the Congress will define your deal, if you don’t define it first.