Dating carries plenty of risks, though national security isn’t usually one of them. But when a Chinese company acquired California-based Grindr in 2018, it didn’t take long for the U.S. government to catch wind and demand that the deal be undone, all in the name of protecting exploitable information.
This situation is a sign of the new reality for cross-border investment. Foreign direct investment around the world fell in 2018 to its lowest level since the global financial crisis, according to the United Nations. And although there are many reasons for this — including a slowing global economy, rising trade tensions, and changes in U.S. tax policy — a key deterrent to investment is the increased scrutiny that deals face as a result of national security concerns, particularly in the United States. But it’s still possible for those who have their sights set on U.S. companies to anticipate challenges and risks, make effective investment decisions, and get good deals done.
What has changed
The Committee on Foreign Investment in the United States (CFIUS) is charged with reviewing the national security implications of foreign investments. CFIUS is a federal committee comprised of representatives from 16 U.S. defense, state, and commerce departments and agencies.
It’s still possible for those who have their sights set on U.S. companies to anticipate challenges and risks, make effective investment decisions, and get good deals done.
For a long time, CFIUS was not a big concern for foreign acquirers of U.S. companies. In fact, filing deals with CFIUS was largely voluntary. The reviewing committee also construed national security considerations more narrowly than it does now.
But as a result of recent legislation, called the Foreign Investment Risk Review Modernization Act, and a new agenda from the current U.S. administration, CFIUS has become one of the biggest hurdles that many global companies making U.S. acquisitions might have to overcome. With a new head for CFIUS nearing Senate confirmation with bipartisan support, the committee is clearly here to stay.
CFIUS now has a mandate to review a far broader range of deals, involving any company that may hold not just sensitive technology, but also (like Grindr) personal information. This affects tech companies, of course, but also the healthcare, infrastructure, and even real estate industries. And for many such deals, it will now be mandatory for companies to file with CFIUS.
CFIUS is now also looking at deals in which the acquirer isn’t necessarily buying a majority interest. Even a small stake in a sensitive company can be a red flag for CFIUS. And with more of a mandate than before, CFIUS is going to review more deals more closely — including those involving venture capital and private equity.
Yet despite these new hurdles, deals can still get done.
Think like CFIUS
The key is to understand how CFIUS thinks about the national security implications of technology and data, given recent activity and experience. If companies understand this before making an offer, they will be far more likely to identify and avoid troublesome deals in early stages. They can also be more prepared to talk with CFIUS about mitigation measures, which the committee in many cases will require as a condition for the deal to move forward.
In one recent cross-border deal involving two semiconductor companies, for example, CFIUS initially demanded that the companies keep their IT networks separate. That requirement could have halted the deal by making it impossible for some critical employees to do their jobs. But before closing, the companies offered a mitigation plan that included limited network and system access.
CFIUS reforms are also changing the way companies think about integration planning in mergers and acquisitions. As CFIUS continues to develop regulations to implement the new risk review bill, deal makers will need to consider integration options earlier in the process and consider the following questions: What are the minimum integration steps to successfully close a deal? How much integration is realistic immediately post-close?
Even companies not currently active in cross-border deal making would do well to follow CFIUS developments closely so that, if an opportunity does arise, they can more effectively assess possible national security considerations. This especially applies to U.S. companies looking to be acquired or to sell off a division. Better understanding of what CFIUS might allow or forbid can help them identify buyers that are less likely to raise the red flags that could scuttle a potential deal.
The landscape isn’t stable yet
Some of the recent changes to CFIUS, including the new scope of transactions subject to review, are part of a pilot program (pdf) established in November 2018. So, the rules are still evolving. In particular, CFIUS has yet to define exactly what it means by “emerging technology,” the precise area of its interests, and how such should be regulated. Based on the indications given when the legislation passed, we should see more clarity within the next six months or so.
Adding to cross-border deals’ complexity, other countries are also expanding legislation meant to safeguard intellectual property and sensitive data from foreign acquirers — and in many cases their rules are still developing, too.
The E.U.’s screening regulation for foreign investment, for example, is now in force. But it won’t be fully applied until 2020, and changes are possible along the way. Fourteen E.U. member states also have their own screening regulations. In many cases these, too, could still change. Germany, for example, has recently tightened its foreign acquisition rules. Authorities there will now investigate any deal in which a non-European firm acquires more than 10 percent of a German tech, defense, or media firm.
Besides the E.U. and its member states, Japan, China, South Korea, Norway, Canada, and Australia also have still-evolving rules meant to limit the transfer of sensitive technologies to foreign acquirers.
With regulations a moving target, companies have to understand not just the rules as they are currently written. They also have to understand the mind-set of the authorities writing and applying the rules so they can prepare for likely changes. After all, CFIUS (like several other national authorities) has the power to review deals retroactively, as it did with the Grindr acquisition.
A new world for cross-border deals
In the United States, the two main political parties have significant differences on many issues — but there has been little argument over CFIUS’s new approach. Intensified scrutiny over critical infrastructure and emerging technologies in cross-border deals is probably here to stay, no matter what happens in next year’s elections. However, with a little preparation, companies with global growth goals can achieve them.
- Curt Moldenhauer is PwC’s U.S. cross-border deals leader. Based in the San Francisco Bay Area, he is a partner with the PwC US deals practice.
- Mike Burak leads PwC’s U.S. inbound practice, with a focus on helping foreign-owned companies operating in the U.S. best navigate the ever-changing business and regulatory environment. Based in New York, he is a partner with PwC US.
- Darren J. Tapp practices in PwC’s forensic services and co-leads the U.S. export control and trade sanctions services team. Based in New York, he is a partner with PwC US.