Stephen Heifetz: What I See as a CFIUS Lawyer

Stephen Heifetz focuses on national security issues as a partner at law firm Wilson Sonsini Goodrich & Rosati. He previously served as an investment screening official under administrations of both political parties. The views expressed here are his own.

The U.S. government has an unquenchable thirst for new rules to safeguard American  technology.  Concerned about competition from China, the government is introducing, at a dizzying rate, new export controls, enhancements to screening of foreign investors in U.S. businesses, and — to premiere sometime in 2023 — controls on U.S. investors in foreign businesses.

For nearly two decades, I’ve been a lawyer working in the trenches created by these rules. I help companies (From the U.S., Europe, China and elsewhere), navigate the secretive Committee on Foreign Investment in the United States, which conducts national security patrols of foreign investments in U.S. firms, seeking to keep American technology and sensitive data away from ill-intentioned foreign parties.

I got my start in 2006 during a government service stint working for the committee. At that time, there were not many CFIUS lawyers. But with increased public skepticism of global trade and investment, and with growing fears about technology competition from China, Congress dramatically increased CFIUS’s authority and resources in 2018. Demand for knowledgeable lawyers soared, with thousands of legal reviews needed annually.

All of this has been great for CFIUS lawyers and government officials, but probably not so much for the rest of the country. The U.S. loses foreign capital and, even worse, innovative businesses founded abroad that are (or were) looking to grow roots here. That, in turn, undermines the national security that CFIUS was designed to protect.

Companies in sensitive industries are sometimes required to disclose foreign investments to CFIUS. A Japanese, German, or Brazilian investor can trigger a review as easily as a Russian or Chinese investor. Businesses that don’t trigger “mandatory” filings must determine on their own whether to file. And the committee ultimately can force those investors to divest or meaningfully change their deals so it’s no longer worth it.

When a filing is made, the review process takes a minimum of a month, but more often many months. Dozens, or even hundreds, of individuals from different government agencies may get involved. These are generally bright and motivated officials who want to safeguard national security, and they often creatively speculate about remote risks, particularly if the investor has any “links” to China or Russia.

So, for example, if a European investor generates much of its revenue in China, CFIUS may assume the investor is under the Chinese thumb. If the U.S. business collects information about consumers — say, a food delivery service that obtains information about customers’ eating habits — CFIUS may run wild with speculation about how that information could be used to spy on those customers.

All it takes is one or two government officials (out of hundreds) to come up with a story about why the food delivery data could lead to espionage. There is little incentive in the current environment for any CFIUS official to say “that’s nuts.”

What does the public get for this regime? With growing frequency, deals are delayed or blocked.  More often, parties decide they do not want to do a deal, because it might mean running the CFIUS gauntlet. The cost of capital for U.S. companies rises, and sometimes foreign companies avoid building a U.S. presence.

One of the most depressing, recurrent conversations that I have with clients happens when a foreign company is considering creating or expanding their U.S. footprint. When I confirm that a CFIUS analysis would be necessary in order to receive an investment, the company sometimes will say, “then we won’t build in the United States.”

Maybe the price is worth the gain in protection of U.S. technology or data, but I’m skeptical.  There are plenty of laws prohibiting intellectual property theft and the unauthorized export of sensitive technology — U.S. government efforts would be better spent enforcing those laws.

There is a small but useful role for CFIUS. Suppose U.S. intelligence has evidence that a specific European company is funded by the Russian or Chinese government, and it’s seeking to purchase a U.S. artificial intelligence company. That seems like the kind of scenario in which CFIUS intervention is appropriate.

That targeted CFIUS process, though, would not involve hundreds of lawyers screening thousands of transactions annually — mostly involving investments from U.S.-allied countries — nor the enormous set of CFIUS personnel and resources built within the government in the last few years.

With only 5% of the global population, the United States sits astride the world because it has been able to leverage global resources. We have drawn inward the capital, talent, and innovation that produces the dazzling array of technologies that boost U.S. security, like quantum computing power, artificial intelligence, and autonomous vehicles.

Tragically and ironically, though, the U.S. government persists in reducing the appeal of the United States as a global investment and business center, undermining one of America’s biggest advantages.