CFIUS has found it very helpful in the past for transaction parties to provide the following additional information, even if the activity is not the primary focus of their commercial operations. CFIUS often requests this information after a voluntary notice has been accepted if it was not included in the initial filing.
- Cyber systems, products, services: Identify whether the U.S. business that is the subject of the transaction develops or provides cyber systems, products, or services, including
-
- Business systems used to manage or support common business processes and operations (for example, enterprise resource planning, e-commerce, email, and database systems); control systems used to monitor, assess, and control sensitive processes and physical functions (for example, supervisory control, data acquisition, and process and distributed control systems); safety, security, support, and other specialty systems (for example, fire, intrusion detection, access control, people mover, and heating, ventilating, and air conditioning systems); or
- Telecommunications and/or Internet or similar systems, products or services.
- Natural resources: Identify whether the U.S. business that is the subject of the transaction processes natural resources and material or produces and transports energy, and the amount processed, produced, or transported annually.
It may also be useful to discuss the business rationale for the transaction in the notice.
Lastly, CFIUS’s regulations require parties to provide information regarding any other applicable national security-related regulatory authorities, such as the ITAR, EAR, and NISPOM. Some of the regulatory review processes under these authorities may have longer deadlines than the CFIUS process, and parties to transactions affected by these other reviews may wish to start or complete these processes prior to submitting a voluntary notice to CFIUS under Section 721.