CFIUS Frequently Asked Questions

What are the most common reasons for notices being determined to be incomplete?

Examples of deficiencies commonly resulting in a determination that a notice is incomplete include:

  1. Unclear description of business lines – the notice must provide a clear and detailed account of each companies’ products and services;
  2. Unclear description of the transaction – the notice must clearly describe all entities involved in the transaction and the nature and structure of the transaction;
  3. Absence of geographic location(s) of the U.S. business – the notice must clearly describe the U.S. business with addresses and/or geographic coordinates for all U.S. properties and facilities.
  4. Absence of a certification – all notices must be certified correctly (in accordance with the above templates and § 800.202) to be deemed complete.

What steps can be taken with respect to information required by § 800.402 to further facilitate CFIUS review?

Suggestions include:

  1. Section 800.402(j)(1) requires submission of organizational charts showing control and ownership of the foreign person that is a party to the transaction.  CFIUS’s review would be aided if the parties provide such charts for the U.S. business and if the charts for the U.S. business and the foreign person diagram the ownership chains for the acquirer and target before and after the transaction being notified to CFIUS.  These should be as extensive and detailed as possible.
  2. Sections 800.402(c)(1)(iii) and (v) require submission of information related to the foreign person and its parents.  CFIUS’s review would be aided if the notice identifies whether the actual party in interest is the party to the transaction or one of the parents of the party to the transaction.  CFIUS does not consider special purpose vehicles, wholly-owned subsidiaries established for the sole purpose of the transaction, or other shell companies to be the actual parties in interest in a transaction.
  3. Sections 800.402(c)(3)(iii) and (iv) require information regarding certain U.S. Government contracts.  Parties are advised to update and verify U.S. Government contact information for such contracts. Private sector entities not party to the notice are not acceptable points-of-contact for contracts in question.
  4. Filers should ensure that all files in the electronic version of a notice are less than five megabytes (5MB) in size.

Even if not required under 31 c.f.r. § 800.404, is there additional information about items subject to the export administration regulations (Ear) that parties should consider providing?

Pursuant to the regulations at 31 C.F.R. part 800, a declaration must include a statement as to whether the U.S. business produces, designs, tests, manufactures, fabricates, or develops one or more “critical technologies,” a term defined at 31 C.F.R. § 800.215 to include, inter alia, certain items controlled under the EAR.  If applicable, the declaration must also include a description of each such critical technology and the Export Control Classification Numbers (ECCN). 

Note that some items may be listed on the Commerce Control List (CCL), but are not critical technologies under the CFIUS definition.  While not required, parties may voluntarily include information about such items as part of the declaration submission.  Parties may also voluntarily state whether the items that the U.S. business produces, designs, tests, manufactures, fabricates, or develops are designated as EAR99.  Inclusion of this information may avoid the need for the Committee to pose follow-up questions on these items during the assessment period and may facilitate a more efficient process. 

What steps, though not required for a notice to be determined complete, may facilitate CFIUS review?

  1. CFIUS agencies have found it very helpful in the past for filing companies to provide the following additional information, even if the activity is not the primary focus of their commercial operations.  CFIUS often requests this information after a voluntary notice has been accepted if it was not included in the initial filing.
    1. Cyber systems, products, services:  Identify whether the U.S. business being acquired develops or provides cyber systems, products, or services, including:
      • § Business systems used to manage or support common business processes and operations (for example, enterprise resource planning, e-commerce, email, and database systems); control systems used to monitor, assess, and control sensitive processes and physical functions (for example, supervisory control, data acquisition, process and distributed control systems); safety, security, support, and other specialty systems (for example, fire, intrusion detection, access control, people mover, and heating, ventilating, and air conditioning systems); or
      • § Telecommunications and/or Internet or similar systems, products or services.
    2. Natural resources:  Identify whether the U.S. business being acquired processes natural resources and material or produces and transports energy, and the amount processed, produced, or transported annually.
  2. Discussion in the notice of the business rationale for the transaction may be useful.
  3. The regulations require parties to provide information regarding any other applicable national security-related regulatory authorities, such as the ITAR, EAR, and NISPOM.  Some of the regulatory review processes under these authorities may have longer deadlines than the CFIUS process, and parties to transactions affected by these other reviews may wish to start or complete these processes prior to submitting a voluntary notice to CFIUS under section 721.

How can parties accurately and completely report all classified contracts as required by § 800.402(c)(3)(iii)?

The Notice should identify all classified contracts, subcontracts, purchase orders, lease agreements, service agreements, etc. ("classified contracts"), that contain a "Security Requirements Clause" (FAR 52.204-2 or similar clause) or include a Contract Security Classification Specification (DD Form 254).  The clause identifies the contract as involving classified information, and the DD 254 provides classification guidance.  Therefore, parties should report each contract that contains a Security Requirements Clause, has a DD Form 254, requires or will require access to classified information by a contractor or his or her employees in the performance of the contract, or requires the contractor or its personnel to have security clearances.  Note that a contract may be a classified contract (in that the nature of the subject goods or services to be performed under the contract are classified) even though the contract document itself is not classified.

Will Day 1 of the 45-day review be the day after I submit the Notice?

Pursuant to § 800.502(b), “Day 1” is the date on which the Staff Chairperson accepts a voluntary notice, which occurs the next business day after the Staff Chairperson has: (1) determined that the notice complies with § 800.402; and (2) disseminated the notice to all members of the Committee. The time that it takes for the Staff Chairperson to determine that the notice complies with § 800.402 after it has been submitted by the parties depends upon a variety of factors, including the notice itself and whether parties have submitted a draft notice before submitting the formal notice.