Treasury Issues First CFIUS Enforcement, Penalty Guidelines
The Treasury Department this week released its first ever enforcement and penalty guidelines for the Committee on Foreign Investment in the U.S., detailing how it decides on violations, where the committee gets its information and other steps it takes during the penalty process. The committee -- which has been criticized for lacking transparency by lawyers and companies looking to comply with its requirements (see 2208050028 and 2008240031) -- also outlined various aggravating and mitigating factors it considers when calculating a penalty amount.
While the “vast majority” of companies work with CFIUS to mitigate any national security concerns, the committee will hold “accountable” those who don’t, said Paul Rosen, who oversees CFIUS as the Treasury’s assistant secretary for investment security. “Today’s announcement sends a clear message: Compliance with CFIUS mitigation agreements is not optional, and the Committee will not hesitate to use all of its tools and take enforcement action to ensure prompt compliance and remediation, including through the use of civil monetary penalties and other remedies,” Rosen said.
The guidelines point to three main types of conduct that could lead to violations and fines: a failure to file a mandatory declaration or notice with CFIUS; failing to comply with a CFIUS mitigation agreement; and “material misstatements” or omissions,” including “false or materially incomplete certifications,” filed with CFIUS. Treasury said a violation won’t always lead to a penalty, but CFIUS could impose a fine if there are aggravating factors.
Those factors include whether a violator needs to be “held accountable for their conduct and incentivized to ensure compliance” and whether the violator’s conduct “impaired or threatened to impair U.S. national security,” Treasury said. The committee will also look at whether the violation was “simple negligence, gross negligence, intentional action, or willfulness,” whether there was an effort to “conceal or delay” the sharing of information with CFIUS, and whether senior personnel knew or should have known about the violation.
CFIUS will also examine the amount of time it took for the violator to disclose the conduct to the committee, the “frequency and duration” of the conduct, and whether the violator submitted a self-disclosure, cooperated with CFIUS’ investigation, implemented remedial compliance measures and conducted an internal review to prevent future violations. In situations where a mitigation agreement is violated, CFIUS will take into account whether the violation occurred shortly after the agreement took effect or whether it occurred long after.
Other factors that will be considered are the violator’s “sophistication” and their record of past compliance, Treasury said. CFIUS will examine the violator’s familiarity with the committee and its existing compliance program, including whether the company employs any lawyers, auditors or monitors, uses policies and training to prevent violations and whether the company has a “compliance culture.” The committee will also assess whether the company has any “variation in the consistency of compliance” between upper management to supporting staff. CFIUS will also look into whether the company has experience dealing with other local, state, federal or foreign authorities on similar compliance matters.
When conducting an investigation, the agency said, CFIUS gets much of its information from U.S. government sources, publicly available information, third-party auditors and monitors, tips and filing parties. It also reaches out to specific companies with “requests for information” and “strongly encourages” self disclosures, even if they’re not “explicitly required by any applicable CFIUS Mitigation or any other law or regulation.” Even so, the guidelines suggest that CFIUS may not award credit for a voluntary disclosure if “discovery of the conduct at issue by CFIUS or other government officials has already occurred or was imminent prior to the self-disclosure.”