CFIUS Releases 2023 Annual Report

The Committee on Foreign Investment in the United States ("CFIUS") recently delivered its unclassified Annual Report to Congress for the calendar year 2023 ("Annual Report"). CFIUS continued to be very busy, although the number of CFIUS filings in 2023 decreased for the first time in three years. The number of notices that were withdrawn and refiled also decreased, while CFIUS was still responsible for scuttling 9 deals in 2023. The CFIUS process was also more efficient in 2023, with decreases in both the percentage of notices proceeding to investigation and the percentage of declarations that required a subsequent notice filing. At the same time, CFIUS was active in enforcement and monitoring, requesting filings for 13 non-notified transactions, imposing four penalties for violations of mitigation agreements, and issuing additional notices of noncompliance for failure to make mandatory filings.

As in previous years, the Annual Report summarizes CFIUS's activities during the covered period, including the number and disposition of CFIUS filings, the nature and prevalence of mitigation arrangements, and the geographic source and sector concentration of covered transactions. In addition, the Annual Report describes its 2023 calendar year activities in comparative and cumulative perspective for the years 2014 to 2023. In accordance with the legal prohibition against public disclosure of such information, the Annual Report contains no information with respect to specific transactions. Nonetheless, it remains a remarkable window into the reach and operation of CFIUS and its impact on transactions involving U.S. businesses.

We have set forth below a brief summary of the key data points of the Annual Report, along with a discussion of emerging trends in the CFIUS review process.

A. Notices Filed and Country of Origin

CFIUS continued to be very active in 2023, although with a noticeable slowdown that presumably reflects the overall pace of deal-making last year. In 2023, 233 CFIUS notices were filed for "covered transactions" and "covered real estate transactions," two types of transactions within CFIUS's regulatory purview. This is a decline from the 272 and 286 notices that CFIUS reviewed in 2021 and 2022, respectively. In addition, the number of declarations filed declined to 109 (from 154). Therefore, the combined total of 342 filings was well below 436 and 440 filings made in 2021 and 2022, respectively.

Transaction notices were filed from 38 different countries in 2023. The following countries accounted for the greatest number of notices:

Country	Number of Notices
China	33
United Arab Emirates	22
United Kingdom	19
Singapore	19
Canada	16

China returned as the largest filing country, which it has been in most recent years (with the exception of 2022). However, the number of notices filed by Chinese acquirers was still below 2021 and 2022 levels. The general trend of fewer notices filed by Chinese acquirers in recent years is likely a product of the perceived hostile CFIUS environment and particularly strict scrutiny by CFIUS of inbound Chinese investment, including high-profile decisions by the President over the past few years to block transactions involving Chinese acquirers. Singapore, which was the largest filer in 2022, returned to levels consistent with its pre-2022 average.

The Annual Report notes that for distinct transactions (i.e., counting only once transactions that filed both a declaration and notice, or notices that were refiled), the highest number of notices in 2023 were from Canada, Japan, and the United Kingdom. This fact indicates that the high number of notices from China, Singapore, and the United Arab Emirates results -- at least in part -- from delays or difficulties in the CFIUS process, such as the need to either file a notice subsequent to a declaration or to withdraw and refile a notice.

For countries with at least ten notices, most saw a decrease in the number of notices filed since 2022 (including Canada, China, France, Singapore, South Korea, and the United Kingdom). The number of notices filed by UAE acquirers increased from 11 in 2022 (and zero in 2021) to 22 in 2023. This change is likely attributable to changes in the level and type of investment activity by sovereign wealth funds and other institutional investors based in the UAE.

B. Declarations Filed and Country of Origin

Beginning in 2020, pursuant to regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 ("FIRRMA"), parties to a covered transaction could make a mandatory or voluntary CFIUS filing via short-form declaration instead of a full notice.

In 2023, CFIUS completed assessments of 109 declarations filed for covered transactions, including three real estate declarations. This number is the lowest since the current declaration process begin 2020, likely reflecting the slower pace of deal activity overall last year. CFIUS is required either to clear the transaction, initiate a unilateral review, request that the parties file a written notice, or inform the parties that CFIUS cannot conclude its review of the transaction based on the information provided in the declarations. CFIUS may also reject an incomplete or improper declaration. CFIUS resolved the declarations submitted in 2023 as follows:

CFIUS Action	Number of Declarations
Request that the parties file a written notice	20
Inform the parties that CFIUS cannot conclude action	6
Initiate a unilateral review	0
Clear the transaction	83
Reject the declaration	0

Over 76% of declarations were cleared outright, which is an increase from recent years. Parties appear to have more experience at determining when a declaration may be the more expedient option, although filing a declaration is not a guarantee of an expedited process. CFIUS requested a written notice after approximately 18% of all declarations in 2023, which is more consistent with the rate prior to 2022, when it had jumped to about one-third of declarations. This fact indicates that 2022 may have been an aberration rather than the beginning of a trend, although declarations remain the preferable option mostly for lower-risk transactions.

Acquirers from 34 countries filed declarations in 2023, down slightly from 38 countries in 2022. The following countries accounted for the greatest number of declarations:

Country	Number of 2023 Declarations
Canada	13
France	11
Japan	11
United Kingdom	10
South Korea, Australia	7

Over the past three years, Canada (57 declarations) was responsible for the largest number of declarations, followed by Japan (40 declarations) and Germany and South Korea (32 declarations). This list is not surprising as these countries are either excepted foreign states or close U.S. allies with many repeat CFIUS filers.

Combining notices and declarations, China was once again the largest CFIUS filer in 2023, with 35 total filings. Canada, Singapore, and the United Kingdom were tried for second with 29 total filings each, followed by Japan with 26 filings. The following countries accounted for the greatest number of combined CFIUS filings in 2023, which are generally lower numbers overall than in 2022:

Country	Total 2023 Filings
China	35
Canada	29
Singapore	29
United Kingdom	29
Japan	26

C. Investigations and Presidential Review

In 2023, 55% (128) of the 233 notices went into the 45-day investigation phase, following the 45-day review phase. This is consistent with the 57% in 2022, and still above the previous three years when 48%, 47%, and 49% of notices, respectively, went into the investigation phase. The clearance rate during the review period, which is still below 50%, remains higher than it was before FIRRMA took effect. In 2017, prior to the implementation of FIRRMA, which extended the statutory review period from 30 to 45 days, 73% of notices proceeded to the investigation phase. On other words, while FIRRMA's new timeline has helped expedite approvals overall, it is notable that with CFIUS's workload and increasingly complex transactions and national security analyses, more than half of all notices can be expected to last the full 90 days.

In 2023, for the third year in a row, CFIUS did not refer any transactions to the President. From 2016 through 2020, CFIUS referred a single transaction to the President each year, with the President deciding to block each transaction. In three cases, the ultimate owners of the acquiring company were Chinese acquirers, and in another case (Qualcomm's proposed acquisition of Broadcom), the national security risk was largely from Chinese competition in the 5G telecommunications sector.

D. Withdrawn Notices

The number and percentage of withdrawn notices decreased somewhat from the high levels seen in the past two years. In 2023, 57 notices were withdrawn, which represents 45% of the 128 notices that proceeded to the investigation phase. By contrast, in 2021 and 2022, 72 and 88 notices were withdrawn. This rate has returned to below 50% after two years, although it remains close to that mark. This is a key statistic for deal timing. The percentage of withdrawn notices that were refiled (75%) was high in 2023. The main reason to withdraw and refile a notice is to obtain additional time for CFIUS to complete its review or for the parties to reach agreement on mitigation measures. It is possible that the factors responsible in part for the high number of withdrawn notices include the level of Chinese inbound investment, CFIUS's overall workload, and the number and complexity of mitigation agreements.

The number of abandoned transactions in 2023 was 14, compared with 20 and 11 in 2022 and 2021, respectively. In 9 instances, the parties withdrew the notice and abandoned the transaction after CFIUS could not identify mitigation measures to resolve the national security concerns or parties chose not to accept the proposed mitigation measures. In five instances, parties abandoned the transactions for commercial reasons. The number of scuttled deals (9) is lower than last year and consistent with the nine in 2021 and seven in 2020

E. Mitigation Measures

In 2023, CFIUS imposed mitigation measures or conditions in 43 instances (or 18% of notices). This included 35 mitigation agreements (or 21% of distinct notices). In addition, in one instance, CFIUS adopted mitigation measures to address residual national security concerns involving a transaction and notice that was voluntarily withdrawn and abandoned. Separately, in six instances, the U.S. Department of the Treasury imposed conditions in connection with granting the withdrawal and abandonment of notices. These conditions were not, however, considered to be mitigation measures. Overall, the rate of mitigation measures and conditions imposed has risen in recent years.

Pursuant to these mitigation arrangements, parties were required to take one or more of the following actions. The measures in bold were newly added to the Annual Report in 2023.

• Prohibiting or limiting the transfer or sharing of certain intellectual property, trade secrets, or technical information;
• Ensuring that only authorized persons have access to certain technology and information;
• Establishing a corporate security committee, voting trust, or other mechanisms to ensure compliance with all required actions, including the appointment of a U.S. Government ("USG") approved security officer or member of the board of directors and requirements for security policies, annual reports, and independent audits;
• Establishing guidelines and terms for handling existing or future USG contracts, USG customer information, and other sensitive information;
• Ensuring that computer networks are segregated;
• Destroying sensitive information;
• Ensuring and ensuring that certain activities, products, facilities, equipment, and operations are located only in the U.S.;
• Requiring prior notification to and non-objection by the U.S. Government regarding changes to data storage locations;
• Restricting hiring of certain personnel;
• Assurances of continuity of supply for defined periods, and notification and consultation prior to taking certain business decisions, with the USG reserving certain rights in the event that the company decides to exit a business line;
• Notifying, for approval, security officers, third party monitors, or relevant USG parties in advance of foreign national visits to the U.S. business;
• Ensuring that potential conflicts of interest involving third-party monitors, third-party auditors, security officers, and security directors do not arise or are disclosed to the USG;
• Establishing processes to review and approve contracts involving third parties before granting access to systems or data;
• Notifying the USG prior to entering into agreements to collaborate with persons in certain countries;
• Notifying customers or relevant USG parties regarding a change in ownership;
• Ensuring that businesses notify customers regarding the identity of ultimate beneficial owners;
• Security protocols to ensure the integrity of goods or software sold to the USG, directly or indirectly;
• Establishing meetings to discuss business plans that might affect U.S. Government supply or raise national security considerations;
• Ensuring that only authorized vendors supply certain products or services;
• Prior notification to and approval by relevant USG parties in connection with any increase in ownership or rights by the foreign acquirer; and
• Divestiture of all or part of the U.S. business.

CFIUS member agencies also have various procedures to monitor compliance with the mitigation arrangements that companies are subject to, including:

• Periodic reporting to USG agencies by the companies;
• Required reporting to USG of actual or suspected violations;
• Required responses to USG requests for information;
• Regular communication with embedded security and compliance personnel and third party monitors;
• On-site compliance reviews by USG agencies;
• Third-party audits when required by the terms of the mitigation measures; and
• Investigations and remedial actions if anomalies or breaches are discovered or suspected, including the imposition of penalties or unilateral initiation of another review of the covered transaction.

F. Industry Sectors

As in previous years, notices were filed in connection with transactions in a wide variety of sectors, with the bulk of transactions in the Finance, Information, and Services sector and the Manufacturing sector. The notices filed in 2023 were divided among four industry sectors as follows:

Sector	Share of 2023 Notices
Finance, Information, and Services	50%
Manufacturing	29%
Mining, Utilities, and Construction	11%
Wholesale Trade, Retail Trade, and Transportation	10%

For the fifth time in the last six years, the Finance, Information, and Services sector was the sector with the most notices. The share of notices in the Manufacturing sector, which accounted for the plurality of filings until 2016, has held steady since 2021, which was the lowest share of notices in the Manufacturing sector in the last decade. The continued increase in the percentage of notices that fall within the Finance, Information, and Services sector suggests that an acquired company's access to sensitive personal data is an increasingly important factor when parties are deciding whether to file with CFIUS. It may also reflect a general trend of increased deal-making in technology and service sectors.

The Manufacturing subsector with the most notices was again Computer and Electronic Product Manufacturing, at 41% of the notices in the Manufacturing sector, followed by Machinery Manufacturing (19%) and Transportation Equipment Manufacturing (12%). The Finance, Information, and Services subsector with the most notices was again Professional, Scientific, and Technical Services at 46%. Other subsectors with a large number of notices include Telecommunications (7%) and Publishing Industries (17%). The Mining, Utilities, and Construction sector was dominated by the Utilities subsector at 88%. The largest Wholesale Trade, Retail Trade, and Transportation subsector was Support Activities for Transportation (55%) and the second largest was Merchant Wholesalers, Durable Goods (32%).

G. Non-Notified Transactions

The CFIUS Monitoring & Enforcement team was formally created post-FIRRMA and given resources to monitor non-notified transactions and enforce violations of CFIUS rules and agreements. In 2023, CFIUS identified and considered 60 transactions that were not notified to CFIUS. CFIUS became aware of these transactions through interagency referrals, tips from the public, media reports, commercial databases, and congressional notifications. Of those 60 transactions, CFIUS requested that parties file notices for 13 transactions. This is an increase from 2022, when CFIUS identified 84 non-notified transactions but only requested a filing for 11 of them. Additionally, CFIUS issued multiple determinations of non-compliance with mandatory filing requirements, although it did not impose penalties in any of those cases based on the particular facts and circumstances. Accordingly, CFIUS remains active in monitoring for non-notified transactions.

H. Critical Technologies

In 2023, CFIUS found that 153 cases involved acquisitions of U.S. critical technology companies, with acquirers from 34 countries and territories. The countries with the highest number of notices regarding critical technology were as follows:

Country	Number of Acquisitions
Canada	14
United Kingdom	14
Germany	12
Japan	12
South Korea	12

Most cases involved activities in the Computer and Electronic Product Manufacturing (32 transactions), and Professional, Scientific, and Technical Services (32 transactions) sectors, a slight change from 2022 when Machinery Manufacturing accounted for the largest number of critical technology transactions.

As discussed in previous reports, the Annual Report noted that foreign governments are "extremely likely to use a range of collection methods to obtain critical U.S. technologies." As in previous years, the Annual Report also noted that foreign intelligence agencies represent the most "persistent and pervasive cyber intelligence threat tied to economic espionage and the potential theft of U.S. trade secrets and proprietary information."

This communication is for general information only. It is not intended, nor should it be relied upon, as legal advice. In some jurisdictions, this may be considered attorney advertising. Please refer to the firm's data policy page for further information.