On November 18, 2024, the Department of the Treasury (Treasury), as Chair of the interagency Committee on Foreign Investment in the United States (CFIUS), issued a final rule to enhance certain CFIUS procedures and sharpen its penalty and enforcement authorities. It revises certain provisions of the CFIUS regulations, 31 C.F.R. Parts 800 and 802, pertaining to penalties for (i) violations of statutory or regulatory provisions or agreements, conditions, or orders issued pursuant thereto; (ii) negotiation of mitigation agreements; (iii) requests for information by CFIUS; and, (iv) certain other procedures.

The final rule is the first substantive update to the monitoring and enforcement provisions of the CFIUS regulations since 2018, and follows a proposed rule issued in April 2024. See Thompson Hine Update of April 16, 2014. This final rule will become effective 30 days after publication in the Federal Register.

After seeking public comment, this final rule only made one revision to text of the proposed rule. Regarding the time frame for responding to proposed mitigation terms when the parties are presented with CFIUS mitigation proposals, the final rule no longer contains a three-day time frame for responding to mitigation proposals as a default rule. Instead, it provides that the CFIUS “Staff Chairperson may impose a time frame of no fewer than three business days for the party or parties to provide a substantive response to proposed risk mitigation terms, including revisions to such terms” on a discretionary basis in consideration of certain factors. This change from the proposed rule was made in consideration of the public comments indicating potential challenges in negotiating effective mitigation terms that a U.S. business can agree to and operationalize within a three-day time frame. This less specific language is intended to allow for sufficient time for consideration and negotiation, while also recognizing mandatory deadlines embedded in relevant CFIUS statutes.

Overall, the final rule enhances CFIUS’s authorities through the following key changes:

  • Expanding the types of information CFIUS can require transaction parties and other persons to submit when engaging with them on transactions that were not filed with CFIUS;
  • Allowing the CFIUS Staff Chairperson to set, as appropriate, a timeline for transaction parties to respond to risk mitigation proposals for matters under active review to assist CFIUS in concluding its reviews and investigations within the time frame required by statute;
  • Expanding the circumstances in which a civil monetary penalty may be imposed due to a party’s material misstatement and omission, including when the material misstatement or omission occurs outside a review or investigation of a transaction and when it occurs in the context of CFIUS’s monitoring and compliance functions;
  • Substantially increasing the maximum civil monetary penalty available for violations of obligations under the CFIUS statute and regulations, as well as agreements, orders, and conditions authorized by the statute and regulations, and introducing a new method for determining the maximum possible penalty for a breach of a mitigation agreement, condition, or order imposed;
  • Expanding the instances in which CFIUS may use its subpoena authority, including in connection with assessing national security risk associated with non-notified transactions; and
  • Extending the time frame for submission of a petition for reconsideration of a penalty to CFIUS and the number of days for CFIUS to respond to such a petition.

Parties should note that the final rule retains earlier language that increases the civil monetary penalty for any material misstatement or omission from $250,000 per violation to a maximum penalty of $5 million per violation or, for certain provisions of the regulations, the greater of $5 million or the value of the transaction. In assessing compliance and whether to bring an enforcement action in a particular case, CFIUS will continue to evaluate the facts and circumstances surrounding the conduct, including the aggravating and mitigating factors described in the CFIUS Enforcement and Penalty Guidelines.