When Peloton announced it was under investigation by the Department of Homeland Security, it raised questions about why a consumer products company would fall under the scope of an agency concerned with national threats.
But many companies not typically associated with defense, strategic technology or a similar business sector can face national security scrutiny if they’re trying to raise capital by attracting private investment from a foreign fund or a U.S. fund that includes foreign investors.
In these cases, the regulator isn’t the Department of Homeland Security but the Committee on Foreign Investment in the United States, or CFIUS, which holds sweeping authority to block, wind down or require divestment in deals involving funds outside the U.S. investing in domestic target companies.
“There’s a broad range of businesses that are of interest to CFIUS from a national security perspective,” Hrishikesh Hari, an attorney with Dechert LLP, said in a webcast hosted by the firm.
Target companies with obvious connections to national security issues — those with critical technology or infrastructure, for example — automatically trigger a CFIUS review whenever a foreign fund or U.S. fund with foreign investors wants to make an equity investment, Hari said.
But less obvious companies, including consumer products companies, can fall under CFIUS’s scope if they maintain large amounts of personal data that could be exploited in ways that are harmful to U.S. interests.
Recent high-profile cases include CFIUS ordering a Chinese fund, Beijing Kunlun, to divest its equity interest in the dating app Grindr in 2019 and its role in reviewing ByteDance’s equity interest in TikTok. Even though both ByteDance and TikTok are Chinese companies, the deal came under CFIUS’s scope because of the large amount of personal data generated by the social media site’s U.S. operations. The data issue was integral to the call by former President Trump last year to turn over the U.S. operations to a domestic owner.
“There are … companies that don’t appear sensitive at first glance at all,” Hari said. “But the vast amount of customer data the portfolio company collects can trigger sensitivities.”
Information review
Given investors’ concerns over triggering enforcement action if there are security risks buried in a target company’s business model, funds can be expected to seek information from the target company that would otherwise not fall under typical deal due diligence. That includes information from contracts involving subsidiaries, even small ones.
That kind of information can be hard to obtain, but on the investor side, there’s a pressing need to get it, Clemens York of Dechert said.
“It’s clearly worth going the extra mile,” he said. “Foreign direct investment risks are not always obvious at first glance and we know of many cautionary tales where there’s just not been enough due diligence.”
If the investment fund is U.S.-based but includes a limited partnership that’s from outside the country, the general partner should restrict access to any of the target company’s sensitive data by the foreign limited partners during the due diligence process, Hari said.
The general partner should also restrict veto or other decision-making rights of the foreign partner until the deal gets the all-clear from CFIUS.
That “makes the structure of investments and rights afforded to those limited partners important,” Hari said.
If there’s a rush to get the deal done quickly, it’s possible to get a greenlight under what’s known as a springing CFIUS covenant to proceed with the understanding that actual approval will come later if no violations are found.
“We've … used a springing rights model and that allows transactions to proceed to closing on [the deal’s] preferred timing but also allows the CFIUS review to continue,” said Hari. “At a high level, this approach … allows non-U.S. nationals to receive the economic benefits of their investment during a post-close, pre-forbearance period that suspends the non-U.S. investors’ governance rights until and unless CFIUS approval is received.”
Penalties for violations can be stiff. Not only does CFIUS, and the U.S. president, have leeway to block deals on national security grounds, or require divestiture if it’s an after-the-fact action, financial penalties can be imposed — up to $250,000 or the amount of the investment, whichever is higher.
“These potential penalties create infinite tail risk for transaction parties that don’t have the benefit of safe harbor conferred by CFIUS clearance,” Hari said.