May 10, 2024

Treasury Department Issues Proposed Rule to Enhance CFIUS Procedures, Enforcement Authorities

Holland & Knight Alert
Antonia I. Tzinova | Robert A. Friedman | Andrew K. McAllister | Ronald A. Oleynik | Jacob Marco | Ronnie Rosen Zvi


  • In the first update since the enactment of FIRRMA, the U.S. Treasury Department proposed an increase of maximum penalties from $250,000 to $5 million per violation.
  • Although the proposed rule does not expand the scope of transactions subject to CFIUS jurisdiction or filing requirements, it includes several changes that will enhance CFIUS' identification and resolution of national security risks.
  • Those in the industry should be aware of CFIUS' increased focus on monitoring and enforcement, particularly with regard to non-notified transactions and mitigation agreements.

Almost six years after the enactment of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), the U.S. Department of the Treasury, as chair of the Committee on Foreign Investment in the United States (CFIUS), issued a Notice of Proposed Rulemaking (Proposed Rule) on April 15, 2024, to enhance CFIUS enforcement authorities and procedures, as well as increase penalties for violating CFIUS regulations or mitigation agreements. The Proposed Rule amends certain CFIUS regulations provisions pertaining to penalties, requests for information, negotiation of mitigation agreements and other procedures relating to foreign investments in U.S. businesses. Broadly, the issuance of the Proposed Rule, along with comments by Assistant Secretary of the Treasury for Investment Security Paul Rosen, signals a potentially more adversarial approach by CFIUS to certain transactions.

Businesses and investors have until May 15, 2024, to submit comments on the Proposed Rule.


CFIUS is an executive interagency committee of the U.S. government, authorized to review the national security implications of foreign control and certain noncontrolling investments in U.S. businesses, as well as certain real estate transactions involving foreign persons. When CFIUS identifies a national security risk arising from a transaction, it may impose conditions to mitigate the risk or recommend that the U.S. president prohibit the transaction. CFIUS is authorized to enforce these mitigation or national security agreements through various means, as well as impose monetary penalties and other remedies to address violations.

The Proposed Rule amends existing CFIUS regulations that implemented FIRRMA to strengthen CFIUS oversight and enforcement procedures. (See Holland & Knight's previous alert, "New CFIUS Regulations Finally Take Effect," Feb. 13, 2020.). The proposed amendments can be grouped in three categories: 1) requests for information in non-notified transactions for compliance monitoring and for determining whether a violation has occurred; 2) introducing a time frame for responding to proposed mitigation terms and 3) increased civil monetary penalties within the FIRRMA authority.

Changes Under the Proposed Rule

Assistant Secretary Rosen recently addressed CFIUS practitioners referencing the Proposed Rule and framing it as a response to "specific gaps" CFIUS has encountered in enforcement matters in recent years. It is important to emphasize that the Proposed Rule does not expand CFIUS jurisdiction as defined in FIRRMA; rather, it amends existing CFIUS regulations that implement FIRRMA. Thus, the Proposed Rule enhances CFIUS procedures within FIRRMA limits, as well as the authority delegated to the president by other provisions of the Defense Production Act of 1950 (DPA).

Requests for Information

Current CFIUS regulations provide that the committee may request information from parties to a so-called "non-notified transaction" to the committee to determine whether the transaction is a covered transaction (i.e., within CFIUS' review jurisdiction). However, the regulations do not specifically address other types of information requests (for example, information that would enable CFIUS to determine whether the transaction is subject to a mandatory filing or whether the transaction raises national security considerations). The Proposed Rule expressly provides that CFIUS may request such information and requires parties and other persons to respond to such requests. As required by the DPA, these amendments would define the scope and purpose of the investigation, inspection or inquiry to be made by CFIUS so as to allow CFIUS to obtain relevant information.

The Proposed Rule would also require parties to provide information necessary for CFIUS to monitor compliance or enforce the terms of a mitigation agreement, order or condition, as well as in cases where CFIUS seeks information to determine whether the parties or other persons had made a material misstatement or omitted material information during the course of a previously concluded review. Current regulations allow CFIUS to request such information but do not include an obligation for the parties or other persons to respond (nor a time frame within which to respond).

In addition, the Proposed Rule clarifies CFIUS' subpoena authority to obtain such information when deemed appropriate. To subpoena such information, CFIUS would have to first determine the scope and purpose of the investigation, as well as obtain assurance that no adequate and authoritative data is available from any federal or other responsible agency.

One concern with the Proposed Rule is CFIUS' ability to request information from persons other than the transaction parties, including to subpoena them. As used in the Proposed Rule, "other person" appears overly broad and does not include any knowledge or other qualifier.

Establishment of a Time Frame for Responding to Mitigation Terms and Agreements

In line with its national security mandate, CFIUS is authorized to negotiate and enter into agreements with transaction parties in order to mitigate any national security risk resulting from a covered transaction. While the current regulations grant parties to a transaction three business days to respond to CFIUS information requests related to the review of the transaction, there is no similar time limit regarding responses by parties to proposed mitigation terms and agreements.

The Proposed Rule would require parties to respond to proposed mitigation terms within three business days (this applies to both initial and subsequent proposals or revisions), unless the parties are granted a longer time frame upon request. Although Assistant Secretary Rosen has expressed concerns that parties sometimes take "far too long" to respond to proposed mitigation terms, the proposed three business days does not seem to take into account that such mitigation needs to be socialized with various stakeholders within the mitigated company, in addition to the foreign investor, to ensure that they can be complied with – often over multiple different time zones. While the Proposed Rule seemingly provides for extensions, it appears to impose an unreasonable limitation on the parties' ability to negotiate a meaningful mitigation agreement. Businesses negotiating such terms with CFIUS may find it difficult to provide substantive responses to proposed agreements within this time period.1 Companies are encouraged to take advantage of the comment period and raise this concern with CFIUS.

Increased Maximum Penalties

Finally, the Proposed Rule increases the maximum civil monetary penalty for violations, in addition to expanding the scope of circumstances in which penalties may be imposed.

Under the current regulations, CFIUS is authorized to assess monetary penalties under three specified circumstances: 1) a material misstatement or omission, or the making of a false certification in the submission of a declaration or notice, 2) noncompliance with mandatory CFIUS filing requirements and 3) violation of orders, material provisions of mitigation agreements or material conditions imposed by CFIUS. In each case, the amount of the imposed penalties is based on the nature of the violation and could not exceed the greater of $250,000 or the value of the transaction.

The Proposed Rule modifies these provisions significantly by increasing the amount of maximum penalties from $250,000 to $5 million per violation, as well as introducing additional situations in which CFIUS may impose penalties. The Proposed Rule authorizes penalties in cases of material misstatements or omissions in responses to CFIUS information requests related to non-notified transactions, as well as in cases of material misstatements or omissions relating to compliance with mitigation terms and information requests in other contexts such as agency notices.

CFIUS' stated rationale for this increase is the inadequacy of the current maximum penalty in sufficiently deterring and punishing violations, especially considering that over the past decade, the median value of covered transactions filed with CFIUS was significantly higher than the maximum penalty limit – with numerous transactions valued in the billions. That being said, the Treasury Department is inviting comments on the potential impacts of this rule on small entities.

Although the Proposed Rule's amendments refer to the maximum penalty that may be imposed for violations, it is important to note that CFIUS retains discretion to determine the appropriate penalty in each individual case, considering the particular circumstances of the case, as well as any aggravating or mitigating factors as detailed in the CFIUS Enforcement and Penalty Guidelines. Although relatively few penalties have thus far been made public, this area continues to be monitored to gauge the approach CFIUS will take in assessing penalties.

Additionally, the Proposed Rule extends the time frames for submitting petitions for reconsideration of penalties from 15 business days to 20 business days. Accordingly, the Proposed Rule extends CFIUS' time frame to assess petitions and issue final penalty determinations to 20 business days.


The Proposed Rule issued by the Treasury Department is expected to enhance CFIUS oversight and enforcement procedures in various ways. Namely, the Proposed Rule would expand the types of information to which CFIUS can require a response, institute timelines for transaction parties to respond to risk mitigation proposals, increase the penalty amount and broaden the scope of circumstances under which civil monetary penalties may be imposed. Markedly, the Proposed Rule introduces a substantial increase in the maximum civil monetary penalties for violations of obligations.

Businesses are advised to closely monitor the development and implementation of the Proposed Rule, assess its impact on transactional activities and adopt compliance strategies accordingly. Businesses should also prepare for a potentially heightened degree of scrutiny and a more adversarial posture from CFIUS than in recent years. By proactively engaging with regulatory authorities, responding promptly to information requests and prioritizing risk assessment, businesses can navigate the evolving regulatory landscape while safeguarding national security interests and economic growth. Any persons and businesses that may be affected by the Proposed Rule are urged to submit comments as part of the rulemaking process.

For more information on the implications of this Proposed Rule or assistance with complying with CFIUS regulations, please contact the authors or another member of Holland & Knight's International Trade Group.


1 One of the two substantive comments submitted by industry to date is to the same effect.

Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem, and it should not be substituted for legal advice, which relies on a specific factual analysis. Moreover, the laws of each jurisdiction are different and are constantly changing. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. If you have specific questions regarding a particular fact situation, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.

Related Insights