On October 20, 2022, the Committee on Foreign Investment in the United States (CFIUS) released its first non-binding Enforcement and Penalty Guidelines (“Guidelines”), providing clarity to parties on how CFIUS approaches violations of the mandatory filing requirements, mitigation agreements, or material misstatements, omissions, or false certifications made to CFIUS.  (For details about CFIUS, transactions subject to CFIUS authority, and the CFIUS process, see the general overview provided in this presentation.)  The Guidelines explain how CFIUS typically uncovers violations, the process by which CFIUS addresses violations with subject parties, and the aggravating and mitigating factors considered when determining penalties. 

Relating to the process by which CFIUS will address violations, the Guidelines provide that CFIUS will take the following “key steps in the penalty process”:

1. Notice of Penalty: CFIUS will send notice to the subject party explaining the conduct to be penalized, penalty to be imposed, the legal basis underlying the violation, and possibly the aggravating/mitigating factors considered by CFIUS.

2. Petition for Reconsideration: The alleged violator may submit a petition for reconsideration to CFIUS within 15 business days of receipt of the penalty notice (with extensions allowed for good cause).

3. Final Decision: CFIUS will issue a final penalty determination within 15 business days of receipt of the petition.

Relating to the final decision, the Guidelines provide aggravating and mitigating factors CFIUS will weigh in determining any penalties. This is crucial because not all violations will result in a penalty.  Therefore, a party’s conduct before, during, and after the violation is highly relevant. The following is a highlight of the key factors.

• Aggravating factors.  The enumerated factors show that CFIUS will more stringently enforce penalties against:

  • Willful or grossly negligent violations;

  • Violations that were concealed, unreported, or delayed in self-reporting; or

  • Violations stemming from lax or insufficient company compliance policies or procedures.

• Mitigating factors.  In general, CFIUS will look at whether the party has:

  • Promptly and voluntarily self-disclosed a violation, cooperated in the investigation, and took appropriate remedial steps.

  • A history of compliance with CFIUS, including having “[p]olicies, training, and procedures in place to prevent the conduct” at issue; or

  • Company-wide (both within and outside the United States) compliance structures and culture.  Although the Guidelines indicate that compliance with all legal obligations will be assessed, CFIUS will likely consider compliance with U.S. export controls and sanctions laws as paramount as these laws are inextricably tied to the national security goals of CFIUS.