New CFIUS developments: Is it China, data or both? Cogint and Genworth add new data points in understanding stricter CFIUS review process
U.S. technology company Cogint, Inc. (NASDAQ: COGT) announced the termination of its proposed business combination with BlueFocus International Limited after the Committee on Foreign Investment in the United States indicated the committee’s unwillingness to approve the transaction. Although the confidentiality of the CFIUS review process prohibits drawing definitive conclusions about the committee’s decision, its unwillingness to approve the transaction comports with its recent skepticism of transactions involving Chinese acquirers of companies possessing sensitive data of U.S. persons, including Social Security Numbers, health, and bank account information.
Cogint’s business model, which includes utilizing its “leading-edge, proprietary technology and…massive data repository” to “empower clients across markets and industries to better execute all aspects of their businesses,” appears to embody the committee’s concerns regarding foreign acquirers of U.S. technology companies with “massive data [repositories]” of sensitive information regarding U.S. persons. In announcing the termination of the BlueFocus transaction, Cogint appeared to indicate the identity of the buyer, as a Chinese-backed company, was responsible for the lack of approval. However, it is unclear whether the companies attempted to mitigate the committee’s concerns.
In what may prove to be a major mitigation test case for future CFIUS filers, Genworth Financial, Inc. (NASDAQ: GNW) and China Oceanwide Holdings Group Co., Ltd. recently re-filed their joint voluntary notice with CFIUS following months of reluctance by the committee to approve the transaction. A securities filing by Genworth notes the companies are proposing the use of a U.S.-based third-party service provider to mitigate the risk to data security as part of the re-filed notice.
While Genworth and Oceanwide hope this revised plan involving the third-party service provider assuages the committee’s concerns, this case may provide guidance for future filers regarding whether data or China is CFIUS’s foremost concern. A plan involving a U.S.-based third-party service provider, if properly implemented, should address committee concerns regarding data. Thus, if CFIUS indicates its continued unwillingness to approve the transaction following this latest refiling, it is likely CFIUS is indicating one of the following: (1) it does not believe the plan adequately protects the data (i.e. that Oceanwide will still gain control of the information); (2) the committee’s concern is primarily the adverse interests, in this case Chinese parties, not data; (3) the committee is generally skeptical of the efficacy of third-party service providers protecting data of this kind from the acquirer.
Without knowing the details of the plan proposed to CFIUS, it is impossible to draw conclusions regarding its viability. However, given the resources of the companies involved in the transaction, it is not unreasonable to assume the plan has been thoroughly vetted. If the committee’s primary concern is the acquiring party, not the data, even the best plan would not pass muster. However, continued reluctance to approve the transaction may simply indicate the committee is unable to agree third-party service providers can mitigate its data-related concerns on a go-forward basis. Nonetheless, the committee’s decision on the Genworth-Oceanwide re-filed application will provide valuable insight into the committee’s decision-making process for future filers.