Dept. of Treasury Dives into Foreign Investments, Security and Capital Flowing into the U.S.
8:58PM Sep 20, 2023
Speakers:
Jacquelyn Melinek
Paul Rosen
Keywords:
investors
transaction
risk
foreign investment
national security
startups
investment
foreign
understand
technology
issue
jurisdiction
founders
business
review
concerned
data
committee
filings
person
So as Alex mentioned, Paul Rosen is the Assistant Secretary of Treasury for investment security for the US government. He also leads all operations and activities that can add on foreign investment in the US, also known as CFIUS. We'll be saying that term a lot during this panel, I imagine. He oversees reviews for hundreds of filings each year, which could amount to hundreds of billions of dollars in investment activity. So I feel like I just said a lot, Paul to start. For those who don't know anything about this. What is Cepheus? Really, and why should they care?
Well, thanks for having me here. It's great to chat about these issues and talk to this group of investors and founders. So the Committee on Foreign investment in the United States is charged by Congress with reviewing certain foreign investment coming into the United States for national security risks. Our mission is national security. And what we're focused on doing is understanding what investors or what individuals or entities are buying US businesses and getting control or having certain influence and what is the risk based on what that US business does, based on critical technology based on certain contracts with the United States government and the like. And so we assess that and we have the power that's granted to the president to address that risk, and that risk can be addressed by requiring that an investment go through but subject to certain terms and conditions. Or we may decide that the investment poses too grave a risk to national security and say we have to get that investor out or some other outcome. Okay, and
how does that kind of vary between startups domestically and then startups outside of the US when it comes to working with the committee? Do you kind of approach them the same or differently or how do they approach you?
So our jurisdiction is tied to foreign investment into US businesses, and that is sort of the core of what we are doing. So there there are complicating fact patterns, of course, but we look at our jurisdiction is tied to that is tied to specific transactions. And we look at the risk arising out of a specific investment or transaction that could yield foreign control or non control in certain circumstances. And so it's not as black and white as we only look at US businesses. Because so many companies, whether they're investors or businesses are interconnected, but that's the primary mission.
Okay, and let's say I am starting a startup, but I am not American. I am but for the story, and I'm based in the US but I'm getting investments in the US. Does it matter that I'm not American.
So what we are focused on from a from a sort of nationality perspective is the jurisdiction is tied to the foreign investment, the foreign person, different factors may go into the risk analysis, but really, it's that foreign person, foreign investment, US business.
Okay. And then what has been the focus for national security and national economic power for the committee in the recent months?
Well, it's evolved, but the core so in our mandate, national security isn't specifically defined because in many ways, it's an evolving concept. So, for example, think about data and sensitive personal information, for example, and how data is ubiquitous these days and whatever the kind of companies that are being developed, there is a huge reliance on data. And one of the things that we think about is, well, what is the risk to national security if troves of data whether it's personal information, whether it's data around IP or others get into the wrong hands, and this concept of data is one that has gotten a lot of attention lately, for example, rightfully so.
Have these two themes kind of shifted since you took office back in May? 2022. Right, that's correct, right.
It's, it's as we look at technological development, I mean, data has been evolving as an issue for example, but so are various critical technologies. Take AI for example, right? AI is an area that is red hot right now. Industry founders, others are racing to that space government is trying to figure out how to promote the advancement of AI in a safe, responsible way. We want you know, we want founders and technologies to continue to grow and develop and disrupt while minimizing and eliminating sort of some of those national security risks.
And for the topic of AI, I've just got to ask out of all the filings you reviewed, do you feel like that is something that you're getting more and more of or is it kind of even across sectors
what I would say is the, the technologies that we're looking at are becoming more sophisticated, they're becoming more advanced on multiple levels, whether it's AI or other critical technologies, and we as a committee have to get our arms around that and that's one of the things that we spend a lot of time doing when we're talking to founders, investors, US businesses, to make sure we understand the technology and how unique is the technology? Is it state of the art? For example, is it commercially available? On the other hand, does it have multiple uses? Does it have some sort of commercial use, but it also has a military application and so we spend a lot of time unpacking increasingly sophisticated technologies.
Okay. That makes sense to me. So shifting a little bit to more startup startup advice, we obviously have a lot of startups here at disrupt, what should startups do to ensure that they're not going to end up under scrutiny, whether it's through your committee or another avenue?
Well, so I come to this, obviously, from a government regulatory perspective, and as a general matter I am a proponent of early stage investors thinking about issue spotting around these issues. We understand that so often it's a race to tomorrow in the startup world, and there are issues around funding for survival. And the light. But as companies grow and develop, thinking about regulatory issues like these early on, can be beneficial. So what do you mean for example, so raising money, understanding who you're raising money from? who the investors are? Who the investors, investors are understanding the kinds of REITs that are going to go with some of these investments? What kind of access to information, what kind of board rights are there? Those are the kinds of things that we look at when we're trying to figure out in a Connection with a transaction. Here's the sort of sensitive us technology that we're concerned going to, you know, a foreign adversary or foreign person that we're concerned about, what is the likelihood through access for example, or otherwise that's going to happen and understanding these kinds of considerations early on. I think it's important component of what early stage companies should start thinking about,
Okay. What do you do towards investors who don't disclose where they got their capital from?
Well, fortunately, we have tools and the ability to get that information. Okay. So even if they don't tell you as, as as a government regulator, we've got we've got various tools that we can use. The other piece of it is if we decide that there's a transaction that we need to look at. It needs to get through the process. We have to deal with it. And so the the parties are incentivized to work with us because they too want to get through that.
But if it's not intentional, like that they happen to be working with people that may not be the best actors and they didn't know it, but I guess maybe it does fall under them.
We we try to use a scalpel. Not a sledgehammer, right. So we try to we look at the transaction. And if it's intentional or not, that that sort of, to some degree irrelevant that the risk then asks about the necessary risk when it's an asset when there's an asset at risk. We have to deal with it. And so we work with the companies to try to deal with it in a way that is tailored to the issue that we're trying to address. So stated another way if we identify a risk, we don't say this deal has to go away immediately or this investor has to get out. We try to carefully craft conditions that would address that risk, because our mandate is, of course national security but in the context of attracting foreign direct investment, helping companies early stage and otherwise succeed, be successful, raise money, and so that's why we spent a lot of time and resources trying to get it right.
And so just to make sure I'm understanding that do investors also then bear the risk for let's say, dodgy LPS as well?
Like, like any good lawyer or government regulator, it depends. So it's, it's a very fact intensive process. Ultimately, what we're focused on whether you call them an LP, whether you call them passive or whatnot, is what is the US business doing? Are we worried about a certain actor getting access or control to whatever the US business has sensitive personal information, critical technology? And so in that question about figuring out what is their access is their ability to influence we look at and that's why I sort of go back to this issue around rights we look at, well, this LP What rights does the limited partner have? What access does a limited partner have? How likely is it that the limited partner is going to get the tech or otherwise that we're concerned about?
Okay, that makes sense going off of that. I feel like a lot of people are struggling to raise right now we've been in a somewhat macro economic. I'm trying to think of the correct word maybe issues or maybe not the best situations to be in but what would be your advice to startups who are looking at foreign capital flow?
So we I understand that the these companies founders, many in this audience, either raise money and you know, frankly, are looking at issues of survival. And so I think there are ways to raise money, but raise money smartly, and sort of thinking about raising money in a know your investor context. And so, if you have had the ability to raise money from person or entity a versus person or entity B and all things being equal, conduct some degree of due diligence to understand what geopolitical issues may be present and what what may present risk in the future but we want we want that those raises to happen. We just want them to be happen. smartly and in a way that due diligence makes it you know, potentially as safe as possible.
Okay. And does this advice and kind of narrative shift between administrations or it stays the same?
The Committee on Foreign investment in the United States is made up of nine federal agencies, many of which are built out with career staff that transcend administrations that are the staff that are reviewing these transactions. So the core career staff say the same people like me come and go, and priorities also change. But by and large, you see a pretty linear evolution of the committee. There's a lot of consensus around issues of risk, what is risk what is not and so I do expect a large degree of continuity because you have that career staff, and because there's a lot of alignment around national security risk.
Okay. I feel like we talked a lot about risk. So I do want to get into that with you. What are some risks that you're looking at when it comes to foreign startups and investments? That maybe people in the audience should be aware of as well?
So some examples we talked a little bit about some of the examples of the type of risk but you could have a critical technology that is cutting edge, and a foreign person or business getting a controlling stake in in the business and there therein lies the risk of a technology transfer to a place we don't want it to go. For example, there could be contracts with the United States government, where there's the provision of services or, or or product that is critical to the United States government and we want that to continue and we wouldn't want shutting that off. It could be a critical supply chain issue that the US businesses involved in and we wouldn't want a foreign person with with Mal intent to cut things off. So there are a range of the types of risks that we try to address. And part of the reason we don't make categorical determinations is because we want to and by law need to look at every case, under the facts and circumstances presented because they differ it's never the same outcome. It's never the same formula.
Have these rows kind of stayed the same throughout the past like quarters and years, even prior to you taking the position? Or is it something that's like kind of constantly involving like we were talking about before? A little
both. So there's traditional risks and we've talked about critical technology a lot. There's the sort of traditional risks that are out there. There may be you know, traditional risk in this space could be a a foreign government actor getting control of a critical US government supplier, for example. But you know, I'll go back to this issue around data data is an area that is evolving as a risk and data cannon is being weapon weaponized by our adversaries for things like espionage for things like tracking and monitoring and others. And so when we think about big troves of personal data for example, we are thinking about that risk differently than we did 10 years ago. Okay,
that makes sense. We're opening up audience questions as well. So if you have any, feel free to go up to the microphones and see him over there. And we will get to you after this next question that I have so Yeah, feel free to get in line but otherwise, go after that topic of risk. Do you think the economic conditions kind of play a role in that, like if we're in a better economy, is the risk factor lower or if we're in a worse one? A tire?
We have the benefit, excuse me, tethering our mission to national security. And so when we think about risk, we are always anchored in what is the national security consequence of the transaction that we're looking at and so in every case, no matter the economic environment, what we're looking at is, what is the threat posed by the foreign acquirer, whether it's an investor or an entity that's buying a controlling stake? What do we know about that foreign person? What do we know? About the commercial relationships? What do we know about the laws and where they operate? What is their history of compliance with laws? And then again, going to that US business? What do we know about what's been acquired? How concerned are we about that? And putting those together? How worried are we ie what is the consequences national security, if that foreign actor gets control of that US business? And so no matter the economic environment, that's the analysis that we go through. And that's also why it really comes down to a fact intensive case by case review.
Okay. Cool. That makes sense. All right. It seems like we have some people lined up. So if you want to start on the left, and your
thank you for being here. Appreciate your time. I have two questions, if I may. The first is what do you think about different industries Defense, Space biotechnology, some are very clearly have very clear national security implications. For example, space and defense. Others are maybe more ancillary than than the Affer mentioned ones. How do you think about national security consequences across industries, especially as you move away from defense and aerospace?
So it's a good question, and I'm glad I just talked about this case by case analysis. We leverage the expertise across the federal government our nine permanent agencies, but also non permanent members to look at every transaction that we review, and try to understand what is the risk by looking for example, in the biotech biotech space, we have biotech experts across the government to assess what is the technology, what are the capabilities of this technology? What is it able to do, so that we can get a full picture of, okay, well, if this foreign person that we may or may not be concerned of can can get this technology or get control over that? What is the consequence right and so it's not it's not just as you point out defense or aerospace, it's a broader set of concerns. But no matter the industry, we're always gonna be tethered to what sort of a national security consequence, which we take a very diligent and robust approach on in that we do deep analysis to make sure that we are very specific about a risk that we're concerned about and not generalize and say, Oh, this might be XYZ, we get very, very specific. You had a second question?
Yeah. Second question was, has there been an increase in the seventh sensitivity of non US ownership of allied countries in the past and going forwards? We anticipate an increase in sensitivity of ownership or minority or control. You said of allied countries? Yes. Folks like European Union, Japan, Korea.
Us. So, you know, I get to I get to sort of keep going back to this case by case factor analysis. And the reason it's important there is that no, no set of circumstances or transactions the same. So for example, you could have a purchaser or an investor from an allied country, but that investor, separate and apart from what's domiciled, may have a bunch of relationships that may be of concern or maybe doing business with people or places of concern. And so it's a very holistic approach, and not just about where's investor coming from.
Thank you. Thanks. You'd like to go
next? Yes, and this might tag on to what you just spoke about. Paul. First off, thank you for having this. We are in the middle of our second round. And Lulu waters with flexible and we will at some point be pursuing government contracts. However, we do have a Saudi investor as a potential investor and we are looking at this very line of thought they're speaking about and I'm curious, does that automatically prohibit us from government contracts or is it still a case by case scenario with that?
So I don't, I'll stay away from sort of the government contracting rules which are outside but what I can say is, there's no litmus test what we do, and there's also you know, what we do is not country specific. It is based on the totality of the circumstances and the facts and circumstances around each transaction. And so, we may have an investor hypothetically that we are concerned about that we see, but they may be invested in something that we don't really care about is commercially available is open source is run of the mill for example. Conversely, we may have an investor that we have low but some concern about what the tech is super cutting edge is state of the art has these Jura try use capabilities and so we look at both sides of that equation. But the short answer is there's no categorical in or out determination. We look at the details of each transaction and I will say that's why sometimes our reviews do take time. We want to be efficient we want to move quickly. We understand the business realities, we try to be responsive to those realities. But the the benefit or downside of a detailed case by case review, is that we really do kick the tires, and it's sometimes that takes time
on that, so would you be able to point me to a resource where I could find out that fine line answer on government contracts for us just as we go into our decision making for this round.
I'm happy to give that some thought. I don't have any answer for you right now.
Great. Thank you so much. I sent you a Connection request on the app. Thank you guys.
Oh, networker, feel free to go.
Secure ask the question, actually. So when you're looking at investments, how often is there a risk of somebody disguising and maybe hiding their intentions? And is there a particular like vector through which this might most often happen?
So can you just repeat the last part?
Yeah, like is there maybe a hidden body behind some investment? Is that a risk that you're having to assess for when you're looking at these?
So one of the things a question hits on is ultimate beneficial ownership. Right. And so companies registered in this country or this jurisdiction, but the actual investors are really located there. That's an issue that we fully get behind when we look at these transactions. And so it's it's difficult to hide ultimate beneficial ownership when we're we because because we probe documents, we probe investment documents. We also have databases, commercial and non commercial as well as intelligence sources to help us do our assessments. And so I think one of the core responsibilities of what we need to do is actually really figure out who these investors are. What do we know about these investors sort of the who, what, where, when, and why about these investors? And that's a piece that I'm hopeful that founders and early stage companies can just start thinking about sort of similar to some of the some of the questions we got in terms of doing your best from a diligence perspective, in terms of what's reasonable to do some of that work before and at the time you are considering a particular investment and what rights an investor may have.
Makes sense. Is there any time that somebody's managed to slip through the cracks? That comes to mind?
Can you repeat that again? It's Sorry,
I'll get a little closer. Is there any instance where you have had kind of a miss on who the ultimate beneficial owners are like How did they manage to get through the cracks? Is there such an example?
Well, I have the benefit of not getting into particular cases. But I can say that on top of our due diligence work and trying to figure out, you know, who's behind what, and what's the tech involved. We've got a pretty strong monitoring compliance and enforcement program with pretty significant penalties that we can lobby and so we, we have some tools to deal with those situations if and when they arise.
Thank you.
Thank you. And then if you'd like to go, my question actually sort of ties into the last point he was bringing up. So with the speed that international relations can kind of shift like for instance, the UK dissolving Roman Abramovich has ownership of Chelsea Football Club. If there was some catalyst event that caused a shift in our relations with another country after they had already gone through with the purchase of an American organization. How would you guys deal with that? Would it be able to like dissolve the deal itself? Or would you just go with more penalty focused?
thoughtful question, I think it depends on what stage the transaction is at. It depends if we have jurisdiction over the transaction, it depends on whether we looked at transaction so taking a step back Cepheus is largely a voluntary filing process. You mostly are not required to file with Cepheus except in a narrow set of cases. The big buck there is that we have the authority to go back in time 510 15 years and look at a deal based on a current risk assessment if you didn't come to Cepheus and get a sort of Safe Harbor letter. So if you come and fire with us, if there's jurisdiction, you can get a letter basically of Safe Harbor that says we're gonna come back and look at transaction again. But if you don't, we can open it up. And if we open it up, and there was an investment 10 years ago, we're looking at the current risk landscape as it is today. So that's why I say it depends. Was there jurisdiction, what kind of jurisdiction when was it reviewed? So much appreciate it the question. Yeah,
thank you. I think to wrap things up, Paul, I would love if you could just kind of summarize in the best way possible. Advice for startups. I think. It is pretty complicated. And I think we tried to do a good job of breaking it down block by block and everything. But when it comes to startups engaging with Cepheus and foreign investments, what would be like maybe two to three pieces that you would want this audience to take away?
Three things let's do it. One is we want innovation. We want disruptive technologies. We want companies like yours to keep doing what they're doing to is no your investor. We've talked about that. Take a degree of you know, understanding about who you're raising money from. Three is know your tech What are you developing, what are its capabilities? What are what are they today, what might they be tomorrow, understand sort of the full scope of what and the potential of what you're developing. So I think those would be my three key takeaways, putting those together. And I think from our perspective, balancing those out, doing some degree of issue spotting, understanding the regulatory landscape, you know, coming out of DC and elsewhere, is important, so that decisions made today aren't necessarily likely to be so painful down the road.
Thank you, Paul, for taking the time to talk today. And thank you to the audience for listening in. And for those of you who ask questions, appreciate it.