The Committee on Foreign Investment in the United States (CFIUS)* recently cleared several investments and acquisitions involving foreign actors, giving businesses a small glimpse into which investment characteristics the interagency committee may be favoring in its clearance process.

With last year’s passage of the Foreign Investment Risk Review Modernization Act (FIRRMA), the scope of CFIUS’s oversight has expanded and the committee has become more frequently involved in acquisitions and investments by foreign actors. Earlier this year, CFIUS flexed its new muscles by forcing foreign investors to divest from Grindr and PatientsLikeMe. These actions illustrated a firm commitment by CFIUS to police investments involving certain countries and fields of business.

More specifically, CFIUS’s forced divestments of Grindr and PatientsLikeMe evidence a strong concern by the committee towards Chinese investment, particularly in business fields where sensitive personal data is involved.

This concern aligns with FIRRMA’s expansion of CFIUS’s jurisdiction, as the committee now oversees foreign investment in a number of new industries including data privacy and critical technologies (including semiconductors, robotics, and artificial intelligence). CFIUS prioritizes critical infrastructure as well, which includes fields such as transportation, healthcare, and financial services.

In its recent decisions, CFIUS has continued to follow the observed trend of criticism towards Chinese investment. On October 10, 2018, CFIUS cleared the partial acquisition of the US-based data security firm Micro Focus International by Ultimaco, a German cybersecurity firm. Micro Focus divested its Atalla Hardware Security Module (HSM) and Enterprise Secure Key Manager (ESKM) product lines to the German firm, which has also been active in the HSM market for 20 years.

Despite CFIUS’s skepticism towards any foreign investment involving data security and sensitive information, the committee opted to clear the Ultimaco transaction, marking a stark departure from the forced unwinding of Grindr and PatientsLikeMe. The approval showed that, although foreign investment related to sensitive data will be scrutinized, it will not always be disallowed. The German firm’s clearance, when viewed in contrast to the Grindr and PatientsLikeMe decisions, strongly suggests that CFIUS has specifically taken a stand against Chinese investment in the field.

On July 6, 2019, CFIUS issued another clearance that further supports this notion. SoftBank, a Japanese conglomerate, received approval for its $2.25 billion investment in Cruise, a GM-backed autonomous vehicle startup.

According to two people close to the deal, CFIUS approval did not always appear certain, as the interagency committee scrutinized the investment closely. Red flags arose due to SoftBank’s investment and ongoing involvement with various Chinese companies including ride-hailing firm Didi. According to this source, the committee feared that Didi could appropriate vital technology from Cruise through SoftBank.

CFIUS only approved the investment after SoftBank assured that Cruise’s technology would not leave the US and would be completely off limits to the Japanese conglomerate.

The SoftBank deal once again illuminated CFIUS’s critical view of investments involving Chinese firms. Although SoftBank itself was not a Chinese entity, its Chinese connections apparently delayed the committee’s approval of the investment until the conglomerate offered substantial limitations on the accessibility of Cruise’s technology.

While CFIUS’s clearances of the Ultimaco and SoftBank transactions reveal its hesitation towards Chinese involvement in foreign investment, the committee has also shown that Chinese involvement is not dispositive in their review. CFIUS made this readily apparent in its April 2019 approval of China-based Huatai Securities’ indirect acquisition of Global Financial Private Capital, a United States-based firm.

AssetMark Financial Holdings, an American subsidiary of Huatai specializing in wealth management and financial technology, paid $35.9 million to acquire GFPC, another American wealth management company.

The approval further sheds light on which investments CFIUS considers national security concerns – while Huatai is a Chinese investor and subject to heightened scrutiny, the practice of wealth management was not one that CFIUS deemed to be too “sensitive” to allow investment in.

Taken together with the Ultimaco and SoftBank approvals, the Huatai clearance narrows the apparent disapproval of CFIUS down to any Chinese investment in business sectors specifically involved with sensitive data.

Looking forward, U.S. companies involved with foreign investors should be ready to face substantial CFIUS criticism when their business involves sensitive data or the investor is connected to China.

Companies hoping to secure investments that share both of these characteristics should be prepared to assure CFIUS that any critical information will be kept within the United States, in line with SoftBank’s guarantees. Without the imposition of such conditions, investments may suffer the same fate as those in Grindr and PatientsLikeMe.

*CFIUS serves the President by overseeing the national security implications of foreign direct investment. For more information regarding CFIUS’s general operation, click here.