Did ‘Silicon Valley’ Get CFIUS Right? Can It Really Ruin Everything?

While CFIUS can’t stop a U.S. company from relocating overseas just because the committee decides that some dating data is a national security risk, companies should be aware of CFIUS’ powers so they don’t get caught having a classic Gavin Belson meltdown at the 11th hour.

In the final season of HBO’s tech-focused comedy series, “Silicon Valley,” the show brought to light a little-known but long-standing government committee with the ability to control, and even block, foreign investment in the United States.

In Season 6, fictional mega-corporation Hooli’s CEO, Gavin Belson, suffers major disappointment when he finds out the U.S. government is blocking his latest Hail Mary cost-cutting scheme. In the show, Belson goes on a tirade when a mysterious committee called the Committee on Foreign Investment in the United States, or CFIUS, puts the quash on his plans to move the company to the country of Georgia due to national security concerns based on a U.S. general’s use of a Hooli app that helps U.S. military personnel find illicit romantic encounters abroad. Is this for real? Can CFIUS really stop U.S. companies from activities like relocating?

Spoiler alert: not exactly. While the government can stop you from sending technology overseas (that’s a story for another article), CFIUS can’t stop a U.S. company from relocating overseas just because the committee decides that some dating data is a national security risk. But CFIUS does have the power to affect other major business decisions. And companies should be aware of CFIUS’ powers so they don’t get caught having a classic Gavin Belson meltdown at the 11th hour.

The breakup of the $245 million Grindr acquisition mentioned in the show was very real, and CFIUS’ scrutiny of tech industry deals continues. CFIUS recently launched an investigation into ByteDance’s $1 billion acquisition of Musical.ly, the company under which the social media app TikTok was held. In both the Grindr and the TikTok cases, CFIUS’ concern revolves around the personal data of U.S. citizens, and in the case of TikTok specifically, alarms have also been raised over potential censorship activities. CFIUS’ power over these investment deals is so great that ByteDance is now trying to separate TikTok operations from the rest of its organization in an attempt to avoid CFIUS’ unwinding of the entire deal.

If Silicon Valley got it so wrong, how does CFIUS work?

CFIUS is an interagency committee that the President has authorized to review transactions that result in foreign ownership or control of U.S. companies. For example, CFIUS might review a French company’s acquisition of a U.S. corporation, an investment by a VC fund with Turkish investors in a San Francisco startup, or the merger of U.S. companies in which a Chinese national is given a controlling seat on the board of directors. CFIUS’ job is to determine whether these foreign investments or controlling positions present a risk to U.S. national security.

Determining what a national security concern might be is really an exercise in imagination. National security is so broad that it could include any number of businesses or activities, from technology that upholds U.S. military superiority or critical infrastructure to food supply or the security of U.S. citizens’ personal data. Or it could include a target company that provides important services to the U.S. government; has developed high-level AI or encryption technology; holds tons of U.S. citizens’ personal, financial, or health data; or controls the majority of a critical industrial sector like energy or transportation.

If we allow ourselves free rein to imagine worst-case scenarios with a foreign bad actor using control of these assets against the United States, the factors that might affect national security are really too numerous to even try to list. Thus, as it reviews proposed or completed transactions, CFIUS has the broad power to determine in real time what is and what is not a national security risk.

If CFIUS does decide that a deal creates such a risk, it can either impose conditions to alleviate those risks or it can block the transaction altogether. Worse, if CFIUS decides to review a deal that was already completed, it can force the foreign party out or unwind the entire transaction.

This is a huge risk for companies and people who are spending millions on investments. On the other hand, if CFIUS finds there is no national security risk, it will “clear” the deal, giving it a stamp of approval sometimes referred to as a “safe harbor.” To avoid risk, many parties will go to CFIUS beforehand to secure that stamp of approval and avoid the risk of a surprise unwinding.

If this system wasn’t complicated enough, CFIUS’ jurisdiction has recently been expanded to cover more transactions and foreign investments. And for the first time, there are now mandatory CFIUS filings for certain industries. This mandatory filing program is expected to expand even further in coming months.

Should you be worried about CFIUS?

In short, yes, you should be worried about CFIUS. CFIUS can prevent acquisitions and funding. It could theoretically crush your business dreams, as it did to Gavin Belson in “Silicon Valley.” But there are things that you can do to limit the chances that you are caught off guard:

• Know with whom you are considering doing business. Vet your investors and buyers. Where are they from and who owns them? Can you imagine a worst-case scenario national security problem?
• Do the foreign countries related to the deal have good relationships with the United States?
• Consider whether your industry carries national security concerns. Do you hold or acquire personal data or financial information? Are you the sole source of an important national resource? Do you control information or critical U.S. infrastructure? Do you provide critical services such as health care? Do you have government contacts or provide the government with goods or services? These are just a few questions to think about.
• Consider whether there is any way to separate the sensitive aspect of your business or organization.
• Follow the trends in CFIUS activity, and be cognizant of the limitations that CFIUS may present.

While “Silicon Valley” did get quite a bit wrong, the show (perhaps inadvertently) did present one scenario where CFIUS may have realistically intervened–fictional company Pied Piper’s offer to buy Hooli’s problematic military app and subsequent acquisition of the entire company. At the time of the offer and acquisition, Pied Piper was itself partially owned by a foreign entity, a Chilean investor with an ignoble vision for the company and the data that it receives. That foreign ownership would make Pied Piper’s investment in Hooli subject to CFIUS oversight.

Here is where the show’s use of CFIUS careens out of reality and into a fictional deus ex machina. Pied Piper’s grandiose master plan was really that if it bought a company with a national security problem, CFIUS would kick out its villainous Chilean investor, turning Pied Piper back into the ethical company that it always claimed to be. But this isn’t how CFIUS works. If CFIUS did consider the investment to be a problem, it would simply have blocked Pied Piper from buying Hooli in the first place (or forced the completed transaction to be wholly unwound). In the real world, if CFIUS didn’t like the Chilean investor, the company itself would have had to orchestrate the removal of the investor as part of an approved mitigation plan. Only then would CFIUS allow the deal.

So while we can only speculate as to whether Pied Piper smartly submitted a CFIUS filing before completing its newest acquisition, the one thing we know for sure is that both Pied Piper and Hooli could have used better CFIUS lawyers.

Reprinted with permission from the March 5, 2020, edition of Legaltech News.

© 2020 ALM Media Properties, LLC. All rights reserved.

Further duplication without permission is prohibited. ALMReprints.com – 877.257.3382 - reprints@alm.com.