If you are a technology company looking for capital and have some interested Chinese investors, you may want to broaden your sights.
On Jan. 13, the Treasury Department issued landmark regulations that will scrutinize foreign investments into critical technology firms—especially those from China. These rules will dramatically expand the scope of the Committee on Foreign Investment in the United States (CFIUS), a U.S. interagency committee that considers the threat, vulnerability, and potential impact on national security of a foreign investment transaction.
The new regulations constitute a seismic shift in the way the U.S. government views and regulates foreign direct investment (FDI). While this is not the first time that new FDI regulations have come into force with a sense of urgency, this update is the most comprehensive to date, from both the breadth of the U.S. economy addressed, as well as the effort to persuade and compel global partners to create similar regimes.
This move reflects a fundamental reassessment of what constitutes U.S. national security. From 1975, when CFIUS was established by executive order, until 2001, national security was defined largely in terms of the U.S. defense posture and capabilities. Post-9/11, this was enlarged to encompass homeland security and associated infrastructure. The 2020 regulations reflect a much wider view that economic security—based on technological superiority—is a central component of America’s national security.
As such, the regulations will not be limited to protecting U.S. defense and aerospace capabilities and commensurate supply chains, but also America’s technological edge, critical infrastructure, and sensitive data. Furthermore, the scope will extend to non-controlling investments—even some below 10%—not just majority investments and acquisitions.
So how did we get here? China’s efforts to gain strategic advantage through the legal and illegal acquisition of U.S. technology and intellectual property has become more aggressive, more comprehensive, and more public. In 2015, Chinese leaders announced the Made in China 2025 plan, a strategic roadmap to compete with and supersede the U.S. in advanced manufacturing and the development of advanced technologies.
Implementing this roadmap, China has ramped up its foreign investments in the U.S., favoring manufacturing (especially semiconductors and electronics), information technology, and financial services, but also displaying interest in health care and real estate. At the same time, Chinese academics have been sent to American universities and Chinese ministries have funded R&D projects in the U.S. China aspires to become one of the world’s top innovative countries by 2035, according to a speech by President Xi Jinping reported in Straits Times, and has been making significant strides toward this goal.
American and multinational corporations need to understand what this all means. First, businesses that are considering foreign investment, especially those involved with advanced technology, critical infrastructure, or sensitive personal data, need to become familiar with the new CFIUS regulations and the related, emerging Export Control Reform Act rules governing the level of control of a specific technology.
Second, investment from countries like China, which has a track record of violating U.S. intellectual property laws and export controls, will be reviewed and investigated with a very critical eye—and is likely to have difficulty achieving CFIUS approval if these investments are in the technology, infrastructure, or data sectors.
Third, penalties for violations are high—not just fines, but also transactional costs and loss of potential revenue from investments that are blocked or are forced to unwind. Recently, the $245 million acquisition of Grindr by Kunlun Tech of China was reversed, and prior to that Broadcom’s attempted takeover of Qualcomm, a $117 billion deal, was blocked by executive order.
Fourth, mitigation—which involves taking concrete steps such as firewalling sensitive information from foreign nationals and instituting third-party monitoring to assess compliance—is possible in some cases—but success is not guaranteed. The $1.2 billion MoneyGram-Ant Financial transaction failed in the wake of mitigation proposals being rejected by CFIUS.
Fifth, a strong compliance process and culture is essential. This is not just a requirement for general counsels, but for the C-suite and key employees. Failure to understand, internalize, and comply with the law can affect a company’s stock price and reputation. It can also affect the confidence CFIUS has in a firm and thus the trust necessary for potential approval or mitigation of future transactions.
So buyers and sellers beware: These regulations are not going away. There is strong bipartisan consensus for tightening FDI rules and even a change in administrations is highly unlikely to alter this new course. The number of investigations of foreign investment transactions by CFIUS grew from 25 in 2009 to 172 in 2017, as documented in the committee’s most recent annual report to Congress.
The prudent business course is to assess the risks associated with certain sources and types of foreign investment, and either avoid or manage those risks through corporate governance, due diligence, and realistic growth planning.
Mira R. Ricardel is a principal at the Chertoff Group and a former assistant to the president and deputy national security adviser.
More opinion in Fortune:
—Elizabeth Warren: I’ll use the government to make tech work for people with disabilities
—I worked at McKinsey. Here’s how the firm needs to change
—Fintech regulation needs more principles, not more rules
—An explosion of knowledge: Multiplexed interventional genomics
—Vaping needs regulation, and tobacco companies should be part of the conversation
Listen to our audio briefing, Fortune 500 Daily