US national security and Israeli investment

Israel-US

How Israeli entities can plan for US security review and reduce risk when investing in US technology companies.

Despite the close US-Israel relationship, Israeli companies and funds seeking to invest in US technologies can face US national security scrutiny that could significantly delay deals, and in some cases prevent or unwind the transaction. Israeli investment in US technology companies, however, should continue to be regarded as an attractive option, as long as the right planning and analysis occurs. Below is an overview of the key US regulatory scheme, and the steps to take in order to minimize regulatory delay, risk, and cost.

Notable Israeli technology acquisitions

In 2012 the Committee on Foreign Investment in the United States (CFIUS) approved Stratasys’s acquisition of Objet, both in the digital-manufacturing sector. On the other hand, in another well-publicized case in 2005, Israeli firm Check Point withdrew its application to CFIUS to purchase Sourcefire, and abandoned the effort to acquire the company, which was later bought by Cisco. This was not surprising to anyone in this business, based on two terms written in a press article regarding the deal - “network security company whose clients include US intelligence agencies.”

What is CFIUS?

The US Foreign Investment and National Security Act (FINSA) of 2007 enhanced the powers of the Committee, which implements a national security review of foreign acquisitions of, or significant investments in, a US asset that could pose a risk to US national security.

The review - triggered by a voluntary joint filing by the parties to the transaction - is conducted by a Committee of nine core federal agencies: Department of the Treasury (chair), Department of Justice (DOJ), Department of Homeland Security (DHS), Department of Commerce (Commerce), Department of Defense (DOD), Department of State (State), Department of Energy (DOE), Office of the US Trade Representative (USTR), and the Office of Science & Technology Policy (OSTP), with others added as needed.

The deliberations of the Committee are not public, and CFIUS has a very broad scope of review. National security can entail not only defense or intelligence issues, but also concerns matters such as (i) the foreign ownership of critical infrastructure, (ii) the potential offshoring of a sole or limited supplier of a product or service important to the defense, (iii) homeland security, (iv)energy, and critical infrastructure; (v) foreign ownership or access to cutting edge technology that could create a military advantage for another country, including through resale to third countries, (vi) potential for foreign tampering with a significant food or pharmaceutical supplier, and (vii) real estate located near sensitive US Government (USG) installations.

As indicated, the review by CFIUS is not public, and further, does not require disclosure of which aspects of a deal raise national security concerns - even to the acquiring or target parties involved. However, parties may announce their deal or the media may otherwise publish information, regardless of status of CFIUS review, triggering public and Congressional scrutiny.

Voluntary Filings

Importantly, a CFIUS filing is voluntary, and judging by the under 200 annual filings, the CFIUS caseload only scratches the surface of inbound investment. One can guess that a large number of transactions that may raise national security issues were not filed.

CFIUS has the authority to initiate its own review if it discovers the transaction. The government reviews records including SEC, FTC (most M&A transactions and investments greater than $76.3 million - which is the current Hart Scott Rodino threshold for the size of transaction test - require antitrust filing with the FTC), Department of State, or other filings for relevant information to determine if a transaction poses issues of interest to the Committee. A non-notify CFIUS review is problematic for a few reasons. First, the companies have lost the opportunity to pre-brief the Committee. Second, they will likely face a much more suspicious Committee compared with a voluntary filing. Finally, a post-closing divestiture may be forced on the investor.

Results of CFIUS Review

The four primary possible outcomes of a CFIUS review include: (a) a finding that CFIUS does not cover the transaction; (b) a straight approval; (c) a prohibition (or unwinding of a completed transaction), which may only be issued by the president and happens exceedingly rarely; or (d) mitigation pursuant to which CFIUS or a lead agency may “negotiate, enter into or impose, and enforce any agreement or condition with a party to a covered transaction in order to mitigate any threat to the national security of the United States that arises as a result of the covered transaction.”

Mitigation may be as modest as a time-limited binding agreement not to move production overseas or to end a procurement contract with the government. Or it may severely limit the buyer’s ability to manage the purchase by requiring that the foreign entity set up a subsidiary managed only by US citizen proxy holders approved by CFIUS. Mitigation will often require post-closing compliance audits by the government or its representatives on the board for a period of years - all at a cost to the company. Mitigation on average is required in 10 percent of the cases reviewed by CFIUS. Mitigation will always be required in the case of US target companies that possess security clearances and perform classified US Government work.

About 5-7 percent of the cases are voluntarily withdrawn, though some of these may be re-filed after some refinements are made to the deal, or to allow CFIUS to finalize a particularly complex review without having to recommend mitigation measures or that the president prohibit the transaction.

Timing

A foreign investor or acquirer should allocate up to four months for an average CFIUS case, but this timeline can run concurrently with other deal diligence and negotiations. Adequate time for analysis of all relevant aspects of the investor and the target, and drafting of the CFIUS filing, is likely to be four-six weeks. In a complex case, it is advisable to pre-brief key CFIUS personnel and submit a preliminary draft notice filing for CFIUS review prior to formal filing, potentially adding to the time frame. CFIUS must conduct its initial review in 30 days after the case is logged in and assigned a reviewer (which may be a week or more after receipt). The review period may be extended to 75 days if known or potential risks cannot be resolved at this first stage, or if a foreign government's ownership is involved.

FCC Considerations

A foreign purchase of or investment in 25 percent or more of a telecommunications company also has the risk of triggering a separate ownership change review by the Federal Communications Commission (FCC). A key player in such FCC reviews is “Team Telecom.” This group is composed of the same staff of DHS, DOJ/FBI, and DOD. A frequent complaint is the lack of clarity between CFIUS and FCC jurisdictions in such matters- the rule of thumb is if an FCC/Team Telecom review is triggered, the larger CFIUS group will defer to Team Telecom’s recommendations in the case. In fact, recently, Michael O’Rielly, an FCC Commissioner, called on Congress to pass legislation that will alleviate delays in the process of reviewing ownership changes in telecommunications involving foreign buyers.

Cybersecurity and CFIUS

Cyber security is a key national security consideration. The CFIUS statute specifically identifies critical infrastructure and critical technologies as matters for CFIUS review. Moreover, CFIUS and its overseer, Congress, are very concerned about “the potential for trans-shipment or diversion of technologies with military applications,” particularly those where there could be software-related vulnerabilities. The growth of cyber intrusions in both government (e.g., Office of Personnel and Management loss of data on cleared personnel) and critical infrastructure (defense companies, banks, credit card processing) is likely to increase national security scrutiny of investments in cybersecurity and technology firms with classified, or even sensitive unclassified access to USG or critical infrastructure data.

Israeli Investors

Where CFIUS review is concerned, the Israeli origin of an acquirer raises national security questions. There is a history of mutual suspicions, clandestine activities, and third country diversion of sensitive technologies that makes the Israeli headquarters of a company or its affiliation, or association with Technion or the IDF at least a red flag for the reviewers. When Israeli hackers are discovered behind major cyber thefts, US law enforcement’s suspicions increase. According to the 2015 CFIUS report to Congress, on average only about 3 percent of the reviewed transactions originated from Israel, and half of those were in the finance, informational, and services sector. Of the transactions in critical infrastructure reviewed in 2013, which often involves technology, Israel had about 2 percent, falling far below the UK and France, and at about half of China, which files far more applications across the board.

One explanation for the low number of Israeli CFIUS transactions may be due to the fact that Israeli companies currently tend to be investment targets, rather than acquirers themselves, or when they do enter the US, they establish new operations, rather than acquiring US entities. Such “green field” operations are not subject to CFIUS jurisdiction. However, it is important for Israeli firms with US facilities to note that if they sell to another non-US company or accept a significant foreign investment, their presence in the US can make such transactions subject to CFIUS under certain circumstances.

What are some key considerations for any Israeli investors in purchasing or investing in US technology companies?

At a minimum, the following key questions and considerations should be reviewed and analyzed to assess the risk:

1. Will the acquisition involve foreign government control? This would automatically trigger the longer period of review.

2. Is the target engaged in telecommunications such that Team Telecom may be involved?

3. Does the target company have government contracts or other access to sensitive data, classified or not? Involvement may include R&D projects with academia where the school is the ultimate government contractor, but the target company may have access to sensitive information. Transactions involving US government IT contractors are more likely to trigger review.

      a. Involvement in classified contracts or programs will invite scrutiny, but a cleared contractor may already operate under a facility security clearance, pursuant to the National Industrial Security Program Operating Manual (NISPOM), and thus may not require further mitigation. However, CFIUS may still conduct a review to ensure there are no unclassified assets that need further mitigation, but CFIUS review would still be appropriate.

4. Is the target company a sole source or member of a small business sector important to national security? The government may be unwilling to risk the offshoring of a national asset.

5. Does the target produce and sell export controlled items? This carries a national-security consideration, but if export control laws adequately protect the assets and intellectual property from impermissible foreign access, further mitigation may be unnecessary, but CFIUS review would still be appropriate.

6. Is the target company located near sensitive military or intelligence facilities such that the physical or online access could carry a risk to those in the vicinity?

7. Is there a political sensitivity to foreign acquisition of the target? A favorite example is always Dubai Ports, which went awry as much due to bad publicity, as the law.

8. If the deal is an investment (as opposed to acquisition), is the foreign entity acquiring a 10 percent or larger position? Even a 10 percent limited partnership (LP) participation in a purchase may render the deal ripe for CFIUS notification, if the LP is able to exert management control (which can be broadly defined).

How to minimize costs and support a smooth transaction

1. Conduct due diligence as part of the initial deal review.

       a. Identify whether the transaction falls within CFIUS jurisdiction, and whether modestly restructuring the deal could negate the need for such review, or mitigate national security risks.     

       b. Don’t close the deal before a CFIUS filing, if one is warranted, as the committee has the authority to recommend unwinding the transaction, or to impose mitigation elements that change the deal.

2. Review the target and the acquiring entity for potential red flags:     

       a. A target company that sells products and services governed by ITAR, has government contracts, particularly with defense, energy and national security agencies, or classified facilities, personnel or contracts, is likely to be ripe for CFIUS review.

       b. An acquirer or investor with connections to intelligence and military sectors in the home country, including among members of management and board of the acquirer or investor, is also likely to trigger more questions from the CFIUS reviewers.

3. In a complex case, pre-brief Treasury staff and officials from the most interested government agency.

      a. In particular, technology is complicated. CFIUS member agencies, or the government experts asked to review the filing, may misunderstand and assume more national security risk than in fact exists. If the parties explain the issues ahead of time, you help CFIUS work more efficiently and effectively in a way that is likely to benefit you. It is harder to have the conversations in the midst of the CFIUS deliberations.

      b. Work with a firm that has both the CFIUS expertise and the relationships to conduct such dialogue.

4. Provide a full review of the details. If CFIUS discovers relevant facts that were not divulged, the filing will be reviewed with much greater skepticism.

5. Be prepared for a political strategy if needed.

     a. Some deals involve sensitive target firms or sectors. Others involve a bidding competition between a foreign and a US acquirer. In either case, early government affairs intervention will help defend against political efforts by the domestic competitor or other misunderstandings in Congress or the press.

     b. In some cases, the foreign acquisition will save a company that would otherwise lay off a large number of American employees. In such a case, proactive outreach to the local elected representatives can secure important support for the deal.

6. Be prepared to negotiate a mitigation agreement that limits some of the foreign owner’s management control to close the deal. Depending upon the nature of the deal and the relevant national security issues mitigation could require appointment of a security director, limits on foreign staff’s access to certain facilities or data, or guarantees not to relocate operations offshore for a period of time.

Elana Broitman is a Government Law & Policy shareholder and Ron E. Deutsch is a Corporate & Securities shareholder at global law firm Greenberg Traurig LLP.

This article is presented for informational purposes only and it is not intended to be construed or used as general legal advice nor as a solicitation of any type.

Published by Globes [online], Israel business news - www.globes-online.com - on January 21, 2016

© Copyright of Globes Publisher Itonut (1983) Ltd. 2016

Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018