Several times each week for quite some time now we hear from a panicked U.S. company saying they need help with “CFIUS”. For those of you that are export compliance practitioners, at minimum you probably already know that “CFIUS” is a reference to “The Committee on Foreign Investment in the United States (CFIUS)”.

You may have some awareness that CFIUS is an interagency committee authorized to review certain transactions involving foreign investment in the United States and certain real estate transactions by foreign persons, in order to determine the effect of such transactions on the national security of the United States. And from there your knowledge may end until you hear from your General Counsel (GC), who possibly for the first time ever, is interested in knowing what ECCN’s (Export Control Classification Numbers) are used for your product. Your GC is asking because a foreign investor is interested in your company, and outside counsel needs to determine the CFIUS impact.

On January 13th of this year, The U.S. Department of Treasury issued two final regulations in order to comprehensively implement the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) and to provide the CFIUS with the ability to better address national security concerns arising from certain investments and real estate transactions. When these final regulations were announced Treasury Secretary Steven T. Mnuchin stated “These regulations strengthen our national security and modernize the investment review process, they also maintain our nation’s open investment policy by encouraging investment in American businesses and workers, and by providing clarity and certainty regarding the types of transactions that are covered.”

Everything you’ve ever wanted to know about CFIUS can be found here on the U.S. Department of Treasure web page.

Given this background, the simple explanation is that the regulations are not just limited to protecting U.S. defense and aerospace capabilities and their related supply chains, but also the United States’ technological edge, critical infrastructure, and sensitive data.

Thus, the sudden interest in your company’s ECCN’s! At last year’s 2019 Annual Conference on Export Controls Bureau of Industry and Security (BIS) indicated that the Secretary of Commerce delegated CFIUS responsibilities and authorities to the International Trade Administration (ITA) and BIS.

The ITA serves as Commerce’s CFIUS Coordinator and provides analysis of economic vulnerabilities, market trends, and business rationale, while BIS provides analysis of dual‐use export control implications and defense industrial base issues.

The main elements of BIS’s review include assessment of export control implications related to the Export Administration Regulations (EAR), including licensing history, and product classifications along with compliance history. Additionally, the review includes assessment of defense industrial base issues, including a review of the U.S. company’s defense priorities and allocations system (DPAS) compliance.

This is where we get the panicked phone calls. Some companies have failed to assign an ECCN to some or all of their products, software and technology. And when outside counsel asks for their ECCN’s suddenly the seriousness of the request, and the need for an efficient, in-depth, and accurate review ensues. In addition to this a concept is put out there “Does the controlled technology associated with your company’s items require an export license to export to the country of the foreign acquirer, or is a license exception available?”

Suddenly, many questions arise, a few being “What is controlled technology?!”, and “Do we have any controlled technology?!”

Per Part 772 of the Export Administration Regulations (EAR), "technology" is information necessary for the "development," "production," "use" operation, installation, maintenance, repair, overhaul, or refurbishing (or other terms specified in ECCNs on the CCL that control “technology”) of an item.

The General Technology Note (Supplement No. 2 to part 774 of the EAR) states that the "export of technology" is controlled according to the provisions of each Category." It further states that "technology required for the development, production, or use of a controlled product remains controlled even when applicable to a product controlled at a lower level."

The terms "required," "development," "production," "use," and "technology" are all defined in Part 772 of the EAR. Controlled technology is that which is defined in the General Technology Note and in the Commerce Control List (Supplement No. 1 to part 774 of the EAR).

Focusing on the EAR, we commonly find companies don’t recognize when information is required for a controlled product’s development, production or use. This is somewhat innocuous seeming information that flies around a company, and with business partners, and even customers, such as drawings and blueprints, specifications, diagrams, manuals, instructions, training, or even working knowledge related to the design, or manufacture, or use of a product IS technology or technical data.

This is the area that your company must step back and truly evaluate all the possible forms of technology or technical data which may be exports physically or virtually from the US overseas, or to foreign nationals in the U.S. Going through this exercise many firms are surprised that they may export more technology than the actual hardware or software they ultimately produce.

For CFIUS purposes, BIS Licensing Staff reviews the parties’ statements regarding product classification and determine:

1. Whether the U.S. party classified its items correctly.
2. Whether the controlled technology associated with the U.S. party’s items requires a license to export to the country of the foreign acquirer (and if there are license exceptions available); and
3. If the transaction raises any national security concerns.

Do they check and see if you have a CCATS on file, certainly! Is it ok if you self-classified? Of course, if it is allowed for the ECCN you assigned. You just want to show due diligence by having an audit trail.

To wrap your head around the concept of “technology” read the definitions, visit the BIS and DDTC websites. Then step back and start creating a list of technology and technical data that your company exports. Whether you are going through a potential CFIUS transaction or not, you need to know what technology and technical data your company exports.

BPE Global is a global trade consulting and training firm. Renee Roe is a Director of BPE Global. You can reach Renee by email at renee@bpeglobal.com.

View/Download PDF version here