Home / Services

National Security and CFIUS

Businesses seeking to execute deals with foreign counterparties need the right resources, expertise, and strategies to navigate regulatory complexities and avoid potentially costly pitfalls. Understanding U.S. foreign investment regulations—tied more and more to national economic security concerns—is critical for success. More than ever, investment parties and their counsel will need trusted advisors with national security, regulatory, and technical experience to help navigate the investment process.

Foreign investment scrutiny is increasingly being applied to global M&A transactions in the United States and major economies around the world. Cross-border investments face heightened regulatory risks arising from the jurisdictional and authority enhancements given to the Committee on Foreign Investment in the United States (CFIUS) under the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), and similar foreign investment review regimes globally.

The K2 Integrity team has deep experience in this area. Our expert practitioners have served at the highest levels of government—at the White House, the National Security Council, and the Departments of the Treasury and Justice; with banking regulators; in the intelligence community; and in the U.S. Congress. Our team includes former senior U.S. government policy officials; congressional counsel who worked on FIRRMA as it moved through the legislative process; and investigators, compliance, and cybersecurity professionals—all of whom have deep experience with the nuances and complexities of CFIUS’s authorities, its processes, and its broader national security considerations.

Our national security experts assist transacting parties in the earliest planning stages of an investment, during the investment and CFIUS review, and at the end of the process to help parties plan for potential CFIUS mitigation and ensure proper implementation of and compliance with CFIUS mitigation agreements.

These experts are enabled by K2 Integrity’s deep experience and expertise in serving as monitors and auditors on sensitive matters on behalf of U.S. and other government authorities. This includes a global team of auditors, cybersecurity specialists, and data and technology experts resident in our internal Agile Technologies team that allows K2 Integrity to address the most complex mitigation requirements.

Pre-Transaction Risk Assessment

National security concerns may not be readily apparent to transaction parties that are new to foreign investments and the CFIUS process. Those transacting with foreign investors must understand clearly all the relevant counterparty risks, including those tied to sanctions, anti-money laundering regulations, and CFIUS/national security requirements. Advisors to business must understand in detail how to navigate and manage the mitigation agreements imposed upon proposed mergers affecting U.S. national security via the review process conducted by CFIUS pursuant to the Defense Production Act of 1950, as amended by the Foreign Investment and National Security Act of 2007.

Further, while CFIUS law is theoretically settled, it is also subject to dynamic reinterpretation. For example, a September 2022 CFIUS Executive Order (EO) reinforced the Committee’s broad authority and discretion to identify and address national security risks at any stage of a transaction. It also focused CFIUS attention on specific risks and further prioritized such areas as critical technology leadership, supply chain resiliency, and sensitive personal data protection.

Our national security experts thoroughly assess potential CFIUS risks, providing a detailed report that identifies potential threats, vulnerabilities, and consequences related to a transaction, taking into account current CFIUS requirements while factoring their understanding of the evolving CFIUS environment. Each CFIUS risk assessment is tailored to the individual transaction and may evaluate:

Public record and human source intelligence on transaction parties, suppliers, and customers
Supply chains to determine upstream and downstream risks, including an assessment of the transaction’s effect on the resilience of critical U.S. supply chains
Existing compliance frameworks, including economic sanctions concerns
The current state of a business’s cybersecurity and data controls
Potential risks to sensitive personal data of U.S. persons
Investment trends that may have systemic consequences for a given transaction’s impact on national security
A transaction’s effect on U.S. technological leadership in areas affecting national security

Strategic Mitigation Advisory Services

During the CFIUS process, transaction parties need to be prepared to negotiate mitigating terms with CFIUS if it identifies national security concerns with a transaction.

Transacting parties should be proactive in identifying a range of potential mitigating conditions that CFIUS may require and work quickly to assess the feasibility and costs of these controls with internal and external stakeholders.

K2 Integrity assists parties with:

Identifying potential mitigation conditions.
Projecting potential costs of mitigation conditions.
Evaluating the potential impact of mitigation conditions on businesses via gap assessments.

Post-Transaction Mitigation Services

If CFIUS identifies national security concerns with a transaction, it will likely impose mitigation conditions on transaction parties via National Security Agreements (NSAs). NSA requirements vary depending on the specific requirements of a transaction and range in the level of burden imposed on operations. The transacting parties are often faced with the challenge of integrating new compliance requirements while continuing to operate their business in a manner that protects U.S. national security interests.

The K2 Integrity team works with the transacting parties, company security officers, their counsel, and CFIUS to evaluate and implement the terms of the NSAs. This process varies depending on the specifics of the engagement but often includes working with or as a CFIUS-approved independent monitor or auditor to oversee and assess the implementation of mitigation agreements.

Serving as Third-Party Monitor or Auditor
Among other things, K2 Integrity:

Assesses the scope of mitigation terms and their potential financial and operational impact on the business.
Evaluates existing internal control environments against mitigation requirements.
Recommends a baseline of internal controls that are necessary to comply with the terms of a mitigation agreement.
Oversees the development and implementation of specific policies and controls that may be required by a CFIUS mitigation agreement.
Designs and executes audits of mitigation agreements to assess compliance with various requirements, including prohibitions on access to sensitive personal data and critical technologies, ensuring supply chain integrity, and improving physical and cybersecurity measures.

Serving as Independent Board Member
CFIUS may require that the U.S. business establish a government security committee or appoint an independent board member that is approved by and answerable to CFIUS.

The K2 Integrity team includes former national security officials that held positions at the highest levels of the U.S. government who can serve on a security committee or as an independent board member.