K2 Integrity collaborated with Tom Fox, founder of the FCPA Compliance and Ethics Blog, for a podcast series on navigating the Committee on Foreign Investment in the United (CFIUS) risks with business intelligence.
The series features interviews with David Holley and Him Das, co-leads of the CFIUS Advisory Services practice. Topics include identifying risks as part of the CFIUS process, actionable tips to mitigate risks through proactive management, compliance frameworks, cyber risk and access controls, and effective monitoring.
Episode One: Identifying Threats and Vulnerabilities
What is CFIUS and what vulnerabilities can investments expose? David Holley shares an overview of CFIUS and expanded authorities under FIRRMA. He also examines how business intelligence can address CFIUS concerns and assist in uncovering and evaluating risk. Core areas of risk mitigation include:
- An understanding of the identities and backgrounds of the parties to the transaction.
- The ability of a foreign investor to gain access, business information, business data, material or other nonpublic technical information.
- An understanding of how an organization will respond to a potential data loss.
Learn more by listening to the episode below (Air Date: March 23, 2020).
To read more about this episode, click here.
Episode Two: Navigating CFIUS Through Proactive Management
How can entities navigate the CFIUS process through proactive measures and compliance solutions? Him Das highlights how proactive management can help investors and acquisition targets better navigate a two-way conversation with CFIUS. According to Him, entities can be best prepared by:
- Conducting enhanced diligence to identify threats and vulnerabilities.
- Proactive implementation of compliance frameworks such as sanctions, export controls, access or cyber security protocols to address CFIUS’ national security concerns.
- Proactive consideration of mitigation—such as supply commitments, proxy arrangements, compliance frameworks, and monitoring requirements.
- A willingness to work with CFIUS in addressing and tailoring mitigation.
Learn more by listening to the episode below (Air Date: March 24, 2020).
To read more about this episode, click here.
Episode Three: Compliance Frameworks for CFIUS
When it comes to broader compliance, sanctions and export control related issues, what is CFIUS examining? Him Das discusses the guidance that CFIUS maintains over sanctions and export controls, and how these can be navigated in the investment process. According to Him, while certain sectors are more vulnerable than others, business intelligence plays a key role in mitigation:
- Understand the technologies, what is being manufactured, and how it is being used.
- Again, understand each investor and their interest in a given company and its technologies.
- Consider shaping your transaction to prevent access to material nonpublic information, by imposing appropriate access controls, or placing units engaged in sensitive technologies in proxy arrangements or carve them out entirely.
- Undertake appropriate compliance through a monitor or security officer, policies and procedures, training, and audits.
Learn more by listening to the episode below (Air Date: March 25, 2020).
To read more about this episode, click here.
Episode Four: CFIUS Cyber Risk and Access Control
Are technology companies the only ones who have to be mindful of cyber security concerns? David Holley explains why all investments must be aware of cyber risk and its impact on national security—and what steps can be taken to put CFIUS at ease. These steps can include:
- During the due diligence process, examine those parties who have access to sensitive information and as a result, data security.
- Establish a framework that will not just satisfy the requirements of CFIUS from a cybersecurity and national security perspective, but also protect the interests of the business and its investors.
- Consider putting an independent security officer in place, or implement access controls to catalyze continued success.
Learn more by listening to the episode below (Air Date: March 26, 2020).
To read more about this episode, click here.
Episode Five: Effective Monitoring and Compliance Officer Solutions for CFIUS
What is a monitor, how does it work, and what will this look like when it comes to CFIUS? Him Das explores monitorships, where CFIUS may find a monitor useful to ensure ongoing compliance for a transaction, and how entities can prepare. Preparation can include:
- Establish a culture of compliance from top to bottom.
- Find a monitor with experience, the ability to work in a broad range of environments, and with an understanding of both the business and the expectations of the regulators.
- Ensure compliance protocols are in place and there is open communication with both the monitor and regulator.
- Strict compliance with all terms of a settlement, and ongoing mitigation efforts.
Learn more by listening to the episode (Air Date: March 27, 2020).
To read more about this episode, click here.