Executive Branch Foreign Relations & International Law

Lawfare Daily: The New Outbound Investment Regime with Assistant Treasury Secretary Paul Rosen

Scott R. Anderson, Brandon L. Van Grack, Paul Rosen, Jen Patja
Tuesday, August 20, 2024, 8:00 AM
What concerns motived the new outbound investment regime?

Published by The Lawfare Institute
in Cooperation With
Brookings

For today’s episode, Lawfare Senior Editor Scott R. Anderson and Lawfare Contributing Editor Brandon Van Grack sat down with Assistant Secretary of the Treasury for Investment Security Paul Rosen to talk through the groundbreaking new national security-related outbound investment regulations his office is preparing at the direction of President Biden.

Together, they discussed what concerns motivated the new regulations’ focus on China and emerging technologies, what exactly they restrict, and how U.S. investors should be preparing to navigate them. They also touched on some recent news regarding Committee on Foreign Investment in the United States (CFIUS) enforcement actions and regulations, another issue set within Rosen’s portfolio. 

 

To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.

Click the button below to view a transcript of this podcast. Please note that the transcript was auto-generated and may contain errors.

 

Transcript

[Introduction]

Paul Rosen: One of the points of discussion in our proposed rule centers around this idea that some of the aspects of the outbound regulation may have extra territorial aspects. That is to say, they're directed at U.S. persons, but you may have U.S. persons living in an allied country, for example.

Scott Anderson: It's the Lawfare Podcast. I'm Scott R. Anderson, Lawfare Senior Editor, with Lawfare Contributing Editor Brandon Van Grack and Assistant Secretary of the Treasury for Investment Security Paul Rosen.

Paul Rosen: Foreign direct investment is a core aspect of what CFIUS is responsible for encouraging. We want to make sure that we are using a scalpel, that we are attracting foreign investment, but we're doing so in a way that doesn't impact our national security. And that's why I think you see such a detailed and focused approach to our enforcement actions.

Scott Anderson: Today, Brandon and I sat down with Paul to discuss the revolutionary new national security related outbound investment regulations that his office is preparing to roll out in the coming weeks.

[Main Podcast]

Brandon Van Grack: So Paul, you were on the podcast a little over a year ago where we talked about regulations on inbound investment into the United States, but you mentioned at that time that there were going to be new regulations for the first time on outbound regulations and you, you said you'd come back on the podcast and you're our first repeat guest. So thank you for being a person of your word and coming back on to talk about these new regulations.

Paul Rosen: It's well, Brandon, it's good to be here. It's good to be back. I can't believe it's been a year. And we've been busy.

Brandon Van Grack: If you come back a third time, you get a key chain. So let's, again to level set what we're talking about are new regulations on investment outside of the United States, as opposed to, as we talked about before, investment into the United States. And so just to start off, why? The U.S., there are all manner of regulations in the national security foreign policy space and so what were you missing? What was the U.S. government missing?

Paul Rosen: Brandon, I think you hit on it in your question, which is to say, we have a suite of national security related tools across the government. We've got export controls. We've got sanctions and other ways to get at national security risks. What this program attempts to get at is a gap, as we see it in our authorities, to get at the advancement and development through American funding of certain advanced technologies in countries of concern that can harm U.S. national security. And that is the purpose and focus of this executive order.

Brandon Van Grack: So does that then mean that they were, as you were formulating the, identifying this gap and formulating it that there were investments, therefore, that you were aware of that you do not feel like there were tools available to address them. And therefore, this was the only way to address the national security issues.

Paul Rosen: Yeah, there's certainly scenarios that informed our focus and our desire and the president's desire to do this executive order. And those scenarios include, for example, American dollars by sophisticated investors going in to advance the next generation semiconductor or the next generation quantum computer in a country that may use it to threaten our national security. And that's what it's focused on.

Scott Anderson: So part of this enterprise is creating and standing up a new sort of regulatory entity, a new structure. Talk to us a little about that structure, what it looks like, where it lives, how it fits in the interagency process that guides so much national security policy. And in particular, how does it relate to the other part of your portfolio you talked about the last time on the podcast, the inbound restrictions that we associate with the Committee on Foreign Investment in the United States, or CFIUS. That's a really well established, 40 years and running, 50 years and running at this point, regime. How closely related to that is this new entity that we're standing up?

Paul Rosen: It's a great question. And if you go back to the president's executive order, the president directed the Secretary of the Treasury, Secretary Yellen, to implement this program along with various departments and agencies. And in so doing the Secretary determined that it should live in the Office of Investment Security, which is the office that I run. Obviously a core piece of our work is CFIUS work, that's inbound investment screening. But there are a lot of good reasons why the Secretary chose to house it in the Office of Investment Security. There are parallels to other aspects of what CFIUS is doing. And we have been very busy since the last podcast writing actual rules at the Secretary's direction.

Brandon Van Grack: And I think we'll talk a little bit about actually what the structure of the regime looks like, but what it isn't is a list. It's not a list of entities that individuals in the United States cannot invest in. And I'm wondering why, why not provide even more direct guidance if we have concern there?

Paul Rosen: We talked a little bit about filling a gap and several of these other programs that we talked about are list based programs, and that's feedback that we've gotten in the rule, and I should say that we're drafting the final rule, and we're taking in all of these comments as we write the final rule, but one of the, one of our approaches is to focus on, for example, early stage companies, companies that the government is not yet able or has not gotten to a point to identify or put on a list. Think about your next generation artificial intelligence company that's emerging. And so that is one concrete particular reason.

But one of the things we put out in the draft rule that we got comments on was taking this feedback And cross referencing and leveraging some of those other existing lists in the sanctions world, for example, and cross referencing those lists to say, okay we're going to have our approach, which is, as a notification and prohibition requirement for U.S. investors. But we're also going to cross reference existing lists, and if you're on that list, and you fall within the scope of the program, then you're going to fall under the prohibition category. And I think what we're getting is the best of both worlds to be able to get at these early stage companies that lists can't get at, but also leveraging the utility of the lists.

Scott Anderson: A feature of the CFIUS system is that is this intense interagency interaction, right? It's called the Committee on Foreign Investment in the United States because it was, is, in many ways, a committee. It's got senior officials from different agencies. How does that interagency component work in the context of this regime? What level of interagency consultation, how is it formalized? Does something about the structure and the approach merit and warrant a different sort of approach than that sort of intense checklist roundabout structure that's used for CFIUS?

Paul Rosen: Yeah, so these two programs, the outbound investment security program and CFIUS, will be entirely separate. They'll have separate staff, they will have, will be funded separately, they'll be hired separately, and the like. But the outbound program will certainly leverage some of the expertise from CFIUS. For example, part of the outbound program focuses on identifying transactions that have occurred that under the new regulation are, should have been prohibited, or should have been notified to us.

That involves a process of going out and finding those transactions. We have a team on the CFIUS side that does exactly that for transactions that were not filed with CFIUS. And so that's an example of synergies and years of experience that we seek to leverage under the umbrella of the Office of Investment Security, but with two distinct programs.

Brandon Van Grack: Have you already begun hiring and creating the structure for this outbound regime?

Paul Rosen: We have. We have publicly posted positions including a director position to oversee an office of global transactions where the investment, outbound investment security program will be housed. And so we are moving out in implementation.

Scott Anderson: So let's talk a little bit about the structure of the outbound regime itself, how potential investors interact with it, the obligations and requirements it imposes. And it boils down to the idea of limitations, or I should say requirements, notification or prohibitions on U.S. persons who want to engage in, kind of two technical terms, covered transactions with covered foreign persons. Talk to us about how you structure those obligations. What do those two categories mean? What do they encompass? And how is your average potential investor going to be encountering these obligations?

Paul Rosen: Yeah, so what we've tried to do is be as transparent and clear in the rules as possible, but also sort of being narrowly tailored in what is inherently a complex program. And so what we do is we try to set up this function as you identified where certain U.S. investments and investors would trigger through an equity investment or some other defined way an investment into a covered foreign person, which again is defined technically, that is involved in certain technologies in terms of artificial intelligence, quantum computing or semiconductor development.

And so what we do is we put in place the burden, we shift the burden to the investor to determine, am I making an investment that is notifiable or prohibited under these new regulations? And so what we try to do is essentially make certain that the investor has the motivation to figure it out on their end and make a decision about whether the rule would apply to them.

Brandon Van Grack: In terms of the line of a prohibition versus a notification, what is that line? How do you determine what transactions are prohibited versus what requires a notification to your office?

Paul Rosen: So we have pretty technical definitions that we have proposed in the regulation, and we'll see what the final regulations come out with.

But at a high level, the prohibition scheme is focused on the more advanced aspects of these technology sectors, whereas a notification scheme is meant to gather more information holistically about these sectors. So it's a technical definition, but as you think about it as a high level, the more advanced, for example, semiconducting, manufacturing, or the higher the compute power with artificial intelligence, we're going to get into a prohibition place as opposed to lower thresholds would be notification.

Brandon Van Grack: So what is the intent with respect, on the notification piece? And I think this is a little different from CFIUS, but you can correct me if I'm wrong, which is on the CFIUS side, there's a notification for the U.S. government to determine and assess the national security implications of an investment into the United States.

And in many instances, the U.S. government says, have a nice day, no issues. And if there are national security issues, they can be mitigation and ultimately in rare instances prohibition. As I understand the notification piece here though, it's actually more information collection. And I'm just wondering, what are you going to, what is the intent to do with this information that you're collecting based on these investments?

Paul Rosen: So we have information now about the investments and the scenarios that we talked about and the notification requirements are, as written, intended to better inform the scope of the program. So we will get information more broadly about investments into these sectors to better understand these investments, to better understand these sectors, and to help us refine, essentially the scope of the program, if and as needed.

Brandon Van Grack: Let's spend a moment talking about if you are an investor in the United States, and considering an investment outside the United States to a country of concern in terms of what they should be thinking about. Part of this is what industry, and we'll talk about that in terms of it's in their proposed regulations, artificial intelligence, semiconductor, so part of this is industry related.

But for those who are not paying as close attention in part because these are proposed rules; they haven't gone into place yet. As maybe a threshold question what sort of diligence, what are you expecting a U.S. investor to think about as they contemplate an investment outside the United States, for example, in a country of concern?

Paul Rosen: So Brandon, our expectation is that investors are conducting a degree of due diligence when they engage in an investment that might be covered. They're already figuring out what are they investing in, what's the likely return, what are they, what is this sort of target company doing. What we are doing is layering on a degree of diligence through the application of this knowledge standard to say you also need to figure out whether this covered foreign person is conducting or engaged in one of these covered technologies or sectors.

And so our expectation is that the investor would ask the questions, would conduct a reasonable inquiry into it. And that's why we are proposing to impose this knowledge standard because we want to be clear and we want to be fair. But we also don't want an investor to bury their head in the sand. And so what we've tried to do is thread the needle and say, through your diligence, you need to go through and ask a series of questions to make sure that you are not investing in one of these covered technologies or sectors.

Brandon Van Grack: So I think there, there may be two follow-ups to that, which is if an investor has uncertainty, whether they're covered, is there a process in place for them to come to your office to obtain clarity as to whether the investment would be prohibited or require notification?

Paul Rosen: Well, Brandon, we're not in the business of issuing advisory opinions and so I think investors can figure out on their own. Now look, we will work to put out guidance as we stand up this rule. We will work to put out FAQs as we stand up this rule because we don't want investors to be flying blind, but at the end of the day, they should be conducting reasonable diligence. And that's also why we're trying to be so specific in the regulations.

We're trying to be clear about what is in and what is out, such that they wouldn't need to ask those questions.

Brandon Van Grack: So then part two of that is what happens if after they do make an investment, they obtain information or later learn that this is likely prohibited or requires notification.

Paul Rosen: Yeah, because the knowledge standards in place, we're going to look at what they knew when they made the investment. If in the hypothetical scenario which I try to avoid, but as a general matter---

Brandon Van Grack: You're in a safe space.

Paul Rosen: At a high level… just us here talking, right? The proposed rule talks about a situation where an investor later acquires knowledge of a prohibited transaction that was not known to be prohibited to them at the time, but we still want to know about that after the fact.

And the proposed rule would put in place a requirement that they report that even after the fact, even if it would not have been a violation of the rule at the time.

Scott Anderson: How does that sort of voluntary self-disclosure --- I think is the terminology used if I recall --- how does that fit into the overall calculus of how the regime is imposed? Is there an incentive for pursuing those even if it may also bring to notice conduct that the company could face punishment for?

Paul Rosen: Well under the scenario where it is undisputed that the investor did not have knowledge at the time of the investment but later learns that the investment was actually into a company that's doing something on the prohibition list, that sort of dovetails also into information that we would want to know to inform the scope of the program. So that's a little bit different than voluntary self disclosure, which is more related to we did something that was a violation and we want to disclose that.

Scott Anderson: But how would one or both or either fit into the calculus about how you would approach those companies from a regulatory perspective?

Paul Rosen: Yeah, look, as a general matter we treat voluntary self-disclosures as mitigating factors, right? When we are assessing conduct. We want to encourage voluntary self-disclosures, and that's not unique to Treasury or the Office of Investment Security. That's my understanding is Brandon's old department does the same. And so we want that conduct to come in the front door. We want to learn about it through potential violators before we learn about it.

Scott Anderson: So a big part of this regime, arguably the biggest part of it, is this definition of who is a covered foreign person. And that in turn relates back to a more foundational concept, which is a country of concern. And right now there's just one, and that's China. What is it about China that makes it so unique as to warrant the special treatment? What distinguishes it from every other country potentially in the world in this regard? And what are those criteria that might, someday down the road have another country elevated to the status or perhaps even see China fall out of it?

Paul Rosen: So the president identified in the executive order countries of concern. That was the term in the executive order, but the executive order also listed the People's Republic of China as currently the only country of concern. And the PRC has stated that the goals of its state-directed economic policies and military fusion strategy include achieving dominance in certain dual use and advanced technology sectors that will drive the development of the next generation of military intelligence capabilities. And so we've assessed that the current application would apply to the PRC, but again, the executive order talks about countries of concern, and right now China is the country on the list that the president determined it should apply to.

Scott Anderson: In terms of the covered foreign person concept that kind of evolves out of the country of concern, what is the scope of that? Because beyond just Chinese companies, it's beyond just Chinese government, Chinese nationals, but encompasses a lot of other sorts of relationships about control, corporate structure. What are the big definitional lines there? What are you really worried about with the much broader scope of who a covered person of concern is?

Paul Rosen: So we were trying to put together a program that was targeted and focused on the national security goals as outlined in the executive order and beyond. And in doing so, we also wanted to make sure that we weren't missing obvious evasion or obvious spillover. We didn't want to be too over inclusive, but we didn't want to be too under inclusive.

And so when you think about the various scenarios, for example, a country of concern having a company with a parent that is majority owned by a, let's say, European company, for example, we have to think about these scenarios to make sure that there's not obvious evasion or there's not obvious loopholes.

And the way we have tried to structure this, for example, through our knowingly directed proposal, is to get at U.S. persons because this applies to U.S. persons who may have the ability to direct or may have the ability to oversee a subsidiary that may be engaged in this activity and trying to get at some of that spillover activity, again, in a narrow and targeted way focused on our national security. And I think, I'm sure we'll talk about partners and allies, but working with our partners and allies on this effort has been very important. And it's something that Secretary Yellen is very committed to making sure we continue to do as we stand up this program.

Brandon Van Grack: So we talked a little bit about, or you mentioned that it's very industry specific and the three that are covered are semiconductors and microelectronics, quantum computing, and artificial intelligence. And again, as a threshold question, why those three industries? Why are those the inaugural industries that are targeted by this rule?

Paul Rosen: When we think about the advancement of military technology and capabilities, when we think about the development of advanced intelligence and surveillance capabilities, and when we think about the next generation of cyber capabilities, these are the core components that go into the development of those next generation technologies that if developed and used by our adversaries against us would pose a serious national security concern.

Brandon Van Grack: One of the things you mentioned is again, this notification piece and part of this is collecting information and that will help inform where the lines are that we draw. And so right now we have these three industries and as you said, it's based in perceived concern in terms of military development and cyber security. How often do you perceive the U.S. government re-evaluating these industries and these lines considering that it's not static? The sort of, the definition, I know it's a broad-based interest, is one that will constantly be shifting.

Paul Rosen: Yeah, I expect there will be regular updates and those are, in fact, required that we will work with our partner agencies on as we collect information, both through the notification and prohibition scheme, making recommendations to the president and reviewing the information that we're collecting to make sure that we are getting at the goals and national security issues that the president set forth.

Scott Anderson: So, so far we've been discussing the regime that leads to provide you the information you need to make an assessment that somebody might have violated this. Let's say you find someone who violates this. It looks like you've got a lot of flexibility, a pretty broad toolkit, in terms of sanctions you can impose on somebody who has found to knowingly cross the line. Talk to us about that menu of options. What are the array of sanctions available, and how do you expect to weigh between the different options and applying them? What are the variables that might weigh a criminal sanction versus a civil sanction, for example?

Paul Rosen: Yeah, so as you point out, we've got a range of tools that we can implement under the law known as IEEPA which the program is implemented under, up to and including divestment, but also civil penalties, referral to the Department of Justice if there's a concern about a criminal violation.

And so I think as we have been evolving our enforcement program on the CFIUS side, I think similarly we will develop and evolve an enforcement program with the Outbound Investment Security Program, and I fully expect there to be guidance and a degree of transparency about how we are going to do that as the program develops.

Brandon Van Grack: And for our listeners, IEEPA is the International Emergency Economic Powers Act, I, E, E, P, A.

Paul Rosen: Thank you. I see you looking that up on your phone right now.

Scott Anderson: A lot of Lawfare Podcast listeners will know that for better or for worse. I don't know what that says about our audience.

One follow up on one part of this, a big part, a big sanction here that strikes me as a more complicated option is mandatory divestment. The idea that you have to unwind these. That's a big part of the toolkit in the CFIUS context, but of course there we're talking about foreign investments in the United States, an area where the United States has a lot more regulatory authority, ability to supervise, monitor. How do you expect to oversee mandatory divestment? Do you have a sense about how exactly that's going to look, if that's something you compel, and how that's going to be implemented? What sort of regulatory role and oversight are you going to have? Or is that something that's still on the table being developed?

Paul Rosen: We don't even have the rules out yet, so we can start with level set on that, but what we will be focused on is developing an enforcement program that incentivizes compliance but also put serious enforcement options on the table for noncompliance, depending on the facts and circumstances of each of each case. Obviously, divestment is a significant remedy. And what we would be talking about is, again, U.S. persons investments being divested. And I think we'll just have to wait to see how that plays out. But I think those are the factors that we'd be thinking about.

Brandon Van Grack: So one of the items you raised earlier was cooperation from our partners abroad. And wondering if you can spend a little bit of time talking about what does that look like. And I might ask, like right now, our questions are on the outbound piece, but I'd also put that in with the inbound, I think in terms of both investment out of the United States but also into the United States, it's still related to some of the same concerns, which is about as you said, I think at the top of the podcast, not wanting to stifle investment in the financial markets, but understanding there are challenges when we're adopting regulations that aren't necessarily reflected in other countries.

Paul Rosen: Yeah, this administration has put a premium on engagement with partners and allies across the spectrum, and Treasury and CFIUS and Outbound is no exception to that. And the reason is, for example, whether it's in the CFIUS context or the Outbound context, the more that we can do together with our partners and allies, the stronger our collective national security, sort of a fundamental premise. And we need to engage for that. And so as a result, I've been engaging with our partners and allies. My team has been engaging with our partners and allies. Secretary Yellen has been engaging with our partners and allies. And the reason is to talk to them and educate them on what we're doing and why we're doing it and why we think it's important for them to consider the same concerns that we are considering.

And we're making progress. We've had really positive engagements with the European Commission that has stood up a process. There's been engagement with the U.K. that is thinking hard about this issue, and others. And one of the points of discussion in our proposed rule centers around this idea that some of the aspects of the outbound regulation may have extraterritorial aspects.

That is to say, they're directed at U.S. persons, but you may have U.S. persons living in an allied country, for example. And how does that impact and should we have, should our allies and partners cover that kind of conduct? And one of the things that's proposed in the draft rule is curtailing some of our regulatory authority over some of these extraterritorial aspects of the program if one of these partners and allies has their own way to cover that kind of conduct. And so we'll see what the final rule has in that regard, but that all dovetails into the importance of just direct engagement and conversations with our closest allies and partners, which we're doing on the outbound front.

Brandon Van Grack: They're all manner of examples of, and I think a lot of them post-date the Russian invasion, of the international community and the United States having greater alignment in terms of some of their regulations and controls, exactly as you first talked about. I'm wondering, with respect to this program in particular, is the feedback positive?

Is this something where, is this more educational or do you get the impression that, in fact, some of these other governments are in fact, interested in adopting a similar regime?

Paul Rosen: I think we're making a lot of progress, but it's important to keep in mind that every country and their economies and their manufacturing base and their investment base are different. They are subject to their own laws and regulations. They've got their own investment community, they're focused on sometimes similar technology, sometimes different technologies. And so the point is like every ally and partner is going to have to look at this through their own lens and determine do I have a concern here I need to mitigate?

But also, similarly determine as we tighten up on the outbound investment, what does that mean for other avenues of investment? And does it mean that there will be more investment from certain partner and allied countries into, countries of concern like the PRC? And so it's been an evolving conversation. It's been an important one, and I think one that will continue.

Scott Anderson: So thus far, we've been talking about a lot of rules that are in process being drafted. We know we started talking about this issue more than a year ago the last time we were on the podcast. Then it was a glint in the president's eye. Then we got an executive order. Now we have rules being drafted. When do we actually expect these things to be finalized? And I guess more importantly for, the people who might be subject to them, when will the obligations they impose actually begin to be enforced? Is there an adaptation period expected? How big of an on ramp is there going to be? And I guess what can these individuals start doing now to prepare for the obligations that they're presumably going to have to face, whether a few weeks, a few months, a few years down the road?

Paul Rosen: So in terms of a date, I'll give you the same answer I gave Brandon last year when he asked when the executive order would come out, which was a non answer.

Look, it's fair to say that we have done a lot of work over the last year. We have issued an advance notice of proposed rulemaking with dozens and dozens of questions. We have issued a draft rule and received a whole host of comments. And now, we're in the process of digesting those comments and finalizing the rule, which we're going to do as quickly as possible.

When the rule is finalized it will come into effect and we'll start implementing the program. And so what I think investors should and are already thinking about is how are they going to comply? How are they going to think about these investments? What should they be doing and preparing to do from a due diligence perspective? That's what I expect will happen.

Brandon Van Grack: It sounds Paul, you just invited yourself back on the podcast at some point in the future and we welcome that. Maybe to pivot in part because of although, obviously, when we're talking about a new regime, there's a lot to digest and a lot to process. But your office has been active as well, not just on the outbound piece, but on the regulations and enforcement of inbound regulations. And in the last couple weeks, there's been some sort of announcements from your office with respect to some of that, the CFIUS, the inbound program.

In particular, I wanted to see if you could talk about the announcement that you all have taken six enforcement actions over the last year and a half with respect to the rules on inbound investment. And it's important to compare that with the first 50 years of your office, where there were only two such actions. And if you could talk a little bit, not just about those actions, but why are we seeing such a ramp up of enforcement in the last, just a year and a half?

Paul Rosen: So Brandon, I think that last time I was on the podcast, we talked about the role of CFIUS in protecting national security. And as a fundamental matter, if you subscribe to the view that CFIUS is responsible for reviewing certain foreign investments in the United States for national security risks, and if CFIUS is going to okay those investments, or certain of those investments, but let's say with conditions in a so called national security agreement, we need those conditions to be adhered to, for example. Or if the laws and regulations require, in certain instances, a mandatory filing like in some cases for investment in U.S. businesses involved in advanced critical technologies, and they don't file with us, those are things that we must take seriously to protect our national security.

And so what we have been doing under Secretary Yellen's leadership is making sure that we are holding companies accountable for the promises and obligations that they undertake, as well as the laws and regulations that they adhere to. So what does that mean?

That means over the last several years, we have been ramping up our resources. We've been hiring more people. We've been hiring folks with specific backgrounds to, to investigate, to conduct site visits to companies, for example, and to make sure they're abiding by the obligations that they set forth. And when they don't, we're going to look at the suite of enforcement resources that we have at our disposal, and that's exactly what we've been doing.

Brandon Van Grack: So this is the new normal?

Paul Rosen: Yeah. It's here to stay in terms of we're focused on appropriately resourcing and focusing on the issues associated with protecting national security, deterrence, and accountability.

Brandon Van Grack: Is there anything to glean from those recent enforcement actions in terms of the type of violation or the industry, sort of anything in terms of trends or anything that you would simply highlight for those folks who are focused on this particular area of concern?

Paul Rosen: There are a couple areas that are important to focus on. One is, we try to lean forward in describing, for example, aggravating and mitigating factors to provide a degree of transparency and clarity to companies about the things, the way we consider certain facts and factors in our analysis. The other is you see from our recent updates that there are a range of penalties from $100,000 to $60 million. And that's because we truly do take into account the facts and circumstances of particular transactions and truly do weigh the aggravating and mitigating factors as we put out back in 2022 in our first ever enforcement and penalty guidelines.

And that's important because, for a number of reasons, but it's important because foreign direct investment is a core aspect of what CFIUS is responsible for encouraging. We want to make sure that we are using a scalpel, that we are attracting foreign investment, but we're doing so in a way that doesn't impact our national security. And that's why I think you see such a detailed and focused approach to our enforcement actions.

Scott Anderson: While we're talking CFIUS, you all haven't just been busy on the enforcement front. There's also been a number of new regulatory moves that have come forward regarding real estate transactions, regarding the scope of CFIUS in a lot of ways. Talk to us a little bit about that as well, because the regime that has gone under a lot of evolution in the last 10 years, last five years really, and this is another kind of significant step in that regard. Talk to us about the way the regime is changing and what's driving that.

Paul Rosen: Yeah, Scott, we've also been really focused on issues around efficiency and operation of CFIUS and CFIUS reviews and how do we make sure we're being both efficient but also making sure we are, have the tools that we need in regulation or otherwise to best protect national security. So as part of that, we have done a lot of work in the regulation space over the last year and a half as well.

For example, we have proposed a draft rule to update the regulations that were a result of a 2018 law that gave us some additional authority. For example, we have enhanced some of our, or proposed to enhance, some of our enforcement authorities by, for example, raising the cap on certain enforcement actions from a fine perspective when we, CFIUS receives a material omission or misstatement from a party, for example. So we are honing these tools. In another context, we have added to our jurisdiction when it comes to real estate. So taking a step back, Congress recently back in 2018 gave us jurisdiction to review certain real estate transactions in close proximity to sensitive facilities.

And as part of that, CFIUS has developed a list-based approach to say, if there's a real estate transaction in certain proximity to this sensitive facility, then we will review it, even if it's just a land transaction, which ordinarily CFIUS doesn't look at. And that's been really important because as we've worked with our partners at the Department of Defense, we have been updating the lists of facilities around which we want to make sure that certain land purchases won't pose a risk to national security. So those are two examples where we're continuing to drive forward to make sure we have the sharpest tools and sharpest authorities to do our job.

Brandon Van Grack: This, I'm going to call it real estate expansion, the expansion of jurisdiction on, in terms of what's covered with respect to real estate. It was a noticeable increase. I think something like, 30 percent, 30 percent more sort of locations were included on the list, as you just said. And I'm wondering if you can talk about what is driving that? You mentioned legislation, but part of this is, was there a concern that CFIUS were not seeing enough filings on this, or was it that the list did not fully cover the full extent of locations that would potentially create sort of a national security concern?

Paul Rosen: Brandon, I think it's due to an active and concerted effort to make sure that we do have the sharpest tools available. So in 2023, we added eight facilities to the list. And you're right, in 2024, recently, we proposed to add many more. And the reason is we've been working with our partners at the Department of Defense to make sure that we are continually assessing and reassessing where we need to have that jurisdiction. So what I would say is it's more about a concerted effort to make sure we are as sharp as we can and should be, and it's something that we're going to continue to do in the future.

Scott Anderson: Well unfortunately, that is all the time we have together today to discuss this very complex set of issues. We are thrilled to have you back with us, Paul. Thank you for joining us again here today on the Lawfare Podcast.

Paul Rosen: Scott, Brandon, thanks for having me.

Scott Anderson: The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get ad free versions of this and other Lawfare podcasts by becoming a Lawfare material supporter through our website at lawfaremedia.org/support. You'll also get access to special events and other content available only to our supporters.

Please rate and review us wherever you get your podcasts. Look out for our other podcasts, including Rational Security, Chatter, Allies, and the Aftermath, our latest Lawfare Presents podcast series on the government's response to January 6th. Also be sure to check out our written work at lawfaremedia.org.

This podcast is edited by Jen Patja, and your audio engineer this episode was Cara Shillenn of GoatRodeo. Our theme song is from Alibi Music. As always, thank you for listening.


Scott R. Anderson is a fellow in Governance Studies at the Brookings Institution and a Senior Fellow in the National Security Law Program at Columbia Law School. He previously served as an Attorney-Adviser in the Office of the Legal Adviser at the U.S. Department of State and as the legal advisor for the U.S. Embassy in Baghdad, Iraq.
Brandon L. Van Grack is a partner and co-chair of the National Security and Crisis Management practices at Morrison & Foerster LLP. He is a former senior national security official at the U.S. Department of Justice, where he served as Chief of the Foreign Agents Registration Act (FARA) Unit, Senior Assistant Special Counsel to Special Counsel Robert S. Mueller III, Counsel to the Assistant Attorney General for the National Security Division, Trial Attorney in the Counterintelligence & Export Control Section, and as a prosecutor in the U.S. Attorney’s Office for the Eastern District of Virginia.
Paul Rosen serves as the Assistant Treasury Secretary for Investment Security. His office oversees the Committee on Foreign Investment in the United States (CFIUS) process.
Jen Patja is the editor and producer of the Lawfare Podcast and Rational Security. She currently serves as the Co-Executive Director of Virginia Civics, a nonprofit organization that empowers the next generation of leaders in Virginia by promoting constitutional literacy, critical thinking, and civic engagement. She is the former Deputy Director of the Robert H. Smith Center for the Constitution at James Madison's Montpelier and has been a freelance editor for over 20 years.

Subscribe to Lawfare