National Security Review (CFIUS)
What Is a National Security Review? The CFIUS Shield
A National Security Review is a formal regulatory process, primarily conducted by the Committee on Foreign Investment in the United States (CFIUS), to evaluate whether a foreign investment in a domestic business poses a threat to national security.
A National Security Review is a formal, high-stakes regulatory process used by the U.S. government (and increasingly by other developed nations) to meticulously scrutinize incoming foreign direct investment (FDI). While the United States has historically maintained an "open investment" policy to attract global capital, it reserves the absolute legal right to block any transaction that could potentially harm its national security or strategic interests. The primary body responsible for conducting this intense review is the Committee on Foreign Investment in the United States (CFIUS). CFIUS is a powerful interagency committee that brings together the heads of the nation's most critical departments, including the Treasury, Defense, State, Justice, Energy, Commerce, and Homeland Security. Their specialized mandate is to identify and mitigate any national security risks that might arise from "covered transactions"—which typically include mergers, acquisitions, takeovers, or even minority investments by foreign persons in sensitive domestic businesses. In recent decades, the functional definition of "national security" has expanded far beyond traditional defense contractors and weapons manufacturers. In the modern era, a National Security Review might target a Chinese technology firm attempting to buy a popular social media app (due to data privacy and influence concerns), a European logistics giant acquiring a major U.S. port terminal (infrastructure security), or a Middle Eastern sovereign wealth fund investing in a nascent AI startup (critical emerging technology). The ultimate goal is to ensure that foreign adversaries or competitors do not gain control over assets, data, or technologies that are vital to the long-term resilience of the U.S. economy or its military superiority.
Key Takeaways
- The review is conducted by an interagency committee chaired by the Secretary of the Treasury.
- It can result in the blocking, unwinding, or modification of a transaction (M&A deal).
- The scope was significantly expanded by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).
- Reviews cover critical technology, critical infrastructure, and sensitive personal data (TID businesses).
- Mitigation agreements are often used to clear a deal by imposing specific security conditions.
The CFIUS Process: A Rigorous Step-by-Step Investigation
The CFIUS review process is designed to be exceptionally rigorous, highly confidential, and strictly time-sensitive, creating a challenging environment for dealmakers. The process typically proceeds through several well-defined stages: 1. Initial Filing and Declaration: The parties involved in a cross-border transaction submit a formal notice to CFIUS. This can be a "Joint Voluntary Notice" or, in specific high-risk cases involving critical technology or investments by foreign governments, a "Mandatory Declaration." 2. Assessment and Review Period (45 Days): During this first phase, CFIUS staff and member agencies review the filing to determine if the transaction is legally a "covered transaction" and if it presents any immediate national security threats. Many routine deals are cleared at the conclusion of this stage. 3. Full Investigation Period (Additional 45 Days): If the committee identifies potential risks that cannot be quickly understood or resolved, it initiates a full-scale investigation. This is standard for complex deals involving sensitive sectors like semiconductors, aerospace, or large-scale personal data. 4. Presidential Decision Window (15 Days): If CFIUS concludes that a deal's risks cannot be mitigated through an agreement, it may recommend that the President formally block the transaction. The President of the United States holds the final, unappealable authority to suspend or prohibit the deal. Throughout this high-pressure process, parties will often withdraw their notice and immediately re-file it. This tactic is used to "restart the clock" and provide CFIUS with more time to negotiate a solution, as both the buyer and seller usually seek to avoid the reputational and financial damage of a formal Presidential rejection.
Mitigation Agreements
Rather than blocking a deal outright, CFIUS often negotiates a "National Security Agreement" or mitigation agreement. This is a contract between the companies and the U.S. government that imposes specific conditions to alleviate security concerns. Common mitigation measures include: * Governance: Requiring that certain board members be U.S. citizens approved by the government. * Operational Control: restricting the foreign owner's access to sensitive data or technology. * Supply Assurance: Guaranteeing supply of critical products to the U.S. government. * Audits: Subjecting the company to regular third-party compliance audits. If the parties agree to these terms, CFIUS clears the deal. However, violating a mitigation agreement can lead to severe penalties or the forced divestiture of the business later.
Real-World Example: Grindr Divestiture
In 2016, Beijing Kunlun Tech Co., a Chinese gaming company, acquired a majority stake in Grindr, a popular dating app. At the time, they did not file for a CFIUS review. The Concern: Years later, CFIUS identified a national security risk. The concern was not military, but data privacy. Grindr collects sensitive personal information—including location data, messages, and HIV status—on millions of users, potentially including U.S. government and military personnel. CFIUS feared this data could be used for blackmail or intelligence gathering. The Outcome: In 2019, CFIUS ordered Kunlun to sell Grindr. Because the deal had already closed, this was a "forced divestiture." Kunlun eventually sold Grindr to a group of investors ("San Vicente Acquisition") for approximately $608 million in 2020. This case highlighted that CFIUS can reach back into closed deals and that personal data is a critical national security asset.
Important Considerations for Arbitrage Traders
For merger arbitrage traders, the National Security Review is a critical risk factor. When a deal is announced, the stock of the target company usually trades below the offer price (the "spread"). If the deal involves a foreign buyer, the spread often reflects the market's assessment of CFIUS risk. Break Fees: To compensate the target for this risk, foreign buyers often agree to a "reverse termination fee" or "break fee." If CFIUS blocks the deal, the buyer must pay the target a significant sum (often 3-6% of the deal value). Jurisdiction Creep: Under FIRRMA, CFIUS now reviews real estate transactions near sensitive facilities (like ports or military bases). A seemingly harmless real estate deal can be blocked if it falls within the "proximity" rules.
Team Telecom
A related process involves the "Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector," informally known as "Team Telecom." When a foreign entity seeks an FCC license (e.g., to operate a subsea cable or a satellite network), the FCC refers the application to Team Telecom (comprising DOJ, DOD, and DHS) for national security review. This process runs parallel to, but is distinct from, CFIUS. It specifically targets the integrity of the U.S. communications grid.
Key Legislation: FIRRMA
The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) significantly strengthened CFIUS.
- Expanded Jurisdiction: Added non-controlling investments in critical tech, infrastructure, and data (TID) businesses.
- Real Estate: Added authority to review real estate transactions near sensitive government sites.
- Mandatory Filings: Created a requirement to file declarations for certain state-owned investors.
- Filing Fees: Allowed CFIUS to collect filing fees (up to $300,000) to fund its operations.
FAQs
Historically, filings were voluntary. However, FIRRMA introduced mandatory declarations for certain transactions involving "critical technology" or where a foreign government has a "substantial interest" in the foreign acquirer. Failure to file in these cases can result in penalties up to the value of the transaction.
Technically, CFIUS makes a recommendation to the President. The President acts as the final decision-maker on whether to suspend or prohibit a transaction. In practice, most parties abandon the deal if CFIUS indicates it will recommend a block, so few cases actually reach the President's desk for a formal order.
Yes. Following FIRRMA, CFIUS has specific jurisdiction over the purchase or lease of real estate that is in close proximity (often within 1 mile, sometimes up to 100 miles) to sensitive U.S. government facilities, ports, or airports, even if no business is being acquired.
TID stands for Technology, Infrastructure, and Data. It refers to U.S. businesses that produce "critical technologies," perform functions related to "critical infrastructure," or maintain "sensitive personal data" of U.S. citizens. Investments in TID businesses attract the highest level of CFIUS scrutiny.
If you don't file a voluntary notice, CFIUS retains the power to review the transaction indefinitely—even years after it has closed. If they later find a national security risk, they can order a divestiture (forced sale). This creates a "tail risk" that never goes away until the deal is cleared.
The Bottom Line
A National Security Review is the ultimate and most powerful veto in the world of cross-border dealmaking and global capital flows. Primarily led by the opaque but formidable CFIUS, this process ensures that the rapid pace of foreign investment does not inadvertently compromise the technological edge or physical safety of the United States. For corporate executives and global investors, it represents a major and often unpredictable regulatory hurdle that has the potential to significantly delay, fundamentally modify, or even completely kill a multi-billion dollar transaction. In an era of heightened and evolving geopolitical competition, the functional definition of "national security" continues to expand into data and infrastructure, making the CFIUS review a central and non-negotiable component of legal due diligence for any global merger or acquisition. In this high-stakes environment, ignoring the possibility of a national security review can be a costly and catastrophic mistake for any global firm.
More in Legal & Contracts
At a Glance
Key Takeaways
- The review is conducted by an interagency committee chaired by the Secretary of the Treasury.
- It can result in the blocking, unwinding, or modification of a transaction (M&A deal).
- The scope was significantly expanded by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).
- Reviews cover critical technology, critical infrastructure, and sensitive personal data (TID businesses).
Congressional Trades Beat the Market
Members of Congress outperformed the S&P 500 by up to 6x in 2024. See their trades before the market reacts.
2024 Performance Snapshot
Top 2024 Performers
Cumulative Returns (YTD 2024)
Closed signals from the last 30 days that members have profited from. Updated daily with real performance.
Top Closed Signals · Last 30 Days
BB RSI ATR Strategy
$118.50 → $131.20 · Held: 2 days
BB RSI ATR Strategy
$232.80 → $251.15 · Held: 3 days
BB RSI ATR Strategy
$265.20 → $283.40 · Held: 2 days
BB RSI ATR Strategy
$590.10 → $625.50 · Held: 1 day
BB RSI ATR Strategy
$198.30 → $208.50 · Held: 4 days
BB RSI ATR Strategy
$172.40 → $180.60 · Held: 3 days
Hold time is how long the position was open before closing in profit.
See What Wall Street Is Buying
Track what 6,000+ institutional filers are buying and selling across $65T+ in holdings.
Where Smart Money Is Flowing
Top stocks by net capital inflow · Q3 2025
Institutional Capital Flows
Net accumulation vs distribution · Q3 2025