CFIUS compliance and independent monitoring

A growing priority for national security and other critical US interests

The United States continues to be an appealing market for foreign direct investment (FDI) inflows.¹ Yet a significant risk landscape exists with FDI: foreign individuals and organizations who attempt to exploit ownership in US companies by misappropriating sensitive data and information in ways that might be detrimental to US national security.

For this reason, the Committee on Foreign Investment in the United States (CFIUS) has significantly increased the scope and frequency of its reviews of mergers and acquisitions and other inbound investment activity to determine the potential for national security implications and impacts on other critical US interests. Such reviews frequently result in the negotiation of “National Security Agreements” (NSAs), which allow the FDI transaction to proceed only in accordance with CFIUS-mandated terms and conditions designed to protect the interests of the United States. And with new legislation, it’s never been more crucial for organizations involved in any FDI to be aware of new CFIUS regulations.

Back to top

Our CFIUS consulting: How Deloitte can help

We are a leader in government and compliance monitoring services, and we offer specific CFIUS monitoring, NSA compliance assessments, independent third-party auditing, and consulting knowledge and experience.

We help our clients achieve timely and effective CFIUS compliance with detailed, complex, and multifaceted requirements that CFIUS NSAs typically entail. By integrating a range of disciplines from across the Deloitte network, we can assist in various ways:

• Serving as an NSA-mandated independent security monitor
• Assessing NSA compliance as an independent compliance auditor
• Supporting corporate IT departments in developing the types of internal controls and security measures (controls catalog) required under a CFIUS NSA
• Assessing existing CFIUS compliance programs, controls, and systems
• Enhancing programs, controls, and systems in alignment with CFIUS requirements
• Establishing monitoring, auditing, and testing programs for transparency to safeguard the company’s intellectual property, trade secrets, and reputation
• Establishing robust incident management and internal investigation procedures for potential NSA breaches, designed to engender government and public trust

Back to top

A fresh approach

For situations where we are not serving as the security monitor, we incorporate centralized, ongoing engagement and quality management throughout the phases of our CFIUS services, working with our clients to develop an approach that is:

• Proactive. Identifying objectives and achievement factors up-front to guide CFIUS compliance activities.
• Accelerated. Augmenting the company’s efforts to comply with the requirements with an objective, external perspective, beginning with easily customized compliance frameworks.
• Strategic. Emphasizing services that not only consider CFIUS requirements, but also seek opportunities to leverage existing internal control processes and procedures for related business improvements and incremental process efficiencies.

Back to top

The Deloitte difference

Our mission is to help make the world more trustworthy, resilient, and secure. Our CFIUS consulting is set apart by:

• Extensive experience assisting companies in translating CFIUS NSA requirements into practical plans: We assemble multidisciplinary teams of regulatory, compliance, and controls specialists who understand the importance and significance of the broad scope of CFIUS compliance standards.
• Technical experience in testing high-risk areas such as legal and regulatory compliance regarding third-party relations, audit reports, and service agreements: We place heavy emphasis on practices, policies, and processes for monitoring the controls that can lead to implementation and operating effectiveness.
• Compliance strategy for testing key information security and governance controls regarding data management, data ownership, and cybersecurity: We bring familiarity with recent developments in keeping intellectual property and source code secure and protected.
• Cross-industry insights from our extensive post-merger integration work: We support our clients in a variety of industries within the United States and internationally.
• Boots on the ground and rapid response capabilities to help address time-sensitive requirements and assist in virtually any location around the world.
• Trusted adviser status, working with our clients to identify opportunities to enhance business controls and processes to maintain compliance with CFIUS-mandated NSA requirements.

Back to top