CFIUS Increases Transparency with Release of Enforcement and Penalty Guidelines

October 21, 2022

Click for PDF

On October 20, 2022, the U.S. Department of the Treasury (“Treasury”), as chair of the Committee on Foreign Investment in the United States (“CFIUS” or “Committee”), released the first-ever CFIUS Enforcement and Penalty Guidelines (the “Guidelines”).[1]  As the Guidelines pointedly emphasize, CFIUS is tasked with balancing its mandate of identifying and mitigating national security implications of foreign investments with upholding U.S. openness to foreign investment.[2]  As we discuss below, the Guidelines provide insight into how CFIUS will assess whether (and in what amount) to impose a penalty or undertake other enforcement action against a violating party, and also provide a non-exhaustive list of aggravating and mitigating factors that CFIUS will consider.

Importantly, the new Guidelines do not appear connected to any specific changes in statutory authority, nor do they expressly create new authorities for the Committee.  They also do not appear to be connected with any reported increase in enforcement actions, as CFIUS reported in its most recent Annual Report that it did not assess or impose penalties or initiate a unilateral review of a transaction in 2021.[3]  The CFIUS Monitoring and Enforcement website lists only two penalties imposed pursuant to Section 721: one in 2018 and one in 2019.  Yet, these Guidelines have also been released as CFIUS has publicly announced efforts to increase its staffing, particularly to support monitoring and enforcement activities.[4]  The Guidelines also include CFIUS’s first formal statement with respect to the treatment of voluntary self-disclosures.

Accordingly, the release of the Guidelines appears to be an effort to increase transparency of a committee long-viewed as secretive—and also may signal increased use by the Committee of its enforcement and penalty authorities.  The issuance of the Guidelines is therefore noteworthy in several respects:

  • Their issuance is another in a series of signals from the U.S. government of its intense focus on protecting national security interests, inclusive of U.S. technological leadership;
  • The Guidelines provide a more transparent, public roadmap for how violations will be assessed and processed; and
  • The Guidelines establish a voluntary self-disclosure mechanism for violations that has parallels with other agencies, though stops short of offering specific incentives for such disclosures.

The Guidelines are divided into four key areas: (i) clarifications of what constitutes a violation, (ii) how the Committee obtains information to investigate a potential violation, (iii) the penalty process itself, and (iv) aggravating and mitigating factors.  We discuss each in turn below:

1. Three Categories of Conduct That May Constitute a Violation:

The Guidelines identify three specific types of conduct that may be considered a violation subject to enforcement and penalty.  Note that the Guidelines specifically state that not all violations will result in a penalty or other remedy, as CFIUS will exercise discretion based on certain aggravating and mitigating factors, as discussed below in section (4).

  1. Failure to submit a mandatory declaration or notice in a timely manner;
  2. Failure to comply with CFIUS mitigation requirements when such mitigation has been imposed; and
  3. Material misstatements, omissions, or false/materially incomplete certifications made at any point in the CFIUS process.

2. Sources of Information Concerning Potential Violations:

The Guidelines provide transparency about how the Committee obtains information on potential violations.  It has been long understood that CFIUS has access to a range of tools available within the U.S. government to identify covered transactions.  In addition, CFIUS is actively searching publicly available and third party information to identify non-notified transactions that may be subject to its review.  The Guidelines highlight in particular information that may come from parties to a transaction themselves, whether voluntarily or involuntarily, including information regarding failure to comply with a mitigation agreement, condition or order:

  1. Requests for Information: CFIUS may request information from relevant parties, and such parties may earn mitigation credit by cooperating with information requests and may also provide exculpatory evidence.
  2. Self-Disclosures: The Guidelines provide the first formal discussion by CFIUS of voluntary self-disclosures to the Committee. Similar to self-disclosure policies published by the U.S. Department of Justice, the Office of Foreign Assets Control, the Directorate of Defense Trade Controls and the Bureau of Industry and Security, the Committee encourages timely self-disclosure of potential violations and has indicated that it will consider such voluntary disclosures as one among several factors when it is determining its enforcement response to an alleged violation. Notably, CFIUS has not in these Guidelines indicated that a self-disclosure will necessarily warrant any automatic deduction in the amount of a proposed penalty nor will self-disclosure necessarily result in a presumption applied by the Committee against imposition of a monetary or other more severe form of penalty.
  3. Tips: CFIUS solicits tips from the general public—whether in connection with a transaction currently under review, a non-notified transaction, or a mitigation agreement—and provides email and phone contacts on its website for reporting directly to the Committee.
  4. Subpoena Authority: The Guidelines draw attention to the Committee’s statutory authority to issue subpoenas to persons who may have information or records relevant to the administration or enforcement of the Committee’s regulations.

3. Penalty Process:

The Guidelines set forth the basic procedural process that will govern a potential enforcement or penalty action. In short, the Committee will send the subject person a notice of penalty, which includes (i) the conduct to be penalized, (ii) the amount of the monetary penalty to be imposed, (iii) the legal basis for concluding the conduct constitutes a violation, and (iv) any aggravating and mitigating factors the Committee considered. The subject person can, within 15 days of receiving the notice of penalty (which may be extended upon a showing of good cause), submit a petition for reconsideration to the CFIUS Staff Chairperson. The subject person can include any defense, justification, mitigating factors, or explanation within the petition. If the petition is timely received by CFIUS, within 15 days of receipt (which may be extended), CFIUS will take such petition into account before issuing a final penalty determination. However, if no petition is timely received, CFIUS will generally issue a final penalty determination in the form of a notice to the subject person. These procedures are also set forth in the Committee’s regulations at 31 CFR Part 800 and Part 802.  Pursuant to §800.901, CFIUS has the authority to issue civil penalties up to $250,000 per violation for material misstatements, omissions, or false certifications.  Failure to comply with mandatory declaration requirements or violations of a material provision of a mitigation agreement may result in a civil penalty not to exceed $250,000 or the value of the transaction, whichever is greater.

4. Aggravating and Mitigating Factors:

The Guidelines provide the first public statement by CFIUS of the factors it will consider when determining the appropriate response to an alleged violation. In essence, CFIUS will adopt a fact-based approach in which it weighs all relevant aggravating and mitigating factors in the context of specific conduct giving rise to a potential violation. The list of factors provided in the Guidelines is not exhaustive.  Further, the list of factors are not presented in order of priority.  Nonetheless, the factors will be generally familiar to anyone who has assessed the corporate enforcement factors published by DOJ, OFAC, DDTC, or BIS.

  • Accountability and future compliance: The impact of the enforcement action on protecting national security and ensuring subject persons are held accountable for their conduct and incentivized to ensure compliance.
  • Harm: The extent to which the conduct impaired, or threatened to impair, U.S. national security.
  • Negligence, awareness and intent: The extent to which the conduct was the result of simple or gross negligence, intentional action, or willfulness, as well as any efforts to conceal or delay the sharing of relevant information with CFIUS, or the involvement of senior personnel.
  • Persistence and timing: The length of time that elapsed after the subject person became aware, or had reason to become aware, of the conduct and before CFIUS became aware of the conduct and/or its remediation, as well as the frequency and duration of the conduct.
  • Response and remediation: Whether the subject person submitted a self-disclosure (including the timeliness, nature and scope of information within the self-disclosure), the subject person’s cooperation during the investigation, the promptness of complete and appropriate remediation, and whether the company undertook an analysis of the root cause, extent, and consequences of the alleged violative conduct to prevent any reoccurrence.
  • Sophistication and record of compliance: The subject person’s history and familiarity with CFIUS (including past compliance with CFIUS mitigation), the adequacy of internal and external resources dedicating to complying with relevant legal obligations, the existence of relevant policies and procedures, the consistency of implementation, the company’s culture of compliance, and other related factors.


The Guidelines contribute to the U.S. government’s increasing scrutiny of transactions that involve foreign investments in U.S. companies or operations with a potential impact on national security.  The Guidelines provide additional transparency with respect to how CFIUS will determine its response to potential violations of CFIUS’s regulations.  While the Guidelines are non-binding and do not expand or narrow CFIUS’s authorities, they may signal an intent to enhance enforcement efforts, particularly with respect to failure to submit a mandatory notification or failure to comply with mitigation agreements, conditions, or orders designed to address national security concerns.


[1] CFIUS Enforcement and Penalty Guidelines (October 20, 2022),

[2] This authority is granted to the Committee under Section 721 of the Defense Production Act of 1950, as amended (50 U.S.C. § 4565) (“Section 721”).

[3] CFIUS Annual Report to Congress, 44,

[4] See U.S. Department of the Treasury Press Release, Treasury Releases CFIUS Annual Report for 2021 (Aug. 02, 2022),

The following Gibson Dunn lawyers prepared this client alert: Stephenie Gosnell Handler, David Wolber, Christopher Timura, Samantha Sewall, and Felicia Chen.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following members and leaders of the firm’s International Trade practice group:

United States
Judith Alison Lee – Co-Chair, International Trade Practice, Washington, D.C. (+1 202-887-3591, [email protected])
Ronald Kirk – Co-Chair, International Trade Practice, Dallas (+1 214-698-3295, [email protected])
Adam M. Smith – Washington, D.C. (+1 202-887-3547, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, [email protected])
David P. Burns – Washington, D.C. (+1 202-887-3786, [email protected])
Nicola T. Hanna – Los Angeles (+1 213-229-7269, [email protected])
Marcellus A. McRae – Los Angeles (+1 213-229-7675, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202-955-8685, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, [email protected])
Annie Motto – Washington, D.C. (+1 212-351-3803, [email protected])
Chris R. Mullen – Washington, D.C. (+1 202-955-8250, [email protected])
Sarah L. Pongrace – New York (+1 212-351-3972, [email protected])
Samantha Sewall – Washington, D.C. (+1 202-887-3509, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202-955-8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202-887-3588, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202-955-8270, [email protected])

Kelly Austin – Hong Kong (+852 2214 3788, [email protected])
David A. Wolber – Hong Kong (+852 2214 3764, [email protected])
Fang Xue – Beijing (+86 10 6502 8687, [email protected])
Qi Yue – Beijing – (+86 10 6502 8534, [email protected])

Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Nicolas Autet – Paris (+33 1 56 43 13 00, [email protected])
Susy Bullock – London (+44 (0) 20 7071 4283, [email protected])
Patrick Doris – London (+44 (0) 207 071 4276, [email protected])
Sacha Harber-Kelly – London (+44 (0) 20 7071 4205, [email protected])
Penny Madden – London (+44 (0) 20 7071 4226, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Michael Walther – Munich (+49 89 189 33 180, [email protected])

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.