Initial press reports last November that the Committee on Foreign Investment in the United States (CFIUS) had commenced a review of ByteDance’s acquisition of Musical.ly, the service that was merged into ByteDance’s video-sharing site TikTok and helped fuel its expansion, were not particularly surprising to those familiar with CFIUS and its concerns. However, recent departures from established CFIUS processes in the TikTok matter are striking and concerning for persons engaging in cross-border transactions involving the United States, calling into question the scope, apolitical nature, confidentiality, and security focus of the CFIUS process.
CFIUS’s concerns regarding the protection of personal information of U.S. citizens stretch back to the Obama Administration, and while TikTok may not appear to be a particularly sensitive platform, it has had significant privacy issues in the past, including well-publicized security concerns, allegations of censorship, and an FTC fine for illegally collecting the personal information of children. It is not particularly surprising that these concerns would attract CFIUS review.
Nor is it shocking, though it is unusual, that the review is taking place long after ByteDance’s 2017 acquisition of Musical.ly. This case neatly illustrates one of the known risks of CFIUS review: while filing for review of an acquisition is voluntary, CFIUS remains free to conduct a review post-closing if no filing is made. Moreover, post-closing reviews are not limited to the facts as they existed at the time of the acquisition, as when China’s HNA Group was forced to divest a New York building housing the police precinct responsible for guarding Trump Tower (even though Mr. Trump had not been elected yet when the building was acquired). The rapid growth of Musical.ly/TikTok to be a larger, more prominent, and more scrutinized platform post-acquisition is the sort of risk that is inherent in a decision not to file, though in most cases CFIUS does not return to old transactions without a reason to do so and it may well be that the parties saw no great risk in 2017.
In recent days, however, the TikTok matter has taken a number of highly unusual turns.
First, the Trump Administration threatened to bar TikTok from the United States under the authority of the International Emergency Economic Powers Act, the primary U.S. sanctions statute. This threat, unprecedented as far as we are aware, presumably relied upon Executive Order 13873, which gives authority to bar the provision of information technology goods and services to the United States by persons that are “subject to the jurisdiction or direction of a foreign adversary” if the transaction “poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.” The reason for the threatened use of IEEPA was not articulated, but one possibility is that CFIUS only has authority to prevent the acquisition of assets in the United States (the “U.S. business”). It does not have jurisdiction over non-U.S. companies that simply sell goods or services into the United States. Musical.ly and ByteDance were both Chinese companies, and though it is not at all unusual for CFIUS to assert jurisdiction over the transfer of U.S. assets in a transaction between two foreign companies, it would not have jurisdiction to stop a Chinese business from selling services into the United States. The unprecedented invocation of IEEPA as part of a CFIUS review appears to be a threat to do just that. Moreover, historically when a transaction has been prohibited, the foreign acquiror is either prevented from buying the assets in the United States or forced to sell them to an acceptable buyer. Ordering the complete termination of the U.S. business, rather than ordering the acquired U.S. assets divested, would again appear to be unprecedented.
Second, multiple Administration officials, including Secretary of State Michael Pompeo, Secretary Steven Mnuchin, White House trade adviser Peter Navarro, and President Trump himself as well as a number of unnamed sources speaking to the media, have commented repeatedly and at length about the status of the ongoing CFIUS review and potential remedial measures. This is extremely unusual. Indeed, under CFIUS’s statute and regulations, information provided by the parties to a CFIUS review is confidential and may not be publicly disclosed. Even if the multiple ongoing leaks regarding the status of the review do not technically violate the statute, they are a serious departure from the practice of past administrations, which have generally refused comment on ongoing CFIUS reviews. These public statements across the Administration also give the impression that the Administration has chosen to politicize the CFIUS review. Even in prior controversial transactions, such as DP World’s 2006 acquisition of port operations of P&O or CNOOC’s 2005 bid for Unocal, it was actors outside the CFIUS process who drove the issue.
Third, and perhaps most strikingly, President Trump has stated that as a condition to any divestiture of TikTok, “[a] very substantial portion of that price is going to have to come into the treasury of the United States” rather than to the owner ByteDance, referring to the payment as “key money.” This is, again, utterly unprecedented, and it is unclear what the authority to demand such a payment is. While the CFIUS statute provides neither substantive standards nor judicial review for presidential actions deemed “appropriate to suspend or prohibit any covered transaction that threatens to impair the national security of the United States,” neither does it call for the consideration of anything other than national security concerns. This was a deliberate policy choice by Congress, which considered and rejected proposals to incorporate economic benefit and other considerations in CFIUS review as part of the recent comprehensive reform of the statute, reflecting the overwhelming consensus that CFIUS review should focus exclusively on national security issues. Requiring the value of the business to be paid to the U.S. Treasury may even raise takings issues under the Constitution—although the Administration may also have significant leverage to force the parties to “agree” to the measure.
From the perspective of the international dealmaker, these developments are disquieting. CFIUS has, for many years and across many administrations, been very careful in word and deed to position itself as a staff-led, largely apolitical, confidential process focused solely on national security threats to the United States rather than protectionism or politics. Although CFIUS’s conception of “national security” has always been broad and evolving—and there has been a broad policy consensus that an expansive view is appropriate—it has largely been successful in achieving that goal. However, to quote Warren Buffett: “It takes twenty years to build a reputation and five minutes to ruin it.” The TikTok matter threatens to stand as a prominent example of political interference and legal uncertainty surrounding the CFIUS process, and the long-term impact on cross-border transactions remains to be seen.