Member Search

Amid TikTok Tensions, CFIUS Signals Increased Enforcement and Other Updates

Published: 03 May 2023

By  Derrick Kyle,  Senior  Associate

As  TikTok  CEO  Shou  Zi  Chew  was  facing  (often contentious)  questions  from  members  of  Congress  during a  four-and-a-half-hour  hearing on  March  23,  2023,  many  casual  observers were  learning  for  the  first  time  about  the  interagency Committee  on  Foreign Investment  in  the  United  States (“CFIUS”  or  “the  Committee”).  CFIUS, chaired  by  the  Department  of  the  Treasury (“Treasury”),  conducts  national security  reviews  of  transactions  that  can  lead  to  control or  significant  influence by  foreign  persons over  U.S.  businesses, among  other  national security  reviews.  Based  on  the  general  tenor  of  the  TikTok  hearing, which  took  place  during  an  ongoing  review by  CFIUS,  one  could  be  forgiven  for  thinking  that  CFIUS  has  been  particularly active  in  enforcement. 

However,  CFIUS  has  enacted  only  two  enforcement actions  resulting  in  civil  penalties. These  actions  were  a  $1  million  fine  in  2018  related  to  the  “repeated breaches  of  a  2016  CFIUS  mitigation  agreement” and  a  $750,000 fine  in  2019  related  to  the  failure of  the  transaction parties  to  restrict and  adequately  monitor protected  data[1]. Based  on  this  rather  lenient history  of  the  Committee  with  respect  to  enforcement,  some  transaction  parties may  feel  there  is  a  low  risk  of  penalties related  to  the  breach  of  mitigation  agreements or  failure  to  notify  CFIUS  of  a  covered  transaction requiring  a  mandatory filing  with  the  Committee.  But  over  the  last  year,  through  a  variety  of  means,  the  Committee  has  telegraphed  its  intention  to  ramp  up  enforcement. 

Increased Enforcement 

On  August  2,  2022,  the  Committee  released its  2021  Annual Report  to  Congress (the  “2021  Report”),[2]  which we  described  in  our  previous article,  Key Takeaways  from  the  CFIUS  Annual Report  for  2021.  The  2021  Report reflected  the  Committee’s commitment  to  finding non-notified  transactions  involving national  security  risks  and  requesting filings  when  necessary. Additionally,  the  2021  Report  explained certain  mitigation  measures and  conditions  imposed upon  transaction  parties. 

Importantly,  the  2021  Report  is  the  first  CFIUS  report covering  a  full  year  of  transactions  after  the  enactment of  revised  regulations pursuant  to  the  Foreign  Investment Risk  Review  Modernization Act  of  2018  (“FIRRMA”),  which  provides  for  more  resources related  to  enforcement. In  fact,  the  2021  Report specifically  disclosed  the  Committee’s  plans  for  “increasing staff  resources  dedicated to  monitoring  and  enforcement  activities.” Additionally,  “CFIUS  will  also  continue to  assess  noncompliance on  a  case-by-case basis  as  it  evaluates  whether civil  penalties  or  other  measures should  be  implemented.” Backing  up  these  claims  in  its  2024  CFIUS  Congressional budget  justification,  Treasury requested  funds  to  hire  an  additional  39  full-time  employees focused  on  CFIUS  activities.[3] If  the  employee request  is  fulfilled, the  number  of  Treasury  employees working  on  CFIUS  matters  will  increase  from  92  full-time employees  in  fiscal  year  2023  to  141  full  time  employees  in  fiscal  year  2024,  an  increase  of  53%.

As  described  in  our  previous Trade Alert,  on  October 20,  2022,  Treasury, acting  as  Chair  of  CFIUS, released  the  first-ever CFIUS  Enforcement  and  Penalty  Guidelines (“the  Guidelines”).  These  Guidelines  address three  categories  of  violations: 

1.    Failure  to  file  a  mandatory  declaration;

2.    Non-compliance  with  CFIUS  mitigation; and

3.    Material  misstatement, omission,  or  false  certification  in  connection  with  dealings  with  CFIUS.

The  Guidelines  also  described  the  Committee’s  penalty process  in  detail and  elaborated  on  aggravating  and  mitigating  factors when  determining  a  penalty  in  response  to  a  violation.

Taken  together,  the  enforcement  increase referenced  in  the  2021  Report from  August  2022  and  the  October  2022  publication  of  CFIUS  Guidelines clearly  speak  to  an  intent to  increase  enforcement.

National Security  Risk  Focus 

With  respect  to  the  focus  of  CFIUS, the  Committee  traditionally conducts  its  national security  reviews  pursuant to  Section  721  of  the  Defense  Production Act  of  1950  (“Section  721”), as  amended  by  the  Foreign Investment  and  National Security  Act  of  2007  (“FINSA”) and  FIRRMA,  Treasury’s 2008  Guidance  Concerning the  National  Security Review  Conducted  by  CFIUS  (“2008 Guidance”),[4]  and the  CFIUS  regulations at  31  C.F.R. Part  800.

From  these  sources, CFIUS  established  its  national  security risk-based  analysis,  described in  31  C.F.R  §  800.102:

For  purposes of  this  part,  any  such  analysis  of  risk  shall  include  and  be  informed by  consideration  of  the  following elements: 

(a)  The  threat,  which  is  a  function  of  the  intent and  capability  of  a  foreign person  to  take  action  to  impair  the  national  security of  the  United States; 

(b)  The  vulnerabilities,  which  are  the  extent  to  which  the  nature  of  the  U.S.  business  presents susceptibility  to  impairment of  national  security; and 

(c)  The  consequences  to  national  security, which  are  the  potential  effects on  national  security that  could  reasonably result  from  the  exploitation  of  the  vulnerabilities  by  the  threat actor.          

On  September  15,  2022,  President Biden  signed  Executive Order  (E.O.)  14083, which  ensures  “robust consideration  of  evolving national  security  risks.” Although  E.O.  14083  does  not  expand  CFIUS  jurisdiction,  it  directs  the  Committee  to  ensure  that  certain  existing factors  from  Section 721  are  reviewed. The  specific  factors described  in  E.O.  14083  on  which  the  President  directed the  Committee  to  focus  include:

·        Impact  to  critical U.S.  supply  chains;

·        U.S.  technological  leadership and  fundamental  technology;

·        Aggregate investment  trends;

·        Transactions that  could  lead  to  the  ability  of  foreign  persons to  exploit  cyber  vulnerabilities;  and

·        Protection of  sensitive  data  of  U.S.  persons.


When  viewed  holistically, enforcement  through  the  imposition  of  civil  monetary penalties  is  not  necessarily  the  worst  outcome that  can  result from  CFIUS  action. As  discussed  in  previous  articles (e.g.CFIUS Heightens  Scrutiny  of  Non-Notified  Transactions)  and  reinforced  through more  recent  examples, the  true  sting  of  CFIUS  –  and  what  keeps  M&A  parties and  practitioners  up  at  night  –  is  the  Committee’s ability  to  require foreign  acquirers  or  investors  to  divest  of  their  investment. For  example,  on  December  19,  2022,  Borqs  Technologies  Inc.  (“Borqs”),  a  Chinese  corporation, announced  that  CFIUS  will  require it  to  fully  divest  of  its  ownership in  Holu  Hou  Energy  LLC  (“HHE”),  a  top  solar  energy  supplier in  Hawaii.[5]  Borqs  initially acquired  controlling  shares of  HHE  in  October  2021.  The  requirement from  CFIUS  is  based  on  the  national security  threat  caused by  Borqs’s  access to  HHE’s  solar  storage  technology and  Borqs’s  ability exert  influence  over  HHE’s  business operations.

Returning  to  TikTok, the  Committee’s  review of  the  social media  and  video  sharing  app  has  been  ongoing  since  November  2019,  following  the  2017  acquisition of  TikTok  by  ByteDance,  a  Chinese  company. As  evidence  of  the  potential power  of  CFIUS, reports  in  March  described  that  the  Committee demanded  that  ByteDance divest  of  its  ownership  in  TikTok  or  face  a  ban  within the  United  States.[6] 


Now,  in  addition to  the  longstanding ability  for  CFIUS  to  require divestment  where  it  finds  too  great  a  risk  to  national  security, all  signs  point  to  increased enforcement  of  violations of  CFIUS  regulations, including  failure  to  file  with  the  Committee in  circumstances  of  mandatory  declarations. Parties  to  mergers and  acquisitions,  foreign investors,  and  deal  counsel  will  need  to  be  even  more  vigilant in  conducting  CFIUS  due  diligence to  prevent  potential penalties  or,  often  worse,  divestment.

If  you  require assistance  in  determining whether  a  potential transaction  requires  a  mandatory  declaration to  CFIUS,  deciding if  a  voluntary filing  may  be  prudent  to  prevent  future consequences,  or  any  questions  related to  CFIUS  enforcement, please  to  not  hesitate  to  contact  the  knowledgeable  attorneys at  Torres  Trade  Law.


[1]  CFIUS  Monitoring  and  Enforcement,  U.S.  Department  of  the  Treasury,  (last  visited  Apr.  12,  2023).

[2] Annual  Report to  Congress:  CY  2021,  Committee on  Foreign  Investment in  the  United States  (Aug.  2022), available  at

[3]  Congressional Budget  Justification  and  Annual  Performance Plan  and  Report for  FY  2024,  Department  of  the  Treasury Committee  on  Foreign Investment  in  the  United  States (2023),  available  at     

[4] Office  of  Investment  Security; Guidance  Concerning  the  National  Security Review  Conducted  by  the  Committee on  Foreign  Investment in  the  United States,  73  Fed.  Reg.  74,567 (Dec.  8,  2008), available  at

[5]  Borqs  to  Establish with  the  U.S.  Government  a  Plan  to  Divest  its  Ownership  of  Holu  Hou  Energy  Due  to  Deemed Critical  Technology,  Global Newswire,  (Dec.  19,  2022).

[6]  John  McKinnon,  U.S.  Threatens  Ban  if  TikTok’s Chinese  Owners  Don’t  Sell  Stakes, Wall  Street  Journal,  (Mar.  15,  2023).

Olga Torres
Torres Trade Law, PLLC
Washington DC, USA
Practice Area:
International Trade & National Security
Phone Number:
Olga Torres is the Founder and Managing Member of Torres Trade Law and its affiliate advisory firm Torres Trade Advisory, LLC. A dynamic and experienced attorney, she regularly guides clients – businesses in the hi-tech, defense contracting, telecommunications, aerospace, semiconductor, and satellite industries as well as highly regulated technology start-ups, blue-chip investment funds, and private equity groups – through a broad range of complex strategic and regulatory trade controls and national security matters, including developing effective strategies and conducting negotiations with U.S. regulatory agencies and, when needed, other regulators around the world. Ms. Torres works with clients to identify and respond to a variety of supply-chain risks and issues related to due diligence, foreign investment, sustainability and ESG, export control, and national security. She has particular strengths helping them create operational efficiencies, develop strategy, and keep their companies compliant and prosperous. Clients with operations around the globe turn to Ms. Torres for assistance in ascertaining legal risks and improving legal compliance, and to manage complex investigative and administrative enforcement cases involving U.S. federal agencies. They also seek out her experience and guidance to obtain clearance of transactions that are subject to review by the Committee on Foreign Investment in the United States (CFIUS), and to identify and negotiate measures to mitigate Foreign Ownership, Control, or Influence (FOCI). In addition to her representation of private and public companies based throughout the world, Ms. Torres also advises the U.S. Department of State on defense trade matters as part of her appointment, by the Assistant Secretary of State for Political-Military Affairs, to the Defense Trade Advisory Group (DTAG). Ms. Torres regularly counsels clients on compliance with the Foreign Corrupt Practices Act (FCPA) and other anti-bribery laws, and has broad experience developing compliance programs, providing training, and conducting sensitive internal FCPA compliance investigations in English and Spanish for companies large and small. Ms. Torres is a widely recognized attorney, public speaker, writer, and subject-matter expert on strategic trade risks. She brings a diverse perspective to both domestic and international companies in sensitive and hi-tech industries on highly regulated, technical, and complex areas of the law. She regularly represents companies before, and coordinates on behalf of her clients with, multiple federal agencies, including U.S. Department of Defense, U.S. Department of State, U.S. Department of Treasury, U.S. Department of Commerce, U.S. Customs and Border Protection, U.S. Department of Energy, and the Defense Counterintelligence and Security Agency, to name a few. Ms. Torres frequently lectures on export controls and international trade for organizations, universities, and government agencies in different countries, including in the United Kingdom, the Netherlands, Mexico, Thailand, France, Canada, and the United States. She is the author of several chapters on international trade in the WorldECR's Export Compliance Manager's Handbook, the Society of International Affairs Export Voluntary Disclosure Handbook, and other global publications. Throughout her career, Ms. Torres has been selected for recognition in multiple attorney ranking guides and publications including in Chambers and Partners USA (2018, 2019, and 2021), Who’s Who Legal (2017-2021), and SuperLawyers Rising Stars (2015-2018). Prior to founding Torres Trade Law, she was an attorney in the International & Cross Border Transactions group at an Am 100 Law Firm in Washington, D.C. In her spare time, Ms. Torres likes to travel, work out, attend the opera, eat spicy Indian, Thai, and Mexican food, and spend quality time with her family and sons.

Member Introduction

The Lawyer Network in numbers


Members Firms




Practice Areas


Member Firms
Total Staff