New Anti-Spying Regs to Affect More Life and Health Deals

A federal agency that tries to shut out hostile foreign investors now can review more life and insurance deals.

New regulations give the Committee on Foreign Investments in the United States (CFIUS) jurisdiction over any proposed deal that could give a foreign entity influence over a sensitive U.S. business, even if the foreign entity would not end up with control over the sensitive U.S. business.

CFIUS now can review an insurance deal if it thinks a hostile foreign entity will end up with ”any involvement, other than through voting of shares,” in decisions about “sensitive personal data of U.S. citizens maintained or collected by the U.S. business.”

Resources

A link to new foreign person’s investment regulation is available here.
Links to more resources concerning the regulations, including a fact sheet, are available here.
An article about Genworth Financial Inc.’s CFIUS process experience is available here.

In the past, CFIUS had jurisdiction only if a foreign investor would be getting control over a sensitive U.S. business.

The Office of Investment Security, an arm of the U.S. Treasury Department, published the new regulations in the Federal Register Friday. The regulations are set to take effect Feb. 13.

The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA)

CFIUS was formed in 1975, when Gerald Ford was president.

The chair of CFIUS is the U.S. Treasury secretary. The Treasury secretary presides over 15 other voting and non-voting committee members.

CFIUS has jurisdiction over deals that could affect control over critical technology or critical infrastructure as well as control over personally sensitive information.

The Office of Investment Security developed the new regulations to implement the Foreign Investment Risk Review Modernization Act of 2018 (2018). Members of Congress developed FIRRMA in response to concerns that hostile foreign entities could use loopholes in the current CFIUS review rules to hurt U.S. national security.

FIRRMA amends rules given in Section 721 of the Defense Production Act of 1950. Former President George W. Bush issued an executive order asking the U.S. Treasury Department to develop Section 721 regulations in January 2008, according to the introduction to the regulations. The department has been using interim regulations. It released draft final regulations this past fall.

In the text of the regulations, which come with the title, “Provisions Pertaining to Certain Investments in the United States by Foreign Persons,” officials give a definition of “sensitive personal data” that includes “the set of data in an application for health insurance, long-term care insurance, professional liability insurance, mortgage insurance, or life insurance.”

The definition also includes the results of genetic tests, “data relating to the physical, mental, or psychological health condition of an individual,” and “financial data that could be used to analyze or determine an individual’s financial distress or hardship.”

Officials do not use the terms “annuity,” “pension” or “retirement” in the new regulation, but the sensitive data definition appears to include the kind of information that might be collected through a client needs analysis process.

But the expanded CFIUS deal review authority applies only to a deal involving a U.S. business that collects sensitive personal data, and has collected sensitive person data for 1 million or more individuals in the preceding 12 months.

Confidentiality

Genworth Financial Inc. ran into delays in the CFIUS review process when it first began the process of selling itself to a company based in China.

Early on, Genworth did not discuss anything about the delay, other than it involved CFIUS concerns. Genworth executives later said the CFIUS concerns related to the security of customers’ personal data. Genworth addressed the data security concerns by arranging to have an outside company handle the sensitive customer data.

The new regulations include a confidentiality that provision that exempts most documents sent to CFIUS from Freedom of Information Act disclosure rules, and providing that “no such information or documentary material may be made public” by CFIUS.

The confidentiality provision allows CFIUS to disclose information relevant to administrative or judicial actions, information requested by Congress, and information that the parties have consented to be disclosed to third parties.

CFIUS can also disclose information to any domestic governmental entity or any foreign governmental entity of a U.S. ally or partner, if that disclosure is necessary for national security purposes, according to the regulation text.

Nothing in the CFIUS confidentiality provision “shall be interpreted to prohibit the public disclosure by a party of documentary material or information that it has submitted or filed with the committee,” according to the regulation text. “Any such documentary material or information so disclosed may subsequently be reflected in the public statements of the chairperson, who is authorized to communicate with the public and the Congress on behalf of the committee, or of the chairperson’s designee.”

The provision appears to provide that an insurer involved in a deal under CFIUS review could disclose the information sent to CFIUS, if the insurer wanted to do so.