Skip to main content

Navigating CFIUS

Aimen Mir spent a decade inside CFIUS, the US committee tasked with reviewing foreign deals for national security risks. Now a Freshfields partner, he offers his insights on the committee’s operations and shares his three-step guide to navigating the CFIUS process.

When Aimen Mir says the Committee on Foreign Investment in the United States (CFIUS) plays a ‘high stakes’ role in protecting US security interests, it is no exaggeration. Led by the Treasury and attended by high-level officials from 16 government agencies (including the departments of justice, defence, homeland security and state), CFIUS scrutinises inbound deals to prevent intelligence, sensitive data and advanced technologies falling into the hands of nations that threaten America’s strategic interests.

As deputy assistant secretary for investment security at the US Department of the Treasury, Aimen spent four years fulfilling the department’s role as the chair of CFIUS, serving under both the Obama and Trump administrations. This followed four years as the director of the Treasury office that serves as CFIUS’s secretariat.

This is high stakes commercially, high stakes from a national security point of view – you have lots of government agencies with different viewpoints and all of them have to sign off on a transaction.

Aimen Mir, Partner

‘CFIUS is a fast-moving process,’ says Aimen. ‘There are actually very few areas of government that are like this. This is high stakes commercially and it’s high stakes from a national security point of view – you have lots of government agencies with different viewpoints, and all of them have to sign off on a transaction within 45 to 90 days. It’s a pretty complicated thing to try and do in such a short amount of time.’

In his years at CFIUS, Aimen reviewed and made recommendations on more than 1,000 inbound deals worth in excess of $1.3tn, chaired the committee’s weekly behind-closed-doors meetings looking at individual transactions and negotiated the Foreign Investment Risk Review Modernization Act (FIRRMA) – the most significant expansion of CFIUS’s powers since the days of Ronald Reagan.

FIRRMA was motivated by concern in Washington that CFIUS was unable to scrutinise potentially concerning inbound investments – particularly those in which the buyer was not taking a controlling stake. Rules adopted under FIRRMA force any foreign company investing in companies holding a list of export-controlled technologies to file a mandatory declaration with the committee, eventually alongside investors linked to foreign governments targeting businesses that hold sensitive personal data or that comprise critical infrastructure. Failure to comply risks a fine as big as the deal itself.

It has never been more important to anticipate the way CFIUS will view certain issues, and to do that you need to know who you’re dealing with.

Aimen Mir, Partner

In the future, the watchlist will be expanded to cover ‘emerging and foundational technologies’ such as AI, robotics and biotech. In a world where the types of asset that are vital to commercial success are equally essential to military supremacy, it brings huge numbers of previously immune investors into scope. For them, US M&A will involve more notifications, longer deal timelines, less predictable outcomes and – in a worst-case scenario – more blocked transactions.

Understanding the CFIUS mindset

The CFIUS process is by its nature subjective. There is no hard line around the types of deals that fall within the committee’s jurisdiction. There are nuanced calculations as to which pose a threat to national security, and whether remedies can be agreed to mitigate any concerns. Each transaction is considered on its own merits – and with the government often unable to disclose the reasoning behind its decisions due to the associated security risks, any insight from within is invaluable.

As well as understanding the process, it’s vital for dealmakers to understand the people around the table. ‘The national security landscape may be constantly evolving,’ Aimen says, ‘but there has been a lot of continuity on the committee. It has never been more important to anticipate the way the committee will view certain issues, and to do that you need to know who you’re dealing with.’

Early M&A planning is vital

As CFIUS becomes more demanding of foreign buyers so time becomes an increasingly precious commodity. Competition is fierce for the types of assets that raise concerns, meaning foreign buyers must be able to negotiate the process as quickly as possible or risk their US rivals stealing a march at auction.

Dealmakers need to think much more carefully about CFIUS from the earliest stages of their strategic planning. They need to review their commercial ties to countries such as China to work out whether they will raise red flags. And they need to ‘engage the US agencies in a language they understand’, part of Aimen’s three-step strategy to navigating CFIUS (see below). Addressing these issues can prove the difference between success and failure.

Find out more about cross-border M&A at Freshfields.

Inside the committee

Freshfields partner Aimen Mir on what he learnt from his career in the US government and why a deep knowledge of CFIUS is essential for any multinational business.


States of flux

Aimen Mir examines an increasingly complex global M&A picture – and how regulations are adapting to emerging technology and national security concerns


Buyer beware: Aimen Mir’s three-step guide to navigating CFIUS

Buyer beware: Aimen Mir’s three-step guide to navigating CFIUS
Step 1

Plan and anticipate

  • Scrutinise both the asset and your own business (including your commercial relationships) to identify areas of potential CFIUS concern.
  • If the deal is likely to raise red flags, can it be structured to mitigate them? How far are you willing to go to complete the transaction – what kind of mitigation are you comfortable with?
  • How have you and your counterparty allocated risk?
  • If a filing is needed, should you submit the full document from the outset rather than relying on the short-form mandatory version? It may pass with the latter, but if not, you’ll need to go back to the beginning to do the former anyway.
  • Do you need a public affairs or communications strategy?
Step 2


  • Meet with CFIUS as a whole and consider whether to meet with customers and individual agencies at appropriate times.
  • Offer facts to shape the national security assessment, explain what matters commercially and also the counter-considerations. Do this in a language that the government will understand.
  • Don’t be passive or try to ‘hide the ball’.
  • Don’t dispute the existence of the committee’s concerns – instead focus on how to resolve them.
  • Don’t assume the CFIUS process is political and discount the agency’s staff. Engaging in the right way can pay dividends.
Step 3


  • ‘Bridge’ the national security risk and the commercial interest. Try to understand why the committee has concerns, which may involve reading between the lines.
  • Be creative when offering suggestions about how to rearrange your operations.
  • Probe any issues and challenge the committee to ensure there is a mutual understanding of the facts and that any mitigation is appropriately tailored.
  • Explain how your mitigation strategy resolves any security risk – how will it work, can it be monitored, is it enforceable?
  • Don’t offer commitments that are not credible.