Foreign Investment in the U.S.: Efforts to Mitigate National Security Risks Can Be Strengthened

Fast Facts

Foreign investment in U.S. companies benefits the economy but can also pose national security risks—such as by giving foreign investors access to sensitive data.

The Committee on Foreign Investment in the U.S. reviews these investments and enters into agreements with companies to address risks. Over the last decade, the number of agreements has quadrupled and the work of monitoring and enforcing compliance has grown.

But the agencies on the committee don't regularly coordinate their staffing needs. Also, it's unclear how they make enforcement decisions.

We recommended addressing these and other issues to help the committee mitigate risks.

Highlights

What GAO Found

The Committee on Foreign Investment in the United States (CFIUS) enters into agreements that require companies to mitigate national security risks stemming from foreign investment. Since 2000, the number of mitigation agreements has grown steadily, rising roughly fourfold in the last decade. The Departments of Defense and the Treasury manage the largest numbers of mitigation agreements. To mitigate risks—such as foreign investors' accessing certain sensitive data—CFIUS imposes various measures. For example, CFIUS might require the U.S. company to establish access controls for certain information systems.

Note: “Mitigation agreements” includes agreements listed in notes to fig. 4, GAO-24-107358.

Selected CFIUS member agencies monitor compliance with mitigation agreements by, among other things, conducting site visits to companies and working with independent auditors and monitors. If a company violates an agreement, CFIUS can take enforcement action, including imposing monetary penalties. The Department of the Treasury, as the committee's chair, issued public guidelines on CFIUS penalties in 2022. But CFIUS does not yet have a documented committee-wide process for deciding on enforcement actions, which has led to challenges in responding to certain violations, according to officials. CFIUS also does not have a documented committee-wide process for reviewing agreements for continued relevance. Documenting such processes would help ensure CFIUS member agencies respond in a timely manner to violations and can focus their resources on mitigation agreements that remain relevant.

Over the last decade, selected CFIUS member agencies have expanded staffing to monitor and enforce compliance with the rising number of mitigation agreements. Treasury plans to expand its monitoring capacity by approximately doubling its staff. But Treasury has not documented its objectives for this increase, which it based on an estimate rather than an assessment of its needs. Documenting these objectives would allow Treasury to assess whether the increased staffing enables it to meet them. Further, officials of other selected member agencies said their staffing levels affect their monitoring, and CFIUS has not previously coordinated on staffing. Regular staffing coordination would help ensure CFIUS member agencies can effectively monitor and enforce compliance.

Why GAO Did This Study

The U.S. is historically the world's largest recipient of foreign investment. This benefits the U.S. economy but can also present national security risks. CFIUS is an interagency committee authorized to review certain transactions involving foreign investment in the U.S. to identify risks to national security. To mitigate such risks, CFIUS has authority to enter into legal agreements with the companies involved and to monitor compliance with the agreements. Treasury serves as the committee's chair.

GAO was asked to review issues related to CFIUS mitigation agreements. This report (1) describes trends in mitigation agreements from 2000 through 2022, (2) evaluates selected CFIUS member agencies' approaches to monitoring and enforcing compliance with mitigation agreements and reviewing them for continued relevance, and (3) assesses the selected agencies' staffing for monitoring and enforcement. GAO selected five member agencies on the basis of the number of mitigation agreements each agency manages. GAO reviewed laws, regulations, and agency guidance. GAO also conducted a nongeneralizable review of mitigation agreements and interviewed agency officials. This is a public version of a sensitive report GAO issued in January 2024. Information Treasury identified as sensitive has been omitted.

Recommendations

GAO is making five recommendations to Treasury to help enhance CFIUS's capacity to monitor and enforce compliance with mitigation agreements. Treasury agreed with the recommendations.

GAO Contacts

Office of Public Affairs

Topics

Recommendations

GAO is making five recommendations to Treasury to help enhance CFIUS's capacity to monitor and enforce compliance with mitigation agreements. Treasury agreed with the recommendations.