Skip to main content

Foreign Investment in the U.S.: Efforts to Mitigate National Security Risks Can Be Strengthened

GAO-24-107358 Published: Apr 18, 2024. Publicly Released: Apr 18, 2024.
Jump To:

Fast Facts

Foreign investment in U.S. companies benefits the economy but can also pose national security risks—such as by giving foreign investors access to sensitive data.

The Committee on Foreign Investment in the U.S. reviews these investments and enters into agreements with companies to address risks. Over the last decade, the number of agreements has quadrupled and the work of monitoring and enforcing compliance has grown.

But the agencies on the committee don't regularly coordinate their staffing needs. Also, it's unclear how they make enforcement decisions.

We recommended addressing these and other issues to help the committee mitigate risks.

A variety of international cash bills.

Skip to Highlights

Highlights

What GAO Found

The Committee on Foreign Investment in the United States (CFIUS) enters into agreements that require companies to mitigate national security risks stemming from foreign investment. Since 2000, the number of mitigation agreements has grown steadily, rising roughly fourfold in the last decade. The Departments of Defense and the Treasury manage the largest numbers of mitigation agreements. To mitigate risks—such as foreign investors' accessing certain sensitive data—CFIUS imposes various measures. For example, CFIUS might require the U.S. company to establish access controls for certain information systems.

Number of Active CFIUS Mitigation Agreements, by Calendar Year, 2000–2022

Number of Active CFIUS Mitigation Agreements, by Calendar Year, 2000–2022

Note: “Mitigation agreements” includes agreements listed in notes to fig. 4, GAO-24-107358.

Selected CFIUS member agencies monitor compliance with mitigation agreements by, among other things, conducting site visits to companies and working with independent auditors and monitors. If a company violates an agreement, CFIUS can take enforcement action, including imposing monetary penalties. The Department of the Treasury, as the committee's chair, issued public guidelines on CFIUS penalties in 2022. But CFIUS does not yet have a documented committee-wide process for deciding on enforcement actions, which has led to challenges in responding to certain violations, according to officials. CFIUS also does not have a documented committee-wide process for reviewing agreements for continued relevance. Documenting such processes would help ensure CFIUS member agencies respond in a timely manner to violations and can focus their resources on mitigation agreements that remain relevant.

Over the last decade, selected CFIUS member agencies have expanded staffing to monitor and enforce compliance with the rising number of mitigation agreements. Treasury plans to expand its monitoring capacity by approximately doubling its staff. But Treasury has not documented its objectives for this increase, which it based on an estimate rather than an assessment of its needs. Documenting these objectives would allow Treasury to assess whether the increased staffing enables it to meet them. Further, officials of other selected member agencies said their staffing levels affect their monitoring, and CFIUS has not previously coordinated on staffing. Regular staffing coordination would help ensure CFIUS member agencies can effectively monitor and enforce compliance.

Why GAO Did This Study

The U.S. is historically the world's largest recipient of foreign investment. This benefits the U.S. economy but can also present national security risks. CFIUS is an interagency committee authorized to review certain transactions involving foreign investment in the U.S. to identify risks to national security. To mitigate such risks, CFIUS has authority to enter into legal agreements with the companies involved and to monitor compliance with the agreements. Treasury serves as the committee's chair.

GAO was asked to review issues related to CFIUS mitigation agreements. This report (1) describes trends in mitigation agreements from 2000 through 2022, (2) evaluates selected CFIUS member agencies' approaches to monitoring and enforcing compliance with mitigation agreements and reviewing them for continued relevance, and (3) assesses the selected agencies' staffing for monitoring and enforcement. GAO selected five member agencies on the basis of the number of mitigation agreements each agency manages. GAO reviewed laws, regulations, and agency guidance. GAO also conducted a nongeneralizable review of mitigation agreements and interviewed agency officials. This is a public version of a sensitive report GAO issued in January 2024. Information Treasury identified as sensitive has been omitted.

Recommendations

GAO is making five recommendations to Treasury to help enhance CFIUS's capacity to monitor and enforce compliance with mitigation agreements. Treasury agreed with the recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury, as CFIUS's chair, should work with member agencies to document a committee-wide process for considering and making timely decisions on enforcement actions related to mitigation agreements. (Recommendation 1)
Open
The Department of the Treasury stated that it agreed with our recommendation and would take steps to address it. As of July 2024, Treasury said that it had engaged with CFIUS member agencies on a committee-wide process related to consideration and decisions on enforcement actions. Treasury stated that CFIUS member agencies were reviewing and providing input on draft committee standard operating procedures that address the enforcement process. Once Treasury reports that the committee has finalized these procedures, we plan to verify whether its steps address the recommendation.
Department of the Treasury The Secretary of the Treasury, as CFIUS's chair, should work with member agencies to document a committee-wide process for periodically assessing the relevance of mitigation agreements and amending, phasing out, or terminating them when appropriate. (Recommendation 2)
Open
The Department of the Treasury stated that it agreed with our recommendation and would take steps to address it. As of July 2024, Treasury said that it had engaged with CFIUS member agencies on a committee-wide process related to assessing the continued relevance of mitigation agreements. Treasury stated that CFIUS member agencies were reviewing and providing input on draft committee standard operating procedures that address terminations, waivers, and amendments of mitigation agreements. Once Treasury reports that the committee has finalized these procedures, we plan to verify whether its steps address the recommendation.
Department of the Treasury The Secretary of the Treasury should document Treasury's objectives for increasing its staff for monitoring and enforcing compliance with CFIUS mitigation agreements. (Recommendation 3)
Closed – Implemented
In July 2024, Treasury reported that it had taken steps to document its staffing objectives for its monitoring and compliance team. Treasury documented in a memo that the monitoring and compliance team seeks to: (1) effectively manage compliance oversight with respect to its portfolio of mitigation agreements, (2) undertake enforcement actions, (3) drive improvements to CFIUS processes and procedures, and (4) make effective use of training and professional development opportunities. Treasury's memo also identifies a target caseload for each monitoring and compliance team member. Documenting its objectives for its monitoring and compliance team will position Treasury to assess its progress toward its staffing goals.
Department of the Treasury The Secretary of the Treasury should, once the targeted staffing increase is completed, analyze its CFIUS monitoring and enforcement staffing in accordance with federal workforce planning guidance, to determine the extent to which the targeted increase enables Treasury to achieve its documented objectives. (Recommendation 4)
Open
The Department of the Treasury stated that it agreed with our recommendation and would take steps to address it. As of July 2024, Treasury said that it was continuing to work on achieving its staffing targets and intends to assess its staffing in accordance with federal workforce planning guidance. Once Treasury reports that it has analyzed its monitoring and enforcement staffing in accordance with federal workforce planning guidance, we plan to verify whether its steps address the recommendation.
Department of the Treasury The Secretary of the Treasury, as CFIUS's chair, should work with member agencies to establish a committee-wide process to regularly discuss and coordinate the staffing levels needed to address the projected increase in workload associated with monitoring and enforcing CFIUS mitigation agreements. (Recommendation 5)
Open
The Department of the Treasury stated that it agreed with our recommendation and would take steps to address it. As of July 2024, Treasury said that it had engaged with CFIUS member agencies on a committee-wide process to coordinate staffing levels for monitoring and enforcement. Treasury stated that CFIUS member agencies were considering a proposed process for periodic sharing of information and coordination on staffing resources and forecasts. Once Treasury reports that the committee has finalized this process, we plan to verify whether its steps address the recommendation.

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Best practicesCompliance oversightForeign investmentsHuman capital managementInformation securityInteragency relationsInternal controlsNational securityRemediationWorkforce planning