The a16z Show - What to Know about CFIUS
Episode Date: December 23, 2019When innovation and capital go global, so do restrictions on trade, foreign investment, and more. Over the past couple years, U.S. policymakers have expanded the scope of the Committee on Foreign Inve...stment in the U.S. (CFIUS) through the Foreign Investment Risk Review Modernization Act (FIRRMA) of 2018 which was recently updated through proposed reforms this September 2019.So what does this all mean for tech founders taking investments from, or doing joint ventures with, foreign entities -- or just doing business globally in general? What does and doesn't CFIUS cover, and how might one structure partnerships strategically as a result? In this episode, a16z general partner Katie Haun interviews Michael Leiter (of law firm Skadden Arps) who specializes in CFIUS as well as matters involving U.S. national security and cybersecurity, cross-border transactions, aerospace and defense mergers and acquisitions, and government relations and investigations.The Q&A took place in September 2019 as part of an event hosted by Andreessen Horowitz. The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the enduring accuracy of the information or its appropriateness for a given situation.This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://a16z.com/investments/.Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information. Stay Updated:Find a16z on YouTube: YouTubeFind a16z on XFind a16z on LinkedInListen to the a16z Show on SpotifyListen to the a16z Show on Apple PodcastsFollow our host: https://twitter.com/eriktorenberg Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
The content here is for informational purposes only, should not be taken as legal business, tax,
or investment advice, or be used to evaluate any investment or security and is not directed at any
investors or potential investors in any A16Z fund. For more details, please see A16Z.com slash
disclosures. Hi, everyone. Welcome to the A6 and C podcast. Today's episode is all about Sipheus,
the Committee on Foreign Investment in the United States, and their proposed updates to
Firma or the Foreign Investment Risk Review Modernization Act of 2018, which took place in
September 2019. The conversation was hosted by Andreessen Horowitz as part of an event for founders
and others with general partner Katie Hahn interviewing Michael Leiter, a partner at law firm
Scadden Arps et al, who covers national security, cybersecurity, and privacy, Sipheus and
more, which is what this Q&A is all about, covering what it involves and doesn't, to how to think
about and structure your business and partnership strategically as a result, but the conversation
begins with what Sipheus is. So Sipheus stands for the Committee on Foreign Investment in the
United States. And the basic function of Sipheus is to review any foreign investment in a U.S.
business that produces national security concerns. So that sounds relatively basic. It's this big
interagency body. Everything in Washington is interagency. And how many agencies? 13 agencies. It's run
by the Department of Treasury, unsurprising,
because it's about foreign investment in the United States.
And it has traditionally sort of split
between two different camps.
Historically, it was those parts of the US government
that wanted foreign investment in the United States,
Treasury, the US trade representatives,
State Department, their job is to do this.
And those agencies that didn't necessarily
want investment were at least more concerned about security.
So think Department of Defense, Department of Justice,
this, now Homeland Security, and elements of the intelligence community, Central Intelligence
Agency, NSA, organizations like that, FBI. So once upon a time, we were really, really
worried about the semiconductor industry moving from the United States to Japan. So Sipheus
was fundamentally created to start to limit that movement of technology from the U.S. to Japan,
and that was generally being done through limiting Japanese acquisition of certain businesses
here in the United States. So that's now pretty ancient history.
Fast forward to when Katie and I were in government, 2006,
what is Sipheus concerned with then?
It's post 9-11.
To buy ports world decides that they want to buy American ports.
Washington says, wait, that has to be bad too.
So in post-9-11 era, Sipheus honestly focuses
on things like that, worrying about critical infrastructure
and the Emirati's buying that.
Fast forward to today, and the general.
joke I often use is, although it's the Committee on Foreign Investment in the United States,
largely it's Chinese foreign investment in the United States. And what has changed is not just
that political lens, but what's really changed and what starts to really affect, I hate to say it,
all of you, is the changes in technology, the expansion of data, the ability to use data
in a huge variety of ways that was never present 20 or 30 years ago, 10 years ago,
now means that the U.S. government is focused on a huge range
and fundamentally every sector of society.
So Sipheus is not limited to technology.
It's not limited to aerospace and defense and military technology.
It's true.
Not everything is covered by Sipheus,
but you have to assume it is if you're involved in technology,
you touch data, you own any real estate,
you do any work with the U.S. government, or you have anything else.
You can even get into the world of, you know, dog food.
Ooh, do the seals buy dog food from you for their bomb-sniffing dogs?
So there's no limitation on the sector.
There's no limitation on the size of the deal.
You mentioned that this all kind of came about during the Japanese semiconductor era,
but now it's undergone some reforms and then some new.
implementing proposed regulations. So I want to talk about those reforms. But before I do,
you just mentioned data. What about verticals like fintech or crypto companies who might have
PII? Yeah. So really, we've seen this for several years now about a focus on personally identifiable
information. And Sipheus has looked at this through a very broad lens. So once upon a time,
it was, again, if I knew everything about Katie in one place, maybe Sipheus would care.
I probably do.
I do.
And I have stories for you.
So there are a number of things that have happened which have really highlighted how sensitive
Sypheus is about data that is collected.
First of all, there's this thing called cybersecurity.
And what we've seen over the past, again, five to ten years is obviously not just the
ubiquity of data, but the key vulnerability of data across every sector.
And we've seen countries, especially China, Russia, and others, use
cyber attacks and cyber penetrations for their benefit, and not just their national security benefit,
but also their economic benefit. Everyone remember the OPM hack, Office of Personnel Management?
So if you start to put these pieces together, you understand how foreign adversaries can take advantage of
lots and lots of data in different places and piece that together. So in terms of fintech, all financial
information, that's been a clear area of focus for Sipius. Now, the good news is these new regulations,
do sort of carve out standard consumer credit card information as an area of specific concern.
But beyond that, they specifically cite things like credit reports, broader financial data.
So I think anyone in this sector working in FinTech is inevitably going to have more than just your, you know, 16-digit credit card number,
and that will absolutely be considered sensitive data to Sipheus.
Sipheus also in its newest regulations.
Try to say, OK, well, it's not really everything.
It's only if you have a lot of it.
Everyone remember Austin Powers, how much money he asks for?
One million dollars.
And they're like, guys, $1 million isn't a lot.
So what does Sipheus come up with for the number of people's
personal data?
One million people.
It's not a joke.
It really is.
And it's not even if you have a million people.
data. It's if you have a stated business purpose to get to a million people. Who here doesn't?
So, again, these are draft regulations, but it gives you a sense of, to some extent, the dichotomy
between how you're seeing business, how you're trying to grow a business, and how from a Washington
National Security perspective, everything starts to get encompassed. And also financial technologies,
as you know, I have a real interest in crypto. Obviously, I want to talk a little bit about how Sipheus
reforms could affect the crypto industry. I'll save that for later in our discussion of what is a
U.S. business, and indeed in the context of crypto, what is even a business at all? But tell us about
the reforms. What's new and why are we hearing about Sipheus so much more? I think we've seen
two major factors which have driven everyone listening about Sipheus. Chinese are a global
competitor for the United States. They're also a global partner in some way.
certainly an investment in technology.
But stated Chinese policy is about being a global competitor on a bunch of technological fronts.
And that really motivated the Congress to be fearful of China and start to limit Chinese influence in U.S. business,
which brought about one of the only bipartisan things that has happened over the past three years,
which was reform of Sipheus.
So that was kind of the driving impetus for it.
What did it actually change?
A couple of things.
First, Scythias has always been purely voluntary.
Can you impact that a little bit?
What do you mean purely voluntary?
Yeah, so if Alibaba shows up and buys one of you tomorrow, prior to Sipheus reform,
it was up to you and Alibaba to go and actually submit something to Sipheus or not.
And that did mean that the vast majority of transactions were never seen by Sipheus.
And every once in a while Sipheus would go out and grab and pull a company in.
But again, there was no requirement to ever present your matter.
And when you present a matter to Sipheus,
it's fundamentally the two parties coming together.
You describe the US business.
You describe the foreign acquirer.
You describe the transaction, the motivation
for the transaction.
And there's a process whereby Sipheus
reviews that for national security concerns.
And Sipheus can then either say, you're good.
Sipheus can say, you're very, very bad.
And we're going to ask the president to block it.
And the president can, under his Article 2,
authority blocked the transaction from occurring.
Or what happens most often in sense of transactions
is that Sipheus says, well, you can do the transaction,
but we're going to impose some mitigation
to reduce the national security risk.
And that can mean a lot of things.
That can be a separate board of US citizens overseeing
the company.
It could be limitations on access to technology,
controls over the data, all sorts of things.
So that's how Sipheus always operated.
People came to Sipheus, presented their transaction,
And one of those three things generally happen.
Since it was voluntary, did you see companies that
would have otherwise fallen under the jurisdiction
of SIFIA saying, I want to fly under the radar?
Absolutely.
So it happened all the time that people wouldn't actually
go to Sipheus.
So that, especially smaller transactions.
I mean, you have a big market transaction.
And it's all over the front page of the Financial Times
of the Wall Street Journal, a little harder
to fly under the radar.
But for a long time, especially on smaller transaction,
wasn't occurring.
Now why even go then if it's voluntary?
Because there's no statute of limitations on Sipheus.
So if you don't go to Sipheus, at any time
the US government can knock on your door and say,
hey, Katie, that deal you did three years ago,
we want to investigate that deal.
And ultimately, Sipheus has the authority
to force divestiture, unwind the transaction,
or impose mitigation.
And if you're a company and you're
taking money or you're buying something, that's a pretty uncomfortable place to be for the rest of time.
And especially if you're a company that is doing other transactions in the United States,
it gets harder and harder to just say, let's not worry about it. But the reforms, again, did several
things here that have changed this. First, there are pieces of Sipheus that are now mandatory.
So not voluntary. Not voluntary. And if you don't show up, you can be fined up to 250,
$50,000 or the value of the transaction.
And so it's just like any other compliance scheme at that point,
export control, something else.
And that's not every transaction,
but it does involve a lot of what people in the Valley do.
In particular, it's mandatory.
If the company operates in a certain sensitive sector,
that's listed by Sipheus.
And if you produce or design, export control technology.
That sounds like military stuff, but it's not just that, right?
Exactly.
It's not just military.
It's also a huge range of other things that are controlled by the Commerce Department as dual-use
technology. So what does that include? Things like encryption. Your software has a certain
level of encryption. Your software is export controlled. That means if there's an investment in that
company over a certain size or giving that for an investor certain rights, it's a mandatory filing
with Sipheus. What other kinds of things for companies that you see out in the valley would be relevant
that now under these new reforms would be covered.
Yeah.
So today it's certain sensors.
So LIDAR, for example.
The high-end types of LIDAR, defined by certain wavelength for distance,
those are controlled.
LIDAR that you use for your standard autonomous vehicle test projects now,
not controlled.
So it turns out that the export control regime actually covers fundamentally everything
that anyone makes.
And you either get classified under what's known as EAR-99, not export-controlled, or if there's something more sensitive about technology, it can be export-controlled to certain countries for national security.
So it ranges from computing power, battery storage, sensors, it's everything. Now, if you're doing straight software, it tends not to, unless you get into the world of encryption.
Can you talk a little bit more about that and about what now, I know as part of the reforms are, if it's a sensitive technology?
How is that defined?
There are kind of three stages.
I've talked a lot about the historical, all the just voluntary stuff.
Then we had the reform in 2018, which starts to really edge more into this world of sensitive technology, which is if it's export controlled and you work in a certain sector, mandatory.
The reform continues, because this is Washington.
So the law was passed in 2018.
regulations being promulgated to implement that law. And those are the draft regulations you mentioned
that came out. Ongoing throughout that, there's also reform of all U.S. export control. And this is
where I think a lot of people are going to be affected in the Valley more than ever before.
The Commerce Department is now defining what it means to be foundational and emerging technology.
Exactly what foundational emerging is still to be defined. But if your technology falls into that
TBD category, and that should be out in the next four to six months, then any transaction there
puts you back into that mandatory bucket. So what are the areas of foundational emerging
technology that we know the U.S. government is most focused on? Artificial intelligence,
machine learning, autonomy, right. What about like sensors? So very, very high-end battery
technology's always been sensitive. And the export control rules literally get down to how much battery
storage do you have for the weight? What's the weight to storage capacity? So this is all
quite purposeful what is going on. This is not an accident because the view is in Washington and
from Scythius that our global competitors, in particular China, have focused on early-stage
startups who are developing technology or the engine of innovation in our society, coming in early
investors, getting access to that technology. It's not being reviewed for national
purposes, and eventually that technology is moving across to foreign companies and, in some
cases, foreign militaries.
There's actually a very strongly worded, pretty powerful article in the Wall Street Journal about
Chinese civil-military cooperation and investments in U.S. companies.
But we are now in a place where, in terms of reforms, some more stuff is mandatory.
More stuff is going to become mandatory.
Now one thing we didn't talk about is Sipheus is not any investment.
It's not any investment.
What's covered?
So first of all, you have to think about it as kind of at least two things and then there's a plus.
One is there's got to be a U.S. business.
A U.S. business is somebody in the U.S. who's engaged in interstate commerce.
There's not a whole lot more definition than that.
It doesn't matter if it's, say, a French company that has a U.S. office and they're doing business in the U.S.
If someone goes to buy that French company, Scythus has nothing to do with that French acquisition,
but it still gets to look at if it wants to, the U.S. element of that transaction.
So effectively what you're saying is you don't need to be a Delaware corporation.
Exactly.
You just have to be doing business in the U.S.
You have to be doing business here.
Now, that does mean if you're just selling assets, you're not selling a business,
is a general matter that's not covered.
By the way, it also doesn't affect greenfield investments.
So foreign company can come here, start, you know, flatten a lot in Palo Alto, build everything, start everything on their own.
No Sipheus, except maybe the real estate.
We're not going to worry about that for now.
Second, it's got to be a foreign business, right?
You've got to have a foreign person making the acquisition or the investment.
And what does it mean to be foreign?
So U.S. business bought by another U.S. business, but the U.S. business has a foreign parent?
That's foreign.
So Sipheus looks to the ultimate parent and the ultimate ownership of the acquirer or the investor.
So foreign private equity, foreign venture capital, that's all foreign.
And you said acquisition, but this does importantly come up with investments too, right?
So it doesn't need to just be an acquisition.
Straight acquisition is easy.
That's definitely Sipheus.
Traditionally, Sipheus was only about controlling transactions.
What does controlling mean to you, Katie?
someone in venture.
That you have a vote on a board.
You have more than 51%.
There's the case.
You have more than 51%.
Forcipius, controlling Percivious purposes.
So again, you have to have a controlling investment
by a foreign person in a U.S. company.
Controlling forcipius, more than 9.9% equity.
Or less than 9.9% equity with some other indicia of control.
So 8% in a board seat, controlling investment.
So it can be...
What in addition to board seats are in addition of controlling investment?
So anything in a commitment letter, side letter MOU,
which suggests some ability, decision-making authority
beyond standard minority protections.
That's kind of the general role.
But it gets even better, guys.
One of the big changes in Sipheus in the reform,
it was always about controlling.
So again, it was a pretty low bottom.
9.9%, that's not what anyone normally thinks about control, but in this case it is. The reform
adds an entire category of non-controlling investments. If you're involved, if your business does
technology, we've already talked about what that means to be involved in critical technology.
If you're involved in critical infrastructure, and that's a really detailed list we won't go
through, or if you are a data company, remember our data discussion, all those different
categories, one million, that sort of thing. If you're any of those, even a less than 10% investment
in you, if the foreign investor has board seat, board observer, ability to influence decision
making or control decision making, or if they have access to material, non-public, technical
information. Any of those things, they can be at 2%. If you're a data company, they get some
technology information, that's a covered investment. So what you've seen, again, I think you've
now seen most of the movie, which is it starts with this relatively narrow swath of
defense technology information, and it is now moved into even small investments, if there
are certain rights, in almost everything that occurs here. There's a little bit of, there's a
least a voluntary filing and more and more there are also some mandatory filings.
So mandatory filings, I'm sure Sipheus and the government have a nimble process for reviewing
all of these mandatory filings they're now going to have. When I think U.S. government, I think
nimble. Nimble, agile. Okay, so we know about what historically the process has been. I guess
you don't know what it's been the review process with these new reforms and presumably a lot more
transactions being submitted. What was the historical process?
Yeah, so historically the process has been, we estimate in most cases, about four to six months
start to finish. Now, if you're in the valley, four to six months is like life or death.
Obviously, larger deals, it actually tends to align relatively well with things like Hart Scott-Radino
antitrust, so it isn't always a huge problem in larger deals, but for smaller deals it is.
And that four to six months constitutes kind of from sign to close. You're prepping the document.
You're saying the documents to Siphyas.
They review it.
There's a back and forth.
They finally accept it formally.
So that whole thing takes sort of a month.
The acceptance, they then review it for 45 days.
At the end of that 45 days, they can say, you're good.
Or they can say, actually, we need 45 more days of investigation.
You go into a second 45 days.
At the end of that, then they can say things, you're good.
We're going to send it to the president.
Or what they often do, if it's a really
hard cases. We're not quite there. We think we'd like you to restart the clock and you go through
another 45-day period. So that's the traditional construct four to six months. It's post-signing.
Some of it can be done pre-signing. The problem is inevitably pre-signing. You can get some of your
ducks in a row, but there's certain information that the parties just aren't willing to exchange
yet, not to mention pre-signing. People are actually still trying to get the signing. So getting anyone's
attention to do some of this is a challenge. But I do want to come back to what should absolutely be done
pre-signing, because even if you're not filing,
there's an enormous amount of thought that
should go into that so you don't end up in a syphias ditch.
The four to six months is not exactly nimble.
So they created that traditional process called a notice.
They created what is known as a short form declaration.
And a declaration is no more than about five pages.
It's a web form.
It's pretty easy.
There's a 30-day timeline for review.
So in the Valley, that's actually relevant.
We just got to a place where we hope they will have
voluntary filings like that, voluntary declarations.
We don't have that yet.
But that means that if you start a little bit
before signing getting stuff done, you spend a couple of weeks
post-signing.
Realistically, you have probably a 45-day process.
Again, it's a 30-day review process itself,
where the government has to give you an answer.
But realistically, you obviously need some time before
that to get your information together.
and file it. So that's good. You can do it in a shorter time frame. The bad news is Scythias doesn't
have to give you an answer at the end of that. And so then aren't you stuck in some kind of limbo?
Well, you are stuck in limbo, but in reality what we tell most of our clients, if Sipheus can do
the, what we affectionately call the shrug, eh, up to you what you want to do next. They don't clear
you. They don't tell you have to file a notice, and it's totally up to you on what you want to do.
But the good news is in most cases, that shrug means go away.
We have more important things to do.
So you no longer get that safe harbor.
They can always come back to you later.
But what's the likelihood of that occurring?
Really, really small.
So the shrug in most cases is good enough for government work.
I want to ask you one thing.
What if someone wants to challenge Sipheus and say no?
Can people do that?
Because in most contexts with government agencies, you have a right of judicial review.
but Scythius is different.
Scythius is different.
If you've been a litigator before
and you never want to litigate anything again,
you're pretty much safe in Sipheus land.
Siphyas provides a very, very, very narrow
judicial review provision.
You can't challenge the national security determinations.
You can challenge on sort of due process grounds.
There has been one, yes, count it one challenge
in federal court in Sipheus' history.
which did, in fact, it involved the acquisition of some wind turbines in southern Washington state,
and that established the requirements for due process,
that Sipheus has to tell the parties what its concerns are to the extent it can.
But unlike every other regulatory environment,
the ability to challenge Sipius in court is extremely narrow.
So the bottom line is you have to get what you can out of the regulatory process.
And it does make for, honestly, a very different sort of negotiation than you see in most contexts
because the U.S. government may not hold all the cards, but it holds 51 of them.
And how does the Sipheus body, do they vote?
I mean, what if some of the entities of the 13 don't care about a transaction or an investment,
and then others do?
How does that work?
So it's a little bit like a jury.
You got to be unanimous, but if you have one holdout, you just keep going.
So it's all on consensus.
If one person keeps saying, I want mitigation, you're still stuck in this loop of trying to work through mitigation.
So you can't get cleared unless everyone agrees.
You probably won't get rejected unless everyone agrees, too.
But it can be a very challenging fight about consensus.
And part of what we do with clients all the time is think about the technology.
thinking about the acquirer because SIFIUS comprises 13 different agencies.
Those different agencies have very, very different concerns.
And sometimes we as Sipfius lawyers with our clients want to spend a lot of time with the Department
and Defense because it's something they care about.
Sometimes we know the Department of Defense doesn't care at all.
We want to spend all our time with DOJ or NSA on different pieces.
And it's part of the art is identifying which agencies care about it and trying to make sure
that as you're going through the process, not only are they not an impediment, but the ones
who have the biggest interest in the U.S. government are actually advocates for the deal getting done.
We've been talking about acquisitions. I want to talk a little bit about investments.
I talked about those mandatory categories on that critical technology piece, if you have
export control technology. The draft regulations add one more thing that's mandatory, that if there's
a foreign government-controlled transaction in those technology infrastructure or data spaces.
And a foreign government control transaction is a foreign investment of 25% or more in the U.S. business by an entity that is 49% or more controlled by a foreign state.
GIC, sovereign wealth fund for Singapore, the issue may or may not be.
If they make a 25% investment in any of those types of companies, that also drives a mandatory declaration.
So that's going to change the environment a little bit for some of the ever-present sovereign wealth funds and related entities and their investments in the Valley as well.
What if those sovereign wealth funds are LPs in venture capital funds?
So the way it's written now in terms of a JV, sovereign wealth funds in a joint venture, and they have 49% of the joint venture.
In most cases, the sovereign wealth fund probably wouldn't be 49% LP.
the LP piece, this gets pretty complicated because you're combining two things.
They announce on whether it's foreign government controlled,
and also the analysis on whether or not the LP should even be considered
as an investor or just the GP.
Because if it's just an LP and that LP doesn't have certain decision-making rights,
then you don't consider that LP at all.
So this is another way in which for funds,
it becomes very, very important to look at LP agreements.
and determine what rights you want to provide
and what rights you don't want to provide.
So we're seeing more and more excerpts of LP agreements
which say under no circumstances will the limited partners
have access to material non-public tactical information.
Except if they did, they no longer get the LP protection.
So it's taking some of the language
and some of the art of what goes on at Sipheus,
inserting that into the LP agreement
and looking very carefully at the provisions
around the advisory committees, the investment committees for the LPs.
And in general, LPs want this.
Because LPs are joining a fund, so they're not the investor.
So this is basically just verifying their passive.
Now, the one complication you get in larger investments, of course, is direct investment
by that same LP.
Deaths covered in Sipheus.
They don't get to skate free of that because they were an LP and another fund.
Well, a lot of founders, they're not yet kind of at the stage of leader stage or growth.
investments, how should they be thinking about SIFI's reforms? I mean, they might have not yet
a million users for their product or service, but aspire to it. And maybe they want to go raise money
for a variety of reasons, not just here in Silicon Valley, but outside of the U.S.
How should they be thinking about something like Sipheus? They might be, you know, at Series A,
they might not have a general counsel or a huge legal budget for outside counsel such as
yourself. What should those founders?
So even if you don't have a general counsel, talk to the Katie Hans of the world to say, all right, if I take this money from this foreign investor, how is that going to affect my round? What rights do I have to make sure are or not involved? How's that going to affect future business opportunities? That's really important. So think strategically. Of course, it can be very attractive to take, you know, $5, $10, $15 million, $12%, 15%, whatever it is from a foreign investor who can
write a big check and isn't asking for much.
Or her provides some strategic...
That's right, or a strategic benefit
for geographic diversity. I mean, all sorts of reasons.
Think it through.
I'm not saying don't do it,
but potentially limit certain information rights.
So you're a specialist in coming up
with innovative deal structures.
Maybe you trip into Sipheus, maybe you don't.
If someone didn't want to,
what kind of things would you tell a series A
or series B founder, if they said,
I want to take foreign investment, but I really don't want to go through this what sounds like
a not nimble and a fairly paper-intensive Siphyas process.
What kinds of things could they be doing strategically?
You've got to think about the rights that you're including for that investor.
Those rights on board, information rights, absolutely decision rights, may trip you into Sipheus
one way or another.
So that's critical.
And that investor might not care about those things.
That's right.
And you might tell that investor, if you get this, it's going to delay things and we have a long
process.
They may say, oh, God, yeah, it's not.
worth it to me. So think about those rights up front. Second, think about how, in terms of timing,
phase your investment in different ways. So maybe they say 9% equity, but damn, and I want a board
seat if I'm giving you 9%. And the answer may be, okay, great, but let's phase the investment. I need
the 9% now. I need the equity now, but you'll only get your board seat after we get through
this Sipheus process. Three years ago, this is hard because you had lots of foreign investors
who weren't thinking about this.
Today, you've got a global environment
of very, very well-educated foreign investors
who don't want to run a foul of the rules
and are more thoughtful.
If you said to certain investors three years ago,
sorry, if I give you a board seat,
we're going to have a Sipheus issue.
They'd say, well, who cares?
Let's go through Sipheus.
Today, I think it's actually a very different environment,
and they might well say,
totally understand, I don't need a board seat.
So that's good news.
They're taking the equity position,
but you're delaying some other rights, whether it's a board seat, board observer, and the like.
So phase it so it doesn't totally foul up your timeline.
Third, you really do have to think strategically about where you're trying to go with the business.
Do you want to do work with the U.S. government?
Is your priority in Asia or Europe or anywhere else, in which case you may have to walk through some of this,
and you're perfectly fine closing one door to open another.
So don't just think about this.
I know that's hard when you need equity right away, but you still have to be a little bit strategic.
looking forward about how this will affect you in the future. Think about if there are ways to
structure it so they are LPs in another fund. Now funds of one aren't good but to the extent
you can work with someone and say, listen, we'd love to take your money but it's problematic
if we do it that way. Let's move it over to here. That's really good. Another possibility is,
again, early stage this gets hard, but later stage you might start looking at not actually
selling in the U.S. business. If you've already gone international, carving it up, so they're
actually making an investment outside the United States and some of your growth and other geographic
regions. Now, that gets tricky because then you have to really be careful that you're not
contributing a U.S. business, that your R&D isn't supporting it, that your people, all those
things. But at some point, that becomes quite valuable to create potentially a joint venture
overseas with the foreign investor, rather than investing in the domestic U.S. company.
And if you finally decide, well, we've got to do this, but I'm worried about what Sipheus might say, then you're in the world of how are you allocating that risk that Sipheus is going to show up and stop us from doing something or sharing something. So you really have to understand why you're doing the investment. If you're just doing the investment to get the money, the risk isn't that bad for you. Because what would the mitigation be? The mitigation might not be the money. The mitigation might be a lack of information access for the acquirer or the investor. But,
But if what you're trying to do is I want to share information and technology with this foreign investor because they have technology or access to markets that I need, well, then you have to be really careful because that might be exactly what Sipheus cuts off.
So you have to understand what the investment thesis is not just for them, but what it is for you and how Sipheus may affect that.
And then you fold into the deal documents the allocation of risk like you would in any other deal, what the efforts they might have to do for the regulatory regime when you have a right to watch.
things like that. What about, we talked about U.S. business doesn't necessarily just mean U.S. business.
It could mean just you have a presence in the U.S. What about where there's no company at all?
And here I'm thinking about crypto. We have these things called DAUs, decentralized autonomous organizations
or distributed autonomous organizations. And many times they're set up as a nonprofit.
Do these rules, the new reforms, speak to that kind of circumstance or not really?
I think they really don't. I think that is over the horizon for Sipheus. One thing, though,
going back to the point about judicial review, a lack of judicial review means one really important
thing on something like this. Sipheus has enormous discretion to interpret its rules the way it
wants to interpret its rules. So it wants to say it's a U.S. business. It wants to find enough indicia
of it being a U.S. business. It can say it's a U.S. business. And there's not going to be a court
where it says, how dare you say that? And there aren't that many investors or companies that want to go
fight the U.S. government in court, even if they could on that sort of thing.
Well, before we take time for questions, I just wanted to ask you, what do you think are
the biggest surprises for which industries or which types of business do you think this
is going to, these reforms are really going to affect most in our world?
I think I am nervous about anyone who mentions artificial intelligence on their website,
which is everyone.
Artificial intelligence machine learning are inherently challenging places because
you know ultimately we're talking about algorithms and where do you actually draw the
line between basic mathematical science and research into the application of that so I
think it's going to have a potentially significant impact there. Biotech anything
healthcare related is increasingly becoming an area of focus. Certainly as I've
already mentioned anyone who deals with identifiable information in any way this is a
very hot topic. The last two, as I said, if you don't file with Sipheus, Sipheus can always
knock on your door and you can have a really, really uncomfortable period and they can
impose penalties or impose divesture. There are two cases like that right now, both involving
Chinese investors and acquires, both pretty well known. So I think, I hate to say it, but it's hard
to find areas that aren't of concern to Sipheus.
right now. Again, that doesn't mean that everybody is going to be blocked. It doesn't mean that everyone
has mitigation. It does mean in most cases, thoughtful planning early in the process,
structuring in a way where Scythias is a lesser concern, becomes more and more important.
And where can people learn more if they want to thoughtfully think about this? I don't want to
go file anything, but I want to keep my finger on the pulse of this. What are some resources
that people could go look through? So Sipheus is also a funny regime, and that
Cipheus never publishes anything publicly. Any other court case? You have a court case and what do
they go read the court case. Sipheus doesn't release any of its decision. It's all confidential,
which actually is a good thing for the businesses because you'd rather not have the whole world know
what you're doing, how your investors are. So that's a good thing and things tend not to leak out of
Sipheus. There's obviously an industry of lawyers who write on this. There are one or two sites.
One slight warning, because Sipheus has become a big,
bigger deal. It's sort of like mushrooms after a rainstorm. Experts are popping up everywhere.
They're national security experts. They're Siphyas experts. If you call someone, if you call
firms, say, hey, how many Sipheus filings have you done over the past five years? And if the
answer is less than about a hundred, you ought to be scared. So find the reputable firms that do this,
talk to the reputable investors who understand this. And it is something where keeping your finger on the
pulse, I just think it's going to be too overwhelming. There's too much change in this environment
right now. So find a lawyer that you trust so you can get on the phone with. It's not always,
you know, hundreds of thousands of dollars. Any reputable lawyer should say, hey, let's talk through
this for half an hour, see if you have a problem. The lawyer understands your technology,
who the investor is, what the timeline is, what your business goals are. Say yes, no, or maybe,
and then you make a decision about how you want to proceed. And you're not going to get that
from just reading something. Reading's good background. But again, you're trying to build a
business, run a business, you're only going to read so many articles, my guess.
Great. Mike, thanks so much for being here. I know people might have questions for you.
Is there ways you can accidentally back yourself into a civil situation? So, for example,
you have a downward protection or a secondary market, someone buys your stock, or you go
public and someone buys your stock? Yeah, so there absolutely are what you describe.
I mean, everything from convertible debt, which, when it converts and there are rules about
how Sipheus treats convertible debt instruments and the like. And Sipheus doesn't matter.
It doesn't matter if it's a direct investment in private company or ownership on the public
market. So you get over 10% public ownership on the public market, and that too implicates Sipheus.
It doesn't matter what form of ownership it is. It's just about equity. By the way, debt does not
count. Now, convertible debt gets more complicated, but debt doesn't. So that's a
another way to structure potentially, which can be helpful.
Now, if you have debt and you have some other rights
on top of that debt, it gets a little bit more complicated.
But yes, you have to be aware of your shareholder base,
public, private, regardless of how it comes in.
Now, it does matter to Sipheus in terms of how they look at it,
because if you've been passive about this,
you didn't reach an agreement.
Somebody just comes in and acquires your debt on secondary market.
They may be concerned about what the effects of that are, but they absolutely look at the U.S.
business and the target a little bit differently, since you have obviously not signed up to do something
collaboratively with that foreign investor. So it changes the color, but it doesn't change the
jurisdictional analysis.
Is the on the responsibility for filing on the company or the investor require for filing?
Yeah, so the way the fines work, it's joint and several. So they've only imposed one fine,
in that so far. So we really don't have a lot of data to know. Can you just explain? I mean joint
in several. Oh, sure, sure. I mean, both of you are, you know, in trouble. Yeah, so you both have a
responsibility. The filing is joint. So any Sipheus filing is joint. It isn't joint if there's been
an outright acquisition and after the fact, because then there's only one party. And so if you get
acquired and you get your equity and you get your cash and you walk away, listen, you're you're good
depending on what the contract said.
But generally, if you're talking about an investment in a U.S. business,
both parties go to Sipheus.
Both parties can be fined by Sipheus,
although each party generally only states,
it can only be responsible for its own information.
So you can't be fine for the foreign investor lying about something.
But if you then have a mitigation agreement,
all right, the foreign investor isn't going to get access to my technology, and you provide them
access or you do something that violates that national security agreement with the U.S.
government, then the fine is you are jointly responsible for that fine.
Is the application viewed differently based off of the timing?
For example, let's say you do it post-wire money versus three months after the wiring money,
and is there penalties associated with the timing?
Great question.
If it's a mandatory filing, then you have to file 45 days.
before signing, for closing.
And closing, is that defined as when the
wire, when the money is transferred?
Well, it probably, but it also
depends on how it's defined in the term
sheet. Most term sheets is going to be
a sign and close. But again, that
means 45 days before the term
sheet is completed, you've
got a file. Now, if it's
voluntary, there's
no requirement to file before
or after. So you
can file it any time.
But here's the important
but unsurprisingly, Sipheus wants you to file before.
It's always a harder conversation if they already have the investment,
they already have the rights and you're going and explaining it.
So there are situations where we sort of work with Sipheus
and the parties close before they've gotten approval from Sipheus,
but it has to be done very, very carefully in a knowing, open, transparent way,
or otherwise Sipheus has the ability to take it out on you.
Great. Well, we have time for one more question.
Where do you think this is all going?
The footprint of Sipheus has been expanding,
arguably beyond national interest
and just broader economic interests of companies.
And you mentioned the dialogue with the export control regulations
where it's not just at the time of an M&A event or an investment,
but ongoingly may need a license from the government
just to do business with entities located in foreign jurisdictions.
1% of the transaction is pretty onerous for a mandatory filing, and then who knows what the export
licenses would be. Where is this all going, and do you see a stopping point?
So a couple of pieces on that. First, this is about the only bipartisan thing that has happened
in Washington in the last three years. So that tells you something, that regards to what happens
in 2020, this isn't going away. And a lot of this started at the end of the Obama administration.
Now, you put on top of that, obviously, the U.S.-China trade tensions.
That's clearly exacerbated this, and we've seen instances where these issues are all getting
thrown into a pretty messy stew. I don't think Huawei ZTE, is that national security
is a negotiating tactic on trade deals. So I think some of that, let's assume going forward,
calms down a little bit on the broader U.S.-China trade front. I think we'll have a little bit more
predictability. But I think the basic trajectory of Sipheus, looking broadly at technology,
data, critical infrastructure, expanding that definition of critical technology, that's not going
away. And there are still a lot of things you can do outside of SIFI. As I said, you know,
licensing of technology does go through export control. That will change, but it doesn't go through Sipheus.
So we can't do anything to evade Sipheus, but there are still good ways to do business,
with overseas investors in overseas environment
that doesn't put you squarely in the crosshairs.
I don't think going forward, this is going to radically change.
What is the stopping point?
I hope we don't have a global downturn,
but right now we're in a world where it's not that hard
to find capital.
There's a lot of capital out there.
Does capital markets start to shrink a lot?
I think there'll clearly be an incentive on the U.S. front
to open those doors a little bit more widely.
So I think there are some macro trends that could start to have this ebb, but I think short of that, the trajectory is going to remain relatively constant at this point.
Well, on that note, thank you so much, Mike. Thanks for coming in.