CFIUS Annual Report for 2024: Key Trends in Filings, Mitigation, and Enforcement

The Committee on Foreign Investment in the United States (CFIUS or the Committee) has released its Annual Report to Congress for calendar year 2024. As with earlier years, the report provides detailed statistics on CFIUS’s caseload and outcomes, offering some insight into current trends in or affecting US foreign direct investment reviews. Based on the 2024 report, CFIUS processed a similar volume of transactions in 2024, however the total number of filings again decreased from the previous year and remains below 2022’s record high.

Several notable takeaways emerge from the 2024 data:

• The percentage of transactions requiring mitigation measures dropped sharply, even before the US administration directed CFIUS in the America First Investment Policy to cease the use of “overly bureaucratic, complex, and open-ended” mitigation.
• Enforcement activity reached new heights, including the first presidentially ordered divestitures in years and a record number of civil penalties.
• CFIUS formally determined that parties to a transaction missed a mandatory filing requirement. Nevertheless, another year has passed without a public announcement that CFIUS assessed a penalty for that omission or any other transaction where parties failed to submit a mandatory filing.

The Annual Report contained other metrics that provide useful insights into the operations of the Committee. While the metrics contained no big surprises for the most part, they do offer several practical lessons and reminders.

ANNUAL REPORT FINDINGS

First and foremost, the data reaffirms that CFIUS reviews are unlikely to drop significantly: more than 300 filings were made in 2024 covering diverse industries and countries.

Companies should evaluate potential CFIUS implications early in transaction planning and structuring, especially for transactions involving sensitive or critical technologies, critical infrastructure, personal data, proximity to military or government sites, or investors from countries with strained US security relations. Given CFIUS’s expanded jurisdiction (e.g., real estate) and aggressive non-notified tracking, assuming a deal falls outside CFIUS’s scope or will escape notice is now a riskier gamble than ever.

Another clear message from 2024 is that CFIUS continues to pursue non-notified transactions. CFIUS has reportedly identified thousands of deals through its non-notified monitoring in 2024; CFIUS formally investigated 98 of these and requested filings in 12 cases.

In one noteworthy case, a transaction initially revealed via a public tip led to a presidential order forcing divestment. Foreign investors and US sellers should carefully consider making a voluntary CFIUS filing for any transaction that could raise national security concerns even if not strictly required to file. CFIUS has no statute of limitations to review historical deals, and 2024 demonstrated that acquisitions completed years ago can be revisited and blocked. As such, the burden of CFIUS review can be far outweighed by the risk of a non-notified deal later being unwound.

Transacting parties should also develop realistic transaction timelines. More than half of the notice filings proceed to a second-stage investigation. Withdraw-and-refiles also remain common, and 42 such refilings occurred in 2024 alone.

Where possible, parties should include additional time in transaction agreements to address a potential investigation phase and even one or more refile cycles if warranted. Deals with hard closing deadlines or expiring financing should account for the possibility that CFIUS might not clear the transaction within the initial 45-day review or even the full 90-day review-plus-investigation period, and it is prudent to negotiate CFIUS-specific closing conditions and extension provisions to manage this timing risk.

The short-form declaration option remains a useful tool in appropriate circumstances. A declaration can help speed up low-risk deals, but its benefits must be weighed against its limitations. Companies should submit a declaration only when reasonably confident that the transaction presents nominal national security issues. If the deal is in a gray area (for example, involving a safe investor but also emerging tech or proximity concerns) then a full notice may be a more prudent path to avoid the risk of spending 30 days on a declaration only to have CFIUS request a full filing anyway.

While the improved clearance rate for declarations in 2024 is encouraging (CFIUS concluded 78% of declarations), the Committee will not clear a case and provide the accompanying safe harbor unless it is fully comfortable with the abbreviated review. Complex cases will continue to graduate to a full notice, and cases somewhere in the middle may result in a no-action determination, leaving parties in a fuzzy area.

PREPARING FOR MITIGATION

The good news from 2024 is that CFIUS required mitigation in far fewer cases (only 12% of notices) and many transactions are being cleared outright. Nonetheless, mitigation remains an important part of the CFIUS toolkit and one for which parties must be prepared.

Parties should identify early on what mitigation conditions would be workable and which would be dealbreakers and attempt to craft deal documents accordingly. Especially in sensitive sectors (e.g., defense, critical tech, data centers), parties may consider proactive mitigation proposals if issues become apparent. The trend toward fewer mitigation agreements might continue, but CFIUS will continue to impose mitigation where needed, and although those conditions can be onerous, they can enable CFIUS to clear a transaction that otherwise might require a block.

For transactions that do receive CFIUS mitigation, the report suggests that CFIUS is intensely focused on post-closing compliance (as reflected by 79 site visits by monitoring agencies and multiple penalties for violations). Companies should treat CFIUS mitigation obligations with the same rigor as other regulatory requirements (e.g., export control or sanctions compliance). This means dedicating personnel and resources to implement security controls, monitor compliance, and promptly address any instances of noncompliance. Regular audits, training of relevant staff, and open communication with the CFIUS Monitoring Agency are key.

CFIUS EXPANDS STAFF AND RESOURCES

To support these enforcement efforts, the Committee has been increasing its staff and analytical resources. Treasury’s Office of Investment Security (which leads CFIUS) made significant hires in 2024, expanding the number of case officers and teams dedicated to non-notified transaction tracking, mitigation compliance, and enforcement. CFIUS member agencies are utilizing special hiring authorities to recruit talent with relevant expertise.

This expansion means CFIUS is better equipped than ever to identify transactions of interest (through data tools, interagency intelligence, and public tips) and follow up on compliance issues. For transaction parties, the message is clear: CFIUS has greater capacity to find deals that were not filed, scrutinize them, and enforce the law when needed.

Finally, businesses and foreign investors should stay attuned to CFIUS regulatory developments and take advantage of opportunities to engage. In 2024, Treasury’s CFIUS Conference and new guidance materials demonstrated an increased emphasis on transparency. It is wise to follow CFIUS announcements, such as the recent rule changes expanding real estate jurisdiction and raising penalty caps, which can directly affect transaction planning and risk.

While the Annual Report contains useful information about the totality of the CFIUS program, every transaction will present unique considerations and a case-by-case approach is necessary to determine how best to navigate the CFIUS process.