Photo of Heather Finstuen

Heather Finstuen

Heather Finstuen has extensive experience advising clients on cross-border investment and related national security matters, as well as leading internal investigations and responding to U.S. government civil and criminal investigations.

In the national security area, Heather represents domestic and international companies in numerous industries in securing the approval of the Committee on Foreign Investment in the United States (CFIUS) and provides counseling on negotiating, implementing, and complying with CFIUS national security agreements. She frequently advises clients on national industrial security regulations and engages with the Defense Counterintelligence and Security Agency, the Department of Energy, and other cognizant security agencies on topics including the determination and mitigation of foreign ownership, control, or influence (FOCI). She also counsels defense contractors on National Industrial Security Program Operating Manual (NISPOM) requirements, obtaining and maintaining facility and personnel security clearances, safeguarding requirements, supply chain considerations, and investigating and responding to compliance concerns.

Heather has been involved in many complex CFIUS and FOCI matters, including Nexen Inc. in its $15 billion sale to China National Offshore Oil Corporation, GLOBALFOUNDRIES’ $1 billion acquisition of the IBM Microelectronics Division, Micro Focus on transactions including its $8.8 billion acquisition of HPE’s software business and $2.5 billion sale of its SUSE business, CenturyLink’s $2.2 billion sale of its Savvis data center business, Publicis Groupe’s $3.7 billion acquisition of Sapient, numerous matters for BAE Systems, and multiple transactions for The Carlyle Group.

Heather also represents and counsels government contractors in connection with internal investigations, mandatory disclosures, federal inquiries and investigations, and compliance policies and procedures. Heather has led numerous internal fraud and ethics investigations in various industries (defense, manufacturing, software, banking and finance, healthcare, food) into a range of issues including cyber security, labor charging, billing and claims, sourcing requirements, manufacturing and quality control processes, accounting, compensation structures, and mortgage foreclosure practices.

Before joining the firm, Heather served as a law clerk to the Honorable Carolyn Dineen King of the United States Court of Appeals for the Fifth Circuit.

May 23, 2023, Covington Alert

The U.S. Department of the Treasury (“Treasury”), in its capacity as chair of the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”), recently posted two new frequently asked questions (“FAQs”) to CFIUS’s website that have important implications for parties planning transactions subject to the Committee’s jurisdiction.

First, CFIUS confirmed its recent practice of requiring detailed information on all direct or indirect foreign ownership involved in a transaction, including disclosure of all limited partners (or “LPs”) of an investment fund, without regard to any pre-existing agreements between the fund sponsor and investor regarding disclosure.

Second, CFIUS offered guidance regarding the meaning of “completion date” for purposes of when a mandatory filing must be submitted for a multi-stage transaction. The guidance could have broad implications, especially for some venture financing transactions, as it introduces uncertainty regarding the ability of investors to use a staged transaction to acquire an initial, passive equity interest prior to submitting a mandatory CFIUS filing with respect to a subsequent acquisition of control or certain non-passive rights. The new guidance seems at odds with language that appears in the preamble to the regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), and the practice of transaction parties for the last several years. CFIUS did not provide any explanation for this change, which raises questions as to why the Committee has issued the guidance now.

Each of these developments is discussed in more detail below.

1. CFIUS may require detailed information regarding all foreign persons involved directly or indirectly in a transaction, including limited partners in an investment fund.

Treasury published the following FAQ on May 11:

Does CFIUS require information on all foreign persons, such as limited partners in an investment fund, that would hold an interest in a U.S. business, whether directly or indirectly, as part of the transaction?Continue Reading CFIUS Issues Guidance On Disclosure of Information About Limited Partner Investors and Application of Mandatory Filing Rules to Multi-stage Transactions

On the heels of Russia’s invasion of Ukraine, pandemic-induced supply chain disruptions, and U.S.-China tensions over Taiwan, 2022 accelerated a sweeping effort within the U.S. government to make national security considerations—especially with respect to China—a key feature of new and existing regulatory processes. This trend toward broader national security regulation, designed to help maintain U.S. strategic advantage, has support from both Republicans and Democrats, including from the Biden Administration. National Security Advisor Jake Sullivan’s remarks in September 2022 capture the tone shift in Washington: “…[W]e have to revisit the longstanding premise of maintaining ‘relative’ advantages over competitors in certain key technologies…That is not the strategic environment we are in today…[w]e must maintain as large of a lead as possible.”

This environment produced important legislative and regulatory developments in 2022, including the CHIPS and Science Act (Covington alert), first-ever Enforcement and Penalty Guidelines promulgated by the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) (Covington alert), President Biden’s Executive Order on CFIUS (Covington alert), new restrictions under U.S. export control authorities targeting China (Covington alert), and proposals for a new regime to review outbound investments by U.S. businesses (Covington alert). The common thread among these developments is the U.S. government’s continuing appetite to use both existing and new regulatory authorities to address identified national security risks, especially where perceived risks relate to China.

With a Republican majority in the U.S. House of Representatives riding the tailwinds of this bipartisan consensus, 2023 is looking like a pivotal moment for national security regulation—expanding beyond the use of traditional authorities such as trade controls and CFIUS, into additional regulatory domains touching upon data, communications, antitrust, and possibly more. In parallel, the U.S. focus on national security continues to gain purchase abroad, with foreign direct investment (“FDI”) regimes maturing in tandem with CFIUS, and outbound investment screening gaining traction, for example, in the European Union (“EU”). It is crucial for businesses to be aware of these developments and to approach U.S. regulatory processes with a sensitivity towards the shifting national security undercurrents described in greater detail below.Continue Reading Will 2023 Be an Inflection Point in National Security Regulation?


Continue Reading Senate Armed Services Committee Proposes Expansive but Unclear Software Review Provisions