CFIUS Grounds Grindr IPO

The Committee on Foreign Investment in the U.S. (CFIUS) has effectively ordered the divestiture of Beijing Kunlun’s ownership of the online dating site, Grindr, just as the company was preparing for an IPO. The case is important for three reasons. It emphasizes the importance of a CFIUS risk assessment before an investment or acquisition is negotiated. It highlights the risks of deciding not to make a voluntary CFIUS filing before the deal closes. And it sends a message to parties who have already closed: the U.S. government is watching, so assess your CFIUS exposure now.

In 2016, Chinese gaming company Beijing Kunlun Technology Company Ltd. bought a 60% interest in Grindr. Kunlun completed the acquisition in 2018 for a reported total of almost $250 million. Both steps were “covered transactions” for CFIUS purposes, meaning that the parties had to decide on one, and perhaps two occasions whether to make a voluntary CFIUS filing. It appears they decided not to make a filing, as they were legally entitled to do.

The consequence of this decision, however, was that CFIUS retained jurisdiction indefinitely to review the transaction. A post-closing review generally starts with a request by CFIUS to the parties asking them to make the filing they originally decided not to make. CFIUS then reviews the parties individually, the assets involved and the technology at issue to identify any “national security risks,” just as it would done had the parties filed in the first place. The parties can work with CFIUS to explain why the risk is not great enough to require divestiture, or to offer mitigation arrangements that minimize or eliminate the risk while allowing the deal to stand. In recent years, the possession by U.S. businesses of “personal identifier information,” or PII, relating to U.S. citizens has become a significant element of national security evaluations by CFIUS.

Not every deal with PII concerns is rejected by CFIUS, and even if rejected, some deals can still be done. In 2017, a Chinese investor which could not get clearance for acquiring AppLovin, a U.S. mobile ad tech company, restructured the deal to use convertible debt and a small portion of preferred stock; the parties informed CFIUS of the new structure but believed it was not a covered transaction. The restructured deal closed, and the parties are happy.

In 2018, the Chinese giant Oceanwide Holdings Group acquired Genworth Financial, a U.S. business with a vast amount of PII. The parties cleared the deal through CFIUS by engaging a third party to manage and protect the personal information of U.S. insurance policy holders.

In the Grindr case, CFIUS apparently notified the parties of its desire to review Kunlun’s ownership shortly after the company announced its intention to go public in August 2018. The parties probably then made a filing and engaged in lengthy discussions with CFIUS. All filings and proceedings before CFIUS are confidential, and leaks are unheard of. However, the parties were likely unable to ultimately satisfy CFIUS’ national security concerns, and Kunlun must have been ordered to divest. The investment bank, Cowen & Co., is now running an auction process to find a buyer.

The story may still have a happy ending. If Kunlun was merely a financial buyer in the first place, it may be able to sell its stake at a satisfactory price. This would be like the AppLovin deal. If Kunlun had plans to extend Grindr into China, or even more problematically, make use of the PII held by Grindr, then divestiture will not be such a good result. From Grindr’s point of view, CFIUS has delayed its IPO but it won’t be clear for months if not years whether the new buyer might be a better fit for the company.

Meanwhile, the Kunlun-Grindr experience leaves three takeaways.

First, the CFIUS risk of a potential transaction should be carefully evaluated before the deal is done. In this case, it would have been clear that the PII held by Grindr was potentially a source of concern. That risk assessment will inform the parties’ decision as to whether to make a voluntary filing. (In certain cases involving “critical technology,” the filing is now mandatory, but it was not at the time of Kunlun’s investment and in any case it is not clear whether the mandatory system would have applied here.) There is no reason to think the parties in this case did not make a careful risk assessment.

Second, if the parties decide not to file, they must keep in mind that CFIUS retains jurisdiction indefinitely to require a review, even after the deal closes. And, if the parties assessed the risk as high before closing the deal, they must plan for the possibility of a negative result if CFIUS asks for a filing. In this case, Kunlun has some experience with tumultuous investments, and the parties may well have decided the risk was acceptable. Not all parties will make the same decision.

The final lesson is not so obvious. Even companies who have taken some foreign investment in the past (anything more than 10% by vote, or including board rights), and did not make a voluntary CFIUS filing—and this includes thousands of technology companies—must bear in mind that CFIUS monitors the news, and if the technology at issue is sensitive enough, or other national security concerns clear enough, CFIUS can always come calling. Boards of these companies would be well advised to have competent CFIUS counsel advise them in advance as to the potential risk, and what to do about it.