Outbound Investment Security: The Reverse CFIUS

Educational only; not legal advice. SPP explains diligence issue-spotting, evidence collection, risk triage, and the accountant and certified-fraud-examiner workflow. It does not give legal opinions, sanctions advice, or filing advice. Regulatory status is current as of drafting (2026-06-15); see the status note at the end.

For nearly four decades the United States built an elaborate machine for inspecting foreign money on its way into the country. The Committee on Foreign Investment in the United States, the subject of the companion piece to this one, can slow, condition, or kill an acquisition because of who is buying. What the country never built, across all those years, was the opposite machine: a way to inspect American money on its way out. A United States venture fund could wire capital into a semiconductor startup in Shenzhen, take a board seat, transfer the know-how that comes with a lead investor, and help stand up a national champion in exactly the technology the Pentagon was losing sleep over, and no part of the federal government had any standing to ask the fund to stop. The capital was leaving, not arriving, and the inbound machine had nothing to say about it.

That gap is now closed, or at least closing. The Outbound Investment Security Program, which practitioners have taken to calling the reverse CFIUS, flips the polarity of the inbound screen. It does not ask who is buying an American company. It asks whether an American is funding a foreign one that the United States would rather not see succeed, in a short list of technologies it has decided are too close to the next war. The program took effect on the second day of 2025, and at the very end of that year Congress did something it had pointedly declined to do for the original committee until a scandal forced its hand: it wrote the new program into permanent statute and, in the same breath, widened it.

This piece is the mirror of the CFIUS piece, and it is worth reading in that order, because the two screens are built from opposite instincts and the contrast is the fastest way to understand either one. Where the inbound screen is an interagency committee with a forty-year case history and a thick annual report full of base rates, the outbound screen is a young Treasury program with almost no public track record at all, resting on an emergency-powers statute and, now, a brand-new piece of legislation whose teeth have not yet been tested on anyone. The diligence skill it demands is correspondingly different. There is no committee to predict and very little precedent to read. There is, instead, a rule that effectively orders the investor to do the diligence itself, and a set of definitions precise enough that an analyst, a certified public accountant (CPA), or a certified fraud examiner (CFE) can run a deal against them and reach a defensible answer before the capital call goes out.

What the outbound screen was built to solve

The inbound committee answered a question about control: if a foreign government, through a company it owns or influences, takes the wheel of an American business, what might it do with the wheel. The outbound program answers a different and in some ways harder question, one about capital and capability. The worry is not that an adversary will buy something American. It is that Americans, acting as rational investors chasing returns, will themselves finance and accelerate the adversary’s most sensitive capabilities, and will throw in the intangible extras that come with sophisticated money: the managerial talent, the standing in the market, the introductions, the validation that a marquee Western investor confers. Money is fungible and capability compounds. A dollar of American venture capital into a Chinese artificial-intelligence (AI) or chip company is not just a dollar; it is a dollar plus a network plus a signal, and the policy judgment behind the program is that some of those dollars buy the other side a head start the United States cannot afford to subsidize.

The legal foundation the government reached for is the same one that powers economic sanctions, which tells you something about how the program is meant to feel. On August 9, 2023, the President issued Executive Order 14105 under the International Emergency Economic Powers Act, known by the acronym IEEPA, the 1977 statute that lets a President regulate or prohibit transactions and property after declaring a national emergency over an unusual and extraordinary threat with its source largely abroad. IEEPA is the engine of most of the modern sanctions program, and choosing it as the vehicle for outbound investment was a deliberate statement: this is national-security regulation of capital flows, run out of the same toolbox that freezes the assets of cartels and oligarchs, not ordinary economic policy. The executive order declared the threat, named the country at the center of it, and directed the Treasury Department to write the rules.

Treasury did, and the rules became the program. The final rule was published in November 2024 and took effect on January 2, 2025, codified as Part 850 of Title 31 of the Code of Federal Regulations (the CFR). That date matters for a reason worth saying plainly: the outbound screen is barely more than a year old. It has no decades of case law, no library of presidential orders, no thick annual report of filings and outcomes. Almost everything an investor needs to know about it is in the text of the rule and, now, the statute, rather than in a record of how the government has used it, because the government has barely begun to.

Who runs it, and on whose authority

The outbound program is not a committee, and that is the first structural difference from CFIUS worth internalizing. There is no interagency table, no rotating cast of cabinet secretaries voting on individual deals. The program lives inside the Treasury Department, administered by the Office of Investment Security, the same office that staffs the inbound committee, working through a unit built for this purpose. Notifications are filed through a dedicated portal, the Outbound Notification System, and the program speaks to the public through guidance, frequently asked questions, and an enforcement page rather than through case-by-case orders.

The authority underneath the office is layered, and after December 2025 it is layered twice over. The original layer is the executive order and IEEPA: the President’s emergency declaration and the Treasury rule that implements it. IEEPA also supplies the punishment. A violation of the program is a violation of IEEPA, which carries a civil penalty and, for willful violations, criminal exposure. Those penalties are not nominal. By statute the civil penalty runs to the greater of a fixed cap, which inflation adjustment has lifted to 377,700 dollars per violation as of early 2025, or twice the value of the transaction, and the criminal exposure for a willful violation reaches a million dollars and up to twenty years in prison for an individual. As with the inbound penalty regime, the clause that should focus an investor’s attention is the one that scales with the deal: twice the transaction value uncouples the exposure from any fixed number.

The second layer arrived at the end of 2025, and it changes the program’s character from an executive experiment into an act of Congress. More on that next, but the institutional point belongs here: the new statute hands the Attorney General, who heads the Department of Justice, the job of going to a United States district court to compel divestment or otherwise enforce the program when persuasion fails, the same litigation role the Justice Department plays for presidential CFIUS orders. The pattern across the national-security stack is becoming familiar. Treasury screens and conditions; Justice litigates when the conditions are ignored.

What changed: an executive experiment becomes a statute

The single most important development in the outbound space, and the reason this piece could not have been written the same way a year ago, is that Congress codified the program and expanded it, all inside the same defense bill that quietly widened CFIUS.

On December 18, 2025, the President signed the National Defense Authorization Act for fiscal year 2026, Public Law 119-60, the same sprawling annual defense statute that, in a different title, carried the CFIUS real-estate amendment discussed in the companion piece. Keep the two titles distinct, because they are easy to blur: the CFIUS change rode in Title LXXXI, while the outbound program was codified and expanded in Title LXXXV, under the name the Comprehensive Outbound Investment National Security Act of 2025, which everyone has mercifully shortened to the COINS Act. The Congressional Research Service, the nonpartisan analytic arm of Congress, describes it as the first law to set up a specific program that regulates and restricts certain outbound investments, while noting that it remains narrowly targeted on a few sectors, activities, and countries. That characterization, the “first,” belongs to the Congressional Research Service and not to Treasury, and it is the right frame: this is the founding statute of a new regulatory field, not the maturation of an old one.

The COINS Act does several things at once, and an investor should hold them apart, because some are operative now and some are promises about the future. It amends the Defense Production Act of 1950, the same Cold War statute that houses CFIUS, to add a new set of sections, numbered 801 through 808 and codified at 50 U.S.C. 4581 through 4588, that put the prohibition-and-notification structure into permanent law rather than leaving it to rest on an emergency declaration a future President could simply revoke. It authorizes 150 million dollars to Treasury to run the thing. It adds a separate sanctions subtitle, grounded again in IEEPA, that lets the President impose sanctions on a foreign person determined to be a covered foreign person, to bar Americans from investing in or buying significant amounts of its equity or debt. And it expands the program’s geography on paper from the single country the executive order targeted to six: beyond the People’s Republic of China, the statute’s list of countries of concern names Cuba, Iran, North Korea, Russia, and the Maduro regime in Venezuela.

Here the discipline that runs through this whole series matters most, because the temptation is to read the new statute as if it were already the operating reality, and it is not. Three precise points keep the analysis honest. First, the operative rule today is still the executive-order rule. The COINS Act expressly tells Treasury to issue implementing regulations that will, as the statute puts it, amend, terminate, supersede, revoke, or streamline the existing Part 850 rule, and it gives Treasury time to do it, with the core regulations due within roughly 450 days of enactment. Until those regulations issue, Part 850 stays operative on its own terms, which means the live program an investor must comply with this year still reaches the People’s Republic of China and the three technologies the executive order named, not the wider six-country, broader-sector universe the statute contemplates. Second, the six-country expansion and the additional sectors that appear in the statutory text, including high-performance and supercomputing and hypersonic systems, are prospective; they describe where the program is heading once Treasury conforms the rules, not where it is today. Third, the sanctions subtitle defines its own narrower list, the People’s Republic of China including Hong Kong and Macau only, a reminder that the statute is built from several moving parts with different scopes, and that citing the wrong one produces a confident, sourced, and wrong sentence.

There is even a flicker of genuine uncertainty about the program’s foundation. The America First Investment Policy, a presidential memorandum issued February 21, 2025, directs the administration to consider new or expanded restrictions on outbound investment in the People’s Republic of China across a long list of sectors and to use all necessary legal instruments including IEEPA sanctions, and in the same document it notes that the underlying executive order is itself under review. A program simultaneously codified by Congress and placed under executive review is a program in motion, and the honest posture for a diligence professional is to track it as a moving target rather than to memorize a snapshot.

The legislative path matters because it explains why the final system is neither a pure reporting regime nor a full outbound CFIUS clone. The 2023 Cornyn-Casey bill, the Outbound Investment Transparency Act of 2023, was a transparency bill. It would have required written notice to Treasury before certain outbound activity, and its covered sectors were broader than the three that Treasury ultimately put into the live rule: advanced semiconductors and microelectronics, artificial intelligence, quantum information science and technology, hypersonics, satellite-based communications, and networked laser-scanning systems with dual-use applications. That proposal did not itself ban the investment. It assumed that the first federal problem was visibility, because Washington could not regulate a capital flow it could not see.

Other proposals took different shapes. The Congressional Research Service identifies bills that would have used sector prohibitions, a case-by-case “reverse CFIUS” style review, and an entity-based sanctions approach. Those are not stray drafting variations; they are the three policy choices Congress and the agencies were choosing among. One model says tell us what you are doing. A second model says ask us before you do it. A third model says do not finance these named people at all. The live program is a hybrid of those choices. Part 850 uses a prohibited tier for the most sensitive activity, a notifiable tier for the next band of risk, and a set of exceptions for investment activity Treasury decided not to reach. The COINS Act then adds statutory durability and a broader future perimeter, while still giving Treasury the job of writing the conforming rules.

That history keeps the diligence conversation practical. A fund principal may want to know whether outbound investment security is “really” a filing regime, a sanctions regime, or a deal-approval regime. The answer is that it borrows from all three but is identical to none of them. It borrows the penalty engine from sanctions, the national-security logic from CFIUS, and the investor self-classification burden from export controls. That blend is why the investment committee memo cannot simply say “counsel will handle filing.” The investor has to know, before it signs, whether it is looking at a banned transaction, a reportable transaction, an excepted transaction, or a transaction that is not covered at all.

What triggers the outbound screen

Stripped to its architecture, the program asks four questions about a proposed investment, and a transaction has to answer yes to all of them to be caught. Who is investing, what are they investing in, where does the target sit, and what kind of investment is it. Walk a deal through the four and the answer falls out.

The first question is about the investor, and the reach is broader than the phrase United States person suggests. The rules bind any United States citizen, lawful permanent resident, entity organized under United States law, and any person located in the United States. They also reach a step further, to what the rules call a controlled foreign entity, a foreign entity that a United States person controls, and they impose on the United States parent an affirmative duty to take all reasonable steps to keep that controlled foreign subsidiary from doing a deal that would be covered if the parent did it directly. An American fund cannot launder a prohibited investment through an offshore affiliate and call it foreign.

The second question is about the technology, and this is where the program is deliberately narrow. The executive order identified three covered national-security technologies and products: semiconductors and microelectronics, quantum information technologies, and artificial intelligence. The rule then slices each of the three into finer categories, and the slicing is the whole game, because it determines which of the two tiers a transaction lands in. Some sub-segments, the most sensitive, are prohibited outright. Others are merely notifiable. The same broad technology can therefore be a forbidden investment in one configuration and a reportable-but-permitted one in another, which means the classification work cannot be done at the level of the headline sector; it has to reach the specific capability the target company is building.

The third question is about the target’s nexus to a country of concern, and the rule answers it through a defined term, the covered foreign person. In essence, a covered foreign person is an entity tied to a country of concern, which today means the People’s Republic of China including Hong Kong and Macau, that is engaged in one of the covered activities in one of the covered technologies, together with entities that such persons own above a threshold or from which they derive substantial revenue. The nexus can run through ownership, through the place of business or headquarters, or through a parent or subsidiary relationship, and tracing it is the part of the analysis that most resembles classic forensic ownership work: follow the entity to its owners and its money, and decide whether the country-of-concern connection is present.

The fourth question is about the shape of the investment, because the program does not reach every dollar that touches a covered foreign person. It reaches covered transactions, a defined set that includes acquiring equity or certain convertible interests, providing certain debt that carries equity-like rights, greenfield investments and expansions that establish or grow a covered foreign person, certain joint ventures, and certain investments made as a limited partner into a pooled fund that will itself invest in covered foreign persons. And it expressly carves out a list of excepted transactions that Congress and Treasury decided not to chase, among them investments in publicly traded securities and index funds, certain passive limited-partner commitments below a threshold that carry no governance rights, full buyouts that take a country-of-concern interest entirely out of a company, intracompany transfers, and certain ordinary derivatives and syndicated debt. The excepted list is not a loophole to be exploited so much as a boundary to be respected: it tells an investor where the program stops, and an analyst who can place a deal on the right side of that boundary has done most of the work.

Two tiers sit on top of those four questions, and the difference between them is the difference between a deal that cannot happen and a deal that can happen if you tell the government about it. A prohibited transaction is banned; a United States person may not knowingly undertake it. A notifiable transaction is permitted, but the United States person must file a notification with Treasury, under the current rule within thirty days after the transaction closes. The mirror to CFIUS is imperfect and instructive here. The inbound committee mostly clears deals before they close; the outbound program, in its notifiable tier, often learns about a deal only after the money has moved, which puts even more weight on the investor getting the classification right on its own, in advance, because there is no pre-clearance conversation to catch a mistake.

The diligence obligation the rule writes for you

The most important feature of the outbound program, for the purposes of this series, is not any single definition. It is that the rule builds the diligence requirement directly into the standard of liability, which means an investor who skips the analysis is not merely taking a commercial risk; it is failing to do a thing the regulation effectively requires.

Liability under the program turns on knowledge. A United States person is on the hook for undertaking a prohibited transaction, or for failing to notify a notifiable one, if it acted with knowledge of the relevant facts, and the rule reads knowledge the way national-security regulations usually do: it includes not only actual knowledge but awareness of a high probability, and reason to know. The crucial move follows. In deciding whether a person had the requisite knowledge, Treasury will consider whether the person conducted what the rule calls a reasonable and diligent inquiry. An investor who genuinely did the homework, asked the right questions, documented the answers, and reached a wrong-but-reasonable conclusion stands in a very different position from one who saw the warning signs and looked away, or who never looked at all. The reasonable and diligent inquiry is, in other words, both a shield and a duty. It is the legal hook that turns this entire screen into a diligence exercise, and it is the reason the outbound program is properly a chapter in a due-diligence playbook rather than only a compliance manual.

What does a reasonable and diligent inquiry look like in practice. It looks like the ownership tracing a forensic accountant already does, pointed at a specific question: is the target a covered foreign person, and is the technology a covered one, and if so, in the prohibited tier or the notifiable one. It looks like reading the fund documents to see whether a limited-partner commitment will flow into covered foreign persons and whether it carries the kind of rights that strip away the passive-investment exception. It looks like papering the file with the questions asked and the representations obtained, so that if Treasury ever asks, the record shows an investor who inquired rather than one who assumed. The discipline is the certified fraud examiner’s: withhold the conclusion until the evidence converges, treat a clean answer as a hypothesis to be tested, and keep the line between what the documents prove and what a counterparty merely asserted.

The regulation is unusually helpful here because it describes the kind of inquiry Treasury will later care about. The factors are the bones of the workpaper. What inquiry did the United States person make about the target or counterparty. What contractual representations and warranties did it obtain, or try to obtain. What non-public information did it request and consider. What public information and commercial databases did it check. Did anyone appear to avoid learning inconvenient facts. Were there warning signs, evasive responses, or unanswered questions. A diligence team does not need to invent a professional standard from scratch; the rule gives the standard, and the workpaper should track it.

That is the moment where ordinary buy-side diligence becomes regulatory evidence. A target description pulled from a pitch deck is not enough. The file should show the target’s legal name, jurisdictions of organization, headquarters, principal place of business, parent and subsidiary structure, ultimate ownership, revenue concentration, and the specific products or services that create the covered-technology question. If the target says it is “AI-enabled,” the memo should not stop there. It should ask what the system does, what it was trained to do, whether it is designed for a military, intelligence, mass-surveillance, cyber, or biological-sequence use case, and whether the facts suggest the high-compute thresholds that move an artificial-intelligence system into a prohibited or notifiable category. If the target says it is a semiconductor company, the memo should ask where it sits in the chain: design, electronic design automation, fabrication equipment, fabrication, packaging, or supercomputing. If the target says it is quantum-adjacent, the memo should separate a marketing label from a quantum computer, a sensing platform, or a communications system.

The same discipline applies to the investor side. The rule reaches a United States person directly, but it also makes the United States parent responsible for reasonable steps to stop a controlled foreign entity from doing what the parent could not do. That means the diligence file for a fund or corporate investor should not end at the domestic general partner or parent company. It should map foreign affiliates, offshore fund vehicles, special-purpose vehicles, co-investment entities, and controlled portfolio-company subsidiaries that might be used to route the capital. It should also record the controls the United States person actually has in place: compliance covenants, internal policy, training, reporting, audit, and board or shareholder rights. Those facts matter twice. They help answer whether the program applies, and, if a controlled foreign entity does something wrong, they become the evidence of whether the parent took the reasonable steps the rule expected.

For a limited-partner commitment, the inquiry has one additional wrinkle. The investor may not know every future portfolio company when it commits capital to a pooled fund, which is why the rule’s excepted-transaction structure matters. The workpaper should identify the commitment amount, the fund’s mandate, side-letter rights, advisory-committee rights, information rights, excuse rights, and any ability to influence or approve investments. A passive limited partner with no governance or investment rights is a different risk from a limited partner with enhanced visibility, vetoes, or a seat near the investment decision. From a diligence perspective, the question is not just “Will this fund invest in China.” It is “Will this commitment give a United States person a path to finance, influence, or lend intangible benefit to a covered foreign person in a covered technology.”

What the government can do, and what it has done so far

The remedy set follows from IEEPA and, now, from the COINS Act, and it is the familiar national-security ladder. Treasury can require a notification and penalize the failure to file one. It can pursue the civil penalty already described, the greater of roughly 377,700 dollars or twice the transaction, and refer willful violations for criminal prosecution. Under the new statute it can seek divestment, unwinding the investment, and the Attorney General can go to a United States district court to compel it. A prohibited transaction undertaken with knowledge is, in principle, exposed to the full weight of that ladder.

And here the honest reporting has to take over from the description of authority, because the gap between what the program can do and what it has so far done is wide, and pretending otherwise would betray the discipline this series is built on. As of the middle of 2026, there is no public record of a single enforcement action, civil penalty, or named notification under the outbound program. The Treasury enforcement page for the program lists only the notice that adjusted the penalty for inflation, an overview-and-guidance document, and an invitation to submit tips. There is no annual report of the kind the inbound committee publishes; the COINS Act mandates a report to Congress on enforcement actions, but the first one is not due until the middle of 2027. The program is, in mid-2026, a fully armed regime that has not yet been seen to fire. For a diligence professional, that absence is not reassurance. It is the opposite. A new enforcement regime with a clean record is not a regime that has decided to be lenient; it is a regime that has not yet made an example of anyone, and the rational assumption is that the first enforcement actions, when they come, will be chosen for their value as examples.

What the data does not yet show

In the companion piece on the inbound committee, this is where the numbers go, because the committee quantifies its own behavior every year and those counts give a buyer a base rate. The outbound program offers no such thing yet, and the responsible move is to say so rather than to manufacture a table from thin material.

The absence of filing and enforcement data does not mean the article gets no table. It means the table has to show status rather than invented outcomes:

Outbound item	Current sourced status	Diligence consequence
Operative rule	31 CFR Part 850 in force since January 2, 2025	Run the live four-question screen against Part 850, not against future headlines.
Current country scope	People’s Republic of China, including Hong Kong and Macau	Treat the broader statutory country list as a watch item until Treasury conforms the rule.
Current technology scope	Semiconductors and microelectronics, quantum information technologies, and artificial intelligence	Classify at the sub-category level; sector labels are not enough.
Penalty ceiling	Greater of 377,700 dollars per violation or twice the transaction amount, with criminal exposure for willful violations	Put the scalable penalty in the risk memo rather than a fixed-only number.
Public enforcement record	No public penalty action or named notification located on Treasury’s outbound enforcement page as of this review	Do not infer a base rate; describe the regime as armed but publicly untested.
COINS Act transition	Enacted December 18, 2025; conforming regulations due within roughly 450 days; seven-year sunset	Flag any answer that depends on prospective country or sector expansion for re-review.

What can be said with sources is modest and worth stating precisely. The program became operative when its rule took effect on January 2, 2025. Its current operative scope reaches the People’s Republic of China and three technologies, semiconductors and microelectronics, quantum, and artificial intelligence, split into a prohibited tier and a notifiable tier. Its civil penalty stands at the greater of roughly 377,700 dollars or twice the transaction. Congress codified and broadened it in December 2025, but the broadening is prospective, awaiting Treasury rules due within roughly 450 days. And there is, so far, no public enforcement and no published filing data. An investor who wants a base rate for how aggressively the program will be used is, for now, reasoning from the text and the posture rather than from a record, which is itself the single most important fact about the screen: it is the newest and least-tested instrument in the national-security stack, and it should be diligenced as a fast-moving unknown rather than a settled regime.

That distinction belongs in the memo. Inbound CFIUS gives a buyer counts: notices, declarations, investigations, withdrawals, mitigation agreements, and presidential decisions. Outbound investment security does not. The right comparison is therefore not “CFIUS has many cases and outbound has few.” The right comparison is “CFIUS has a public measurement system and outbound does not yet have one.” Until the first report to Congress appears, the most honest data point is the blank space itself. It tells the practitioner to be more formal, not less, because the file may be judged later against a regime that has not yet shown its enforcement style.

From obligation to investment-committee memo

Everything above converts into a workstream a fund or a corporate investor runs before it commits capital, and the deliverable is a clear flag in the investment-committee memo, the document an investment committee, abbreviated IC in fund practice, uses to approve or decline a deal. The workstream gathers the facts that answer the four questions and documents the reasonable and diligent inquiry the rule rewards.

Concretely, for any investment with a foreign technology dimension, the team should establish whether any party to the transaction is a United States person or a controlled foreign entity of one, because that determines whether the program binds the investor at all. It should classify the target’s technology against the three covered categories and, crucially, against the finer sub-definitions that decide the prohibited-versus-notifiable tier, recognizing that this is engineering-level classification work that may need a technical specialist, not a sector label. It should trace the target’s nexus to a country of concern through ownership, headquarters, and revenue, the ordinary ownership-tracing exercise pointed at the covered-foreign-person definition. It should characterize the investment itself against the covered-transaction and excepted-transaction lists, paying special attention to limited-partner commitments into funds, which are a common and easily missed channel. And it should preserve the inquiry: the questions asked, the representations obtained from the target and the fund, and the basis for the conclusion, so that the file shows diligence rather than assumption.

The memo that results is short and structured, and it does for the outbound screen what the CFIUS memo does for the inbound one. It states whether the program applies, whether the transaction is prohibited, notifiable, or excepted, with the regulatory basis for the call; it identifies the notification obligation and timing if the deal is notifiable; it sets out the exposure if the analysis is wrong, the penalty that scales with the deal and the divestment risk; and it builds any required step, a notification or, for a closer call, a decision to seek specialist legal advice, into the deal timeline. As everywhere in this work, a conclusion without a source behind it is a lead and not a finding, and it goes in the memo marked that way or it does not go in at all.

A usable investment-committee flag has five parts. First, it states the operating status: Part 850 is the live rule, and the COINS Act expansion is a transition item. Second, it states the deal classification in plain English: not covered, excepted, notifiable, prohibited, or unresolved pending counsel review. Third, it names the facts that drive the answer, not just the conclusion: investor status, controlled foreign entities, country-of-concern nexus, covered technology, transaction type, and any exception. Fourth, it describes the inquiry record, including the public and non-public information reviewed and any representations that were requested but not obtained. Fifth, it identifies the action item: decline, restructure, notify through the Outbound Notification System, seek a national-interest exemption, build a covenant or side-letter, or escalate to counsel.

That last point is where the accountant’s memo earns its keep. The investor may be tempted to treat a notifiable transaction as a post-closing administrative item because the current rule generally requires the filing after completion. That is backwards. The notification may be post-closing, but the classification is pre-commitment work. If the investment turns out to be prohibited, no after-the-fact filing saves it. If the investment is notifiable, the closing calendar still needs ownership charts, technology descriptions, transaction documents, and the notification record ready to go. If the investment is excepted, the file needs the exception evidence preserved before memories fade and side-letter drafts disappear. The timing of the government form does not change the timing of the diligence.

When to escalate to counsel

The diligence team spots and documents; the legal judgment belongs to specialists, and the outbound program, young and shifting, is a place to escalate early rather than late. Hand the matter to qualified counsel when the target plausibly sits in one of the three covered technologies and carries a country-of-concern nexus; when a limited-partner commitment may flow into covered foreign persons; when the structure runs through a controlled foreign entity that might be used to reach a deal the parent could not do directly; when the classification between the prohibited and notifiable tiers is genuinely close, because the consequence of guessing wrong is the difference between a permitted deal and a banned one; or when the transaction touches the parts of the program the COINS Act is reshaping, where the operative rule and the statute point in different directions. The value the diligence team adds is reaching counsel while the investment can still be structured, declined, or notified on time, which means before the capital call, not after the wire.

Practitioner Skill Built By This Article

The skill this piece builds is the ability to run an outbound-investment screen on a proposed deal and reduce the result to a defensible investment-committee flag.

What you can now recognize: the four questions that define a covered transaction (United States person, covered technology, covered foreign person, covered transaction type), the prohibited-versus-notifiable tiering, the excepted transactions, and the reasonable-and-diligent-inquiry standard that makes diligence a legal obligation.
What source you verify it against: Executive Order 14105 and 31 CFR Part 850 for the operative program; the COINS Act (Title LXXXV of Public Law 119-60, new sections 801 through 808 of the Defense Production Act) for the codification and the prospective expansion; IEEPA (50 U.S.C. 1701 and 1705) and the inflation-adjustment notice for the penalties; and the Treasury program and enforcement pages for current status. Every figure traces to one of these, per the Authority Ladder the series follows.
What you can produce: an outbound diligence questionnaire, a classification of the deal against the four questions and the two tiers, and the investment-committee flag with its notification timing and exposure.
When you escalate: at any plausible covered-technology and country-of-concern nexus, any limited-partner channel into covered foreign persons, any controlled-foreign-entity structure, any close call on the prohibited-versus-notifiable line, or any deal touching the COINS Act transition. The legal determination and the notification belong to counsel.

This is the same forensic discipline the inbound screen demands, pointed in the opposite direction. Instead of asking who is buying the American company and what they might do with it, the analyst asks where the American money is going and whether the law now forbids or merely watches it. The ownership tracing is the same craft; only the direction of travel has reversed.

The shipped artifact: outbound diligence questionnaire

Use this before committing capital to any company or fund with a connection to a covered technology or a country of concern. It produces leads and a documented inquiry, not legal conclusions.

The investor

Is any party a United States person (citizen, permanent resident, United States entity, or person in the United States)?
Is any party a controlled foreign entity of a United States person? If so, the parent owes a duty to prevent a covered transaction.

The technology

Does the target develop, produce, or work in semiconductors or microelectronics, quantum information technology, or artificial intelligence?
At the sub-category level, does the specific capability fall in a prohibited bucket or a notifiable one? Engage a technical specialist where the line is unclear.

The country-of-concern nexus (the covered-foreign-person test)

Trace the target’s ownership, headquarters, and revenue. Is it tied to a country of concern (operatively, today, the People’s Republic of China including Hong Kong and Macau)?
Is it owned above the threshold by, or does it derive substantial revenue from, such persons?

The transaction type

Is the investment a covered transaction (equity, equity-like debt, greenfield or expansion, certain joint ventures, certain limited-partner commitments into a fund)?
Or is it excepted (public securities, index funds, passive sub-threshold limited-partner interests, full buyouts of the country-of-concern interest, intracompany, ordinary derivatives or syndicated debt)?

Tier and obligation

Prohibited: do not proceed; escalate.
Notifiable: plan the Treasury notification (under the current rule, within thirty days after closing).
Excepted or not covered: document the basis for the conclusion.

The inquiry record

Preserve the questions asked, the representations obtained, and the basis for the classification, so the file evidences a reasonable and diligent inquiry.

Exposure and transition

Note the penalty exposure (the greater of about 377,700 dollars or twice the transaction; willful violations carry criminal exposure) and divestment risk.
Flag any reliance on scope the COINS Act expands but Treasury has not yet brought into force.

Memo output

State the classification as not covered, excepted, notifiable, prohibited, or unresolved pending counsel review.
Attach the reasonable-and-diligent-inquiry record: questions asked, representations requested, documents reviewed, public databases checked, warning signs, and unresolved gaps.
Assign an owner and date for re-review when Treasury issues COINS Act conforming regulations.

Applied DD Lab: Replicate the Screen

You cannot, with public data, render the legal classification a deal needs, and you should not try. What you can build is a triage screen, a first-pass filter that flags an investment for the full analysis above, clearly labeled as triage and nothing more. The exercise: take an investment target’s public description, its sector, its products, its location and ownership, and run it against a keyword and nexus screen built from the program’s own defined terms.

Dataset and inputs: the covered-technology vocabulary drawn from Executive Order 14105 and the Part 850 definitions (semiconductors and microelectronics, quantum information technology, artificial intelligence, and their sub-terms), plus a country-of-concern nexus check (today, the People’s Republic of China including Hong Kong and Macau). Public inputs only: the target’s own descriptions, public registries, and public ownership data.
What it shows: whether a proposed investment plausibly touches a covered technology and a country-of-concern nexus, and therefore whether it needs the full four-question analysis and likely counsel.
How to run it: the companion repository carries a module-backed lablet that scores a target description against the covered-technology terms and a nexus flag, and outputs a triage result of no obvious trigger, review, or escalate. It is a sorting hat, not a ruling. The lab is open-source at https://github.com/Sheepdog-Prosperity-Partners-LLC/national-security-diligence-lab.
What it can prove: that a deal deserves a closer look, or that the supplied public description does not show an obvious public triage trigger. What it cannot prove: the tier, the covered-foreign-person determination, or the legal conclusion. A keyword hit is a reason to open the file, never a finding, and a no-trigger screen on thin public data is not a clearance.

The lab guardrail is sharper here than almost anywhere in the series, precisely because the program is new and a screen can give false comfort: the triage output is a lead and a sorting step, never a legal classification, and it runs on public or synthetic inputs only.

Terms used in this article

The full glossary lives in the section’s master glossary; the terms you need for this piece:

Outbound Investment Security Program: the Treasury program that restricts and requires reporting of certain United States investments into sensitive technologies in countries of concern; the mirror of CFIUS.
IEEPA (International Emergency Economic Powers Act, 1977): the emergency-powers statute (50 U.S.C. 1701) that authorizes the executive-order version of the program and supplies its penalties (50 U.S.C. 1705).
Executive Order 14105: the August 2023 order that declared the threat and directed Treasury to write the outbound rule.
COINS Act (Comprehensive Outbound Investment National Security Act of 2025): Title LXXXV of Public Law 119-60, which codified the program in the Defense Production Act (new sections 801 through 808) and expanded it on paper to six countries of concern, prospectively.
Country of concern: the operative target of the live rule is the People’s Republic of China, including Hong Kong and Macau; the COINS Act adds five more, prospectively.
Covered foreign person: an entity tied to a country of concern and engaged in a covered activity in a covered technology, plus entities such persons own above a threshold or derive substantial revenue from.
Covered transaction: the defined set of investments the program reaches; excepted transactions are the carve-outs it does not.
Prohibited versus notifiable: the two tiers; a prohibited transaction is banned, a notifiable one is permitted but must be reported to Treasury.
Reasonable and diligent inquiry: the diligence standard the rule uses in judging an investor’s knowledge; the legal hook that makes diligence an obligation.
Controlled foreign entity: a foreign entity controlled by a United States person, which the parent must keep from doing a covered transaction.

Selected sources

Executive order: Executive Order 14105 (August 9, 2023), 88 FR 54867, federalregister.gov / whitehouse.gov.
Rule: 31 CFR Part 850 (final rule 89 FR 90398, effective January 2, 2025), eCFR and federalregister.gov; Treasury Outbound Investment Program page, home.treasury.gov.
Statute (codification and expansion): COINS Act, Title LXXXV of Public Law 119-60 (December 18, 2025), adding Defense Production Act sections 801 through 808 (50 U.S.C. 4581 through 4588), congress.gov.
Penalty authority: IEEPA, 50 U.S.C. 1701 and 1705, uscode.house.gov; penalty inflation-adjustment notice, 90 FR 8429 (January 2025).
Policy: America First Investment Policy, presidential memorandum, February 21, 2025, whitehouse.gov.
Oversight: Congressional Research Service, “Regulation of U.S. Outbound Investment to China,” IF12629, congress.gov.
Status: Treasury Outbound Investment Program enforcement and guidance pages (no public enforcement action or named notification as of mid-2026), home.treasury.gov.

Status note

Last reviewed: 2026-06-15
Next scheduled review: 2026-09-15
Current watch items: the Treasury rulemaking to conform 31 CFR Part 850 to the COINS Act (core regulations due within roughly 450 days of December 2025 enactment); the prospective six-country and expanded-sector scope; the first public enforcement action or named notification; the first enforcement report to Congress (due mid-2027); and the status of Executive Order 14105, noted as under review in the February 2025 investment-policy memorandum.

By Noah Green CPA CFE, for Sheepdog Prosperity Partners. Educational only; not legal advice.