The impact of the Critical Infrastructure Centre on infrastructure investors
Under Australia's new Security of Critical Infrastructure Act 2018, there is greater scrutiny of the ownership and operations of assets classified as critical infrastructure. This scrutiny comes at a time of an increased global focus on the relationship between foreign direct investment and national security. Recent US legislation, for example – the Foreign Investment Risk Review Modernization Act – broadens the jurisdiction of the Committee on Foreign Investment in the United States. For foreign investors looking towards Australia, the challenge is now to understand how the Critical Infrastructure Centre (CIC) and Foreign Investment Review Board (FIRB) interact; the impact of the CIC on the FIRB approval process; what information owners of critical infrastructure will be required to provide under the Act to the CIC; and how the CIC might impact proposed foreign investment into critical infrastructure.
Background: The roles of FIRB and the CIC
FIRB has the responsibility to assess foreign investment in Australia's infrastructure under the Foreign Acquisitions and Takeover Act 1975 and Foreign Acquisition and Takeovers Regulation 2015 (together, the FIRB Legislation), and advise the Treasurer on foreign investment matters.
The CIC's role is to not only safeguard Australia's critical infrastructure through advice to the Treasurer but also to administer the Security of Critical Infrastructure Act 2018. Relevantly, the Act defines critical infrastructure to include water, electricity, port and gas assets and any other asset which is prescribed by the rules as a critical asset. The CIC brings together expertise and capability across the Australian Government to manage the potentially complex national security risks of sabotage, espionage and coercion posed by foreign involvement in Australia's critical infrastructure.
It important to note that the CIC is not a part of FIRB and does not change the law on foreign investment approvals in Australia; instead it has a broad mandate that includes assisting the foreign investment review process by providing clear, consolidated and early national security advice to inform the Treasurer's national interest decision on foreign investment proposals.
Information requirements for owners and investors in critical infrastructure
The CIC's advice is based on the collection of certain information under the Act from reporting entities, which include the:
- responsible entity: the entity that holds the licence, approval or authorisation to operate the asset to provide the service to be delivered by the asset; and
- direct interest holders: who can directly or indirectly influence or control the asset.
These entities have an obligation to provide information for the register. This includes "operational information" if the reporting entity is the responsible entity for the asset, and the "interest and control information" if it is a direct interest holder in relation to the asset.
The Act also establishes the power for the Minister to issue directions to reporting entities and operators of critical infrastructure where the Minister is satisfied that in connection with the operation of a service:
- there is a risk that an act or an omission would be prejudicial to security;
- the direction is reasonably necessary for the purposes of eliminating or reducing that risk;
- reasonable steps have been taken to negotiate in good faith; and
- no existing regulatory system could be used instead.
As a result, the CIC not only impacts potential foreign investors but also current owners of critical infrastructure assets.
The CIC's assessment process
One of the CIC's key functions is to identify and manage national security risks affecting our critical infrastructure, with an immediate focus on the assets and sectors identified as the highest risk. In assessing the risks that may arise or increase from a change of ownership to Australia's critical infrastructure, the CIC will conduct a strategic risk assessment and simultaneously design proportionate mitigation strategies.
The CIC will conduct its assessment in close consultation with State and Territory Governments, regulators and private owners and operators to reduce the potential for malicious actors to gain access to, and control of, Australia's critical infrastructure through ownership, offshoring, outsourcing and supply chain arrangements. The relevant information which may assist CIC in making this assessment includes:
- a company’s security policies, ie. data security and physical security;
- security audits undertaken by a company;
- emergency management plans;
- redundancies;
- offshoring and outsourcing of operations; and
- existing regulatory regimes and controls.
How this information collection and CIC consideration will impact the FIRB approval process
The outcome of the collection of "operational" and "interest and control" information means that the FIRB process should be able to be streamlined for critical infrastructure assets. If all goes to plan, engagement with FIRB should become more efficient over time as potential national security issues with individual critical infrastructure assets are recorded and identified.
This should in turn allow FIRB to consider and develop mitigation strategies for the national security risks identified by the CIC without impacting the overall timeline of the decision-making process under the FIRB legislation. It may also mean that a FIRB no objections notification could include further conditions imposed through the CIC.
Until that point is reached, however, foreign purchasers of critical infrastructure should be taking CIC into consideration as part of the timelines of the transactions. This means having early engagement with FIRB, and ensuring that their FIRB applications address the relevant information (to the extent that information is available to them). It is also worth noting that there is potential for further conditions to be included in FIRB approvals that relate to critical infrastructure.
Existing owners of critical infrastructure should also ensure compliance with their obligations under the Act and – if they are looking to sell an asset – they should seek advice on potential national interest concerns as they develop their sale process.