FOCI – Foreign Ownership, Control and Interest
Given the information and technology that U.S. defense contractors have and the role they play in U.S national security, U.S. defense contractors need to be particularly concerned about the dangers of the world.
To manage the wild and dangerous world, regulations, particularly those detailed in the National Industrial Security Program Operations Manual, require defense contractors to identify and mitigate any foreign ownership, control or influence (FOCI) to assure any foreign investment in a defense contractor is not threatening to national security.
The danger of FOCI is that classified information such as a defense contractor’s classified intellectual property, will be revealed to bad acting non-U.S. persons or entities who will use the classified information improperly. Another danger of FOCI is that a bad acting non-U.S. entity or person with control over a defense contractor may divert the contractor’s resources away from performing necessary defense contracts.
”FOCI” occurs when a non-U.S. person or entity has the power to direct or decide matters related to the management or operations of the defense contractor, such as when:
- More than five percent of a contractor’s stock is owned by a foreign entity
- The contractor owns more than ten percent of a foreign entity
- The contractor’s officers, executives, directors or other leaders are not U.S. citizens
- A foreign entity or person has the power to direct or control the contractor
- The contractor has contracts, agreements, loans or other obligations with foreign entities
- The contractor obtains a significant amount of its revenue from a non-U.S. entity
- Any relationship exists where a non-U.S. entity may exert ownership, control or influence over the U.S. defense contractor
Since the Department of Defense does not want defense contractors to be alone in this dangerous world, in addition to providing regulations designed to protect the defense contractor, the Defense Security Service (DSS) monitors and works with defense contractors to make sure the contractor follows the regulations and thereby protects classified materials. Since FOCI does not always preclude a defense contractor from doing national security work, this includes DSS working with defense contractors that may have some foreign ownership, control or interest to develop appropriate plans to mitigate the risk of FOCI.
If a defense contractor has some foreign ownership, control or influence it must first disclose this to DSS; and then, it must work with DSS to design a FOCI Mitigation Plan or an Affiliated Operations Plan to manage the risk of foreign influence.
For example, when the foreign ownership, control or influence is minimal, at DSS’ discretion, the cleared contractor may enact board resolutions specifically excluding the foreign directors, owners, lenders or partners from accessing classified information and from otherwise influencing the cleared contractor’s operations as it performs classified contracts.
FOCI may also occur when a defense contractor is affiliated with an entity with FOCI and it wants to “share” some of its operations or services with the FOCI affiliated entity.
DSS considers a cleared contractor to be “affiliated” with another entity when the cleared contractor has some type of business or operational relationship, such as a parent-subsidiary relationship with another entity. This includes when a cleared contractor shares administrative, operational or commercial services with another entity. A cleared contractor may share services or operations with another entity that has some foreign ownership, control or influence in certain circumstances, particularly when the foreign ownership is minimal. However, the cleared contractor must be sure to avoid situations that give the foreign entity leverage over it.
If a cleared contractor is sharing services with an entity that is foreign owned, controlled or influenced then, the contractor must implement more expansive plans to mitigate the risk of FOCI influencing its operations. DSS does not define each instance when services shared with a FOCI affiliate may defeat the operational and managerial independence of a cleared contractor such that the contractor will lose its clearance. Rather, DSS expects that cleared contractors will determine the operations that it intends to share with the FOCI entity; identify the risks to national security in sharing those services; and develop and execute a mitigation plan to reduce risk to national security.
For example, if a cleared contractor plans to share internal audit services with a FOCI affiliate, it must precisely define the extent of the audit services that will be shared. Once that is defined, the cleared contractor must then develop controls to assure that the internal audit function does not have the ability to access cleared contracts or any other cleared information. The cleared contractor should also assure that any remedial actions that internal audit recommends do not impact its operations or otherwise result in the FOCI affiliate compromising the cleared contractor’s ability to act independently when executing national security related contracts. Any plan will need to be shared with and approved by DSS.
This is only one example, cleared contractors should evaluate all operations to determine if the operations are being shared with a FOCI entity and if so, disclose to DSS and develop a plan to mitigate any risk to national security.
Cleared defense contractors should also be sure to properly identify if they have FOCI by reviewing their ownership structure; their sources for any funds or capital they have borrowed; their business relationships with subcontractors, prime contractors, joint venture partners, teaming partners or any other business partner; their investments; or any other relationships that may entail a foreign entity or person owning, controlling or otherwise influencing their business.
Finally, cleared defense contractors need to stay well-educated on FOCI because they are subject to regular government inspection to assure compliance with regulations and with any FOCI mitigation plan; and because as Mark O. Hatfield, the late U.S. Senator from Oregon said:
“unless we have a well-educated people, we’re vulnerable on our national security.”
In other words, it can be wild out there.
In When the Writ Hits the Fan, I explore these issues – the intersection of law, business, criminal activity and ethics: why do some companies violate the law? what happens when they do? what is ethical? how do we get corporations to follow the law? can lawyers help and, if so, what is the lawyer’s role? Be sure to sign up for the newsletter to follow along!