Foreign Ownership, Control or Influence

Foreign investment can play an important role in maintaining the vitality of the U.S. industrial base. Therefore, it’s the policy of the U.S. Government to allow foreign investment consistent with the national security interest of the United States.

A company is considered to be operating under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.

The following factors relating to a company, the foreign interest, and the government of the foreign interest are reviewed in the aggregate in determining whether a company is under FOCI:

  1. Record of economic and government espionage against U.S. targets.

  2. Record of enforcement and/or engagement in unauthorized technology transfer.

  3. Record of compliance with pertinent U.S. laws, regulations, and contracts.

  4. The type and sensitivity of the information that will be accessed.

  5. The source, nature, and extent of FOCI, including, but not limited to, whether a foreign interest holds a majority or substantial minority position in the company, taking into consideration the immediate, intermediate, and ultimate parent companies of the company or prior relationships between the U.S. company and the foreign interest.

  6. The nature of any relevant bilateral and multilateral security and information exchange agreements, (e.g., the political and military relationship between the USG and the government of the foreign interest).

  7. Ownership or control, in whole or in part, by a foreign government.

  8. Any other factor that indicates or demonstrates a capability on the part of foreign interests to control or influence the operations or management of the business organization concerned.

Updates

No updates.

Questions?

Please send inquiries concerning negotiating a FOCI Agreement, implementing a FOCI Agreement, or general FOCI agreement questions, to the FOCI Operations Division Mailbox: DCSA.quantico.DCSA-hq.mbx.foci-operations@mail.mil; include your company's name and CAGE code if they are already under a FOCI Agreement.

Please direct all correspondence related to NIDs to the National Interest Determination inbox: dcsa.quantico.dcsa-isia.mbx.nid@mail.mil.

FOCI Frequently Asked Questions

When is a company determined to be under foreign ownership, control or influence (FOCI)?

A US company is considered to be under FOCI when a foreign interest has the power, direct or indirect, whether or not exercised, to direct or decide matters affecting the management or operations of the company in a manner which may result in unauthorized access to classified information or may affect adversely the performance of classified contracts. (NISPOM, paragraph 2-300a)

Can a company obtain a facility security clearance (FCL) if found to be under FOCI?

No. A company determined to be under FOCI is not eligible for an FCL until the FOCI factors have been favorably resolved. (NISPOM, paragraph 2-300c)

How do you determine if a company is under FOCI?

A company's FOCI factors are reviewed as part of the facility clearance process and throughout the life of the facility security clearance. The company's FOCI factors should be documented on the Certificate Pertaining to Foreign Interests (Standard Form 328). In a corporate family, the SF 328 should be a consolidated response rather than separate submissions from individual members of the corporate family (NISPOM, paragraph 2-302). In the case of an organization with multiple tiers of parent-subsidiary relationships, the SF 328 should be certified by the highest tier cleared entity. (Note: this would not preclude a subordinate entity from preparing the form as long as the top tier cleared entity certified the form). This principle applies equally to changed condition reports. Review the SF 328 and instructions

How often should a company submit the SF 328?

The NISPOM requires that a SF 328 be submitted during the initial facility clearance process and when significant changes occur to information previously forwarded. (NISPOM paragraph 2-302)

What criterion is used in determining if a company is under FOCI?

  1. Record of economic and government espionage against US targets,
  2. Record of enforcement and/or engagement in unauthorized technology transfer,
  3. Type and sensitivity of information requiring protection,
  4. The source, nature and extent of FOCI,
  5. Record of compliance with pertinent US laws, regulations and contracts,
  6. Nature of bilateral and multilateral security and information exchange agreements, and
  7. Ownership or control, in whole or in part, by a foreign government.

Can non-US citizens serve as key management personnel at the company?

No. Key Management Personnel are required to be processed for a personnel security clearance in conjunction with the FCL. Non-US citizens are not eligible for a personnel security clearance. (NISPOM, paragraph 2-104)

Can officers and/or directors of the foreign parent organization or one of its affiliates also serve as an officer and/or director of the cleared company?

No. There can be no interlocking relationships under the Proxy Agreement (PA) and Voting Trust Agreement (VTA). However, under the Special Security Agreement (SSA), the foreign shareholder can appoint a representative(s) (referred to in the SSA as the "Inside Director") to the company's board of directors consistent with the requirements of the board composition identified in Article 1.01 of the DCSA draft SSA. Other than the Inside Director position(s), there can be no other interlocking relationships.

Must a Technology Control Officer (TCO) be appointed?

Yes. The company must appoint a TCO. The TCO serves as the principal advisor to the GSC concerning the protection of controlled unclassified information and other proprietary technology and data subject to regulatory or contractual control by the US Government. The TCO can be the same individual serving as Facility Security Officer (FSO).

What is the role of the FSO?

Every cleared company must appoint an FSO. The FSO serves as the principal advisor to the GSC concerning the safeguarding of classified information. The FSO's responsibility includes the operational oversight of the company's compliance with the requirements of the NISP.

What actions should a company take when discussions, consultations, or agreements may reasonably lead to effective foreign ownership or control?

The company should notify DCSA of the details in writing. (NISPOM, paragraph 2-302(b)). The failure to report this information to DCSA could result in an adverse impact on the company's facility security clearance. The company should advise DCSA, initially by telephone and then follow-up in writing.

What are the methods in which a company can mitigate its FOCI factors, if considered to be under foreign ownership, control or influence?

The SSA, PA or VTA is used to mitigate FOCI in cases where companies are effectively owned or controlled by a foreign entity.

When is the Security Control Agreement used?

The SCA is used when a company is not effectively owned or controlled by a foreign interest and the foreign interest is entitled to representation on the company's board of directors. There are no access limitations under the SCA. (NISPOM, paragraph 2-303c(1))

What is a PA and a VTA?

The PA and the VTA are substantially identical arrangements whereby the voting rights of the foreign shareholder are transferred to cleared US citizens approved by DCSA. Both Agreements provide for the exercise of all prerogatives of ownership by the Trustees or Proxy Holders with complete freedom to act independently from the foreign stockholder, with the exception of the areas identified in NISPOM, paragraph 2-305. Neither Agreement imposes restrictions on access to classified information or restricts the company's ability to compete for classified contracts. (NISPOM, paragraph 2-303b)

Does the PA or VTA require that the company be an economically viable business entity?

Yes. The company must demonstrate that it is organized, structured and financed so as to be capable of operating as a viable business entity independent from the foreign shareholder. (NISPOM, paragraph 2-303b(2))

What is the role of the Proxy Holder and Trustee?

Individuals who serve as Voting Trustees or Proxy Holders must be US citizens, residing within the US and eligible for a personnel security clearance. They must be capable of assuming full responsibility for voting the stock and exercising management prerogatives relating to the company in a way that ensures that the foreign shareholder can be effectively insulated from the cleared company. The Proxy Holders or Trustees are required to be appointed to the company's Board of Directors and they have the same fiduciary responsibilities as any other Board Member.

Does the SSA have access limitations?

Yes. Classified contracts requiring access to proscribed information (Top Secret, Communications Security, Sensitive Compartmented Information, Special Access Program information and Restricted Data) may require the government contracting activity to render a favorable National Interest Determination (NID) consistent with NISPOM, paragraph 2-303c(2).

Who should initiate the NID process?

DCSA will advise the government contacting activity (GCA) of the requirement for a NID. The NID can be program, project or contract specific. The NID decision shall be made by the GCA's Program Executive Office. The GCA will forward the completed NID to DCSA. DCSA does not need to delay implementation of a FOCI action plan pending completion of a GCA's NID as long as there is no indication the NID will be denied.

When can a Board Resolution be used to mitigate FOCI?

A board resolution is used when a foreign entity does not own voting stock sufficient to elect directors or is not otherwise entitled to representation to the company's board of directors. (NISPOM, paragraph 2-303a)

Can a company be collocated with its foreign parent organization or one of its affiliates and still be cleared through the auspices of a PA, VTA, or SSA?

No, FOCI collocation is not authorized, and DCSA will determine when a company is collocated in its sole discretion. When a company is located within close proximity to its foreign parent or an affiliate a Facilities Location Plan (FLP) must be approved by DCSA in advance. Download the Facilities Location Plan Template.

Can a company receive any administrative support services from its foreign parent or one of its affiliates?

As a general rule, no, and not without prior approval from DCSA. However, if the company determines that there is a specific service(s) that the company needs the parent or one of its affiliates to provide, the company should identify the service and forward a rationale/justification to DCSA for consideration.

Where can I obtain electronic copies of the draft SCA, SSA, PA or VTA?

An electronic draft copy of the Agreements can be obtained on the DCSA FOCI webpage.

What should I consider when selecting a nominee for Outside Director, Proxy Holder or Trustee?

The nominee must be a US citizen, residing in the US, who can exercise management prerogatives relating to their position in a way that ensures that the foreign owner can be effectively insulated from the company and be eligible for a personnel security clearance consistent with the level of the FCL, (NISPOM, paragraph 2-305).

How is the term "disinterested" defined?

The term "disinterested" is defined as having no prior contractual, financial, or employment relationship with the applicant company, the parent corporation, the foreign shareholder(s), or any entities and affiliates that the applicant company controls. The application of the term "disinterested" extends to members of the nominee's immediate family. (NISPOM, paragraph 2-305b)

When a company submits an Outside Director, Proxy Holder or Trustee nomination, is the nominee automatically approved?

No. DCSA must approve the nomination, and approval is granted only after DCSA has reviewed and considered the nominee's resume and the answers to a questionnaire that the nominee will be asked to complete. A copy of each nominee's resume should be provided to DCSA Headquarters along with his/her address, telephone, fax number, and email address when requesting approval.

Should the Outside Director, Proxy Holder and Trustee be appointed to serve as a member of the company's Board of Directors?

Yes, once DCSA approves the nomination. In addition to ensuring that the company has appropriate policies and procedures in place to ensure the company's compliance with the Agreement, the Outside Director, Proxy Holder and Trustee are required to be appointed to the Board of Directors and to be granted the same fiduciary responsibilities as any other Board member.

How many Outside Directors, Proxy Holders or Trustees need to be nominated?

The SSA, PA and VTA require the appointment of three Outside Directors, Proxy Holders or Trustees. However, if a company finds that less than three Outside Directors, Proxy Holders or Trustees may be sufficient, full justification should be submitted to DCSA HQs for consideration.

Does DCSA maintain a listing of candidates who are eligible to serve as Outside Directors, Proxy Holders or Trustees at companies operating under a SCA, SSA, PA or VTA?

No. DCSA does not maintain a listing of candidates. Companies are responsible for determining who they wish to nominate to serve in this capacity. It may be helpful to contact industry associations such as the National Classification Management Society (NCMS), Aerospace Industries Association (AIA), the American Society for Industrial Security (ASIS) or your local or state chamber of commerce in determining eligible candidates.

Under the SSA, who can be selected to serve as an Inside Director?

The nomination of an Inside Director is left to the discretion of the foreign shareholder. However, keep in mind that the Inside Director will not possess a personnel security clearance at the cleared company in which he/she serves as the Inside Director.

What is the role of the Government Security Committee (GSC)?

The role of the GSC is to ensure that the Company maintains policies and procedures to safeguard classified information and controlled unclassified information in the possession of the Company and that violations of those policies and procedures are promptly investigated and reported to the appropriate authority when it has been determined that a violation has occurred. The GSC should also ensure that the company complies with US export control laws and regulations and does not take action deemed adverse to performance on classified contracts. (NISPOM paragraph 2-306)

Who comprises the GSC?

Under the SSA, the GSC is comprised of cleared officers/directors and the Outside Directors. Under a PA and VTA, the GSC is comprised of the Proxy Holder or Trustee Directors and those officers of the company, who are also directors, who hold personnel security clearances at the level of the company's FCL.

Who should serve as Chairman of the GSC?

One of the Outside Directors, Proxy Holders or Trustees should serve as the Chairman of the GSC.

The SSA, PA, and VTA requires the GSC to use their "best efforts" in exercising their responsibilities. What is meant by "best efforts?"

The term "best efforts" signifies performance of duties reasonably and in good faith, in the manner believed to be in the best interests of the company, but consistent with the national security concerns of the US, and with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.

Must a Technology Control Officer (TCO) be appointed?

Yes. The company must appoint a TCO. The TCO serves as the principal advisor to the GSC concerning the protection of controlled unclassified information and other proprietary technology and data subject to regulatory or contractual control by the US Government. The TCO can be the same individual serving as Facility Security Officer (FSO).

What is the role of the FSO?

Every cleared company must appoint a FSO. The FSO serves as the principal advisor to the GSC concerning the safeguarding of classified information. The FSO's responsibility includes the operational oversight of the company's compliance with the requirements of the NISP.

Is the company required to prepare and submit to DCSA a technology control plan once the Agreement has been executed?

Yes. The draft TCP should be provided to your servicing DCSA, Industrial Security Representative within 45 days of the effective date of the SSA, PA or VTA for approval. (NISPOM, paragraph 2-307)

Is the company required to prepare and submit to DCSA an electronic communication plan once the Agreement has been executed?

Yes. The draft electronic communication plan should be submitted to your servicing DCSA Industrial Security Representative for review within 45 days of the effective date of the agreement. The plan should provide procedures that will ensure the GSC and the Government that no classified or export controlled information is being lost through communications such as, email, telephone, video-teleconferencing, facsimile, etc.

Once the SSA, PA or VTA is executed is the company required to prepare procedures for implementing the agreement?

Once the Agreement has been executed; the company should submit a written plan for implementation of the Agreement to your servicing DCSA, Industrial Security Representative within 45 days for review. The plan should explain the administrative and physical security controls the company intends to implement in order to comply with the terms of the Agreement. The Industrial Security will review the plan and provide comments as necessary.

What is the Committee on Foreign Investment in the United States (CFIUS)?

CFIUS is an interagency committee chaired by the Secretary of the Treasury to conduct reviews of proposed mergers, acquisitions or takeovers of US persons by foreign interests under section 721 of the Defense Production Act. CFIUS is a voluntary process that affords an opportunity to foreign persons and US persons entering into a covered transaction to submit the transaction for review by CFIUS to assess the impact of the transaction on US national security.

The CFIUS and the DCSA industrial security FOCI review are carried out in two parallel but separate processes with different time constraints and considerations.

Who should I contact if I have questions regarding FOCI?

If you need further assistance, please contact the DCSA Headquarters FOCI Specialist assigned to your region.

Please send inquiries concerning negotiating a FOCI Agreement, implementing a FOCI Agreement, or general FOCI agreement questions, to the FOCI Operations Division Mailbox: DCSA.quantico.DCSA-hq.mbx.foci-operations@mail.mil; include your company's name and CAGE code if they are already under a FOCI Agreement.

Please direct all correspondence related to NIDs to the FOCI National Interest Determination Mailbox: DCSA.quantico.DCSA-ipp.mbx.nid@mail.mil. The following mailboxes are also available should correspondence require a higher classification: SIPR: DCSA.quantico.DCSA-hq.mbx.DCSA-ipp-nid@mail.smil.mil; JWICS: wayne.chin@DCSA.ic.gov.

What does the Directive-type Memorandum 09-019, "Policy Guidance for Foreign Ownership, Control or Influence (FOCI)" PDF mean for Industry?

September 02, 2009, The Office of the Under Secretary of Defense (Intelligence) released the Directive-type Memorandum (DTM) 09-019, "Policy Guidance for Foreign Ownership, Control or Influence (FOCI)" for DoD Components; June 8, 2010, Change 1 was incorporated.

The DTM applies to DoD Components but does not levy requirements on contractors. Cleared contractors and companies in process for a facility security clearance are required to comply with the requirements stipulated in the National Industrial Security Operating Manual.