• Military
• WMD

• Intelligence Menu               

• Systems
• Operations
• Countries
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Imagery
• Links

• Homeland Security
• Space

Foreign Ownership, Control, or Influence (FOCI)

Foreign Ownership, Control, or Influence (FOCI) represents a critical national security consideration within the U.S. defense industrial base and among government contractors. FOCI occurs when a foreign interest possesses the power, whether exercised or not, to direct or decide matters affecting a company's management or operations in ways that could compromise sensitive information or adversely affect classified contract performance. The fundamental concern surrounding FOCI is the potential for unauthorized access to classified information or controlled technology, which could undermine U.S. security advantages and strengthen adversarial capabilities. At its core, FOCI mitigation seeks to balance two potentially competing interests: preserving the vitality of the U.S. industrial base through foreign investment while implementing robust safeguards to protect national security interests from foreign exploitation.

The U.S. government recognizes that foreign investment plays a valuable role in maintaining a healthy industrial ecosystem, bringing capital, innovation, and global perspectives to the market. However, when such investment originates from entities whose interests may conflict with those of the United States, particularly from foreign countries of concern like China, Russia, North Korea, and Iran, the risk calculus changes significantly. The Department of Defense explicitly identifies these nations as posing substantially greater FOCI risk compared to close U.S. allies. This risk stratification informs the stringency of mitigation requirements, with transactions involving adversarial nations facing heightened scrutiny and potentially more restrictive protective measures. The modern FOCI framework has evolved to address increasingly sophisticated methods of foreign influence, extending beyond simple majority ownership to include subtle forms of control through contractual arrangements, debt instruments, board composition, and supply chain dependencies.

Regulatory Framework and Government Oversight

The regulatory foundation for FOCI implementation is codified primarily in Title 32 of the Code of Federal Regulations, Section 117.11, which establishes the procedures for mitigating FOCI risks within the National Industrial Security Program (NISP). This regulation provides the legal authority for requiring cleared U.S. entities to implement security measures that effectively negate or mitigate foreign influence, ensuring that classified information remains protected from compromise. The regulatory framework empowers several government agencies to oversee and enforce FOCI compliance, with the Defense Counterintelligence and Security Agency (DCSA) serving as the primary Cognizant Security Authority (CSA) for most Department of Defense contractors. Other CSAs include the Department of Energy for atomic energy programs and specific intelligence agencies for their respective classified contracts.

The FOCI regulatory approach is fundamentally risk-based, with requirements tailored to the nature and extent of foreign involvement and the sensitivity of the information being accessed. The primary consideration in any FOCI determination is the protection of classified information, with agencies directed to take whatever action is necessary to safeguard such information from potential compromise. The U.S. government’s interagency Committee on Foreign Investment in the United States (CFIUS) also plays a complementary role in reviewing certain transactions that could result in foreign control of U.S. businesses, with a focus on the potential national security impacts. While CFIUS and the NISP FOCI program have distinct mandates, they increasingly coordinate on cases involving significant foreign investment in sensitive sectors of the U.S. economy.

The FOCI Determination Process

The process of determining whether a company is under FOCI is a nuanced and multi-factor analysis conducted by the relevant Cognizant Security Authority. This assessment is triggered when a company seeks a facility security clearance (FCL) or when there is a change in the ownership or control of an already-cleared company. The company must complete the Standard Form 328, which serves as the official declaration of its ownership and control structure. The government then scrutinizes this information to identify any foreign interests that could potentially exercise control or influence over the company's operations and decision-making.

This analysis extends beyond a simple tally of ownership percentages to examine a range of potential control mechanisms. Key factors include the proportion of foreign ownership relative to the total ownership, whether any foreign national possesses the authority to control or direct the corporation’s actions, and the presence of foreign nationals on the board of directors or in key senior executive positions. The government also examines whether the company is financed to a significant extent by foreign interests, whether it possesses relevant business connections with foreign entities that could create a dependency, and whether it has documents or agreements that grant foreign interests certain control or rights. The nature of the company’s legal obligations and responsibilities to foreign interests, including contractual relationships and corporate policies, are also thoroughly vetted to form a complete picture of potential vulnerability to foreign influence.

Methods for Negating or Mitigating FOCI

Once a FOCI determination is made, the government and the company must work together to implement measures that either negate the FOCI or mitigate its potential adverse effects. The choice of mitigation instrument depends on the degree and nature of the foreign influence, ranging from simple administrative actions for minimal risk to highly structured governance arrangements for significant foreign control. The least intrusive form of mitigation is a Board Resolution, which is suitable when the foreign ownership is minimal and passive, and the risk of influence is low. This resolution is a formal action by the company’s board of directors that establishes corporate policies to prevent the unauthorized disclosure of classified information and demonstrates the company’s ability to negate the FOCI without external oversight.

For more substantial foreign involvement, particularly when a foreign entity holds a significant minority or majority stake, more robust measures are required. A Security Control Agreement (SCA) is often utilized when a foreign shareholder holds a significant but non-controlling interest in the company. The SCA imposes specific security measures and governance restrictions, typically involving a government-approved committee, such as a Special Security Committee (SSC), composed entirely of U.S. citizens with security clearances. This committee is granted the authority to administer the company’s security program and has exclusive authority over all classified contracts and performance. For situations involving controlling foreign interests, a Proxy Agreement or a Voting Trust Agreement are the most stringent mitigation options. A Proxy Agreement involves the foreign owner granting its voting rights to proxy holders who are U.S. citizens approved by the U.S. government, effectively insulating the company's management and operational decisions from foreign control. A Voting Trust Agreement takes this a step further by transferring legal title of the foreign owner’s stock to U.S. citizen trustees who exercise all ownership rights, completely severing the foreign owner’s ability to control the company while typically allowing them to retain an economic interest in its performance.

Implications and Compliance for Companies Operating Under FOCI

Operating under a FOCI mitigation agreement imposes significant and ongoing compliance obligations on a company. The establishment of a Special Security Committee is a common requirement, and this committee becomes the central entity responsible for ensuring that the company adheres to all security protocols and that its classified work is entirely insulated from foreign influence. The SSC is typically vested with the exclusive authority to negotiate, execute, and administer all classified contracts, and it must have unfettered access to all areas of the company's operations to verify compliance. Members of the SSC bear a heavy personal responsibility, as they can be held legally accountable for any failures to uphold the terms of the mitigation agreement.

The practical implications for a company’s daily operations are profound. The company must implement stringent policies governing which personnel can access sensitive information, often requiring that only cleared U.S. citizens are assigned to classified contracts. The company’s facilities must often be physically segmented to create secure areas where foreign nationals, including employees and board members from the parent company, are prohibited from entering. Communication and reporting channels to the foreign parent must be carefully controlled and monitored to prevent the inadvertent or deliberate transmission of sensitive information. Furthermore, the company is subject to regular and often intense oversight from the DCSA, including comprehensive audits and reviews to ensure continuous compliance with the mitigation agreement. Any material change in the company’s structure, ownership, or operations must be pre-approved by the government, and failure to comply can result in the suspension or revocation of the facility security clearance, effectively terminating the company’s ability to perform on classified contracts.

Conclusion: The Evolving FOCI Landscape

The challenge of managing Foreign Ownership, Control, or Influence is becoming increasingly complex in a globalized economy characterized by intertwined supply chains, sophisticated corporate structures, and strategic competition with adversarial nations. The U.S. government continues to refine its FOCI policies to address emerging threats, such as the use of shell companies to obscure ownership, the strategic acquisition of small firms with critical technologies, and the exploitation of dual-use technologies that have both commercial and military applications. The focus is shifting towards a more holistic understanding of risk that encompasses not just ownership percentages but also supply chain vulnerabilities, cybersecurity threats, and the potential for intellectual property theft.

For companies operating in the defense and national security sectors, a proactive and thorough understanding of FOCI requirements is not merely a regulatory hurdle but a fundamental component of corporate governance and risk management. Early and transparent engagement with the DCSA during any transaction that could trigger FOCI concerns is critical to navigating the process successfully. As the geopolitical environment evolves, the frameworks governing FOCI will continue to adapt, demanding constant vigilance from both government agencies and industry partners to safeguard national security without stifling the innovation and global collaboration that underpin technological advancement and economic strength.