We all now realize that, contrary to the pronouncements of certain pundits, the world is not economically flat. But it is undeniable that its citizens and businesses are more economically connected than ever before. One manifestation of this interconnectedness is the increasing number of cross-border acquisitions of business enterprises. In most cases these transactions do not become the subject of public discussion or detailed government scrutiny. But when foreign entities seek to purchase U.S. government contractors who perform classified national security work and therefore hold facility security clearances (“FCLs”), the U.S. Government is anxious to know, among other things, the extent to which the company is the subject of foreign ownership, control or influence (“FOCI”). Being under FOCI can sound the death knell for a company’s ability to perform classified work, with consequent loss of business that may be critical to the company’s continued status as a going concern. But that outcome can often be avoided by development and submission of a FOCI mitigation plan which, if accepted either as submitted or modified, can enable the company to continue performance of national security work.
The National Industrial Security Program Operating Manual (“NISPOM”) contains detailed direction regarding requirements for compliance with the rules governing FOCI. This brief article asks and, using NISPOM, provides basic answers to some of the key questions that arise with regard to the FOCI rules.
When Should I Notify My Cognizant Security Agency Of A Potential Foreign Interest Investor?
The NISPOM requires a contractor with an FCL to notify its Cognizant Security Agency (“CSA”) when the contractor affirmatively “enters into negotiations for a proposed merger, acquisition or takeover by a foreign interest.” The NISPOM does not define this phrase, which leaves some room for interpretation, and contractors will frequently defer this notification until the discussions with the foreign interest suggest some seriousness of purpose in the dialogue. This deferral is driven in most cases by the dual purposes of (a) eliminating serial notifications based on expressions of interest that are unlikely to advance to the stage of true “negotiations” and (b) preserving confidentiality in connection with and minimizing market speculation in relation to preliminary discussions that have no reasonable likelihood of advancing beyond that stage.
Whenever the notification is made, it should identify:
- the type of transaction under negotiation (stock purchase, asset purchase, etc.);
- the identity of the potential foreign interest investor; and
- a plan to negate the FOCI.
The CSA will expect to receive supporting documentation in connection with the contractor’s notification, including “copies of loan, purchase and shareholder agreements, annual reports, bylaws, articles of incorporation, partnership agreements, and reports filed with other federal agencies . . . .” The parties to the transaction must therefore be prepared to address any FOCI issues early in the due diligence process, including preparing the necessary paperwork that needs to be submitted to the CSA.
What Does The Government Consider When Assessing FOCI?
The NISPOM defines FOCI in the following manner:
A U.S. company is considered under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.
The NISPOM also sets forth the factors the Government will consider when determining whether a company is under FOCI:
- Record of economic and government espionage against US targets,
- Record of enforcement and/or engagement in unauthorized technology transfer,
- Type and sensitivity of information requiring protection,
- The source, nature and extent of FOCI,
- Record of compliance with pertinent US laws, regulations and contracts,
- Nature of bilateral and multilateral security and information exchange agreements, and
- Ownership or control, in whole or in part, by a foreign government.
DTM 09-019 allows the Government to consider “any other factor” bearing on the capability to control or influence a company’s operations and management. It also states that the Government will “consider counterintelligence and technology transfer risk assessments from all appropriate [U.S. Government] sources.”
In determining the source, nature and extent of FOCI, the Government will consider whether the foreign interest “hold[s] a majority or substantial minority position in a Company.” Such a review will take into account “immediate, intermediate and ultimate parent companies.” The Government will find a minority position to be substantial where “it consists of greater than 5 percent of the ownership interests or greater than 10 percent of the voting interests.”
How Can FOCI Be Mitigated?
If a Company is found to be under FOCI, there are several mitigation plans that could be used to mitigate the risk of unauthorized access to classified information or adverse affect on the performance of classified contracts. These mitigation plans must be submitted to the Government within 30 calendar days of receiving notice that a company is under FOCI. For instance, the NISPOM identifies the following primary mitigation action plans:
- Board Resolutions;
- Voting Trust Agreements and Proxy Agreements; and
- Special Security Agreements and Security Control Agreements.
In connection with the latter two bullets, a company also may be required to implement Technology Control Plans and an Electronic Communications Plan.
Whether a mitigation plan is acceptable will depend on the circumstances of the particular transaction and the security risks involved. The Government “reserves the right to impose any security method, safeguard or restriction it believes necessary to ensure that unauthorized access to classified information is effectively precluded and that performance of classified contracts is not adversely affected.” In addition, the Government may require “positive measures” where factors not related to ownership are present.
What Are The Potential Risks Stemming From FOCI?
Failure to follow the procedures set forth in the NISPOM or to effectively mitigate FOCI can lead to serious ramifications. By way of example, a company may be ineligible for an FCL until a FOCI mitigation plan is put in place. A company also runs the risk that its existing FCL may be invalidated or revoked if
- the company is “unwilling or unable to negotiate an acceptable FOCI mitigation/negation measure,”
- “security measures cannot be taken to remove the possibility of unauthorized access or adverse effect on classified contracts,” or
- an acceptable mitigation plan is not in place prior to finalizing a merger, sale or acquisition.
Further, FOCI can preclude a company from meeting its obligations with respect to existing classified contracts – or it can preclude a company from being awarded new contracts involving classified materials. Moreover, the transaction may be reviewed by the Committee on Foreign Investment in the United States (“CFIUS”), which conducts a separate, but parallel, review process that we previously discussed, here, here and here.
* * *
In sum, the involvement of a potential foreign interest investor is becoming the norm, rather than the exception, in the M&A world. While the presence of such an investor can add much needed capital to the transaction, it also adds an entirely new layer of complexity and risks. FOCI is a complex area and every FOCI situation entails its own unique set of facts which raise their own unique issues. Parties to a transaction involving a potential foreign interest investor must evaluate and understand these risks and issues prior to consummating the transaction. Any party that fails to do so may be caught off-guard and have the unpleasant experience of watching its deal unravel before its eyes.
On September 2, 2009, the Department of Defense (“DOD”) issued Directive-Type Memorandum (“DTM”) 09-019 – “Policy Guidance for Foreign Ownership, Control or Influence (FOCI).” DTM 09-019 was changed on June 8, 2010, and is currently scheduled to be reissued as part of the NISPOM no later than December 31, 2010. To the extent it is applicable, DTM 09‑019 is referenced in this article since it represents official DOD policy.