Foreign Ownership, Control, or Influence (FOCI) mitigation measures

When a company that is under Foreign Ownership, Control, or Influence (FOCI) holds a facility security clearance, NISPOM clause 2-303 requires that the company implement an action plan to mitigate the security risk that the Foreign Ownership, Control, or Influence (FOCI) poses. The NISPOM describes a number of these action plans to mitigate FOCI.

A Board Resolution is the FOCI mitigation instrument that is most commonly used. It is the least restrictive on the company’s operations and easy to implement. However, when the foreign entity owns the company or can appoint a representative to the company’s board of directors, then one of the more restrictive FOCI mitigation measures below must be used.

After the Board Resolution, the least restrictive FOCI mitigation agreement is the Security Control Agreement (SCA). Many years ago, the Security Control Agreement (SCA) was more popular than the supremely restrictive Voting Trust Agreement (VTA). However, nowadays the Voting Trust Agreement has fallen out of use—most likely due to how objectionable its implementation is to companies—and the Security Control Agreement is now the least commonly used FOCI mitigation action plan. Though the Security Control Agreement (SCA) is now the instrument least commonly used to mitigate the security risks of Foreign Ownership, Control, or Influence (FOCI), this is not really due to the SCA being undesirable. The Security Control Agreement‘s relative unpopularity is more likely due to companies under FOCI often being owned or controlled by a foreign entity, which the SCA does not mitigate.

When a company is owned or controlled by a foreign entity, a Special Security Agreement (SSA) may be used to mitigate the Foreign Ownership, Control, or Influence (FOCI). Though more lengthy and cumbersome to implement than the above FOCI mitigation measures, the Special Security Agreement (SSA) is a popular choice. It can mitigate the security risks of the foreign ownership or control while allowing the foreign entity to appoint representatives to the company’s board of directors, which the more restrictive Proxy Agreement (PA) and Voting Trust Agreement (VTA) disallow. A downside to the Special Security Agreement, though, is that it places restrictions on the types of classified national security information that the company may access.

If a company under foreign ownership or control objects to the restrictions on its access to classified information that the SSA would impose, then it could request to use a Proxy Agreement or Voting Trust Agreement. The foreign investors may object to using these Proxy Agreement or Voting Trust Agreement, however, because these FOCI mitigation plans take away much of the foreign investors’ control of the company. Thus, they are less popular options than the Special Security Agreement.

We can advise on a client’s options and recommend a course of action to mitigate FOCI and maintain eligibility for a facility security clearance. We also refer clients to qualified candidates for outside director, trustee, or proxy holder positions. Along with one of the FOCI mitigation measures above, companies operating under FOCI usually must also implement an Electronic Communications Plan (ECP). Since the Electronic Communications Plans are usually the most arduous and resource-intensive policies to implement, we have devoted another page to that topic.