April 11, 2014
On April 9, 2014, the Department of Defense ("DoD") issued an interim final rule creating a new section of the Code of Federal Regulations ("CFR") covering the National Industrial Security Program ("NISP"). These new regulations are solely focused on the Defense Security Service’s ("DSS") evaluation of foreign ownership, control, or influence ("FOCI"). They are intended to provide uniform and effective procedures for DoD to assess the risks and potential adverse impact on the performance of contacts requiring access to classified information due to FOCI, and to provide procedures and criteria for appropriate action to mitigate or negate any FOCI in order for a U.S. company to retain its Facility Security Clearance ("FCL") or be approved for such clearance. These regulations apply to DoD as well as the twenty-six non-DoD agencies for which DSS provides industrial security services.
While these new regulations do not substantively deviate from existing policy guidance provided by DSS and included in the National Industrial Security Program Operating Manual ("NISPOM"), that DoD has formalized this guidance in regulations indicate that FOCI identification and mitigation remains a primary focus of DSS and DoD generally. Moreover, the inclusion of placeholders for additional regulations in the new subpart indicates that DoD will likely add further procedures related to NISP at a future date.
New to these regulations is the imposition of set timelines for certain events in the FOCI analysis, including contractor submission of a FOCI action plan and DSS feedback on that plan, processing of National Interest Determinations ("NIDs"), appeal and resolution of DSS FOCI determinations, and coordination with the interagency Committee on Foreign Investment in the United States ("CFIUS"). On the balance, these deadlines are likely to benefit contractors seeking expedient resolution of issues related to FOCI, especially in the context of complex mergers and acquisitions.
The interim final rule implements the following guidance as regulation in the CFR:
Definition of FOCI — A U.S. Company will be considered to be under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.
FOCI Analysis — In determining whether a company is under FOCI, the Government will consider the source, nature, and extent of FOCI, including whether foreign interests hold a majority or substantial minority position in the company, taking into consideration the immediate, intermediate, and ultimate parent companies. DSS will consider factors related to the cleared company, the foreign interest, and the government of the foreign interest:
the record of economic and government espionage against U.S. targets;
the record of enforcement and/or engagement in unauthorized technology transfer;
the type and sensitivity of the information that will be accessed;
the record of compliance with pertinent U.S. laws, regulations, and contracts;
the nature of any pertinent bilateral and multilateral security and information exchange agreements; and
whether there is ownership or control, in whole or in part, by a foreign government.
Ineligibility of a U.S. company under FOCI for an FCL — A U.S. company determined to be under FOCI is ineligible for an FCL unless and until security measures have been put in place to mitigate FOCI. Required mitigation measures range from a simple Board Resolution excluding the foreign interest from access to or influence over classified or export-controlled information, to, in extreme situations, a Proxy or Voting Trust Agreement requiring a foreign owner to relinquish ownership rights to cleared U.S. citizen proxy holders or trustees.
Merger, Sale or Acquisition Involving a Foreign Interest — When a merger, sale, or acquisition involving a foreign interest and a contractor is finalized prior to having an acceptable FOCI mitigation or negation agreement in place, DSS will invalidate any existing FCL until such time as DSS determines that the contractor has submitted an acceptable FOCI action plan and has agreed to interim measures that address FOCI concerns pending formal execution of a FOCI mitigation or negation agreement. For this reason, it is essential that the parties to any such transaction engage DSS before finalizing their deal.
Identification of Ownership by a Foreign Investment or Hedge Fund — In instances where the identification of a foreign owner or voting interest of five percent or more cannot be adequately ascertained (e.g., the participating investors in a foreign investment or hedge fund, owning five percent or more of the company, cannot be identified), DSS may determine that the company is not eligible for an FCL.
Notification to CFIUS of Foreign Mergers, Acquisitions, and Takeovers — While CFIUS review and the DSS industrial security FOCI review are separate processes, these regulations require a prioritized FOCI review upon submission of a CFIUS notice and, importantly, provide that DSS will inform the CFIUS team if it is notified of a transaction for which no CFIUS notice is otherwise provided.
 79 Fed. Reg. 19,467, 19,468. These agencies are the National Aeronautics and Space Administration, the Department of Commerce, the General Services Administration, the Department of State, the Small Business Administration, the National Science Foundation, the Department of Treasury, the Department of Transportation, the Department of the Interior, the Department of Agriculture, the Department of Labor, the Environmental Protection Agency, the Department of Justice, the Federal Reserve System, the Government Accountability Office, the U.S. Trade Representative, the U.S. International Trade Commission, the U.S. Agency for International Development, the Nuclear Regulatory Commission, the Department of Education, the Department of Health and Human Services, the Department of Homeland Security, the Federal Communications Commission, the Office of Personnel Management, the National Archives and Records Administration, and the Overseas Private Investment Corporation. NISPOM ¶ 1-103.b; DSS Industrial Security Letter ("ISL") 2013-02 (Mar. 8, 2013), available at http://www.dss.mil/documents/facility-clearances/ISL-2013-02.pdf; ISL 2013-04 (June 10, 2013), available at http://www.dss.mil/documents/isp/ISL_2013-04.pdf.
 See, e.g., 32 C.F.R. § 117.56(b)(2), (b)(4)-(5), (b)(14). In fact, in the justification for the interim rule, the DOD noted that "the lack of a formal, uniform process has created significant delay in the completion of [NIDs] for foreign-owned U.S. contractors." 79, Fed. Reg. 19,467, 19,469.
Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about this development. Please contact the Gibson Dunn lawyer with whom you usually work, or the authors:
Please also feel free to contact the following practice group leaders:
© 2014 Gibson, Dunn & Crutcher LLP