FOCI

Foreign Ownership, Control, or Influence (FOCI) happens when a foreign entity has the power to direct or influence the management or operations of a company. This can lead to unauthorized access to sensitive information and potentially compromise national security. FOCI can involve legal means like joint ventures and acquisitions or illegal methods like cyber espionage.

How the DoD is Addressing FOCI Risk

  • Education: DoD has developed FOCI education for small businesses in the Defense Industrial Base (DIB). FOCI education and resources can be found at business.defense.gov/FOCI

  • FOCI Risk Mitigation Response Framework: Provides small businesses with a FOCI framework that can be employed across all DoD opportunities.

  • Commercial Tool Due Diligence Demonstration Program: Showcases and validates tools capable of identifying, deterring, or mitigating FOCI risks for small businesses in the DIB.  

Types of FOCI Risk

  • Foreign adversaries may attempt to acquire sensitive or proprietary data from small businesses during due diligence, before investing.

  • Foreign adversaries may structure their investments to avoid scrutiny or route investments through intermediaries to hide the money’s origin.

  • The source of FOCI affects the severity of risk associated with FOCI. Close allies of the U.S. are generally considered low FOCI risk while foreign countries of concern (FCOC) like Russia, North Korea, Iran, and China pose much greater FOCI risk.


How to Mitigate

Small businesses are not helpless. A few strategies for mitigating FOCI risks include:

Contract and Relationship Management

  • Reviewing contracts and clarifying relationships, affiliations, and/or associations considered risky due to FOCI.

  • Ceasing joint ventures or subsidiaries that are based in, funded by, or have an affiliation with a FCOC.

  • Ceasing technology licensing or IP sales to any FCOC or FCOC-related entity.

  • Transferring voting rights of problematic foreign shareholders to a U.S. citizen residing in the U.S.

Personnel and Governance

  • Requiring covered individuals to resign from positions or cease foreign affiliations deemed problematic by the risk-based security review.

  • Removing problematic foreign board members.

  • Requiring all covered individuals and management personnel to complete insider risk awareness training.

  • Requiring increased frequency of reporting by covered individuals through progress report forms.

Financial and Supply Chain Management

  • Reducing the percentage of problematic foreign investment in the business.

  • Limiting foreign supply chain dependence.

  • Removing problematic foreign debt and foreign financial obligations.

FOCI Resources