A quick survey of the Tysons Corner skyline yields the logos of some of the key players in government contracting.
SAIC. Booz Allen Hamilton. Deloitte.
But BAE Systems, a firm as established on the scene as any other, is different. Since appearing on the Northern Virginia landscape in 1999, the company behind some of the U.S. military’s most advanced technologies and weaponry has been subject to a special set of rules designed to mitigate foreign access to U.S. classified material.
As with other firms that have ties to a foreign-based interest that conducts operations requiring a security clearance, BAE Systems falls under FOCI policy — foreign ownership, control or influence.
What is FOCI and How Does it Work?
All government contractors are held to the rigorous standards of the National Industrial Security Program, signed into law in 1993 by George H.W. Bush. An initiative created to safeguard sensitive information entrusted to private industry, NISP’s reach extends to all agencies of the executive branch.
FOCI firms adhere to these standards just as U.S.-owned firms do, but they also must establish a carefully monitored mitigation agreement, to ensure the relationship between a North American-based arm of a foreign-controlled operation and its parent is kept under control and that secret U.S. information is not compromised. A company falls under FOCI policy even if a foreign influence is only present indirectly.
The Defense Security Service, or DSS, FOCI’s administering agency, states that a U.S. company is subject to FOCI “when a foreign interest has the power, direct or indirect, whether or not exercised, to direct or decide matters affecting the management or operations of the company” in such a way that could result in unauthorized access to classified material or that could harm classified work.
Once that distinction is determined, a firm must choose a mitigation instrument to apply. Factors, such as the type of work and the level of clearance required to perform the job, can determine which type of instrument a FOCI firm will choose.
A Special Security Agreement is the most commonly used mitigation instrument. With an SSA, the foreign investor or owner maintains control and decisions are handled by “U.S. outside directors.”
While the foreign investor board member is allowed a direct voice in business management through board representation, he or she must cede unauthorized
access to classified and export-controlled information. The key differentiator between an SSA and other mitigation instruments is that access is limited to secret information. Information that is more proscribed, such as Top Secret, requires a special clearance enhancement.
In contrast, under either a Proxy or a Voting Trust Agreement mitigation, any FOCI firm can gain guarded information as needed. The tradeoff here is that all foreign control must be turned over to a U.S. proxy holder or trustee. With a lowered chance of intervention or representation from a foreign entity, the limits are rolled back as well.
According to DSS, proxy holders exercise all prerogatives of ownership with complete freedom to act independently from the foreign investor with exceptions, including the sale or disposal of the U.S. company’s assets, as well as mergers, consolidations or reorganizations.
All mitigation types expire 10 years after such deals are signed. While Voting Trust and Proxy agreements are described by DSS as “substantially identical,” the former have dwindled from a handful in the mid-’90s to virtual extinction in the 2000s — a phenomenon DSS could not explain.
There is yet another mitigation tool, known as a Security Control Agreement. According to DSS, SCA is used when a firm “is not effectively owned or controlled by a foreign interest and the foreign interest is entitled to representation on the company’s board of directors,” however, there are no access limitations under the SCA.
Each year, DSS conducts a compliance review and reports the extent to which FOCI firms are maintaining responsible operations regarding their foreign interests while being held to the usual NISP standards expected of all firms. Companies in good standing typically keep an exhaustive log of communications with and visits from the parent firm and certify a separated IT system.
“Behind the agreements, the FOCI process requires an exacting effort, with a need to understand not only DSS’ processes and procedures but also the agency’s objectives and concerns. There will be requirements to address the functional roles and structures at the business organizational level, as well
as the corporate structures to create the necessary firewalls and controls to prevent inappropriate influences,” said Nelson Blitz, co-managing member of the law firm Executive Counsel, PLC.
FOCI on the Rise
One might expect the numerous and tedious — although entirely justified — variables monitored by FOCI firms to limit the number of applications appearing in DSS’ mailbox. In fact, the last decade has seen the opposite.
As noted in a December 2010 DSS presentation, 170 FOCI mitigation agreements are now on the books, up from 60 in 1995.
The trend of overseas firms setting up shop in the U.S., particularly in the Washington region, is not exclusive to government contracting. The Washington
Post recently reported that the number of international firms in the area spiked to 845 in 2009, up from 643 in 2000. Even the firms not setting up shop to make a direct play for government dollars, such as Montrealbased CGI, relocated to the area to access its growing customer base.
While any industry analyst will acknowledge that government-contracting dollars are becoming harder to find in traditional markets, it might not necessarily signal an end to the rise of FOCI firms in the Washington market.
The 2010 Quadrennial Defense Review, the Defense Department’s four-year strategic plan, noted the department would be well served to enhance its relationship with allied nations as a means of producing better products, while at the same time helping to lower costs.
“I believe that anybody reading theQDR can see that it stresses the importance of increasing the cooperation and involvementwith allied countries,” Finmeccanica North America CEO Simone Bemporad told ExecutiveBiz in March.
Italy-based aerospace firm Finmeccanica made a major investment in its North America operations when it acquired U.S.-based DRS Technologies in 2008.
“I think that a country like Italy that has been a staunch ally of the U.S. for over 60 years is key to these projects,” Bemporad said. “As a group that invests both in Italy and in the U.S., Finmeccanica feels it can be a part of these initiatives that involve our allied countries.
I believe that what we are doing now and will keep doing will address some of the most important points of the QDR like, for example, the reform for acquisition and export-control systems that will allow us to provide the best products to the warfighters, while also providing savings for the taxpayer.”
Bo Durickovic, executive vice president and chief of staff at Serco, Inc., Serco Group’s U.S. operation, noted that a firm with foreign ties carries a deep and diverse pool of best practices.
“We have the reach-back and resources to apply best-in-class practices and to utilize relevant experiences and expertise that address the mission-critical needs of the U.S. federal government,” he said.
As the government-contracting industry enters a new era with changing business opportunities, FOCI firms embody a new type of financial diplomacy —
foreign-held firms with a concern for cost and security equal to that of the government customer.
“Finmeccanica is ready to meet DoD expectations to provide the best technology at the lowest price, having in place export-control compliance programs that will allow us to interact on a global level while still protecting the utmost objective of safeguarding national security,” Bemporad said. “Finmeccanica North America is now, after the many investments made in the U.S., an American company.”