32 C.F.R. § 117.11
(a) General. Foreign investment can play an important role in maintaining the vitality of the U.S. industrial base. Therefore, it is the intent of the USG to allow foreign investment consistent with the national security interests of the United States. The following FOCI procedures for cleared U.S. entities are intended to mitigate the risks associated with FOCI by ensuring that foreign firms cannot undermine U.S. security to gain unauthorized access to classified information.
(1) The CSA will consider a U.S. entity to be under FOCI when:
(i) A foreign interest has the power to direct or decide issues affecting the entity's management or operations in a manner that could either:
(ii) The foreign government is currently exercising, or could prospectively exercise, that power, whether directly or indirectly, such as:
(b) Factors. Factors relating to the entity, relevant foreign interests, and the government of such foreign interests, as appropriate, will be considered in the aggregate to determine whether an applicant entity is under FOCI, its eligibility for access to classified information, and the protective measures required. These factors include:
(c) Procedures. An entity is required to complete an SF 328 during the process for an entity eligibility determination or when significant changes occur to information previously submitted. In the case of a corporate family, the form may be a consolidated response rather than separate submissions from individual members of the corporate family based on CSA guidance.
(1) If an entity provides any affirmative answers on the SF 328, or the CSA receives other information which indicates that the applicant entity may be under FOCI, the CSA will make a risk-based determination regarding the relative significance of the information in regard to:
(2) When an entity with a favorable eligibility determination enters into negotiations for the proposed merger, acquisition, or takeover by a foreign interest, the entity will submit notification to the CSA of the commencement of such negotiations.
(d) FOCI action plans.
(1) When FOCI factors not related to ownership are present, the CSA will determine if positive measures will assure the CSA that the foreign interest can be effectively mitigated and cannot otherwise adversely affect performance on classified contracts. Examples of such measures include:
(2) When FOCI factors related to ownership are present, methods the CSA may apply to negate or mitigate the risk of foreign ownership include, but are not limited to:
(i) Board resolution.
(A) When a foreign interest does not possess voting interests sufficient to elect, or otherwise is not entitled to representation on the entity's governing board, a resolution(s) by the governing board may be adequate. In the resolution, the governing board will:
(1) Identify the foreign shareholder.
(2) Describe the type and number of foreign-owned shares.
(3) Acknowledge the entity's obligation to comply with all industrial security program requirements.
(4) Certify that the foreign owner does not require, will not have, and can be effectively precluded from unauthorized access to all classified information entrusted to or held by the entity.
(iii) SSA. When a foreign interest effectively owns or controls an entity, an SSA may be adequate. An SSA is an arrangement that, based upon an assessment of the source and nature of FOCI and FOCI factors, imposes various industrial security measures within an institutionalized set of entity practices and procedures. The SSA preserves the foreign owner's right to be represented on the entity's board or governing body with a direct voice in the entity's business management, while denying the foreign owner majority representation and unauthorized access to classified information.
(B) NID process: (1) The CSA makes a NID for TOP SECRET or SAP information to which the entity requires access. Contractors should be aware that DOE Order 470.4B provides additional information and requirements for processing NID requests for access to RD.
(2) In cases in which any category of the proscribed information is controlled by another agency (ODNI for SCI, DOE for RD, the National Security Agency (NSA) for COMSEC), the CSA asks that controlling agency to concur or non-concur on the NID for that category of information.
(3) The CSA informs the GCA and the entity when the NID is complete. In cases involving SCI, RD, or COMSEC, the CSA also informs the GCA and the entity when a controlling agency concurs or non-concurs on that agency's category of proscribed information. The entity may begin accessing a category of proscribed information once the CSA informs the GCA and the entity that the controlling agency concurs, even if other categories of proscribed information are pending concurrence.
(4) An entity's access to SCI, RD, or COMSEC remains in effect so long as the entity remains eligible for access to classified information and the contract or agreement (or program or project) which imposes the requirement for access to those categories of proscribed information remains in effect, except under any of the following circumstances:
(i) The CSA, GCA, or controlling agency becomes aware of adverse information that impacts the entity eligibility determination.
(ii) The CSA's threat assessment pertaining to the entity indicates a risk to one of the categories of proscribed information.
(iii) The CSA becomes aware of any material change regarding the source, nature, and extent of FOCI.
(iv) The entity's record of NISP compliance, based on CSA reviews, becomes less than satisfactory. Consult DOE Order 470.4B for additional information and requirements for processing NID requests for access to RD.
(5) Under any of the circumstances in paragraphs (d)(2)(iii)(B)(4)(i) through (d)(2)(iii)(B)(4)(iv) in this section, the CSA determines whether the entity remains eligible for access to classified information, it must change the FOCI mitigation measure in order to remain eligible for access to classified information, or the CSA must terminate or revoke the access to classified information.
(6) When an entity is eligible for access to classified information that includes a favorable NID for SCI, RD, or COMSEC, the CSA does not have to request a new NID concurrence for the same entity if the access to classified information requirements for the relevant category of proscribed information and terms remain unchanged for:
(i) Renewing the contract or agreement.
(ii) New task orders issued under the contract or agreement.
(iii) A new contract or agreement that contains the same provisions as the previous one (this usually applies when the contract or agreement is for a program or project.)
(iv) Renewing the SSA.
(7) Under certain conditions, entities under an SSA may not require a NID for one or more categories of proscribed information in accordance with CSA-provided guidance. Categories of proscribed information for entities under SSAs not requiring a NID will be recorded in the CSA's system of record for entity eligibility determinations.
(iv) Voting Trust (VT) or Proxy Agreement (PA). The VT and the PA are arrangements that vest the voting rights of the foreign-owned stock in cleared U.S. citizens approved by the USG. Under a VT, the foreign owner transfers legal title its ownership interests in the entity to the trustees. Under a PA, the foreign owner's voting rights are conveyed to the proxy holders. Neither arrangement imposes any restrictions on the entity's eligibility to have access to classified information or to compete for classified contracts.
(A) Establishment of a VT or PA involves the selection of trustees or proxy holders, all of whom must become members of the entity's governing board. Both arrangements must provide for the exercise of all prerogatives of ownership by the trustees or proxy holders with complete freedom to act independently from the foreign owners, except as provided in the VT or PA. The arrangements may limit the authority of the trustees or proxy holders by requiring approval be obtained from the foreign owner with respect to issues such as:
(1) The sale or disposal of the entity's assets or a substantial part thereof.
(2) Pledges, mortgages, or other encumbrances on the entity's assets, capital stock, or ownership interests.
(3) Mergers, consolidations, or reorganizations.
(4) Dissolution.
(5) Filing of a bankruptcy petition.
(e) Limited entity eligibility determination due to FOCI. In accordance with the provisions of this section and CSA-provided guidance, a limited entity eligibility determination may be an option for a single, narrowly defined contract, agreement, or circumstance for entities under FOCI without mitigation or negation. Limitations on access to classified information are inherent with the granting of limited entity eligibility determinations and are imposed upon all of the entity's employees regardless of citizenship.
(1) In exceptional circumstances, when an entity is under FOCI, the CSA may decide that a limited entity eligibility determination is appropriate when the entity is unable or unwilling to implement FOCI mitigation or negation measures, and the conditions in paragraphs (e)(1)(i) through (iii) of this section are met. This is not the same as a limited entity eligibility determination for purposes not related to FOCI. Information on limited entity eligibility determinations for purposes other than FOCI can be found in § 117.9(m). A CSA may decide that a limited entity eligibility is appropriate for an entity under FOCI if:
(f) Qualifications of trustees, proxy holders, and outside directors. Individuals who serve as trustees, proxy holders, or outside directors must meet the following criteria:
(g) Government security committee (GSC). Under a VT, PA, SSA, or SCA, the contractor is required to establish a permanent committee of its board of directors, known as the GSC.
(h) Additional procedures for FOCI mitigation or negation measures. In addition to the basic requirements of the FOCI mitigation or negation agreement, the entity may be required to document and implement additional procedures based upon the circumstances of an entity's operations. Those additional procedures will be established in supplements to the FOCI mitigation agreement to allow for flexibility as circumstances change without having to renegotiate the entire agreement. When making use of supplements, the CSA does not consider the FOCI mitigation measure final until the CSA has approved the required supplements. These supplements may include:
(i) Annual review and certification—(1) Annual review. The CSA will meet at least annually, and otherwise as required by circumstances, with the GSCs of contractors operating under a VT, PA, SSA, or SCA to review the purpose and effectiveness of the clearance arrangement and to establish a common understanding of the operating requirements and their implementation. These reviews will include an examination of:
(2) Annual certification. For contractors operating under a VT, PA, SSA, or SCA, the chairman of the GSC will submit to the CSA one year from the effective date of the agreement and annually thereafter, an implementation and compliance report. Such reports will include:
(j) Transactions involving foreign persons, and the Committee on Foreign Investment in the United States (CFIUS).