Since September 11, the design and protection of federal buildings has become a high priority and a serious concern. In 2002, the Department of Defense (DOD) developed and approved the Anti-Terrorism Standards for Buildings (published as the Unified Facilities Criteria (UFC4-010-01)) which will apply to all construction after fiscal year 2004 for all facilities occupied by DOD personnel regardless of the source of funding. The General Services Administration has also adopted new security requirements for its buildings.
As one might imagine, this means that hundreds of millions of dollars in new construction and upgrades of existing facilities will be subject to the new security standards. As part of those standards, certain information relating to the design will be considered sensitive and subject to restrictions. Design-build contractors will be required to protect the integrity of that information and will likely be required to obtain facility clearances for doing the work. A “facility clearance” allows a business to receive, store, and use sensitive government information classified at the Confidential, Secret, or Top Secret level and to have its employees “cleared” to work on classified projects.
As the security requirements for this type of work increase, design build contractors, especially those who are foreign-owned or looking to team with a foreign-owned partner, should be aware of the special requirements that they will need to meet to obtain clearances to review and store the government’s sensitive information that will be necessary to do the work.
In general, the government grants clearances only to American companies. In today’s global economy, however, the government realizes that many American companies have foreign investors, or foreign owners, and that American companies team with foreign partners to gain expertise. Because the government needs the skills and products of many foreign-owned or foreign-controlled businesses, there are processes and procedures by which foreign-controlled American companies can be granted a facility clearance by the government. This short article describes the basic processes and procedures by which a company can obtain a clearance, focusing mainly on entering a Special Security Agreement (SSA) with the Department of Defense.
The granting of clearances to individuals and corporations is governed by the National Industrial Security Program Operating Manual (DOD 5220.22-M). Under the NISPOM, the DOD determines whether a U.S. company is under foreign ownership, control, or influence (FOCI) before it grants or continues a clearance. The main concern is situations in which a foreign investor or foreign parent company could use its financial influence over the American employees to force its American subsidiary to disclose classified information to the foreign entity. A company will be considered to be under FOCI when five percent or more of its voting securities are owned directly or indirectly by a foreign person, 25 percent of its non-voting securities are owned by a foreign person, its management consists of foreign persons, a foreign person controls the appointment or termination of management, the company has a contract or agreement with a foreign person that allows the foreign person some control over management decisions, or the company has loan agreements with a foreign person that allows the foreign person to demand payment. Accordingly, design-build companies with foreign owners will be considered under FOCI. Also, teaming arrangements with certain foreign partners may raise FOCI issues depending on the amount of control exerted by the foreign entity.
Despite the existence of FOCI, the DOD will still grant a facility clearance to the company if it is comfortable with the foreign interest (i.e., there is little threat that the foreign interest poses an intelligence threat) and it believes it can implement procedures to mitigate the FOCI of the foreign parent over the American company and its employees. FOCI methods include the following options:
- Board Resolution — When a company is partly owned by a foreign shareholder that does not own enough stock to elect board members, the company’s board of directors can pass a resolution identifying the foreign shareholder and preclude that shareholder from all classified and export-controlled information.
- Voting Trust or Proxy Agreement — Under this approach, the foreign parent gives almost all of the voting rights of its foreign-owned stock to three completely disinterested cleared U.S. citizens who are appointed to the U.S. company’s board with DOD approval. The voting trustees are allowed to consult with the foreign owners on some decisions (such as dissolution of the company or sale of company assets), but they are mostly allowed to operate independently without foreign-owner influence.
- Special Security Agreement — Under this approach, the foreign parent, DOD, and the American subsidiary enter an agreement setting up a corporate structure that allows the foreign parent representation on the company’s board of directors but limits its ability to influence the company on the performance of its classified work.
- Limited Facility Clearance — By definition under the NISPOM, this option is used where the company will be handling the classified information of another country.
Of the options, the Special Security Agreement (SSA) probably provides the foreign interest with the most involvement with the American company while protecting the government’s interest in preventing the unauthorized disclosure of classified information. The SSA is based on a standard-form agreement provided by the Defense Security Service (DSS). Because of its concerns with protecting national security and its ultimate discretion to grant or deny a clearance, DSS does not readily modify the standard terms of the SSA. However, there is usually some room for negotiation. In general, the SSA is set up to negate or mitigate FOCI by ensuring that the foreign parent cannot gain access to classified information or controlled unclassified information that has been provided to the company through its classified contracts. The provisions of the SSA are mainly established to prevent that disclosure, but they are also geared to prevent the foreign parent from exerting influence over the American subsidiary in the performance of its classified contracts.
Many companies are unfamiliar with FOCI issues when their government customer requests that they be processed for a clearance. The customer will usually request that the DSS grant a clearance to the company and deal with the FOCI issue appropriately. Because the customer is usually eager to have the company gain a clearance quickly so that it can begin work, it is important for companies to understand the process and the terms of the SSA. Below are a few of the terms of art and requirements that the DSS will impose upon companies to mitigate FOCI under an SSA.
NISPOM — The National Industrial Security Program Operating Manual or NISPOM (DOD 5220.22-M) contains the regulations governing the handling, storage, and production of classified information. Chapter 2, Section 3, of the NISPOM addresses the methods by which the DSS identifies and mitigates foreign ownership, control, or influence (FOCI).
Facility Clearance — Every company that desires to do classified work for the U.S. government must be granted a facility clearance by the Department of Defense. DOD’s Defense Security Service (DSS) is tasked with clearing companies for most other government agencies, including the Department of State, the Department of Homeland Security, and NASA. (The CIA and the Department of Energy do not necessarily work with DSS.) The DSS will grant a facility clearance to a company based on a request from a government agency or other classified contractor sponsor.
FOCI (Foreign Ownership, Control, or Influence) — The purpose of an SSA is to mitigate FOCI. The NISPOM defines FOCI as any time a foreign interest has “the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may affect adversely the performance of classified contracts.” NISPOM 2-301(a).
Outside Director — Under an SSA, the company must appoint at least one outside director to its Board of Directors for each representative of the foreign parent that serves on the board. The outside director is an American citizen with a security clearance who is approved by DSS to serve on the board. DSS usually requires three outside directors, but a company may be able to negotiate that number depending on size of company, amount of classified information, and amount of control the foreign parent will have over the American company. The outside director acts as a “watchdog” for DSS and as a protector of the domestic corporation from any undue influence by the foreign parent. At the same time, the outside director has a fiduciary responsibility to the company to help in its business. Many outside directors are former government officials or individuals who have worked with DOD and who understand the NISPOM.
Inside Director — An inside director is a representative of the foreign parent who sits on the board of directors. The inside director does not have a clearance, cannot be involved in discussions of classified material, and it is not involved in security discussions or decisions. The inside director has voting rights on the board, but cannot be the president of the American corporation. The inside director can be a foreign citizen.
Government Security Committee — Under an SSA, the company will be required to set up a government security committee (GSC) that will be led by the outside director. The GSC will be comprised of members of the board of directors with a clearance. The GSC is in charge of ensuring the company’s compliance with the SSA and dealing with violations. The inside director cannot be a part of the GSC. The GSC must meet quarterly.
Facility Security Officer — Whenever DSS grants a clearance to a company (whether or not foreign-owned), it will require the company to designate one person as the facility security officer (FSO). This person’s job is to ensure that the company complies with the requirements for storing and generating classified information. The FSO is usually the main point of contact with the DSS on facility security issues. Under the SSA, the company must appoint one cleared employee as an FSO. This FSO reports any violations of the SSA to the outside director and the government security committee. The FSO is usually not a member of the board of directors.
Compensation Committee — Under the SSA, the DSS will require that the board establish a compensation committee of which the outside director will be a member. The committee deals with the salaries of the officers and directors of the domestic corporation. Usually, the compensation committee will consist of the inside director, who is the representative of the foreign parent, the outside director, and other members of the board as necessary. This committee is established for DSS to ensure that the foreign parent is not unduly influencing the company through salaries to the executives. For instance, the outside director’s presence on the compensation committee would prevent the foreign parent from making significant increases or decreases in executive salaries for the purpose of influencing the American subsidiary’s handling of classified information.
Approval and Reporting of Contacts with Affiliates — One of the main aspects of the SSA is that it requires the officers and employees of the domestic company to obtain advance approval for all contacts they will have with the foreign parent. They must also keep records of those contacts. In sum, every employee must ask the FSO for permission to have meetings, engage in phone calls, send or receive emails, or otherwise “visit” with the foreign parent. DSS allows companies to set up processes that approve a series of repeated visits and it allows the FSO to approve most “routine” visits between the domestic and foreign companies. For some contacts with the foreign parent, the FSO must obtain the approval of the outside director before the visit can take place. Visits that would require outside director approval would likely involve meetings where the possibility exists that the foreign parent could seek to influence the domestic company in the handling of classified information or performance of classified contracts, e.g., changes in corporate structure or meetings involving the heads of the companies. The outside director can reject the request for approval.
Implementation Plan — After the SSA is entered, the company will put together an implementation plan for DSS approval that will set forth the processes by which the company will comply. These processes will include obtaining approval for contacts with the foreign parent and reporting those contacts.
Technology Control Plan — Under the SSA, the company must adopt a technology control plan (TCP) which will deal with handling classified and unclassified, controlled information (i.e., information subject to export controls laws).
Electronic Communications Policy — The DSS requires an electronic communications policy so the company can keep track of communications with the foreign parent that might involve classified information or attempts to influence the handling of classified information.
Board Resolutions — The board of the foreign parent must pass resolutions stating that they are aware of the SSA and that they will not take any action to influence the domestic corporation. The domestic corporation must adopt certain resolutions setting up the GSC and agreeing not to disclose classified information to its foreign parent.
Annual Certifications — Each year, DSS will conduct a review and decide whether to re-certify the company for a clearance. The DSS reviews compliance with the SSA and interviews the outside director(s) to determine whether the company is complying with the SSA.
Conclusion
As the DOD and other federal agencies implement new security regulations for the design and construction of federal offices, the need for design-build contractors to obtain a facility clearance to handle sensitive classified information will continue to expand. Accordingly, obtaining or keeping a classified facility clearance can be the difference in success or failure as a government contractor. It is always at the government’s discretion to give clearances to companies and provide them with classified material. When a company is owned or could be influenced by a foreign interest through investment or a teaming agreement, the government will deny or rescind a clearance until DOD is satisfied that the foreign influence can be effectively mitigated. If the company is willing to enter a proxy agreement or an SSA with DOD, it may be able to gain or keep a facility clearance to do classified work for the U.S. government. Design-build contractors should not leave the millions of dollars in potential work on the table simply because they are not familiar with FOCI mitigation measures. Understanding the requirements of a facility clearance and the process for effectuating mitigation measures for foreign involvement can allow design-build contractors to put together the most effective team to win the contract, including foreign partners.
For over 30 years, Wickwire Gavin has earned a reputation for providing outstanding legal service in construction, government contracts, and related practice areas. Wickwire Gavin represents public and private entities, including owners, contractors, subcontractors, consultants, and design professionals. More than 45 attorneys in Virginia (suburban Washington, DC), California, and Wisconsin provide responsive, cost-effective counsel to domestic and international clients. Visit www. wickwire.com for additional information.
Michael Littlejohn’s practice is concentrated on government contract law, commercial litigation, and arbitration. He is a shareholder based in Wickwire Gavin’s Vienna, VA, office. He serves leading government contracts and construction clients. For further information, please contact Michael Littlejohn at (703) 790-8750 or email mlittlejohn@ wickwire.com.