The Defense Security Service (DSS) has recently undergone several notable staffing changes and announced procedural developments relevant to companies under foreign ownership, control, or influence (FOCI).
DSS is the executive agent for the FOCI mitigation program on behalf of the US Department of Defense (DoD) and some 30 other departments or agencies of the US Government. In accordance with the National Industrial Security Program Operating Manual (NISPOM), foreign ownership of greater than five percent must be reported to DSS (along with other FOCI factors) and generally requires FOCI mitigation to allow a US entity to hold a DoD facility security clearance and thus be eligible to be awarded and perform on classified contracts. This client alert provides a summary of recent changes at DSS that could affect companies operating under or contemplating FOCI mitigation.
There have been several key changes to the management personnel at DSS over the past few months. Following the retirement of Drew Winneberger, the Director of Industrial Policy & Programs (IPP), last year, Fred Gortler has been appointed as the new Director of IPP at DSS. His responsibilities include management of the FOCI mitigation and implementation program, industrial and personnel security policy matters, and the international security program. Additionally, Nicoletta Giordani has been appointed as the Chief of the FOCI Operations Division at DSS. She had been serving as the Acting Chief since last fall, when Ben Richardson left this post to join the Office of Acquisition, Technology & Logistics (AT&L) to become the DoD’s Director for the Committee on Foreign Investment in the United States (CFIUS). Ms. Giordani’s responsibilities include the management of the DSS FOCI mitigation and compliance programs. She reports directly to Mr. Gortler.
Finally, Wayne Chin, previously a FOCI Action Officer at DSS Headquarters, has been promoted to be one of DSS’s three FOCI Branch Chiefs (the other FOCI Branch Chief positions currently remain open). The FOCI Branch Chiefs manage the DSS Headquarters FOCI Action Officers staff and accordingly have a role in managing the FOCI cases of companies handled by those Action Officers. Mr. Chin reports directly to Ms. Giordani.
FOCI Mitigation Templates
DSS has been given greater flexibility to tailor mitigation agreements on a case-by-case basis than originally contemplated under FOCI-related regulations issued last year. Under current DoD regulations, changes to the DSS template FOCI mitigation agreements (e.g., Special Security Agreement, Proxy Agreement, and Security Control Agreement) require the approval of the Office of the Under Secretary of Defense for Intelligence (USD(I)). USD(I) has, however, issued a delegation of authority to the Director of DSS regarding the templates, meaning that DSS now has authority to make or accept changes to its templates on a case–bycase basis without having to escalate to USD(I) for approval.
DSS is currently reviewing the templates it has been using, which have been revised substantially from the templates published on the DSS website in 2009—largely to reflect more recent policy changes such as the implementation of the Affiliated Operations Plan (AOP) requirement. Although DSS has not published guidance on how the new templates will be implemented, based on our experience, they will likely be required for both new and renewal FOCI mitigation arrangements.
Focus on Risk-Based Approach
In executing its FOCI-related responsibilities, DSS has announced that it will apply a risk-based approach to FOCI adjudications and compliance matters. In other words, DSS will address FOCI factors based on the specific circumstances of each case, including the nature and degree of the FOCI involved and the sensitivity of the cleared company’s classified activities. This approach will apply broadly to DSS’s FOCI mission, including with respect to applications for new FOCI mitigation agreements, renewals of arrangements for current participants in the FOCI program, and with respect to compliance issues.
Affiliated Operations Plan Update
In 2013, DSS introduced the AOP, which broadened the previous procedures requiring FOCI-mitigated companies to obtain DSS approval for administrative services received from or provided to non-mitigated parents and affiliates. Notably, under the AOP, FOCI-mitigated companies must address affiliated operations, shared third-party services, shared-person arrangements, and cooperative commercial arrangements with their non-mitigated affiliates via the AOP.
To assist companies with disclosing these relationships, DSS is developing additional AOP guidance. This guidance will be published on the DSS website after it has been coordinated internally. DSS has emphasized that management support of the AOP will be essential, recognizing it as key to proper compliance.