847 Awaiting Takeoff: DCSA Issues Guidance on Expanded Scope of FOCI Assessments

DFARS Rule
Currently, federal contractors and subcontractors that hold a facility security clearance must report detailed information about beneficial ownership, including any FOCI, at the time of contract award, amendment or renewal. This includes completing Standard Form 328, the Certificate Pertaining to Foreign Interests. Contractors seeking to obtain a security clearance must also report their detailed beneficial ownership and go through a FOCI-mitigation process to obtain a clearance if they have FOCI. Any changes in beneficial ownership during the performance of a contract must also be promptly reported to DCSA, including any acquisitions of a 5% or greater voting interest in a company by a foreign interest.

The forthcoming DFARS rule will significantly expand the scope of existing FOCI requirements. Specifically, the rule will mandate that all bidders and subcontractors participating in DoD contracts valued at over $5 million disclose FOCI details as part of the bidding process. There is an exception for contracts for commercial products and services, unless the designated Principal Staff Assistant (PSA) or DoD component official determines that the contract involves (i) a risk or potential risk to national security or (ii) potential compromise of sensitive data, systems or processes, such as personally identifiable information, cybersecurity or national security system. This is consistent with the Trump administration’s April 16, 2025, Executive Order entitled, “Ensuring Commercial, Cost-Effective Solutions in Federal Contracts,” which states that it will increase oversight on non-commercial acquisitions, requiring associated contracting officers to submit exhaustive proposals explaining why a commercial alternative is not a responsive solution.

This represents a notable shift from current rules that generally only require FOCI reviews and mitigation for government contractors and subcontractors with a facility security clearance.

For contractors submitting a Schedule 13D required by the Securities and Exchange Commission (SEC), “beneficial ownership” relates to a person or group of persons acquiring ownership of more than 5% of a voting class or a company’s equity securities registered under Section 12 of the Securities Exchange Act of 1934. Section 847 also requires periodic reassessments of compliance whenever a “changed condition” is submitted, ensuring ongoing visibility into the risk of foreign influence.

While it remains uncertain at what stage contracting officers will use FOCI requirements to disqualify offerors, there is a possibility that FOCI requirements will be imposed at the pre-award level. Recently issued DCSA guidance asserts that this will improve risk assessment and mitigation to prevent unauthorized foreign access to sensitive and secret information. Additionally, for both pre- and post-award FOCI applications, mandatory contract certifications, persistent compliance and ethics monitoring, and potential False Claims Act liability will become increasingly important for parties subject to the rule.

DCSA’s goal is to complete pre-award Section 847 vetting in 25 business days, with a separate non-statutory 120-day goal in connection with contractual contingencies. While a commendable goal, the number of companies subject to FOCI oversight will expand dramatically under the rule, from approximately 2,000 companies to over 40,000 companies, creating significantly more work for DCSA. DCSA has significantly increased the staff of its Risk Management Unit to effectively manage the anticipated surge in FOCI filings and reviews, but timelines for FOCI review will be worth monitoring.

FOCI
FOCI is considered a national security threat where a foreign interest has the potential to exert influence over a U.S. federal contractor. Historically, FOCI controls have applied to “cleared companies” holding facility security clearances allowing them to access classified information.

To obtain and maintain a facility security clearance, cleared companies must navigate stringent, and often cumbersome, requirements overseen by the DCSA, including implementing FOCI mitigation agreements, like Proxy Agreements, Special Security Agreements (SSA) and Security Control Agreements (SSC) to address foreign influence. Mitigation measures under such agreements frequently require appointing U.S. citizens with no financial connections to the foreign company as Outside Directors or Proxy Holders and implementing detailed compliance protocols, like Technology Control Plans (TCPs) and Affiliated Operations Plans (AOPs). These obligations impose significant administrative, operational and financial challenges for companies, particularly those with global supply chains or complex business ownership structures.

For contracts subject to Section 847, DCSA is likely to continue applying these same FOCI mitigation instruments with broad discretion, though it is anticipated that FOCI mitigation requirements will not be as strict as they are for cleared companies.

Application of these rules will be heavily fact-dependent and case-specific. How companies frame themselves and interact with DCSA is essential to ensure they get the mitigation that best addresses U.S. government concerns while protecting their interests.

Looking Ahead
Uncleared and aspiring federal contractors and subcontractors with foreign ownership, control or influence will need to evaluate their need for FOCI mitigation in light of the new DFARS rule and start preparing accordingly. Companies should consider evaluating their ownership structures to identify potential FOCI risks and strengthen compliance programs to implement DCSA’s guidance. Recognizing the broad scope of FOCI oversight, an increased strain on compliance resource allocations and efficiency seems inevitable for the federal marketplace. By adopting a proactive approach, federal contractors can mitigate potential risks and position themselves as compliant, responsive and responsible offerors to the DoD.