Data-Driven Dynamic Scoring System to Optimize Foreign Investments Assessment

In an ever-changing, globally interconnected world, national security threats can arise from nearly anywhere, in nearly any form—including foreign investments.  

As noted in the Foreign Investment Risk Review Modernization Act, “foreign investment provides substantial benefits to the United States, including the promotion of economic growth, productivity, innovation, and job creation, while…, national security risks related to foreign investment, particularly those emanating from countries such as China or Russia, warrant an appropriate modernization of [relevant] processes and procedures.”

In 2019, expenditures by foreign direct investors to acquire, establish, or expand U.S. businesses totaled $197.4 billion. To protect our national security amid this often-welcome investment, federal agencies must quickly trace the flow of money and ownership stakes to uncover active threats. However, there are many ways a nefarious actor can obscure their identity. They may hide behind shell companies or domicile in tax havens to avoid regulations, sanctions, launder money, or fund criminal enterprises. This means tracking foreign investment threats is anything but straightforward.

Ways the USG Traces Foreign Investments

Beyond those specific organizations charged with analyzing how a company has structured its ownership to solve crimes, many federal agencies are interested in knowing company ownership in furtherance of government examples other than criminal enforcement. As an example, these organizational structures are frequently needed to enable contract work between state, local, and federal governments and private industry.

For public-private partnerships to work, the U.S. Government must ensure that their private industry partner is not seeking to use access to U.S. Government facilities or information to gain undue influence or control.

The due diligence process federal agencies embark upon to verify and validate the identities and intentions of federal contractors can be time consuming and challenging. Since the work of tracing money is largely dependent on the information a company discloses to the federal agency it wishes to work with, as well as federal government regulators such as the Securities and Exchange Commission (SEC) and the Internal Revenue Service (IRS), analysts rely heavily on information provided by the company to prove its ownership.

Of note, private companies may have more of an obligation to report ownership and company governance structures to its shareholders or investors than to the U.S. Government, as only publicly-traded companies (companies that offer stock or shares on a stock exchange or private companies with more than 500 shareholders) are required to file information with the SEC.

The due diligence required to validate ownership and corporate governance structure of companies often becomes more complicated when a foreign actor may be involved. Companies headquartered in the United States and U.S. persons are subject to U.S. laws, but companies domiciled in foreign countries may not be subject to laws made in the United States. Such foreign countries may not have the structured reporting requirements or adherence such as found in the U.S., making obtaining fundamental data difficult. Additionally, multinational companies with well-known brands headquartered in the United States may have complicated corporate governance structures whereby a company headquartered in the U.S. is really a subsidiary of a global multinational domiciled in a foreign country. Therefore, some U.S. Government organizations which provide “national security” products and services must take precautions and consider possible mitigations before contracting with a foreign company or a company with massive foreign interests.

Note: foreign ownership alone does not pose a “threat”, as foreign ownership does not threaten the delivery of all USG products or services. However, those USG organizations providing “national security” products or services generally require the ability to control the services in times of crisis or otherwise. Foreign ownership, regardless of threat, presents legal and structural impediments to controlling the delivery of critical services.

Two of the measures the government takes to protect our national security when it comes to contracting are the due diligence behind the granting of facility clearance licenses (FCL) and foreign ownership, control, or influence (FOCI) assessments.

How Facility Clearance Licenses are Granted

The Defense Counterintelligence and Security Agency (DCSA) grants Facility Clearance Licenses (FCL) to companies and organizations that provide classified goods and services to the U.S. Government. As one could imagine, the process for validating the ownership and intentions of contract awardees is labor-intensive and requires analysis of commercially-available sources, public sources, and classified sources to reach a determination.

For DCSA, and other USG agencies, the best data often comes from disparate sources that are not easy to integrate into one cohesive analytical picture. Analysts, who would be best served by a dashboard displaying all available information on a company of interest, spend valuable time volleying back and forth between classified and unclassified systems; paper and digital documents; and company-submitted information and third-party information during the determination period. Meanwhile, during the deliberation, the company and the federal government entity must wait to begin work.

How Foreign Ownership, Control, or Influence is Assessed

A major factor in how DCSA determines which companies can be granted FCL is the assessment of foreign ownership, control, or influence (FOCI). According to U.S. Government policy:

A U.S. company is considered to be under FOCI whenever a foreign interest has the power, direct or indirect (whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means), to direct or decide matters affecting the management or operations of the company in a manner that may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.1

The process to definitively assess that a foreign person has the power to influence or control a company, regardless of company domicile or ownership is even more complicated than assessing ownership and requires that analysts review past and present governance documents to learn about past and present boards of directors and executive leadership.

Gryphon: A Platform for Optimizing FOCI Identification and FCL Applications

U.Group investigated how FOCI identification specifically, and company ownership more broadly, could be streamlined into a single application. By using data science and subject matter experts familiar with the problem set, the team developed a FOCI likelihood and national security risk scoring system, Gryphon, that could be used by U.S. Government agencies to save precious time on consolidation and record keeping.

U.Group develops Gryphon, a FOCI likelihood and national security risk scoring system, to support customers like you to save time on consolidation and record keeping.

In the U.Group risk model, the team considered that an analyst could use a software system where they input the standard forms associated with companies applying for FCL and seamlessly validate that information against U.Group’s commercial software solution, the U Data Platform (UDP).

U.Group's U Data Platform (UDP) is a data as a service (DaaS) platform that delivers synthesized and entity resolved data to help you draw insights and perform horizon scanning.

UDP holds information on 13 million companies across the globe, shining a light on the difficult-to-locate data from countries where reporting thresholds are below that of the U.S. Additionally, our team formulated a country foreign investment threat index, so that once the likely owner is defined by the algorithm, our software populates known threats identified in unclassified publicly available U.S. Government documents along with the country of the likely owner. For example, if a multinational company headquartered in the United Kingdom had a U.S. subsidiary that applied for a FCL, a DCSA analyst could see any threats associated with the United Kingdom, the likely corporate owner, and shareholders with significant ownership stake or corporate governance positions.

The pilot offers promising outcomes as a cost and time savings solution for a critical function for the federal government. In one initial pass, our scoring system correctly surfaced above our scoring threshold of 0.75 (out of a total of 1.0), 44 companies (of 56 total entities) that would have been flagged as headquartered in Countries of Special Concern. Over the next phase, our team will leverage machine learning and integrate additional data sources to provide a more comprehensive view of companies.

Learn about our national security solutions — which can be customized for your needs. 

Get alerted to new job postings, events, and insights by registering for our monthly newsletter.