The FOCI Problem: Why Foreign Influence is the DoD's Biggest Co-Investment Blind Spot

FOCI is defined under the National Industrial Security Program Operating Manual (NISPOM) as any situation in which a foreign interest has the power, direct or indirect, to direct or decide matters affecting the management or operations of a cleared company in a manner that could be adverse to U.S. national security. In practice, this means foreign board seats, investor influence, supply chain dependencies, IP licensing arrangements, and academic partnerships, any vector through which a foreign government or foreign-owned entity can access, influence, or extract sensitive technology.

The challenge is that FOCI exposure rarely looks like a red flag. It looks like a strategic partnership with a European commercial satellite firm. It looks like Series B funding from a fund with indirect ties to a sovereign wealth vehicle. It looks like a co-inventor on a patent whose home institution has a dual-use research agreement with a state-affiliated university. None of these individually triggers an automatic exclusion. All of them require analysis.

The standard DoD co-investment workflow moves roughly like this: an S&T analyst identifies a promising company through open-source research, runs a preliminary capability assessment, hands it to a contracting officer for due diligence, and somewhere late in the process, often after significant relationship-building has already occurred, a FOCI review gets initiated.

That sequencing is backwards. FOCI screening should be a first-pass filter, not a final-gate review. When it happens late, two things go wrong. First, resources have already been invested in companies that may not survive FOCI review. Second, and more dangerously, companies that should fail FOCI screening sometimes get accommodated rather than excluded, because the relationship cost of exclusion has become too high.

This is not a hypothetical. A 2024 review of SBIR award recipients found that a measurable percentage of Phase II awardees had undisclosed or inadequately disclosed foreign investment relationships that would have triggered additional FOCI review had they been identified at the solicitation phase. The pipeline leak is real.

The fundamental problem with FOCI screening in current workflows is that it is labor-intensive and non-standardized. Two contracting officers at two different program offices applying the same NISPOM criteria to the same company can reach different conclusions, because the data they are drawing on is different, the analytical frameworks they are applying are inconsistent, and the time pressure they are operating under is asymmetric.

Automated FOCI screening does not replace the contracting officer's judgment. It standardizes and accelerates the data assembly that judgment depends on. When a system can automatically surface corporate ownership chains, cross-reference investors against known foreign state-affiliated funds, flag academic partnerships with dual-use research exposure, and score the overall FOCI risk posture of a company in minutes rather than weeks, the contracting officer can apply their expertise to the cases that actually need it, rather than spending most of their time assembling the briefing package.

The practical effect is not just speed. It is consistency. When FOCI screening is automated against a standardized data model, the same criteria apply to every company in the pipeline, eliminating the audit risk that comes from inconsistent manual review.

When we talk to contracting officers about what would most improve their FOCI workflow, three things come up consistently. First: a single, authoritative source of entity data that does not require them to triangulate across SAM.gov, USASpending, Crunchbase, and a dozen other sources to build a basic ownership picture. Second: a structured risk output, not a raw data dump, that maps the exposure to the relevant regulatory framework so it can be defended in an audit. Third: integration with the broader co-investment workflow rather than a siloed screening tool that requires duplicate data entry.

These are not exotic requirements. They are the basic infrastructure that should exist for any decision environment where the cost of a wrong call is measured in national security exposure rather than quarterly earnings.

FOCI is not going to get easier to manage as the commercial technology ecosystem becomes more globally integrated. The companies developing the most advanced dual-use technologies, in hypersonics, directed energy, space propulsion, advanced materials, operate in a global capital environment. Foreign investment in these sectors is structural, not anomalous. That means FOCI exposure is going to be a feature of virtually every interesting co-investment candidate, not an edge case.

The question is not whether DoD can avoid FOCI exposure in its co-investment portfolio. It cannot. The question is whether it can identify, characterize, and manage that exposure systematically, before relationship costs make exclusion politically difficult, and before technology transfer makes exclusion moot.