IRAP and FOCI Foundations for Foreign-Owned U.S. Subsidiaries

What This Session Covers

U.S. subsidiaries of foreign-owned parent companies occupy one of the most legally complex positions in the defense industrial base. Maintaining a facility security clearance (FCL) while subject to Foreign Ownership, Control, or Influence (FOCI) requires ongoing vigilance across governance, reporting, and mitigation obligations that most compliance teams were never formally trained to manage. This four-hour workshop builds that foundation from the ground up, drawing directly on DCSA requirements and the National Industrial Security Program Operating Manual (NISPOM).

FOCI Determinations

The session opens with a structured walkthrough of how DCSA evaluates whether a company is subject to FOCI. Participants will learn how ownership structures, board composition, contractual relationships, and financing arrangements are assessed, and what factors can escalate a routine review into a mitigation requirement. We examine the criteria DCSA uses to distinguish passive foreign investment from actionable control or influence, and why that distinction determines which compliance path your organization must follow.

Mitigation Instruments

The workshop dedicates substantial time to the three primary mitigation instruments available to FOCI-affected companies pursuing or maintaining an FCL:

• Voting Trust Agreement (VT): Structure, trustee obligations, operational constraints, and when DCSA requires this instrument over less restrictive alternatives.
• Proxy Agreement: How proxy holders assume shareholder rights, the governance firewall this instrument creates, and the ongoing reporting duties it imposes on the cleared entity.
• Special Security Agreement (SSA): The most commonly applied instrument for large foreign-owned subsidiaries — board composition requirements, Outside Director and Government Security Committee obligations, and the annual certification cycle.

We compare these instruments side by side so practitioners understand the operational burden and protective scope each one carries, enabling better internal conversations with legal counsel and senior leadership.

Industrial Resource Action Plan (IRAP) Requirements

For companies operating under an SSA or other mitigation instrument, the Industrial Resource Action Plan is a critical — and frequently misunderstood — compliance artifact. This section covers what an IRAP must document, how it demonstrates the subsidiary's ability to perform on classified contracts independent of foreign parent influence, and how DCSA reviewers evaluate IRAP submissions. Participants will learn the relationship between IRAP content and the broader Technology Control Plan (TCP) obligations that often accompany FOCI mitigation.

DCSA Oversight and Ongoing Obligations

Earning an FCL is not a one-time event. The final portion of the session addresses the recurring obligations that keep a mitigated FCL in good standing: annual reviews, material change reporting, senior leadership changes that trigger DCSA notification, and how to prepare for a DCSA compliance inspection. We also discuss common findings that lead to FCL suspension or revocation and the corrective action process companies use to respond. Organizations looking to build these obligations into a durable internal program may benefit from exploring Cleared Systems' Compliance Program Development services after the workshop.

What You Will Leave With

• A clear mental model of the FOCI determination process and the factors that drive mitigation instrument selection
• Practical knowledge of Voting Trust, Proxy Agreement, and SSA structures sufficient to support conversations with legal counsel and DCSA representatives
• A working understanding of IRAP content requirements and how to assess whether your current IRAP would withstand DCSA scrutiny
• A checklist of recurring DCSA reporting and notification obligations tied to common FCL mitigation conditions
• Awareness of the intersections between FOCI compliance and related frameworks, including ITAR and Export Controls, where foreign parent access to controlled technology creates compounding risk

Who Should Attend

This workshop is designed for the professionals directly responsible for keeping a FOCI-mitigated facility clearance operational. Facility Security Officers (FSOs) and Assistant FSOs will find the mitigation instrument deep-dives immediately applicable to their daily responsibilities. In-house legal and regulatory counsel supporting DCSA interactions will gain a compliance-operations perspective that complements their transactional knowledge. Government Security Committee members serving on SSA-governed boards will better understand the obligations their role carries. Compliance managers and directors overseeing cleared programs at foreign-owned subsidiaries will leave with the framework vocabulary needed to brief senior leadership and allocate resources appropriately. If your organization holds or is pursuing an FCL under any FOCI mitigation instrument, someone from your team should be in this session.

Cleared Systems delivers this training under the instruction of Carl B. Johnson, President and CISO, whose practice spans DCSA program support, FOCI mitigation advising, and enterprise compliance architecture for defense contractors. Organizations that complete this workshop and identify gaps in their current FOCI compliance posture are encouraged to explore Cleared Systems' engagement models to determine the right level of ongoing advisory support.