National Security Investigations & Legal Proceedings
Our lawyers represent companies and individuals in connection with Government investigations and legal proceedings that involve national security issues. For example, Arent Fox has represented clients in connection with investigations and related legal proceedings pertaining to: allegations of abuse at Abu Ghraib prison; a security breach at DOE’s Y-12 nuclear facility in Oak Ridge, Tennessee; unauthorized releases of classified information (Snowden and others); a security-related incident at the U.S. embassy in Afghanistan; and uses of force and alleged rebel infiltration into the U.S. workforce in Iraq.
Foreign Investment in the United States: CFIUS & FOCI
Our lawyers represent clients involved in foreign investments in U.S. companies, including those pertaining to critical U.S. infrastructure and technologies.
Foreign investment in the United States falls under the purview of the U.S. Government’s Committee on Foreign Investment in the United States (CFIUS), which reviews and investigates transactions to determine whether they pose risks to U.S. national security. In 2018, Congress strengthened CFIUS’ authority by enacting the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which represented the most sweeping overhaul of the operations and jurisdiction of CFIUS in its 44-year history.
The U.S. Treasury Department gave immediate effect to FIRRMA through regulations issued in October 2018 that implemented certain parts of FIRRMA and established a pilot program on critical technologies that, effective November 10, 2018, expanded the scope of transactions subject to CFIUS review and mandated the submission of short-form “declarations” to CFIUS under certain circumstances.
On September 17, 2019, the Treasury Department released the long-awaited comprehensive draft regulations to implement FIRRMA, which will significantly expand the jurisdiction of CFIUS to cover a much wider range of transactions, likely resulting in a dramatic spike in CFIUS reviews in 2020 and beyond. The new regulations take effect no later than February 13, 2020.
David Hanke, who was the primary staff architect of FIRRMA and the chief strategist behind its 2018 enactment while working in the Senate, has now joined Arent Fox’s National Security Group. With Dave on the Arent Fox team, our clients will benefit from his keen insights as to CFIUS risk analysis and other processes, his skilled preparation of CFIUS submissions, and his most-capable representation of them in dealings with CFIUS.
The Arent Fox team represents U.S. companies that receive foreign investments and foreign companies and investment funds that make investments in U.S. companies. Currently, we are assisting a number of foreign investment funds to restructure themselves for investment in the United States in accordance with the CFIUS guidance for investment funds that is set forth in the new Treasury Department regulations.
In addition, when a foreign investment is in a U.S. company that performs classified work for the U.S. Government, Arent Fox is very experienced at implementing and advising on measures to mitigate foreign ownership, control, or influence (FOCI) in accordance with the government’s National Industrial Security Program Operating Manual (NISPOM). Our team works closely with the Defense Security Service (DSS) and other cognizant security agencies to identify potential FOCI – and to implement mitigation measures.
Our team has represented many companies in developing and implementing proxy agreements, special security agreements (SSAs), security control agreements (SCAs), and other FOCI-mitigation measures. Often, clients invite our lawyers to continue the representation long after the transaction is completed – to assist with and oversee the company’s implementation of FOCI-mitigation processes and related contracting practices.
Our lawyers represent clients in connection with a host of activities to counter terrorism. Representative engagements include: detection and mitigation of potential nuclear threats (“dirty” bombs) in U.S. cities and at major events (Super Bowl); detection and mitigation of unauthorized drones in airspace above Government installations, major events (Super Bowl), and critical U.S. infrastructure; security technology at the White House; and real-time, in-field mobile communications for the FBI to identify and assess potential threats at major events (Super Bowl).
In the U.S. Government space, we provide cybersecurity advice and representation to companies that use IT systems to process, store, and transmit classified information, naval nuclear propulsion information (NNPI), controlled unclassified information (CUI), sensitive but unclassified information (SBU), and other information that relates to activities of the U.S. Government. Our team regularly advises clients on the applicability and requirements of the most recent revisions to FAR and DFARS cybersecurity rules, providing best practices for preparing System Security Plans (SSPs) and plans of action (POAMs), drafting SSPs and POAMs as needed, and preparing policies and procedures for mandatory reporting. We also advise clients with contracts with civilian agencies that handle sensitive but unclassified information. Our lawyers have advised dozens of clients regarding FAR and DOD cybersecurity rules. We are also representing commercial companies to adapt to take into account U.S. Government cybersecurity rules. For example, for over 20 years our lawyers have advised a major credit card company regarding cybersecurity rules that protect against unauthorized disclosure credit card transactions that involve government accounts.
In the commercial space, we provide cybersecurity advice and representation to technology companies, consumer product manufacturers, gaming companies, financial institutions, retail, and automotive companies to protect against unauthorized disclosure of personal and financial information. We regularly advise clients on how to protect their data at every stage, from incident planning and response, to advice and counseling to investigations, litigation, and even securing insurance policies to mitigate risks and liabilities. We work with companies to conduct internal investigations in response to critical data breaches; develop internal security and governance programs; and advise businesses on the collection of data in retail locations as well as online including via social media marketing and e-commerce platforms. We also work with companies to implement privacy and data security protection by using IT agreements to control data access by their employees, reconfiguring data security when moving IT operations to the cloud, and protecting against cyber risks that can arise from third party IT vendors.
We routinely advise on the biggest trends in privacy and data security such as: handling ransomware incidents; cyber threat and new technology systems; NIST, ISO, PCI-DSS, and other security standards; payment security and mobile payment trends; aggregate and anonymized data collection in advertising; FTC guidance and enforcement; the Internet of Things; cross-border data transfer issues; the EU General Data Protection Regulation (GDPR); biometrics; health information privacy, security, and breach notification; as well as federal- and state-level regulatory compliance.
We also assist with cross-border data transfer issues, including advising on the proper way to manage and protect the flow of data across the globe. We advise on the proper data and security provisions in agreements with vendors, and help with strategies to minimize the risk of regulatory scrutiny with respect to the transfer of data across borders.
Export Controls & Economic Sanctions
We offer a full service export control and economic sanctions practice, advising clients on U.S. and international trade controls requirements including:
- Advised on cases involving international kidnapping of individuals by suspected Specially Designated Global Terrorists or Specially Designated Narcotics Traffickers
- Obtained favorable classification determinations for parts and components used in defense articles, determinations of lower level controls were key to company maintaining the business lines
- Conducted large scale jurisdiction and classification assessments and assisted with enhanced compliance training modules for defense contractor under State Department consent decree
- Assisted with defense contractor supply chain export compliance reviews and corrective action plans
- Assisted with internal investigations, disclosures, and licensing relating to foreign national employees and access to ITAR technical data/EAR technology
- Assisted with customer and supplier diligence and advised on enhanced diligence and compliance procedures for countries of concern and products with potential weapons proliferation applications
- Assisted with reviews of company IT infrastructure, technical data/technology access restrictions, and the preparation of technology control plans.
With over 60 years combined experience - including prior U.S. Government and in-house experience - our team has breadth and depth of knowledge in defense, aerospace, computing, software, encryption, and industrial manufacturing sectors.
- We advise clients daily on export controls, defense trade controls, economic sanctions, and anti-boycott compliance issues, including the following:
- Department of State International Traffic in Arms Regulations (ITAR)
- Department of Commerce Export Administration Regulations (EAR)
- Department of Energy and Nuclear Regulatory Commission (NRC)regulations on the export of nuclear equipment, material, and technology
- Department of Treasury Office of Foreign Assets Control (OFAC) and Department of State economic sanctions
- We provide comprehensive services including counseling, classification, licensing, opinion writing, and auditing the most sophisticated worldwide systems.
- We are advocates with a proven track record defending our clients and achieving favorable resolutions of civil and criminal investigations and enforcement actions. We represent both major defense contractors as well as companies throughout the defense sector supply chain in conjunction with a wide range of compliance matters, including responding to U.S. Government inquiries, internal investigations, voluntary disclosures, corrective action development and implementation, compliance training, development of compliance policies and procedures, licensing, jurisdiction and classification assessments, and providing advice on complex transactions.
- We have served as the lead auditor for U.S. Department of State, Directorate of Defense Trade Controls mandated audits.
- We collaborate with members of the firm’s Government Relations practice group as needed where a Congressional strategy is necessary to advance a clients’ objectives in this area.
- We advise on regulations involving dual-use exports to be financed by the Export-Import Bank of the United States.
Our team advises companies and personnel regarding issues that relate to security clearances – and, as necessary, represents clients in security clearance proceedings before the Defense Office of Hearings and Appeals (DOHA). We have a record of success in contesting denial or renewal of security clearance. The reality is that it is not uncommon for government officials to err in their consideration of the factors and circumstances that are relevant to issuance of security clearances.
We also help companies ensure they have in place policies, procedures, training, and systems relevant for access to classified information.