What To Know About FOCI Risk in Supply Chains

Foreign Ownership, Control, or Influence (FOCI), also called jurisdictional risk, is the analysis of geopolitical tensions, national security requirements, export control regulations and critical asset protection that impact a supplier, product, customer or supply chain. Analysis of FOCI encompasses assessing the extent to which foreign interests can control or influence a company, its supply chains, and its third parties.
FOCI risk is one of seven dimensions of risk in Exiger’s risk-scoring model for third-party relationship management (TPRM) and supply chain risk management (SCRM).
This scrutiny is crucial to safeguarding sensitive technologies, intellectual property, and infrastructure, as it helps identify potential risks, vulnerabilities, and conflicts of interest that could compromise national security or economic interests.
Private and public organizations must conduct FOCI analysis to comply with regulatory requirements and restrictions to:
  • make informed decisions regarding foreign investment (31 CFR Part 800, 31 CFR Part 1010)
    • CFIUS
    • Outbound and inbound investment restrictions
    • Financial sanctions
  • mitigate risk related to foreign, ownership, control, or influence in DoD contracts and small business awards (32 CFR Part 117, PL 116-92 Sec. 847, 15 USC Sec. 638)
    • National Industrial Security Program
    • Defense Industrial Base contractors or subcontractors on contract over USD 5M
    • Aid to small businesses conducting research and development
  • prevent business with and import of goods from companies using or associated with forced labor (19 CFR Part 1307)
The results are valuable insights into risks and mitigation strategies to avoid disruption and ensure secure, reliable supply chains.

The discovery and analysis of an entity’s Ultimate Beneficial Owner is fundamental in understanding its ownership, control, and influence risk. Structured and unstructured data from corporate records and media will reveal high-risk ownership, such as state-owned enterprises and foreign capital investments. Corporate entities with foreign subsidiaries face additional risks, including legal and regulatory compliance in multiple jurisdictions, political and economic stability, cultural challenges, supply chain disruptions, and data and privacy security. Assessing these risks across the multiple dimensions of risk and proactively monitoring them can be achieved through the discovery of corporate structures, visualizing subsidiary locations, understanding jurisdictional risks, monitoring mergers and acquisitions, and conducting due diligence. Having the ability to compile and analyze FOCI risk indicators from a comprehensive global dataset will not only give your organization the predictive edge it needs to mitigate FOCI vulnerabilities ahead of time but also enhance your understanding of all elements of an organization’s ownership in the face of foreign control or influence. FOCI risk indicators can emerge from the following categories:
  • Comprehensive Ownership Graphs Analyzed with Comprehensive Country Risk Indices
  • Proprietary Facility, Operating Location and Subsidiary identification
  • Foreign Venture Capital
  • State Owned Entities
  • Partnership and Joint Ventures with State Owned Entities
  • Sanctioned Entities
  • Hardware and Software Provenance
  • Espionage (Cyber, Industrial, Academic)
  • Foreign Economic Activity
  • Trade Secret Theft
  • Intellectual Property Transfer and Theft
  • Nationalization
  • Mergers and Acquisitions
  • Executive Poaching
our blog


Confronting ‘Forever Chemicals’ in Healthcare Supply Chains
Case Study
A Vertically Integrated Approach to Third-Party and Supply Chain Risk Management in Healthcare
Extension of Team
How Procurement Can Drive Impact for Reducing Supply Chain Emissions

Demo The
Exiger Platform