Federal Government Risk Reviews
Federal government funding agencies are increasing efforts to identify and counter unwanted foreign influence in federally-funded research. One of the primary efforts important for UMD researchers seeking federal awards to understand, is the conduct of risk reviews. While multiple sponsoring agenices are untaking varied versions of these reviews, including the NSF and DOE, the directive issued by the Under Secretary of Defense for Research and Engineering provides the most specific methodology to date. While other agencies have not issued such specific guidance, we can presume that the approach taken by DOD is being similarly applied.
The Department of Defense (DOD) guidance is titled, “Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education” and includes three documents:
- June 8, 2023, Under Secretary of Defense Memorandum on Policy for Risk-Based Security Reviews of Fundamental Research. (pages 2 – 7)
- DOD Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions (“Decision Matrix). (pages 8 – 16)
- FY22 Lists Published in Response to Section 1286 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232), as amended (“Lists”). (pages 17 – 21)
DOD components are required to develop policies and processes for the risk-based security review of proposals for funding for fundamental research projects. The “Decision Matrix” is a guide to be used by Program Managers and DOD components in reviewing proposals for potential conflicts of interest or commitment and to identify “actions prohibited by law that would preclude an investigator or institution from receiving funding from the Department.”
The DOD documents specify requirements for these policies and include a matrix of risk factors, some of which are prohibited or must be addressed via mitigation measures, and others for which mitigation measures are recommended, suggested, or not required. The matrix includes four key factors:
- Foreign Talent Recruitment Program Factors
- Funding Sources Factors
- Patent Factors
- Entity Lists Factors
DARPA
While the DOD guidance is new as of 2023, DARPA, in late 2021, established their Countering Foreign Influence Program (CFIP) directing the creation of risk assessments of all proposed Senior/Key Personnel selected for negotiation of a fundamental research grant or cooperative agreement award. The matrix used by DARPA in the conduct of these reviews varied slightly from the broader suggested DOD matrix. Ratings ran from Very High to High to Moderate to Low in each of the four risk factor categories:
- Foreign Talent Program
- Denied Entity Lists
- Funding Sources
- Foreign Institutions or Entities
An overall risk rating was assigned based on the review outcomes of these four categories.
In late December 2023, the DARPA Director issued a memorandum regarding updates to the DARPA Risk Based Security Reviews of Fundamental Research Process. The previous DARPA Countering Foreign Influence Program (CFIP) policy, DARPA Risk Rubric, and FAQs were superseded by a new policy in line with the “Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education” guidance issued by the Under Secretary of Defense for Research and Engineering.
According to the memo, the new risk-based security review process provides consistency in policy and procedures across all DoD Components. The MSO/SID CFIP Team will conduct risk-based security reviews of all covered individuals (i.e., Senior/Key Personnel) submitted with fundamental research proposals that a DARPA Program Manager (PM) identifies as “selectable and recommended for funding.” The risk-based security reviews will be conducted by reviewing the Standard Form (SF) 424, “Senior/Key Person Profile (Expanded),” its accompanying or referenced documents, and the Research Performance Progress Reports (when applicable), in concert with the DoD Component Decision Matrix. The new DoD Component Decision Matrix replaces the previous risk rubric. Risk levels (i.e., Low, Moderate, High, Very High) have been replaced in the Decision Matrix with “levels of required mitigation” that range from “No Mitigation Needed” to “Prohibited.”
ARMY RESEARCH
In the spring of 2024, the Army Research Lab published a Risk Matrix/Rubric and FAQs as it implemented the AFC Army Research Risk Assessment Protection Program to "help identify and mitigate existing or potential risk of CoC/CoI in Army research grants and cooperative agreements." Risk ratings run from High to Low in each of the four risk factor categories:
- Foreign Talent Program
- Denied Entities
- Funding
- Foreign Institutions
Of note, this matrix includes co-authorships and panel participation at a conference with foreign entities/institutions as a part of the risk assessment: "co-authorship/panel participation at a conference is an indicator of collaboration between researchers and research institutions to exchange something of value. Co-authorship/panel participations at a conference with a strategic competitor would be considered under Factor 4: Foreign Institutions of the Army rubric."
WHAT DOES THIS MEAN FOR UMD RESEARCHERS SEEKING DOD AWARDS?
DOD components are beginning to conduct risk reviews of fundamental research project proposals and are notifying university research officials of proposals with identified Countering Foreign Influence Program (CFIP) issues. In at least one instance, the DOD component noted that the CFIP assessment was based on materials submitted by the PI or openly available on the internet. In those instances where mitigation measures are possible, research security personnel will engage with the DOD component representatives to learn the nature of the concern and will work with the PI and relevant university officials to determine appropriate mitigation measures, should the PI elect to continue with the project.
The Research Security Office will continue to monitor implementation of this policy by DOD components and will provide updates as available.