The Threat of Foreign Ownership, Control, or Influence (FOCI)
An important step in verifying people and businesses is assessing foreign influence and control. Identity verification is critical for identifying Foreign Ownership, Control, or Influence (FOCI) violations and uncovering vast networks of malicious activity. Overt control through documented investors and relationships is easy to spot. Influence, which involves indirect methods a foreign entity uses to affect decisions or operations, is more difficult. Intelligent governments avoid leaving a paper trail when embedding their activities in another’s supply chain. FOCI often begins with ownership and control, using simple proxy ownership and funding. Individuals or entities are used to disguise the true origin of ownership or financing. Creating a fresh, clean funding source takes time, but it prevents easy identification of bad actors. Only a few individuals in key positions need to help another foreign nation. In these cases, they do not meet or act on behalf of a nation, but they exert subtle, unofficial influence that a foreign country can exploit.
Detecting Foreign Influence Using Identity Network Graphs
To achieve a foreign-free business and association requires years of planning and investment. When national security and intellectual property (IP) are involved, the timeline is trivial. The pay-off can be massive if a foreign operation embeds itself into another government’s systems. While the most sensitive projects operate in silos—meaning isolated, self-contained groups—other government operations remain exposed. Current FOCI detection methods cannot correlate data and intelligence at the raw data level. A review may look at all involved people and find no foreign relations on paper. However, the best way to spot advanced actors is with historical and identity network graphs. Analyzing relationships and past actions can reveal hidden links. Finding just one foreign influence operation or bad actor can uncover entire hidden campaigns. An individual's location and interactions with certain countries can also help identify hidden operations. First-level relations—direct connections between individuals and foreign interests—are the riskiest and should be deeply scrutinized. Lasting trust should be placed in only one government. Government vendor and relationship choices are another way to uncover common signs of foreign influence. Examining not only customers but also where money is sent for expenses can help track and identify more cases. FOCI operations typically follow similar patterns, as governments try them over long periods. These patterns eventually create easy identifiers for certain individuals. The best identifiers look at the whole person, piecing together multiple datapoints to tell a comprehensive story. Someone who invests in or develops technology in a certain field has a different story than someone who went through all the trials to succeed. A business’s motivations and exact identity show whether it acts in good faith or as a front for a foreign entity.
Advanced FOCI Identification and Predictive AI Capabilities
Raw data from reverse engineering and exploiting operations through subterfuge helps identify foreign influence. Asking a bad actor to reveal themselves never works. FOCI identification calls for a greater level of preparation, planning, and execution than even the most offensive foreign countries can imagine. Worldwide, entire datasets can be synthesized with advanced AI models. These models return fraud risk scores, advancing predictive capabilities beyond current systems. Once identified, best practices manage bad actors with constant reminders that offending governments are several steps behind. At Trust Swiftly, we have used this approach to create workflows. These workflows put bad actors in their own sandboxed verification environment. Advanced technology is not always needed to identify FOCI violations. Practitioners can root out foreign activity with their experience. The largest reported FOCI violation case, involving Odebrecht and Braskem, was discovered by detecting an initial fraud ring. This resulted in only a few billion dollars in violations. Such reported cases are small compared to the immense value of advanced technology that governments must protect. Foreign adversaries might spend billions on a single operation when the ROI for the most sensitive projects could be limitless.