Understanding the SBIR/STTR Due Diligence Policy

Written By Joshua Lawton

In May 2024, the Department of Defense (DoD) introduced a critical policy aimed at strengthening the security and integrity of its Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs. These programs play a pivotal role in fostering innovation among small businesses and ensuring that the U.S. military maintains its technological edge. The newly established SBIR/STTR Due Diligence Policy and Implementation Guidance are designed to mitigate security risks and protect the innovations and technologies that small businesses bring to the defense sector.

What is the SBIR/STTR Due Diligence Policy?

The SBIR/STTR Due Diligence Policy is a comprehensive framework aimed at assessing and mitigating security risks posed by small business concerns (SBCs) seeking SBIR or STTR awards. This policy was necessitated by the SBIR and STTR Extension Act of 2022, which mandates that security risks, particularly those associated with foreign affiliations, be thoroughly evaluated to prevent adversaries from exploiting U.S. innovations.

Key entities involved in the policy's implementation include the Office of the Under Secretary of Defense for Research and Engineering (OUSD(R&E)), which oversees the policy, and the Defense SBIR/STTR Program Office, which ensures consistency across DoD Components.

Key Requirements of the Policy

1. Disclosure Form at Proposal Submission

All SBIR and STTR proposals must include a completed "Disclosures of Foreign Affiliations or Relationships to Foreign Countries" form. This form, approved by the Small Business Administration (SBA), is crucial for identifying any foreign ties that could pose a security risk. Proposals lacking this form will be disqualified from receiving awards.

2. Publicly and Commercially Available Information (PAI/CAI) Business Review

The Air Force Office of Commercial and Economic Analysis (OCEA) conducts a business review using publicly and commercially available information. This review aims to identify potential security risks by analyzing various factors, including cybersecurity practices, patent filings, employee affiliations, and foreign ownership or financial ties. The outcome is a business security risk indicator report that informs the due diligence review process.

3. Due Diligence Review to Assess Security Risks

Each DoD Component conducts a due diligence review to assess the security risks posed by SBCs seeking awards. This review involves comparing information from the foreign disclosure form and the business security risk indicator report against a set of risk factors outlined in the policy. The review aims to determine whether the SBC poses a low, medium, high, or very high risk and suggests appropriate mitigation measures if necessary.

4. Referral Process for Counterintelligence (CI) Review

SBCs that potentially fall under foreign ownership, control, or influence (FOCI) are referred to appropriate CI organizations for further review. This step ensures that any entities with questionable foreign ties undergo a thorough examination to mitigate risks to national security.

5. Risk Mitigation Review Board

Each DoD Component establishes a risk mitigation review board to evaluate SBCs flagged during the due diligence review. This board assesses whether identified risks can be mitigated and provides recommendations on whether the SBC should proceed with the award process. The goal is to ensure that only SBCs with manageable risks receive funding.

Implications for Small Businesses

For small businesses seeking SBIR/STTR awards, the due diligence policy introduces several important steps to ensure compliance and eligibility. These businesses must be prepared to:

  • Complete and Submit the Foreign Disclosure Form: Accurately disclose any foreign affiliations or relationships.

  • Undergo Business Reviews: Allow their business information to be scrutinized through PAI/CAI business reviews.

  • Participate in Due Diligence Reviews: Cooperate with DoD Components during the security risk assessment process.

  • Address Potential Security Concerns: Implement suggested mitigation measures to reduce identified risks.

Potential Challenges and Solutions

While the policy enhances security, it also poses challenges for SBCs, particularly those with complex international relationships. Businesses may need to invest in compliance expertise and legal advice to navigate the new requirements effectively. Engaging with professional advisors and staying informed about policy updates can help mitigate these challenges.

Bringing it All Together

The SBIR/STTR Due Diligence Policy represents a significant step towards safeguarding U.S. defense innovations. By understanding and adhering to the policy's requirements, small businesses can continue to contribute to the nation's defense capabilities while ensuring their operations remain secure and compliant.

Joshua Lawton www.joshualawton-belous.com
Previous

Understanding and Leveraging 8(a) Alaskan Native Corporation, Tribal Owned, and Native Hawaiian Organization Certifications
Next

Navigating the Government Contracting Landscape with GSA eBuy: A Guide for Federal Contractors