For businesses bidding or working on Canadian federal government solicitations, contracts and subcontracts with security requirements, registration with the Contract Security Program (“CSP”) and compliance with its requirements is mandatory. The CSP (operated by Public Services and Procurement Canada (“PSPC”)) provides security screening of organizations and their personnel for federal solicitations, contracts and subcontracts with security requirements.
Registration in the CSP also implicates the registrant’s corporate parent or companies looking to acquire a CSP registrant. Understanding the requirements of the CSP is crucial. Registrations are not transferrable between companies. Failure to consider the CSP in planning and executing a corporate reorganization or transaction involving a CSP registrant may result in a downgrade of the registrant’s security clearance level or even the loss of the security clearance.
This bulletin outlines key aspects of the CSP, including those requirements that may implicate corporate parents and companies looking to enter into a transaction involving a registrant.
Only Canadian Companies Are Eligible for Clearance Under the CSP
Only Canadian companies and their personnel located in Canada can obtain security clearances. Foreign contractors or subcontractors (including employees or facilities of the Canadian contractor/subcontractor located outside of Canada) cannot obtain clearance through the CSP. Instead, a foreign contractor or subcontractor must obtain a clearance in their home country, equivalent to the level of clearance required under their Canadian federal contract or subcontract, and approved by the International division of the CSP before they can access government information or assets.
Foreign Ownership, Control, or Influence Can Jeopardize Security Clearances
A Canadian company operating solely in Canada may still have difficulties receiving or renewing a security clearance if the CSP determines that it is subject to foreign ownership, control and influence (“FOCI”). As part of the security screening process, the CSP will assess the level of FOCI by reviewing the applicant’s corporate structure, including the role and location of key decision-makers such as officers, directors, or partners in the corporate chain.
The issue of FOCI can be particularly vexing since the CSP’s assessment of FOCI and any remedial measures may vary considerably between contractors based on the totality of the circumstances and the CSP’s particular concerns. These concerns can arise even if the FOCI originates from a close ally of Canada, such as the United States.
Since any changes to corporate structure—including a reorganization for something as mundane as tax planning—can alter the level of FOCI, it is essential that companies contemplating a reorganization or a transaction involving a registrant engage with the CSP before undertaking such activities. Not only is advance notice required, but it will also ensure that registrants can proactively address the CSP’s concerns in advance of a corporate change that may unknowingly impact the registrant’s security clearance.
Termination of a Security Clearance Is a Deemed Breach of Contract
The CSP may suspend or terminate any or all security clearances for contractors/subcontractors who have breached CSP requirements or where the level of FOCI has changed. Termination of company security clearances is automatically deemed a contract default.
Security Clearances Are Not Transferrable or Assignable
Security clearances are specific to the registered company and cannot be extended to other organizations (i.e., affiliates or subcontractors) or assigned from one party to another. As noted above, acquisition of a Canadian company by a foreign entity will require an analysis of the degree of FOCI and may impact security clearances.
A contract assignment—even if approved by the Contracting Authority—does not assign the security clearance. The assignee must have its own security clearance for its facilities, personnel and IT systems, as well as any key senior officials.
Clearances Must Be Obtained in Advance
Valid security clearances at the level of the government information or asset sensitivity are required for persons, facilities and systems in advance of any transfer, receipt, access, storage, processing or management of such information, including the execution of any of these activities within IT systems, between Canadian facilities, and across borders.