Protecting Innovation and National Security

ARMY SBIR|STTR DUE DILIGENCE

The Army SBIR|STTR Program’s Due Diligence Team protects the Army’s small business investments, partnerships, and national security interests, ensuring that the program awards small businesses with acceptable risk of malign tech transfer and sabotage. The team implements due diligence reviews for every proposal seeking research and development funding from the Army SBIR|STTR Program.

RISK FACTORS
FAQs

Risk Factors

In accordance with the SBIR and STTR Extension Act of 2022 (Public Law 117-183), the Army SBIR|STTR Due Diligence Team conducts a step-by-step risk assessment of small business structure, personnel, and partnerships to protect U.S. intellectual property and defense capabilities. Following every proposal submission, the team reviews risk factors that may indicate potential Foreign Ownership, Control, or Influence concerns, particularly those linked to designated foreign countries of concern. If a proposal presents an unacceptable risk to national security that cannot otherwise be mitigated, the team will recommend denial of the award.

The Army SBIR|STTR Due Diligence Team provides risk analysis and recommendations, not award decisions. The Office of the ASA(ALT) is responsible for final assessment of risk and award determination.

  • Foreign Ownership, Control, or Influence
    • What’s the Risk? Malign Tech Transfer & Sabotage 
    • Indicators: Risk related to investors; employee foreign countries of concern affiliations; foreign countries of concern-based parents, subsidiaries, joint ventures, etc.; company and individual patent transfers; number of employees with foreign countries of concern affiliations; percentage of employees at company with foreign countries of concern affiliations, etc.
       
  • Cyber
    • What’s the Risk? Compromise or Theft of Valuable Information
    • Indicators: Risk related to cybersecurity posture.
       
  • Integrity/Fraud, Waste & Abuse
    • What’s the Risk? Waste of Taxpayer Dollars 
    • Indicators: Risk related to regulatory and fraud history; publicly available and commercially available information related to foreign investors and disclosed investor discrepancies. 

Due Diligence Frequently Asked Questions

What is due diligence?

Due diligence is a risk assessment to protect U.S. intellectual property and defense capabilities. The due diligence investigation confirms or denies reported interests and associations and uncovers unreported factors representing potential conflicts of commitment or interest. As it pertains to congressional requirements for the SBIR and STTR Programs, due diligence primarily focuses on confirming, denying, or uncovering facts or details of Foreign Ownership, Control, or Influence, cybersecurity hygiene, and patent risk of each proposal.

What law and policy guides the Army SBIR|STTR Due Diligence Team?

The SBIR and STTR Extension Act of 2022 (Public Law 117-183) establishes the Army SBIR|STTR Due Diligence Team.

“Assess, using a risk-based approach in accordance with (IAW) references a and b, the cybersecurity practices, patent analysis, employee analysis, and foreign ownership, interests, partnerships, and associations of a small business concern seeking a SBIR/STTR award, including the financial ties and obligations (which will include surety, equity, and debt obligations) of the small business concern and employees of the small business concern to a foreign country, foreign person, or foreign entity.”

The Deputy Secretary of Defense Memo: Defense SBIR and STTR Due Diligence Program, 13 May 2024, establishes the risk matrix which informs risk assessment and decision making.

How does the Army SBIR|STTR due diligence process work?

The Army SBIR|STTR Due Diligence Team assesses both company disclosures and business intelligence data through our providers. Once a small business submits a proposal via DSIP, the team identifies any discrepancies between the forms, and/or foreign nexus, and/or other business concerns from the business intelligence data to produce a Secondary Review report. The team uses the Secondary Review report to triage proposals based on risk indications and to determine whether the proposal requires enhanced deep-dive due diligence reviews. Once deep-dive reviews and any necessary referrals are complete, the team finalizes the risk assessment and presents findings alongside the technical review in the proposal approval meeting for award decision.

What risk factors does the Army SBIR|STTR Due Diligence Team assess?

The Army SBIR|STTR Due Diligence Team primarily focuses on malign tech transfer risk stemming from indications of Foreign Ownership, Control, or Influence. The team also considers risk stemming from fraud, waste and abuse, cybersecurity, and other business risk factors.

If I have foreign countries of concern investment or an individual working on the project team with a foreign country of concern affiliation (e.g., co-authorship, funding, etc.), is my proposal automatically denied?

No – the Army SBIR|STTR Due Diligence Team will independently assess each proposal using the standard due diligence process. For proposals exhibiting significant risk indicators, such as covered individuals with foreign countries of concern affiliations or investment, the due diligence team will conduct enhanced deep-dive due diligence reviews on the indicated risk and overall proposal. The presence of individual risk indicators will not cause the team to automatically deny a proposal. The only reason for automatic due diligence-based denial would be continuous and systemic issues within the small business concern, which raise the probability of loss or damage to the Army to an unacceptable level.

What tools does Army SBIR|STTR employ when conducting due diligence?

The Army SBIR|STTR Due Diligence Team uses a combination of publicly available information, open-source research, and commercially available information through our data providers, along with company disclosures.

As a small business, how can I vet my company and employees internally prior to submitting a proposal to reduce my risk?

Cap Table Assessment

Know your investors: Where are your investors headquartered? Who are the key stakeholders in that business? Do any individuals have potential foreign countries of concern affiliations? Are there any agreements with investors regarding IP that increases malign tech transfer risk?

Employee Assessment

Know your employees: Do your company executives or individuals involved with the SBIR and/or STTR project have any foreign countries of concern affiliations?

Examples:

  • Co-authorships with individuals with positions/appointments at foreign countries of concern-based research institutions
  • Current or historical membership in a talent program with a foreign country of concern-based institution
  • Current or historical position or appointment at a foreign country of concern-based institution
  • Employment at a business or institution within a foreign country of concern
  • Research funding from a foreign country of concern-based research institution
  • Any other significant ties to individuals or institutions within a foreign country of concern

Open-Source Tools

Even without sophisticated vetting tools, you can achieve a good understanding of Foreign Ownership, Control, or Influence risk (knowing your employees and investors) using open-source research (including Boolean searches and other methods).

Resources & Contact Us

For additional due diligence information, please visit the Resources page of the website.

For questions on Army SBIR|STTR Due Diligence, contact the team here.

Scroll to Top