Solutions

National Security Solutions

Numerous facets of contemporary business operations carry potential implications for national security. Given the ever-evolving landscape of threats and technologies, governmental guidance and regulations also undergo continuous changes. Notably, heightened scrutiny from the U.S. government, particularly concerning foreign investments and international financial payments as well as the protection of personal data, has emerged in response to advancements in the private sector and higher education. In navigating the intricate web of evolving regulations encompassing areas such as the Committee on Foreign Investment in the United States (CFIUS)/Team Telecom, Economic Sanctions, and Export Control, Guidepost ensures proactive readiness to prevent and address emerging threats. We diligently stay abreast of fluctuations in the realm of national security regulations, enabling our clients to navigate these complexities and avoid unforeseen challenges.

Founded, led, and staffed by former senior national and homeland security, law enforcement, and other U.S. government officials and anti-financial crime compliance officers, Guidepost knows national security. Our professionals have unparalleled experience designing, implementing, and enforcing national security programs at the most senior levels of government and the private sector. Our team includes former senior officials from the Federal Bureau of Investigation, United States Secret Service, Homeland Security Investigations, as well as numerous United States Attorney’s Offices, the Homeland Security Council at the White House, the U.S. Congress, and globally complex financial institutions. We have extensive experience working with the Departments of Defense, Treasury, Commerce, Justice, Homeland Security, and bank regulatory agencies.

Our National Security team works directly with corporate clients, financial institutions, and their counsel supporting mission-critical and high impact programs. We are collaborative in our approach, even in the most sensitive engagements. Areas where we can be most helpful include working with organizations to:

  • Identify and articulate business risks the U.S. government commonly associates with national security
  • Develop common sense, cost-effective mitigation approaches to address prioritized risks and gaps enabling businesses to articulate a strategic plan for addressing national security concerns
  • Evaluate, create and/or update relevant policies and procedures to ensure risks and remedies are documented and monitored. Best practices and benchmarking can be included as part of this review
  • Build holistic compliance and governance programs to balance government expectations and mandates with business and organizational needs
  • Review and build compliance training to specifically address regulations and requirements as part of any government mandate, compliance framework, or industry best practices
  • Audit, test and monitor compliance programs to satisfy requirements of both the business and the government
  • When appropriate, we accompany clients to meet with government officials to explain compliance development and remediation, and to provide assurance

Whether the challenges relate to CFIUS/Team Telecom, economic sanctions evasion, export controls, cybersecurity, the deployment, or integration of artificial intelligence (AI) technologies or anti-corruption, our national security solutions can help you meet compliance mandates allowing you to move forward prudently with business.

Our National Security Services include these focus areas:

 

With some states and the federal government’s increased and expanded scrutiny of transactions involving foreign entities and investors, making sure you are well prepared to address national security concerns is key. We can assist organizations to understand their national security risk through the identification of key risk areas and to develop appropriate mitigation measures. For those entities subject to CFIUS and Team Telecom mitigation agreements, we serve as fair and unbiased third-party auditors and monitors. Our team of experts has evaluated compliance with National Security Agreements and Letters of Assurance, developed remediation plans to address deficiencies, and reported findings to both the transaction parties and the government. We maintain excellent working relationships with CFIUS Monitoring Agencies (“CMAs”) which can be helpful in the often-stressful environment of audits and monitorships. Our credibility with the government and reputation as fair but firm monitors and auditors provides confidence to ensure cost effective compliance.

Our team is fully equipped to evaluate compliance with CFIUS mitigation measures, such as:

  • Providing guidelines for handling and protecting U.S. government, customer, and other sensitive information
  • Reviewing and conducting assessments against cybersecurity standards and  frameworks  to reduce the risk to business information, sensitive data, and proprietary information
  • Conducting reviews of third-party vendors and contracts to ensure they comply with the requirements of mitigation plans
  • Assessing supply chains to determine if national security risks exist and the identification of potential risky vendors
  • Reviewing and tracking of mandated employee, vendor and contractor cybersecurity and compliance training required under specific plans
  • Developing and assessing relevant control plans such as a Visitor Access Plans, Technology Control Plans, Electronic Communications Plans, and others, as needed
  • Providing documentation and independent assessment of compliance to the CMAs as required
  • Assisting in balancing ongoing business activity during implementation of a mitigation plan

Relevant Experience:

  • Guidepost served as the multi-year CFIUS monitor for a foreign owned data analytics company collecting US person information. In the role as monitor, Guidepost worked with both the Transaction Parties, their outside counsel, and the CMA (Department of Justice) to review internal controls around data privacy, information and physical security, personnel, training, and compliance reporting.
  • Guidepost served as a CFIUS monitor for a US based robotics company with a significant foreign investor. This engagement involved multi-year oversight of the company’s systems, its protection efforts around its sensitive intellectual property, its physical security, and personnel security. As monitor, we worked collaboratively with the US based entity and its outside counsel ensuring consistent and transparent communication with the CMA (DOD).
  • Guidepost served as the independent, third-party auditor for a domestic telecommunications company acquired by a foreign conglomerate and subject to a National Security Agreement with Team Telecom. This engagement evaluates policies and procedures, physical and cyber-security controls and overall compliance with provisions required to protect U.S. national security and law enforcement interests.
  • Guidepost served as third-party auditor for a UK based biotechnology firm bought by a foreign investor. Guidepost’s role was to determine and validate that specific intellectual property acquired by the UK firm was no longer in its possession or available to foreign investors.
  • Guidepost currently serves as the CFIUS Third-Party Monitor for a technology company that manufactures advanced products critical for government, military, and aerospace applications. This ongoing engagement evaluates the client’s compliance with the terms and conditions of a National Security Agreement as they relate to governance, marketing and sales activities, export controls, network security and reporting.
  • Guidepost served as the CFIUS third-party auditor for a consulting and contract Clinical Research Organization (“CRO”). Guidepost completed an audit of the company’s representation to the CFIUS monitoring agencies that it did not possess certain types of sensitive genetic sequencing data that the company agreed it would not maintain pursuant to their National Security Agreement. Guidepost evaluated, verified, and validated the search methodologies the company employed, the employee compliance training program and the company’s entire business process.

In each of the above related experiences, Guidepost developed and maintained excellent professional relationships with both clients and the CMAs. Our efforts were regularly documented and provided to the CMAs as validation.

Complying with economic sanctions and export controls requires continued vigilance. Just in the past several years, there have been several major changes to sanctions regulations. With our National Security services, we can ensure you are prepared. We develop compliance plans and perform critical monitoring of anti-money laundering (AML) and the U.S. economic sanctions programs by reviewing benchmarking and operationalizing compliance programs to meet US Treasury Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Asset Control (OFAC) expectations

We also assist with trade compliance matters, including compliance with the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR).

Relevant Experience

  • Guidepost was engaged to conduct an independent audit of the OFAC sanctions compliance program of a large international European bank pursuant to a settlement agreement with the U.S. Federal Reserve System. The team reviewed the Bank’s risk assessment, OFAC sanctions policies and procedures and the implementation and execution of those policies. The review also included testing of USD payments, including transaction processing and trade finance activities. The team tested the sanctions screening capabilities and control environment. The team also reviewed historic stopped payments and the alert assessment process as used by the bank to clear alerts.
  • Pursuant to an appointment by the NYS DFS, Guidepost worked under an Independent Consultant to monitor and address the Bank’s AML and sanctions regulations compliance. The team reviewed the Bank’s sanctions and anti-money laundering programs, procedures, and software programs; provided recommendations for software improvements and procedures; and improved OFAC filter rates as well as identified potential money-laundering issues. Additionally, we supported the Consultant in overseeing NYS DFS’s suspension of U.S. dollar clearing. We conducted on-site compliance reviews in more than 12 countries, reviewing policies and procedures relating to money laundering policies and procedures.

We treat cyber threat mitigation with a holistic and top-level planning approach through our comprehensive threat, risk, and vulnerability management services to protect against a full spectrum of cybersecurity,  physical security, and privacy compliance issues. These innovative capabilities are specifically designed to improve cyber defense capabilities and prevent or remediate any incidents when they occur.

Cybersecurity and privacy go hand in hand. As a result, our team works collaboratively to ensure both areas are considered and addressed in tandem.

Relevant Experience

  • Post-Breach RemediationGuidepost is currently assisting a domestic telecommunications carrier with its recovery and remediation efforts following a simultaneous state-sponsored data breach and ransomware attack. Services include providing overall cybersecurity guidance to IT staff for system recovery and hardening, incident response and analysis, network re-architecture, system redesign and implementation, evaluating network and dataflow diagrams and creating system standards and configurations. Guidepost is assisting the client by evaluating and helping to implement comprehensive endpoint protection for workstations, laptops and servers, mobile device management, network protection (e.g., firewalls, IDS/IPS), identity management/directory services, anti-malware, and patch management solutions.
  • Comprehensive Security/Privacy Evaluation – At the behest of its largest client, an outsourced processor of e-commerce orders retained Guidepost to conduct a comprehensive privacy and cybersecurity assessment of its global operations. Guidepost evaluated and improved the client’s governance structure, policies and procedures, employee training, and technology controls to address GDPR and CCPA privacy objectives, industry best practices for cybersecurity, and Payment Card Industry (PCI) compliance.
  • FTC Independent Privacy Compliance Review – Subject to an FTC Order, a global provider of one of the most widely used healthcare apps selected Guidepost to conduct an independent, third-party Compliance Review of its data privacy practices. After receiving FTC approval to serve in this capacity, Guidepost conducted a comprehensive evaluation to  determine whether the company maintained compliance with certain core privacy principles; whether the company’s privacy practices were consistent with its privacy policy;  whether the company adequately informed individuals about the mechanisms through which they may pursue complaints regarding the company’s privacy practices; and whether there were any gaps or weaknesses in the privacy practices assessed. As part of the Compliance Review, Guidepost identified specific evidence (including, but not limited to, documents reviewed, sampling and technical testing performed, and interviews conducted) examined to make such determinations and identifications and explained why the evidence examined was sufficient to justify the findings.

We have served as experts and assisted law firms and companies in responding to regulatory inquiries and by conducting audits, assessments, and investigations.

Relevant Experience

Guidepost has broad investigative experience in both domestic and cross-border matters. References and examples are available upon request.

 

Why Choose Guidepost?

  • Experience: Members of our team have significant National Security service experience inside key agencies of the United States government, including the White House, Department of Justice, Department of the Treasury, Department of Commerce, Department of Homeland Security, FBI, Homeland Security Investigations, Congress, and US Attorneys’ offices around the country.
  • Credibility: Several members of our team maintain high-level security clearances and maintain regular contact with US government officials regarding compliance and regulatory issues.
  • Leadership: Our National Security services are led by a former senior FBI Official, Stephanie Douglas who led the FBI’s National Security Branch.