OSTP Foreign Interference and Research Security Guidance

Amanda Ferguson, Roseann Luongo

Summary

On Jan. 4, 2022, the White House Office of Science and Technology Policy (OSTP) published a blog post announcing OSTP’s release of guidance to federal agencies toward implementing...

Detailed Summary

The implementation guidance provides new details for agencies to apply during their implementation across five areas addressed in NSPM-33: Establish standard disclosure...

How Huron Can Help

Huron’s team of research compliance experts have supported institutions with proactive assessments of foreign interference and research security and compliance programs,...

Summary

On Jan. 4, 2022, the White House Office of Science and Technology Policy (OSTP) published a blog post announcing OSTP’s release of guidance to federal agencies toward implementing National Security Presidential Memorandum 33 (NSPM-33), which set forth national security strategy and principles for strengthening the protections of U.S.-funded research and development against foreign interference and exploitation. The post and the guidance directed federal research agencies to spend the next 120 days developing a set of model grant forms that can be used uniformly by researchers across funding agencies.

Major points of guidance include:

  • Federal funding agencies are directed to develop a model proposal disclosure form and instructions to promote the consistency of what researchers are expected to disclose and to allow researchers to report information in the same way, regardless of funding agency.
  • Researchers must disclose detailed information about current and pending support, including:
    • Applications to programs sponsored by foreign governments, including foreign government-sponsored talent recruitment programs.
    • In-kind contributions.
    • Visiting scholars, students, and postdocs not paid by the researcher’s institution.
    • Sponsored travel when performing research activities with an associated time commitment.
  • Administrative remedies or enforcement against institutions are limited to three discrete scenarios.
  • Institutions receiving more than $50 million annually in federal research and development funding must establish and maintain research security programs that meet the implementation guidance’s standards.
NSPM-33 Focus Areas Actions Institutions Can Take Key Stakeholders to Mobilize

Standard Disclosure Requirements for Applicants
  • Review conflict of interest (COI) and conflict of commitment (COC) programs to ensure the content of disclosures are aligned with the anticipated requirements for federal sponsors.
  • Ensure business processes across the award life cycle — from proposal submission, to award receipt and acceptance, to mandatory reporting and monitoring — can facilitate the review and submission of the requisite disclosure elements, including collecting contracts and digitally signing and attesting to disclosures as required.
  • Develop new or enhance existing faculty and local research administrator training on required disclosure information in federal funding proposals.
  • Faculty and Researchers
  • Central Pre-Award Operations
  • COI/COC Programs
  • Compliance

Digital Persistent Identifiers (DPIs)
  • Involve library services resources in institutional planning efforts to prepare for federal DPI standards.
  • Consider how your institution can leverage data from already existing DPI services, such as ORCID, and integrate with those solutions and validate data as appropriate.
  • Establish an institutional account with a DPI service, investigate how to uniformly establish researcher-user accounts, and consider change management approaches to prepare for federal implementation.
  • Libraries
  • Research Technology/Systems
  • Department Administrators
  • Faculty and Researchers

Consequences for Researchers and Institutions
  • Understand scenarios that require institutions to be held accountable for noncompliance and integrate key takeaways into business processes and faculty trainings.
  • Establish thresholds for mandatory reporting and due diligence for compliance and research administration units.
  • Verify faculty members understand their personal liability and responsibility to comply with key disclosure requirements.
  • Faculty and Researchers
  • COI/COC Programs
  • Compliance

Information Sharing Among Federal Agencies
  • Shore up incident monitoring and reporting mechanisms to align with mandatory reporting types and timelines.
  • Take into account how one violation may impact the broader institutional reputation and award portfolio and decide how this impacts your institution's risk tolerance.
  • Risk/Assurance Functions
  • Compliance

Research Security Program Requirement
  • Review and document research compliance program or broader risk program structures against NSPM-33 and consider how a research security program might be established or formalized.
  • Inventory applicable training materials (e.g., responsible conduct of research (RCR), COI/COC, export controls, data security) and consider how they should be updated to address research security, as well as how the cadence and format of faculty education regarding research security could be enhanced and standardized.
  • Name and publicize a research security point of contact.
  • Cybersecurity/IT
  • Export Control Officers
  • Compliance

Detailed Summary

The implementation guidance provides new details for agencies to apply during their implementation across five areas addressed in NSPM-33:

Establish standard disclosure requirements for researchers submitting federal grant applications

  • Federal funding agencies are directed to develop a model proposal disclosure form and instructions to promote the consistency of what researchers are expected to disclose and to allow researchers to report information in the same way, regardless of funding agency.
  • Researchers must disclose detailed information about current and pending support, including:
    • Applications to programs sponsored by foreign governments, including foreign government-sponsored talent recruitment programs.
    • In-kind contributions.
    • Visiting scholars, students, and postdocs not paid by the researcher’s institution.
    • Sponsored travel when performing research activities with an associated time commitment.
  • The mandatory disclosure of participation in foreign government-sponsored talent programs is limited to programs sponsored by foreign governments or foreign government entities or instrumentalities (i.e., those directly or indirectly sponsored by foreign governments).
  • Researchers must certify to the accuracy and completeness of their disclosures pursuant to NDAA 2021 Section 223.

Incorporate the use of digital persistent identifiers (DPIs) to tie information together by researcher

  • Researchers should be allowed to use DPI services to securely store information that needs to be disclosed to federal funding agencies.
  • Federal funding agencies should allow researchers to authorize the funding agency to authenticate and access information stored with DPIs during the grant application process to minimize manual disclosures by researchers.

Clarify the consequences for researchers and institutions for violating disclosure requirements

  • The violation of disclosure requirements may lead to award-related administrative actions or remedies available under the Uniform Guidance, such as debarment and suspension as well as criminal charges, depending on the outcome of investigations and at the discretion of cognizant inspectors general and/or civil offices within the Department of Justice.
  • Administrative remedies or enforcement against institutions are limited to specific scenarios that involve institutional failure to certify to disclosure requirements, failure to disclose required information, or failure to remedy a known omission:
    • “The organization did not meet requirements for entities to certify that covered individuals have been made aware of disclosure requirements.”
    • “The organization knew that a covered individual failed to disclose required information and the research organization did not take steps to remedy such nondisclosure before the application was submitted.”
    • “The head of the research agency concerned determines that the organization is owned, controlled, or substantially influenced by a covered individual; and such individual knowingly failed to disclose required information.”

Require information sharing by and among federal agencies

  • Funding agencies will be required to share information among themselves about violations of disclosure requirements, including prior to and after violations are confirmed, by leveraging already existing mechanisms such as the System for Award Management (SAM) and Federal Awardee Performance and Integrity Information System (FAPIIS) to notify all federal government stakeholders of administrative or enforcement actions.
  • Mandatory reporting to enforcement agencies is required whenever a funding agency “has reasonable grounds to believe there has been a violation of Federal criminal law.”

Mandate the establishment of research security programs for federal award recipients above the $50 million funding threshold

  • The guidance details key requirements for institutional research security programs, including:
    • Implementing a robust cybersecurity program for research, with prescriptive protocols and procedures.
    • Maintaining international travel security, including policies that require an organizational record of covered international travel by faculty and staff, an advance disclosure of international travel, security briefings, assistance with electronic device security, and preregistration.
    • Research security training, potentially as part of existing responsible conduct of research (RCR) training.
    • Export control training (as appropriate).
    • Designating a research security point of contact.
  • Institutions will certify the existence of a research security program at an institution level, rather than an award-by-award basis, and will be required to maintain a description of their research security program.
  • While research organizations can integrate research security into existing programs, to the extent applicable and feasible, a coherent research security program should be established.

How Huron Can Help

Huron’s team of research compliance experts have supported institutions with proactive assessments of foreign interference and research security and compliance programs, responding to both federal grant making and enforcement agency investigations, and training for faculty, departments, and central office staff. Our team has deep expertise supporting research institutions by working to update and implement policies and procedures in response to regulatory updates.

Additionally, Huron Research Suite provides a long-term software solution to streamline collecting and managing various disclosures required by NSPM-33.

If you have concerns or questions regarding your institution’s practices or readiness to implement these updates, contact one of our leaders today.

Leah Guidry Anne Pifer

Managing Director Managing Director

Contact Us

I want to talk to your experts in