Mergers and Acquisitions in Federal Contracting: A Northern Virginia Attorney’s Guide to Novation, CFIUS, FOCI, and Clearance Transfer

By Anthony I. Shin, Esq., Shin Law Office

1. Why Federal Contractor M&A is Different

An ordinary M&A transaction involves buyer, seller, target, lawyers, accountants, and tax advisors. A federal contractor M&A transaction adds the federal government as an interested third party that has its own rules about how the deal can be structured, who can own the target, what consents are required, and what continues post-close. The added layer reshapes timing, deal terms, due diligence scope, and integration planning.

Federal contracts cannot be assigned without government consent. Federal facility security clearances do not automatically transfer when a target is acquired; they have to be properly handled through DCSA. Cleared contractor acquisitions involving foreign acquirers can trigger CFIUS review and FOCI mitigation requirements that materially restructure the deal. Small business set-aside contracts can lose their set-aside status at acquisition under the size recertification rules. The cumulative effect is that federal contractor M&A involves more government-facing process than most commercial deals, and the timeline reflects that.

For buyers, federal contractor targets bring valuable contract portfolios, cleared facilities, cleared workforces, and customer relationships, but each of those is regulatorily encumbered. For sellers, federal contractor targets often command premium multiples for the same reasons but require careful deal structuring to preserve the value through close. For both sides, federal contracting counsel and corporate M&A counsel need to work together from term sheet through close.

This guide walks through the federal-specific overlay on M&A in the order most deals encounter the issues: anti-assignment and novation, CFIUS and FOCI for transactions involving foreign or cleared interests, facility security clearance transfer, size recertification, antitrust, due diligence, representations and warranties, and integration.

2. The Anti-Assignment Statute and Novation Under FAR 42.1204

The Anti-Assignment Act (41 U.S.C. §6305) prohibits the transfer or assignment of federal contracts. The rule is straightforward: a federal contractor cannot sell, assign, or transfer its government contracts to another party without going through a formal novation process and obtaining government consent. The deal structure has to accommodate this requirement.

When novation is required

Novation is required when the assets associated with the federal contracts are transferred to a new entity. Stock purchases generally do not require novation because the contracting entity continues to exist and hold the contracts; only the ownership changes. Asset purchases generally do require novation because the contracts must transfer from the seller entity to the buyer entity. Mergers and reorganizations can fall on either side of the line depending on the legal structure. Statutory mergers under state law where the surviving entity acquires the contracting party’s contracts by operation of law sometimes do not require novation, while asset-style mergers often do.

The novation process

FAR 42.1204 sets out the novation process. The transferor (seller), transferee (buyer), and government enter a tripartite Novation Agreement under which the transferee assumes the seller’s obligations and the government recognizes the transferee as the new contracting party. The novation package typically includes: a written request to the responsible contracting officer; a list of the contracts being novated; the legal documents reflecting the transfer of assets (purchase agreement, bill of sale); proof of corporate authority; financial statements demonstrating the transferee’s capacity to perform; certificates of insurance; and other supporting documents.

Timing

Novation typically takes three to six months from package submission to executed novation agreement. The government’s review involves the contracting officer at the agency, the agency legal counsel, and (for novations involving multiple agencies) the cognizant administrative contracting officer. The timeline is not under the parties’ control. Buyers and sellers usually proceed with closing on the underlying transaction and operate under a transition services arrangement during the novation period, with the seller continuing to perform the contracts (or arranging for the buyer to perform under the seller’s authority) until novation is complete.

Risk of denial

The government’s consent to novation is not automatic. The contracting officer can deny novation if the transferee lacks the financial, technical, or operational capability to perform, if the transfer would not be in the government’s interest, or if there are unresolved compliance issues with the contracts being transferred. Denial is relatively rare but is a real risk for poorly capitalized buyers, buyers in financial distress, or buyers acquiring a target with significant compliance problems.

3. CFIUS Review for Foreign Acquirers

The Committee on Foreign Investment in the United States (CFIUS), under 50 U.S.C. §4565 (Section 721 of the Defense Production Act), reviews transactions in which a foreign person acquires control of a U.S. business, or makes certain non-controlling investments in U.S. critical technology, infrastructure, or sensitive personal data businesses. Federal contractor M&A with a foreign acquirer almost always implicates CFIUS.

Mandatory and voluntary filings

CFIUS filings come in two forms. Voluntary filings are submitted by parties who choose to seek CFIUS approval to obtain comfort that the transaction will not be unwound post-close. Mandatory filings are required by regulation for certain transactions (typically involving critical technology, certain critical infrastructure, or transactions involving foreign government interests). The mandatory filing categories are defined under 31 C.F.R. Part 800. Penalties for failure to file a mandatory filing can be substantial.

Process and timeline

CFIUS review proceeds in stages: declaration (a short-form notice, 30-day review), notice (the full filing, 45-day initial review plus possible 45-day investigation), and (if needed) presidential decision (15 days). Mitigation agreements may extend the timeline. Many federal contractor deals proceed with both a CFIUS notice and the underlying transaction in parallel, with closing conditioned on CFIUS clearance.

Mitigation

CFIUS frequently approves transactions subject to mitigation agreements that address national security concerns. Common mitigation structures include: separation of sensitive operations from foreign owner influence, security board structures with U.S. citizen majorities, restrictions on access to certain information, U.S. government monitors or compliance officers, and ongoing reporting and audit obligations. Mitigation can materially affect deal economics and operational integration plans.

Outbound investment regulations

Beyond inbound foreign investment, the U.S. has expanded outbound investment regulation, including the Outbound Investment Security Program (effective 2025) under Executive Order 14105 that restricts certain U.S. investments in covered foreign country activities in semiconductors, quantum information technologies, and AI. Federal contractor M&A involving cross-border deal structures needs to consider both CFIUS (inbound) and outbound investment review.

4. FOCI Mitigation Under NISPOM

Foreign Ownership, Control, or Influence (FOCI) under the National Industrial Security Program Operating Manual (NISPOM, codified at 32 C.F.R. Part 117) governs how cleared U.S. companies under foreign ownership maintain access to classified information. FOCI mitigation is required when a cleared contractor is acquired (directly or indirectly) by a foreign person.

Triggering FOCI

FOCI is triggered by ownership, control, or influence by foreign persons. Direct ownership above 5 percent typically requires reporting; ownership above specific thresholds requires more detailed analysis. Indirect ownership through holding companies and investment vehicles is traced through to the ultimate beneficial owners. FOCI applies even where the foreign owner does not exercise active control because the test is the potential for influence, not just current exercise.

Mitigation instruments

DCSA-administered FOCI mitigation comes in several forms with increasing levels of insulation between foreign owner and cleared U.S. operations: Board Resolution, Security Control Agreement, Special Security Agreement, Voting Trust Agreement, and Proxy Agreement. The more restrictive instruments require U.S. cleared individuals to control the cleared U.S. operations independent of the foreign owner. The choice of mitigation instrument is negotiated between DCSA and the parties based on the type and extent of foreign ownership, the sensitivity of the cleared work, and the specific national security concerns.

Pre-close negotiation

FOCI mitigation is typically negotiated and put in place before the cleared transaction closes. The mitigation framework can affect deal value because the more restrictive mitigation instruments limit foreign owner involvement in the U.S. business. CFIUS reviews and FOCI mitigation often proceed in parallel and coordinate on the structure.

5. Facility Security Clearance Transfer

A facility security clearance (FCL) is held by the legal entity (the cleared contractor) and is sponsored by the contracting agency. When a cleared contractor is acquired or merged, the FCL does not automatically transfer; it has to be handled through DCSA depending on the transaction structure.

Stock acquisitions

In a stock acquisition, the cleared legal entity continues to exist with its FCL intact, only the ownership changes. DCSA still requires notification of the change in ownership and (depending on the buyer’s profile) may require updated FOCI mitigation, change condition reporting, or KMP (Key Management Personnel) updates. The FCL itself typically remains active throughout.

Asset acquisitions

In an asset acquisition, the cleared contracts and the cleared facilities transfer to the buyer’s entity. If the buyer’s entity already holds an FCL, the cleared work can usually transition into that FCL. If the buyer’s entity does not hold an FCL, the buyer either needs to obtain a new FCL (a process that can take many months) or restructure the transaction. Asset acquisitions of cleared contractors require careful pre-close FCL planning.

Mergers

Mergers handle FCLs depending on the structure. Statutory mergers where the surviving entity is the buyer’s existing cleared entity typically preserve the FCL. Mergers where the surviving entity is the target may preserve the target’s FCL. Mergers that create a new legal entity may require a new FCL.

Personnel clearances

Individual security clearances are held by the person, sponsored by the cleared employer, and continue with reasonable continuity when the employee transitions to a new cleared employer. Personnel clearance handoff during M&A is usually smoother than facility clearance handoff because the clearances belong to the people rather than to the company. Buyers who acquire cleared workforces still need to plan personnel clearance sponsorship and reciprocity processes for the new employer relationship.

6. Size Recertification and Set-Aside Status

M&A involving a small business contractor triggers size recertification under 13 C.F.R. §121.404(g). The recertification can change the target’s eligibility for set-aside follow-on awards and can affect the value of the target’s contract portfolio post-close.

Effect on existing contracts

A small business target acquired by a large business typically loses small business status for future set-aside awards. The existing contracts continue under their original terms in most cases, although some agencies have administrative practices that disfavor option exercises with newly-large contractors on set-aside contracts. The target’s pipeline of set-aside follow-on opportunities, however, becomes unavailable because the post-acquisition entity no longer qualifies as small.

Effect on option exercises

When the agency exercises an option on a set-aside contract held by an acquired small business, the contractor’s small business status is generally not re-checked for that contract. The contract continues. For long-term contracts (over five years including options), recertification can occur at the five-year mark and at each subsequent option exercise.

Affiliation post-close

After acquisition, the acquired company is generally affiliated with its new parent for size purposes. Future set-aside bids by the acquired entity have to count the parent’s receipts and employees toward its size. The effect is that an acquired small business is functionally a large business for set-aside purposes going forward, even if the operating subsidiary’s standalone size remains below the threshold.

Deal value implications

The size recertification effect means that a small business target’s pipeline of set-aside opportunities is often substantially valued in the deal price. Buyers paying premiums for that pipeline need to confirm that the pipeline value is realistic given that follow-on set-aside awards will not be available post-close. Sellers need to clearly disclose the set-aside contract base and the size status, with appropriate representations and warranties.

7. Hart-Scott-Rodino and Antitrust Considerations

Most federal contractor M&A transactions above the Hart-Scott-Rodino Antitrust Improvements Act thresholds (15 U.S.C. §18a) require premerger notification to the FTC and DOJ. The 2025 HSR threshold sits in the $126.4 million range, with the size-of-person test at $25.3 million / $252.9 million (adjusted annually).

HSR filing

HSR requires both parties to file a notification with the FTC and DOJ, after which a 30-day waiting period runs (15 days for cash tender offers). During the waiting period, the parties can close only if both agencies grant early termination or allow the waiting period to expire. Either agency may issue a Second Request for additional information, which extends the waiting period significantly.

Substantive antitrust analysis

Federal contractor M&A can raise substantive antitrust concerns where the buyer and target compete on specific federal procurements or in defined federal contracting market segments. The agencies analyze market definitions specific to federal procurement: relevant product markets often turn on specific capabilities, contract vehicles, or customer agencies. Deals that consolidate top bidders on specific large procurement vehicles can attract careful review.

Remedies

Antitrust remedies in federal contractor M&A can include divestiture of overlapping business lines, behavioral commitments, or (in extreme cases) blocking the transaction. The Department of Defense often weighs in on the analysis of defense industrial base consolidation effects. Buyers and sellers planning consolidating transactions in concentrated federal markets need to start the antitrust analysis early.

8. Federal-Specific Due Diligence

Standard M&A due diligence covers financial, tax, employment, and corporate matters. Federal contractor M&A adds a substantial layer of federal-specific diligence that often runs in parallel with the standard categories.

Contract portfolio review

A complete review of the target’s federal contracts: current values, expiration dates, option exercise dates, type (cost-reimbursement, fixed-price, T&M, IDIQ task order), customer agencies, set-aside status, FCL requirements, performance history, claim and dispute history, and pending or recent contracting officer actions. The contract portfolio review identifies the value being acquired and the regulatory encumbrances.

FCA exposure assessment

False Claims Act exposure is one of the most consequential due diligence categories because FCA liability survives the transaction. The target’s FCA history, pending qui tam cases, government investigations, internal compliance program quality, and known compliance gaps all need to be assessed. Treble damages and per-claim penalties under 31 U.S.C. §3729 can produce nine-figure exposures from issues that look minor in isolation. Our companion guide on False Claims Act qui tam litigation covers the FCA framework in more depth.

OFCCP and employment

For federal contractors subject to OFCCP affirmative action requirements, OFCCP audit history, conciliation agreements, current AAP status, and pending OFCCP proceedings all need to be reviewed. Outstanding OFCCP exposure can produce significant back pay liability.

Cybersecurity compliance

CMMC certification status (or readiness), NIST 800-171 implementation, DFARS 252.204-7012 compliance, and cyber incident history are increasingly important diligence items. The Civil Cyber-Fraud Initiative since October 2021 has elevated cybersecurity false certification as an FCA exposure category. Buyers need to assess the target’s actual cyber compliance posture, not just the certifications on paper.

OFAC and ITAR

For targets with export controlled work, ITAR and EAR compliance, OFAC sanctions history, voluntary disclosures, and current registration status all need review. Past violations can produce post-close enforcement that the buyer will inherit.

Past performance and CPARS

The target’s Contractor Performance Assessment Reporting System (CPARS) ratings affect its competitive positioning. Negative CPARS ratings can carry forward to the acquired entity and affect future award decisions. Past performance reviews are part of the diligence picture.

9. Representations, Warranties, and Integration

Federal contractor M&A transactions need representations and warranties tailored to the federal contracting overlay. Generic commercial transaction reps often miss the specific risks that drive federal contracting deals.

Federal-specific representations

Typical federal-specific representations include: compliance with applicable FAR and agency supplement provisions; absence of pending size protests, status protests, or CDA claims; current FCL status and absence of FOCI mitigation issues; absence of pending FCA matters or qui tam cases; truthful and complete responses to government data calls; compliance with cybersecurity safeguarding requirements; compliance with OFCCP affirmative action requirements; valid set-aside certifications where applicable; absence of pending suspension or debarment; compliance with FAR Part 31 cost principles; and accurate Yoast set-aside status. Each rep needs to be tailored to the specific deal.

Indemnification

Indemnification provisions in federal contractor M&A often include extended survival periods for FCA, tax, and certain compliance matters, given the longer statutes of limitations and the magnitude of potential exposure. Caps and baskets need to be calibrated to the realistic exposure on the federal-specific categories.

Representations and warranties insurance

R&W insurance is increasingly common in federal contractor M&A. The policies typically exclude known matters and may exclude or cap coverage for FCA, suspension and debarment, and certain compliance areas. Coverage details should be reviewed carefully against the federal-specific exposures.

Post-close integration

Integration planning has to address: novation completion and contract handoff; FCL transition and FOCI mitigation implementation; clearance sponsorship migration for personnel; CPARS reporting continuity; subcontracting plan integration; cost accounting system alignment (for cost-reimbursement contracts); employee retention through the recompete cycles ahead; CMMC and cybersecurity compliance unification; and customer relationship continuity. The integration plan should be drafted before close so that day one operations are predictable.

10. How Shin Law Office Approaches Federal Contractor M&A

My practice on federal contractor M&A covers: pre-deal structuring counsel (stock versus asset, novation strategy, FCL planning); CFIUS and FOCI analysis and filings; federal-specific due diligence on contract portfolio, FCA exposure, OFCCP, cybersecurity, and OFAC/ITAR; novation package preparation and contracting officer engagement; size recertification analysis; representations, warranties, and indemnification drafting; and post-close integration including novation completion, FCL transition, and compliance system alignment. I work alongside corporate M&A counsel in most transactions.

When a buyer, seller, or target calls me about federal contractor M&A, the first conversation typically covers: the proposed deal structure; the target’s federal contract portfolio and certifications; the parties involved (including any foreign acquirer); the timeline; the specific federal-side concerns identified by the corporate team; and the integration objectives. Early engagement reduces deal risk because most federal contracting issues are easier to address at the term sheet stage than at the diligence stage.

The first consultation is offered without obligation, usually takes one to two hours, and is protected by attorney-client privilege.

Summary

Federal contractor M&A adds a substantial layer of federal-specific overlay onto standard M&A practice. The Anti-Assignment Act and FAR 42.1204 require novation for contract transfers in most asset acquisitions. CFIUS review under 50 U.S.C. §4565 applies to most transactions with foreign acquirers. FOCI mitigation under NISPOM applies to cleared targets under foreign ownership. Facility security clearance transfer requires DCSA coordination. Size recertification under 13 C.F.R. §121.404(g) can void set-aside follow-on eligibility. Hart-Scott-Rodino premerger notification applies at the regulatory thresholds. Federal-specific due diligence covers contract portfolio, FCA exposure, OFCCP, cybersecurity, OFAC/ITAR, and past performance. Representations, warranties, and integration planning all need federal contracting overlay. Federal contracting counsel and corporate M&A counsel coordinating from term sheet through integration is the consistent practice for transactions where the federal contracting overlay matters.

Frequently Asked Questions

Anthony I. Shin, Esq.

PRINCIPAL ATTORNEY

Practice Areas
Meet Our Team
Shin Law Office, PLC
Leesburg, VA

 

Related Guides

References