Skip to main content
FOCI in Focus Webinar Series — Part Two

Tracing Foreign Ownership in FOCI Risk Assessments

The Australian Government has made FOCI assessments mandatory in technology procurement. Central to every assessment is a deceptively difficult question: who ultimately owns or controls the vendor? Join practitioners from Solvyr and Sayari for real-world lessons on where these assessments go wrong — and how to get them right.

Wednesday, 13 May 2026 · 11am AEST
Free
With: Solvyr Sayari
Webinar Registration
Reserve your free seat for 13 May

Can’t attend live? Register and we’ll send you the full recording within 24 hours.  Privacy Policy

Mandatory
Assessment
Australian Government Policy
The Department of Home Affairs has made FOCI assessments a mandatory part of technology procurement — with official guidance now in place
190+
Jurisdictions to Navigate
Beneficial ownership structures can span dozens of countries, each with different registry standards, languages, and disclosure requirements
Hidden
Control
The Core Risk
Corporate structures can be deliberately complex — and critical records are often buried in foreign-language registries beyond the reach of most procurement teams
The Assessment Gap

FOCI assessments are now mandatory. But the question at the centre of every one — who really owns this vendor? — is harder than it looks.

The Australian Government has made FOCI assessments a core component of technology procurement, with the Department of Home Affairs releasing official guidance to help agencies identify and manage foreign ownership, control, or influence risks across their supplier base.

The problem isn’t understanding that ownership matters. It’s actually tracing it. Corporate structures can be deliberately layered across multiple jurisdictions. Nominee directors, shell vehicles, and intermediate holding companies can obscure the real controlling interest across four, five, or six ownership tiers. Critical registry records are often held in foreign languages — Mandarin, Russian, Arabic — beyond the reach of most procurement teams working with standard research tools.

The result: assessments that clear vendors based on incomplete ownership pictures — leaving agencies exposed to exactly the FOCI risk they were designed to prevent.

In this session, Bianca Puglisi from Solvyr shares hands-on experience conducting complex beneficial ownership assessments for Australian Government clients — including the patterns that repeat, the structures that conceal, and the moments where standard research hits a wall. David Huggett from Sayari will demonstrate how Sayari Graph surfaces hidden ownership relationships buried in foreign corporate registries.

DHA FOCI Guidance

The Department of Home Affairs has issued official guidance requiring agencies to assess foreign ownership, control, or influence as part of technology procurement decisions. Understanding the ultimate beneficial owner is central to every assessment.

Security of Critical Infrastructure Act

The SOCI Act imposes positive security obligations on owners and operators of critical infrastructure assets, including requirements to identify and manage foreign ownership risks across the supply chain.

Protective Security Policy Framework

The PSPF requires Australian Government entities to manage risks from foreign interference, including vetting suppliers for FOCI exposure as part of procurement and contract management.

Session Agenda

What you will learn

Practitioner-focused content from teams who conduct these assessments for real. Here’s what we’ll cover on 13 May:

01 — Ownership

Why Tracing Ultimate Beneficial Ownership Is Harder Than It Looks

The gap between what ownership disclosures say and what corporate registries reveal — and the structural reasons that beneficial ownership is routinely underreported or obscured.

02 — Structures

How Complex, Multi-Jurisdictional Structures Are Used to Obscure Foreign Control

Patterns from real FOCI assessments: the jurisdictions most commonly used to layer ownership, the nominee and holding company structures that conceal control, and how to recognise them.

03 — Real-World

Real-World Lessons from Beneficial Ownership Assessments

Bianca Puglisi from Solvyr shares hands-on stories from FOCI assessments in the Australian context — including where they go wrong and what a defensible assessment actually looks like.

04 — Live Demo

How Sayari Graph Surfaces Hidden Ownership in Foreign Registries

A live demonstration of how Sayari Graph connects ownership records across 190+ jurisdictions — surfacing relationships that manual research and name-based screening routinely miss.

Who Should Attend

Built for procurement, security, and risk professionals

Australian Government procurement officers, ICT security advisors, whole-of-government risk managers, and compliance professionals who are responsible for identifying and managing FOCI risk in their agencies.

The Research Gap

What Sayari Graph sees that manual research doesn’t.

Traditional FOCI Assessment Approach
foci_assess({ vendor: “TechCo Solutions Pty Ltd”, method: “manual_registry_search” }) result: { registered_owner: “Pacific Holdings Ltd”, jurisdiction: “Singapore”, tier_2_owner: // REGISTRY UNAVAILABLE tier_3_owner: // NOT ASSESSED ultimate_beneficial_owner: // UNKNOWN foreign_language_records: // NOT ACCESSED } // Assessment cleared. // Agency proceeds with procurement. RISK: controlling interest undisclosed
Sayari Graph — Cross-Registry Ownership Trace
sayari.trace_ownership(“TechCo Solutions Pty Ltd”) result: { tier_1: “Pacific Holdings Ltd, SG”, tier_2: “Meridian Capital HK Ltd”, tier_3: “Jiangsu State Asset Mgmt”, state_ownership: confirmed, PRC entity, records_accessed: CN / HK / SG registries, foci_flag: RAISED — state-linked UBO } // Assessment outcome: escalated. // Evidence package: documented. ASSESSED: ownership traced to origin
Featured Speakers

Practitioners who do this work.

A practitioner conversation from the people conducting FOCI assessments in the Australian context — and building the tools that power them.

BP
Bianca Puglisi
Operations Manager
Solvyr
DH
David Huggett
Sayari
Sayari
Frequently Asked Questions

Everything you need to know

Common questions about the session, FOCI assessments in Australia, and how Sayari supports them.

A FOCI (Foreign Ownership, Control, or Influence) assessment is a formal process to determine whether a vendor is owned or controlled by foreign interests that could create national security or data sovereignty risks. The Australian Department of Home Affairs has made these assessments a mandatory part of technology procurement, with official guidance requiring agencies to trace the ultimate beneficial ownership of technology vendors before engaging them.
Corporate ownership structures can span multiple jurisdictions, each with different registry access rules, disclosure thresholds, and language requirements. Nominee directors, intermediate holding companies, and trust structures are commonly used — sometimes deliberately — to create distance between an entity and its ultimate owner. Records in key jurisdictions such as China, Russia, and the Middle East are often held in local languages and accessible only through local registries, placing them beyond the reach of standard English-language research tools.
The registered owner of a company is the entity formally listed as owning shares in a corporate registry — this is often an intermediate holding company, not a natural person or ultimate controlling entity. The ultimate beneficial owner (UBO) is the individual or entity that ultimately owns or controls the company, often through a chain of intermediary entities. FOCI assessments require identifying the UBO, not just the registered owner — which is why single-tier registry searches are insufficient.
Sayari Graph aggregates corporate registry data from 190+ jurisdictions — including foreign-language registries in China, Russia, and the Middle East — and connects it into a unified ownership graph. This allows analysts to trace ownership chains across multiple tiers and jurisdictions in a single workflow, surfacing relationships that are invisible to manual research. Sayari also integrates sanctions lists, enforcement data, and trade records, giving analysts a comprehensive picture of a vendor’s risk profile.
Solvyr is a sovereign Australian cyber security and risk advisory firm specialising in complex beneficial ownership assessments for government and enterprise clients. In this session, Bianca Puglisi from Solvyr shares hands-on experience from FOCI assessments conducted in the Australian context — including the ownership structures most commonly encountered, the points where assessments typically break down, and what a genuinely defensible assessment looks like in practice.
Yes. While the session is anchored in the Australian FOCI context, the underlying challenge — tracing beneficial ownership across complex multi-jurisdictional corporate structures — is universal. The techniques, tools, and failure modes discussed are directly applicable to FOCI assessments in the US, UK, Canada, and Five Eyes partners, as well as to KYC, sanctions compliance, and supply chain due diligence programs globally.
Yes. Registration is free for the live session on Wednesday, 13 May at 11am AEST. All registrants receive on-demand access to the full recording within 24 hours of the event, also at no cost.

Trace ownership. Defend every FOCI assessment.

Join Bianca Puglisi from Solvyr and David Huggett from Sayari on 13 May for a practitioner conversation on what it actually takes to trace beneficial ownership in the Australian FOCI context.

Register Free — 13 May Request a Sayari Demo →