A perspective from Ilya Levtov, CEO of Craft.co
Last week, Craig Singleton of the Foundation for Defense of Democracies testified before the U.S. Senate Committee on Health, Education, Labor, and Pensions. I read it carefully and think every procurement leader at a major research university should do the same.
Not because it is alarming. Because it is clarifying.
The Department of Education’s new foreign funding transparency portal shows that U.S. universities have reported roughly $405 million in transactions with entities already flagged on U.S. government watchlists. That includes approximately $213 million tied to entities on the Commerce Department’s Entity List and $49 million connected to firms on the DoD’s list of Chinese military companies.
These are not obscure designations. These are published, public lists. And universities engaged with these counterparties anyway.
The testimony is fair about why. Universities often entered these relationships without full knowledge of who they were dealing with. The structural problem is straightforward: institutions are being asked to navigate complex geopolitical risk without consistent federal guidance, standardized due diligence frameworks, or adequate tools.
That is the real problem. Not bad intent. Inadequate infrastructure.
The Part Most Procurement Leaders Do Not Want to Hear
There is a tendency in higher education procurement to treat national security risk as someone else’s problem. The research security office handles it. Legal reviews contracts. The provost signs off on partnerships. Procurement executes.
That division of labor made sense in a different era. It does not hold today.
A multi-campus university system manages thousands of vendor relationships across research, technology, facilities, and services. Every one is a potential entry point. The supplier providing laboratory equipment may be a subsidiary of a firm on the Entity List. The software vendor supporting a research computing environment may have ownership ties to entities under Treasury sanctions.
Procurement teams source, evaluate, onboard, and manage those relationships. That means procurement teams are, whether they would prefer it or not, on the front lines of institutional security.
A point-in-time review at contract signing does not give you the understanding you need. It gives you a snapshot of a moment that is already in the past.
Why AI Changes This
For years, the honest answer to “how do procurement teams screen for foreign influence risk?” was: manually, inconsistently, and slowly.
A compliance officer runs a name against a watchlist. A sourcing analyst does a Google search. A risk team reviews a questionnaire the supplier filled out themselves. None of these methods scale. None update continuously. And none surface what is happening at the second or third tier of a supplier’s ownership structure, which is exactly where sophisticated foreign influence tends to operate.
At Craft, our platform aggregates and continuously monitors over 1,300 data streams covering financial, geopolitical, cyber, and compliance risk. We cross-reference supplier profiles against government watchlists, sanctions lists, and restricted entity registers in real time, not at contract renewal. Procurement teams can evaluate suppliers across all major risk dimensions in hours, not weeks. And we do not rely on self-reported data from the suppliers themselves.
The U.S. Department of Energy has already answered the capability question for its own programs. The DoE selected Craft to screen applicants for federal research awards to detect foreign influence. What previously took weeks now runs in hours. That same capability is available to university procurement teams today.
What Is Actually at Stake
The Senate testimony is explicit: institutions that accept federal research dollars should meet clear transparency and research security standards, and those unwilling to implement those safeguards should not expect to continue receiving federal research funding.
For a major research university system, that is serious. Multi-campus public universities receive billions in federal research support annually. The Department of Education’s foreign funding portal is not a compliance destination. It is the beginning of a compliance regime that will get more demanding. Procurement teams still relying on annual reviews and self-reported supplier surveys will not be ready for what comes next.
There is also a mission question that matters as much as the regulatory one. When research conducted on a campus ends up strengthening the military capabilities of an adversarial state, the mission is compromised at its core. Procurement teams that take this seriously are not just managing regulatory exposure. They are protecting the integrity of the work being done inside the institution.
Four Questions Worth Asking Now
University procurement leaders should be able to answer four questions about their current operations:
- Do we have continuous, real-time visibility into the ownership and government affiliations of every active supplier? Not just at onboarding. Not just at renewal. Continuously.
- Are our supplier profiles cross-referenced against all relevant U.S. government watchlists? Including the Section 1286 list, the 1260H list of Chinese military companies, the OFAC sanctions list, and the FCC covered list.
- Can we evaluate geopolitical risk at the second and third tier of our supplier network? Or does our visibility stop at the direct supplier relationship?
- Do we have documented due diligence processes that would survive scrutiny from a federal oversight body? Not a policy on paper. A demonstrated, repeatable process with records.
If the honest answer to any of those questions is no, there is a gap. And that gap sits squarely in procurement’s domain to address.
Craft.co provides AI-powered supplier intelligence to procurement and risk teams at leading research institutions, government agencies, and Fortune 100 companies. To learn how Craft helps higher education procurement teams identify and monitor foreign influence risk in their supplier networks, request a demo at craft.co.