- with readers working within the Advertising & Public Relations industries
The Federal Communications Commission (FCC) recently penalized violations of a Team Telecom mitigation agreement through a consent decree, resolving an Enforcement Bureau investigation into Marlink, a provider of satellite communications and digital services. The January 8, 2026 consent decree, arrives amid a broader shift in federal oversight that treats communications network governance and data handling as national security imperatives, and increasingly penalizes violations of national security agreements with the government.
Background
Team Telecom—formally known as the interagency Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector—was established by Executive Order in 2020. The FCC, exercising authority under the Communications Act (including Section 214 and Title III), refers applications to provide telecommunication services that present foreign ownership or other national security, law enforcement, or foreign policy considerations for Executive Branch review. Typically, those cases have involved (1) applications for international Section 214 authorizations and submarine cable landing licenses, (2) applications to assign, transfer control or modify such authorizations and licenses where the applicant has reportable foreign ownership, and (3) petitions to exceed foreign ownership thresholds applicable to broadcast licenses under Section 310(b). Where risks are identified, Team Telecom frequently negotiates Letters of Assurance (LOAs) (as well as more formal National Security Agreements, collectively known as mitigation agreements) that impose binding operational, access, and reporting controls. The FCC then incorporates those commitments as express conditions on affected Section 214 authorizations, radiofrequency licenses, and other authorizations, making adherence enforceable under the Communications Act.
In recent years, the FCC has intensified engagement with the Executive Branch's national security review of telecommunications matters, pairing that approach with structural reforms to international Section 214 oversight. Those reforms include expanded foreign ownership disclosures, cybersecurity attestations, and routine referrals to Team Telecom for entities with risk indicators. In parallel, the Committee on Foreign Investment in the United States (CFIUS) has increased monitoring and sanctions for mitigation failures and misstatements—issuing more penalties in 2023–2024 than in its prior five decades combined, publicly disclosing a $60 million penalty against a major telecommunications company for breaches of a national security agreement, and publishing a rule to increase maximum civil penalties to $5 million per violation while expanding investigative and subpoena tools. The FCC likewise took enforcement action in 2024 involving Liberty Latin America affiliates related to Team Telecom LOA and CPNI breach-notification rules, imposing a civil penalty and strengthened data governance and vendor oversight.
The Marlink Order and Consent Decree
The FCC determined that Marlink breached national security mitigation commitments that had been incorporated as conditions of the company's international Section 214 authorization and earth-station licenses. Those commitments, arising from a 2022 LOA with the Department of Justice (on behalf of the Team Telecom agencies), required Marlink to implement strict controls on foreign-person employee access to specified US communications infrastructure and customer information, and to provide DOJ with at least 30 days' notice before granting such access to any foreign employee.
According to the Enforcement Bureau's investigation, Marlink permitted extensive access by foreign-person employees without the required prior DOJ notification. Of 303 foreign-person employees with access to US records and domestic communications infrastructure, 186 were not submitted to DOJ for advance vetting. DOJ ultimately approved access for those individuals, but only after the FCC had commenced its investigation. The Bureau attributed the noncompliance in part to an inadequate manual screening process and noted that Marlink undertook remedial steps to strengthen procedures once the issue surfaced. DOJ referred the matter to the FCC.
The Consent Decree
The consent decree resolves the FCC's investigation with a monetary payment and a detailed compliance plan that resets governance expectations for Marlink. As part of the settlement, Marlink agreed to make a $175,000 voluntary contribution to the U.S. Treasury. The decree also mandates a comprehensive compliance program designed to ensure that foreign access controls and DOJ notifications are implemented faithfully and consistently going forward.
The decree requires the designation of a senior Compliance Officer with subject-matter knowledge of the LOA and licensing conditions. It obligates Marlink to establish formal operating procedures that embed vetting checks into onboarding and access-granting workflows, coupled with systems to process, manage, and track all DOJ notifications. A written compliance manual must be distributed to covered personnel and kept current. A training program must be rolled out within defined timeframes and refreshed annually, with specific instruction on recognizing and reporting noncompliance. The decree also compels periodic compliance reporting to the FCC at 90 days and annually over a three-year term, along with prompt notice of any noncompliance within 30 days of discovery.
Key Takeaways for Businesses
The FCC framed the matter as adding "real teeth" to Team Telecom's commitments to safeguard national security and the integrity of US communications networks. This signals that national-security-driven enforceable obligations—whether agreed pursuant to the FCC's Team Telecom process or CFIUS authorities—will continue to be a focus of the Executive Branch, with real financial and operational consequences.
Companies subject to Team Telecom or CFIUS mitigation commitments should take several actions in light of the FCC's consent decree with Marlink. First, verify that foreign-access screening and notice obligations are embedded in automated identity and access management workflows rather than manual processes. Second, companies should confirm that responsibility sits with an accountable senior compliance owner. Finally, companies should maintain auditable evidence, align training to LOA triggers and timelines, and perform periodic internal testing against the specific metrics required by any LOA.
Visit us at mayerbrown.com
Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.
© Copyright 2026. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.
