If a company has one or more Organizational Conflicts of Interest (“OCIs”), its ability to compete for (and perform) a government contract in a fair and equitable manner is inherently called into question. In the context of a bid protest, this may be one of the most overlooked but “sharpest” grounds that may be available to a protester. In short, an OCI is an instance where “because of other activities or relationships with other persons [or entities], a person [or entity] is unable or potentially unable to render impartial assistance or advice to the Government, or the person’s objectivity in performing the contract work is or might be otherwise impaired, or a person has an unfair competitive advantage.” FAR 2.101. Understanding the three types of OCIs and the situations in which each typically arises is critical in order for disappointed offerors to execute this riposte in the face of a flawed contract award.
Pursuant to FAR Subpart 9.5, agencies are required to investigate whether actual (or potential) OCIs may impact a procurement and take steps—often with the assistance of the potentially conflicted contractor—to mitigate or effectively neutralize such conflicts as early as possible in the acquisition process. Indeed, an OCI protest decision typically turns on the reasonableness of the agency contracting officer’s OCI investigation; that is, so long as the contracting officer has investigated the existence of a potential OCI and, in the event a potential OCI exists, reasonably determined whether the conflict has been adequately mitigated (or waived), the General Accountability Office (“GAO”) will likely defer to the contracting officer’s findings.
Although agencies have broad discretion when evaluating potential OCIs, that discretion isn’t unlimited. The recent decision in Steel Point Solutions, LLC, B-419709 et al., July 7, 2021 (“Steel Point”), underscores this point. In this case, the GAO sustained the protest on the ground that the agency failed to adequately consider the extent of potential OCIs arising from the awardee’s ongoing performance of two other agency contracts. This decision not only illustrates what an agency must consider for a proper OCI analysis and mitigation but also serves as another real-world example of when OCIs may arise—in this case, an “impaired objectivity” OCI.
OCIs in a Nutshell
OCIs are categorized into three types:
- Impaired Objectivity: This type of OCI may arise in a situation where an agency requests that a contractor either (1) evaluate goods or services that the contractor—or one of its affiliates—provides or (2) make recommendations concerning current or future agency programs that impact the contractor’s bottom line. See, e.g., L-3 Services, Inc., B-400134.11 et al., Sept. 3, 2009, 2009 CPD ¶ 171. When evaluating this type of OCI, the GAO looks to “whether a firm is in a position to make judgments or recommendations that would have the effect of directly influencing its own well-being.” Steel Point, supra (citing L-3 Services, supra, at 14). This is the OCI at issue in the Steel Point decision discussed below.
- Biased Ground Rules: This second type of OCI may arise when a contractor (or its affiliate) develops the requirements for a new acquisition and later competes for the resulting contract. These situations “may also involve a concern that the firm, by virtue of its special knowledge of the agency’s future requirements, would have an unfair advantage in the competition for those requirements.” L-3 Services, supra (citing Foundation Health Fed. Servs., Inc., B-254397.15 et al., July 27, 1995, 95–2 CPD ¶ 129).
- Unequal Access to Information: This third type of OCI may arise when, as a result of performing a government contract, a contractor acquires nonpublic, source selection sensitive information or the proprietary information of other companies. See FAR 9.505-4. Contractors should keep in mind that an unequal access to information OCI is typically not triggered by the “inside” knowledge that incumbents possess, unless the incumbent had access to government-provided proprietary or nonpublic source-selection-sensitive information.
The Steel Point Protest
In the acquisition underlying the Steel Point decision, the National Geospatial-Intelligence Agency (“NGA”) issued a request for proposal (“RFP”) contemplating the award of an indefinite-delivery, indefinite-quantity services contract to “design, build, and operate a corporate automation implementation center (“CAIC”),” which required the awardee to both analyze the agency’s business processes and recommend solutions for improving or streamlining those processes. After evaluation of proposals, the NGA selected Deloitte Consulting LLP (“Deloitte”) as the awardee.
In response to the award decision, the protester alleged that the award of the CAIC contract to Deloitte created impaired objectivity OCIs in light of three other NGA contracts (for cybersecurity risk management/assessment services and human resources management services) that Deloitte was currently performing as a subcontractor. While the GAO found no OCI in regard to Deloitte’s performance of the NGA human resources management services, it did find that impaired objectivity OCIs arose in regard to Deloitte’s performance of the two other NGA contracts. Coupled with Deloitte’s failure to mitigate the potential OCIs and the CAIC contracting officer’s insufficient investigation and evaluation of the potential OCIs, GAO sustained Steel Point Solution’s protest.
The first Deloitte contract determined to create a potential OCI in light of the CAIC award was a task order issued under the NGA’s EMERALD contracting program that required Deloitte to provide consulting services on the NGA’s information technology (“IT”) investment/divestment and budget prioritization decisions. The GAO found that under this task order, the second type of impaired objectivity OCI could arise (i.e., when a contractor makes recommendations concerning current or future agency programs that impact the contractor’s bottom line). In the GAO’s view, the potential arose for Deloitte to recommend the purchase of IT products the NGA would then acquire under the CAIC contract (potentially from Deloitte). Although the NGA’s CAIC contracting officer had investigated whether Deloitte’s performance of the EMERALD task order, in connection with the CAIC award, would give rise to an impaired objectivity OCI, and “concluded that the [EMERALD task order] prime contractor had presented a broad OCI mitigation strategy that would require it to implement a firewall in the event that Deloitte was faced with an OCI situation[,]” the GAO determined that the contracting officer’s finding that Deloitte did not have an impaired objectivity OCI was not supported by the record. In particular, the GAO determined that record failed to indicate whether the EMERALD task order prime contractor actually created the proposed firewall or whether the contracting officer actually considered Deloitte’s performance under the EMERALD task order resulted in the second type of impaired objectivity OCI.
Pursuant to the second Deloitte contract—for Cybersecurity Risk Management and Assessment (“CRMA”) services—Deloitte facilitated the review and approval of all NGA information systems in addition to, among other requirements, conducting security assessments of agency information systems on behalf of the NGA’s Chief Information Security Office. Prior to submitting its proposal for the CAIC award, Deloitte recognized that its performance of the current CRMA contract and the CAIC contract presented the potential for the second type of impaired objectivity OCI “because it could be in the position of having to review any request for the granting of an ATO [“authority to operate”] for products furnished under the CAIC contract as part of its responsibilities under the CRMA contract.” Although Deloitte had submitted an OCI mitigation plan under both its CRMA contract and CAIC proposal, the GAO noted that the contracting officer’s OCI analysis—performed only after Steel Point’s protest had been filed—was untenable.
Although the contracting officer acknowledged that parallel performance of the two contracts could give rise to an impaired objectivity OCI, he or she ultimately concluded that Deloitte could recuse itself from performing under the CRMA contract when it may be called on to review its work under the CAIC contract. Yet, as noted by the GAO, Deloitte failed to make a specific commitment under its CRMA contract to recuse itself from reviewing any activities that may be performed under the CAIC contract. Further, Deloitte’s CRMA mitigation plan had already included a commitment not to pursue contracting opportunities involving NGA systems development activities that could create an OCI, which the GAO found to be inconsistent with Deloitte’s submission of a proposal for the CAIC contract. In conjunction with the absence of a detailed OCI mitigation plan in Deloitte’s CAIC proposal, the record did not support the contracting officer’s conclusion that Deloitte is committed to (or would commit to) recusing itself from performing under the CRMA contract when it might be called on to review its work under the CAIC contract.
Takeaways for Contractors
As discussed previously, identifying one or more OCIs as protest grounds can be a devastating maneuver when challenging a contract award. But OCIs are a double-edged sword. As agencies increasingly task contractors to provide advisory services under which those companies may be exposed to proprietary or source selection sensitive information, OCIs continue to present risk for every government contractor—including those that rarely serve as primes. Therefore, having in place an internal process that effectively identifies and mitigates a potential OCI during the early proposal stage should be the goal of every responsible federal contractor. To this end, the Steel Point decision provides some key takeaways for identifying and mitigating potential OCIs:
- Consistent internal communication between a contractor’s internal groups (g., business operations, management, contracting, legal) is critical to remaining cognizant of developing, potential OCIs from ongoing federal contracting work, including related subcontracting and/or teaming arrangements.
- Contractors that identify potential OCIs early in the proposal process must formulate a detailed, workable mitigation strategy for inclusion in their proposal and/or teaming agreement. Simply relying on a “generic” OCI mitigation strategy not specifically keyed to a contractor’s ongoing contract performance and the terms of a particular RFP falls short.
- Contractors must be cognizant not only of its OCI risks as an offeror but also of similar risks posed by its subcontractors, teammates, affiliates, and even employees. For example, a common method for mitigating potential OCI risks has been to subcontract the conflicting work, but subcontractors may also create OCI concerns in certain types of procurements (g., in broad, multiple-award task order procurements in which separate task orders are issued for a single program).
- Contractors must be vigilant with regard to potential OCI risks created by the ongoing federal contracting work of its affiliates and proposed teammates, as well as the risk posed by hiring former government employees who may have had access to agency source selection and/or proprietary information for particular procurements.