Like the sailors of old, the government contracting community ventures forth knowing full well that danger lies ahead – although fortunately not in the form of a kraken, leviathan, or other mythical sea monster. Rather, these perils and risks are embedded in sweeping new regulations that, like an unseen reef, will be arriving and taking effect all too quickly. On July 14, 2020, the FAR Council published a long-awaited (or perhaps long-dreaded) Interim Rule implementing Section 889(a)(1)(B) of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (Section B). Effective August 13, 2020, Section B prohibits executive agencies from “entering into, or extending or renewing, a contract with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” Unlike its counterpart, Section 889(a)(1)(A) of the NDAA for FY 2019 (Section A), which prohibits agencies from “procuring or obtaining equipment or services that use covered telecommunications equipment or services as a substantial or essential component or critical technology,” the restrictions of Section B go far beyond the immediate contract between the contractor and the government. Instead, Section B directs contractors to discontinue any and all use of covered telecommunications equipment or services. Even accounting for the choppy seas caused by the ongoing pandemic, the exceedingly broad scope of Section B promises sharp, jagged, and uncharted hazards to contractors attempting to implement compliant policies and procedures.
Continue Reading Risks, Reefs, and Wrecks: Charting a Course Through the Perils of Covered Telecommunications Equipment and Services
Gambling on Compliance? DOJ Updates the House Rules on Corporate Compliance Program Expectations
When entering a casino, professional gamblers understand that “the house doesn’t beat the player. It just gives him the opportunity to beat himself.” This axiom is precisely why in the long run casinos make money, while gamblers see their bank accounts dwindle. The same holds true in the corporate world with respect to the creation, implementation, and maintenance of compliance programs. A company gambling on its compliance obligations does so at its own peril and must understand exactly what the “House” expects. If it doesn’t, then that company may join the unfortunate few that roll the dice or spin the wheel and come up with snake eyes or double zeros. That risk is multiplied if the company betting on sufficient compliance is receiving federal dollars, where failure can lead to catastrophic civil and criminal liability. Fortunately, the United States Department of Justice (“DOJ”) has published its version of “House Rules” that it is supposed to consult when examining whether to investigate, prosecute, or settle criminal charges against a company. In this respect, DOJ prosecutors are tasked with looking at specific factors outlined in the “Principles of Federal Prosecution of Business Organizations” (“Principles”) section of the Justice Manual. Among other factors, these Principles instruct DOJ prosecutors to consider “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision.” In furtherance of this mandate, the DOJ’s Criminal Division issued revised guidance on June 1, 2020, regarding the specific factors DOJ prosecutors should consider in making that evaluation. This updated version of the DOJ’s “Evaluation of Corporate Compliance Programs” (Guidance) clarifies and modifies certain areas of the version last updated in April 2019. Among other noteworthy revisions, the Guidance underscores the need for companies to ensure their corporate compliance program is:
Continue Reading Gambling on Compliance? DOJ Updates the House Rules on Corporate Compliance Program Expectations
Borrowers Beware: GAO Ramps Up Efforts to Root Out Fraud Among CARES Act Loan Recipients
The Prospect of False Claims Act’s Treble Damages Requires Meticulous Recordkeeping Under the CARES Act
On April 10, 2020, the Government Accountability Office (GAO) announced its effort to root out fraud associated with the billions of dollars in payments promised under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The Congressional watchdog is encouraging individuals – private citizens, government workers, contractors, etc. – to anonymously and confidentially report any allegations of fraud, waste, abuse, and mismanagement through FraudNet (the GAO’s fraud-reporting website), via e-mail or by calling 1-800-424-5454 (the GAO’s automated phone answering system). The GAO, of course, is seeking as much detail as possible about any allegations so the reports can be handed off to its own investigative unit, appropriate inspector general offices, or to the ultimate enforcer – the Department of Justice.
DoD CARES After All – New Cost Principle and DFARS Clause Implements CARES Act for Certain COVID-19 Costs
On April 8, 2020, the Department of Defense (“DoD”) issued a Class Deviation authorizing contracting officers to use a new cost principle – DFARS 231.205-79, CARES Act Section 3610 Implementation – to permit the reimbursement of certain leave-related costs incurred by contractors in accordance with Section 3610 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (Pub. L. 116-136). Additional clarification regarding the application of the new cost principle was issued on April 9, 2020, through the publication of a “living” FAQ document intended to answer critical questions for contractors. While the FAQ information does not clarify the Government’s position on all potential issues associated with the implementation of Section 3610, it does provide a blueprint that contractors seeking reimbursement should follow.
Continue Reading DoD CARES After All – New Cost Principle and DFARS Clause Implements CARES Act for Certain COVID-19 Costs
Update on the COVID-19 Federal Contractor’s Guide – The Office of Management and Budget Issues Critical Guidance Regarding Federal Contract Performance
On Friday, March 20, 2020, the Office of Management and Budget (OMB) issued Memorandum No. M-20-18, titled “Managing Federal Contract Performance Issues Associated With The Novel Coronavirus (COVID-19).” The Memorandum, directed to the heads of all Executive Departments and constituent federal agencies, provides key guidance on maintaining continued contract performance while respecting the need to protect the safety of the contracting community during this unprecedented time. The critical aspects of the Memorandum, accompanied by a contractor “To Do” list, are as follows:
Continue Reading Update on the COVID-19 Federal Contractor’s Guide – The Office of Management and Budget Issues Critical Guidance Regarding Federal Contract Performance
Be Sure to Drink Your Ovaltine—the DOD Cybersecurity Decoder Pin for Federal Encryption Standards—The Government Contractor
In the seminal holiday film A Christmas Story, nine-year-old Ralphie Parker uses his diligently earned Little Orphan Annie Secret Society decoder pin to decrypt the secret message from Annie to her fans, only to express disappointment and confusion when he realizes the “secret code” he decrypted is nothing more than a marketing ploy to sell
SBA’s Proposal Would Help Small Business Teaming – Law360
Federal contractors can finally look forward to simplified small-business mentor-protege programs, but also must become keenly aware of wide-ranging changes affecting certain 8(a) business development and Native American-owned programs, new recertification requirements for certain multiple award contracts, or MACs, and small-business joint ventures.
Continue Reading SBA’s Proposal Would Help Small Business Teaming – Law360
Cybersecurity Maturity Model Certification (CMMC) Version .6: Another Step on the Department of Defense’s Long and Winding Cybersecurity Road
There’s an often mistranslated Taoist adage that counsels “A journey of a thousand miles begins with a single step.” So it is presently with the Department of Defense’s (DoD’s) Cybersecurity Maturity Model Certification (CMMC), which continues its cybersecurity journey with the recently released update of standard CMMC .6.
Continue Reading Cybersecurity Maturity Model Certification (CMMC) Version .6: Another Step on the Department of Defense’s Long and Winding Cybersecurity Road
Integrating Cybersecurity Into M&A Compliance Reviews: Avoiding Hidden Cyber Risks in the Acquisition of Government Contractors
So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape continues to evolve as a result of mergers and acquisitions (M&A), primarily involving the acquisition of small and midsize contractors by larger entities as a means to quickly expand into new federal markets. This trend is especially prevalent in the information technology (IT) market, where the acquisition of small or midsize IT firms with new capabilities can provide larger firms with shiny new toys to share with their roster of government clients to gain a larger share of the federal IT “pie,” if not create—almost overnight—new IT market leaders in areas such as cloud computing, cybersecurity, software, and predictive intelligence.
Guerrillas of the NIST: DOD Re-Attacks Supply Chain and Contractor Cybersecurity (Part II)
As DOD continues to expand its supply chain cybersecurity demands on federal contractors, McCarter & English Government Contracts and Export Controls co-leaders Alex Major and Franklin Turner provide critical guidance for federal contractors in a two-part Feature Comment for Thomson Reuters’ The Government Contractor. In the comprehensive article they address not only the recent and