When entering a casino, professional gamblers understand that “the house doesn’t beat the player. It just gives him the opportunity to beat himself.” This axiom is precisely why in the long run casinos make money, while gamblers see their bank accounts dwindle. The same holds true in the corporate world with respect to the creation, implementation, and maintenance of compliance programs. A company gambling on its compliance obligations does so at its own peril and must understand exactly what the “House” expects. If it doesn’t, then that company may join the unfortunate few that roll the dice or spin the wheel and come up with snake eyes or double zeros. That risk is multiplied if the company betting on sufficient compliance is receiving federal dollars, where failure can lead to catastrophic civil and criminal liability. Fortunately, the United States Department of Justice (“DOJ”) has published its version of “House Rules” that it is supposed to consult when examining whether to investigate, prosecute, or settle criminal charges against a company. In this respect, DOJ prosecutors are tasked with looking at specific factors outlined in the “Principles of Federal Prosecution of Business Organizations” (“Principles”) section of the Justice Manual. Among other factors, these Principles instruct DOJ prosecutors to consider “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision.” In furtherance of this mandate, the DOJ’s Criminal Division issued revised guidance on June 1, 2020, regarding the specific factors DOJ prosecutors should consider in making that evaluation. This updated version of the DOJ’s “Evaluation of Corporate Compliance Programs” (Guidance) clarifies and modifies certain areas of the version last updated in April 2019. Among other noteworthy revisions, the Guidance underscores the need for companies to ensure their corporate compliance program is:

Continue Reading Gambling on Compliance? DOJ Updates the House Rules on Corporate Compliance Program Expectations

Contracting with the Department of Defense (DoD) can provide healthy opportunities for businesses of all sizes.  That said, it is no secret that contractors without the cash resources to finance their performance while awaiting payment from the Government may find themselves swallowed whole by their contractual obligations. Many defense contracts are long-term endeavors; consequently, a contractor’s sustainability and profitability can be impacted by the sapping of available manpower while also requiring significant capital investment to manage material, labor, overhead, and other expenses incurred when performing a contract. In many cases, the upfront financial investment required serves as a barrier to entry into the government marketplace for nontraditional defense contractors. However, the DoD has recently unearthed and reanimated one of the more impressive dinosaurs buried in the Federal Acquisition Regulation. Welcome to the world of performance-based payments (PBPs).

Continue Reading The Evolution of Contract Financing: Resurrecting Performance-Based Payments Under Fixed-Price Contracts

On April 8, 2020, the Department of Defense (“DoD”) issued a Class Deviation authorizing contracting officers to use a new cost principle – DFARS 231.205-79, CARES Act Section 3610 Implementation – to permit the reimbursement of certain leave-related costs incurred by contractors in accordance with Section 3610 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (Pub. L. 116-136).  Additional clarification regarding the application of the new cost principle was issued on April 9, 2020, through the publication of a “living” FAQ document intended to answer critical questions for contractors.  While the FAQ information does not clarify the Government’s position on all potential issues associated with the implementation of Section 3610, it does provide a blueprint that contractors seeking reimbursement should follow.

Continue Reading DoD CARES After All – New Cost Principle and DFARS Clause Implements CARES Act for Certain COVID-19 Costs

On April 8, 2020, a final rule (the Rule) was issued amending the Defense Federal Acquisition Regulation Supplement (DFARS) and implementing Section 852 of the National Defense Authorization Act (NDAA) for FY 2019 to provide for accelerated payments to DoD’s small business prime contractors and subcontractors supporting DoD contracts. The Rule applies to contracts at or below the simplified acquisition threshold (SAT) – currently $250,000 for DoD contracts – and to contracts for the acquisition of commercial items including commercially available off-the-shelf (COTS) items. With an estimated 96% of DoD contracts valued at or under the SAT, the rule appears to reflect DoD’s recognition that it is in the best interests of the government and small business contractors alike to apply this Rule to contracts at or below the SAT and to accelerate payments to small business prime contractors and subcontractors.

Continue Reading DFARS Final Rule Establishes Goal of 15-Day Accelerated Payments for Small Business Contractors


So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape continues to evolve as a result of mergers and acquisitions (M&A), primarily involving the acquisition of small and midsize contractors by larger entities as a means to quickly expand into new federal markets. This trend is especially prevalent in the information technology (IT) market, where the acquisition of small or midsize IT firms with new capabilities can provide larger firms with shiny new toys to share with their roster of government clients to gain a larger share of the federal IT “pie,” if not create—almost overnight—new IT market leaders in areas such as cloud computing, cybersecurity, software, and predictive intelligence.


Continue Reading Integrating Cybersecurity Into M&A Compliance Reviews: Avoiding Hidden Cyber Risks in the Acquisition of Government Contractors

As we reported last month, the Department of Defense (DoD) has been engaging in an unusual rollout of its new cybersecurity certification program by way of  road tours—led by Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition and Sustainment for Cyber—that address the tiered, five-level Cybersecurity Maturity Model Certification (CMMC). At bottom, DoD intends for the CMMC to help streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for future acquisitions. What’s unique about the CMMC rollout is the lack of written guidance on the program. DoD representatives have orally provided a majority of publicly available information about CMMC only during various webinars and defense-industry events held over the past couple of months. Indeed, a quick Google search for “CMMC” indicates that, at this time, hard facts about the program appear to be limited to FAQs on a DoD website.

Continue Reading Cybersecurity – The Times (and Standards) They Are A Changin’ – FAST!

Cough…cough…ahem…cough… Any contractor who has had the misfortune of dealing with the Defense Contract Audit Agency (DCAA) likely knows all too well that the agency is the Will Rogers of costs – it never met a cost it didn’t question.  Indeed, DCAA auditors typically question costs with reckless abandon and based often on a patent misreading of applicable regulations.  The net effect, of course, is that contractors have to expend significant time and money trying to explain to boards and courts why DCAA’s auditors are…uh…incorrect as a matter of fact and law.  A recent Memorandum for Regional Directors (MRD) provides some transparency into why this sort of thing happens with unfortunate regularity. Issued on May 14, 2019, the MRD (No. 19-PAC-002(R)), corrects…er…“revises” internal guidance issued in 2014 and 2015 relating to the identification of expressly unallowable costs.  The newly issued memo sets out DCAA’s current stance on identifying expressly unallowable costs under the cost principles codified at Federal Acquisition Regulation (FAR) Part 31 and Defense Federal Acquisition Regulation Supplement (DFARS) Part 231.  This MRD – like all MRDs – is intended to be used as a tool by well-meaning (but often overzealous) auditors when reviewing a contractor’s compliance with federal cost principles.  Contractors should, thus, pay careful attention to this MRD in order to be prepared for questions that may arise during DCAA-led frolics and detours.

Continue Reading Let Me Clear My Throat: DCAA Course Corrects on “Expressly Unallowable” Costs

Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal cybersecurity certification as early as next year. The program, known as the Cybersecurity Maturity Model Certification (CMMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.

Continue Reading Never Stop Never Stopping: Defense Department Quietly Unveils Proposed Cybersecurity Maturity Model Certification Standards and Confirms the Allowability of Certain Cybersecurity Costs