If the New York State Department of Financial Services (“DFS”) has its way, come January 1, 2017, financial services companies that require a form of authorization to operate under the banking, insurance, or financial services laws (“Covered Entities”) will be required to comply with a new set of comprehensive cybersecurity regulations aimed at safeguarding information systems and nonpublic information.
On August 2, 2016, the Department of Defense (“DOD”) rolled out new requirements for defense contractors that provide electronic parts and assemblies containing electronic parts. The new rules impose significant risks on DOD contractors. One clause mandates a specific purchasing hierarchy, with requirements to purchase from the original manufacturer or authorized suppliers thereof when available. When an original source is not available, contractors are now required essentially to “vouch” for their suppliers, assuming all the risks if a vendor delivers a counterfeit or suspect counterfeit part. Simultaneously, DOD issued a second clause, which requires certain covered contractors in the DOD supply chain to establish and maintain an acceptable electronic part detection and avoidance system. Failure to implement an effective plan may disqualify a vendor from providing products to the DOD. These new rules come very close to imposing a near “strict liability” standard on DOD contractors, asking them to essentially guarantee the supply chain. Cross your heart and hope to die.
On May 18, 2016, the Department of Defense issued Conforming Change 2 of the “National Industrial Security Operating Manual” (“NISPOM”). NISPOM Change 2 requires all U.S. government contractors who require access to U.S. classified information to implement an Insider Threat Program (“ITP”) that will gather, integrate and report relevant information related to potential or actual insider threats among cleared employees by November 30, 2016. Insider threats – a growing phenomenon – arise when employees or contractors exploit legitimate access to an organization’s data for unauthorized or malicious purposes. Much of the impetus for the new rule appears to be a valid concern about large-scale thefts of classified data, as exemplified by Edward Snowden’s release of a vast trove of sensitive documents stolen from the U.S. National Security Agency.
On August 25, 2016, the United States Department of Labor (“DOL”) and Federal Acquisition Regulatory (“FAR”) Councils published “Guidance for Executive Order 13673, ‘Fair Pay and Safe Workplaces’” (“final rule”). See 81 Fed. Reg. 58562. Also referred to as the “blacklisting” rule, it imposes strict disclosure guidelines and requires that both prospective and existing contractors – as well as subcontractors – disclose violations of federal labor laws that resulted in administrative merits determinations, civil judgments, or arbitral awards or decisions. The final rule also requires that contractors and subcontractors disclose specific information to workers each pay period regarding their wages and also prohibits contractors from requiring that their workers sign arbitration agreements that encompass Title VII violations and claims of sexual assault or harassment.
Volume IX – Unclassified Contracts? Foreign Buyers Still Make a Difference
Last month, we discussed the extent to which a foreign buyer can introduce an unacceptable level of foreign ownership, control, or influence (“FOCI”) that, absent mitigation, will render the target ineligible for the facility security clearances needed to perform classified work. This month, we look at foreign ownership through a broader lens. Specifically, we consider how the United States regulates the proposed acquisition of a U.S. business by a foreign interest, irrespective of whether classified contracts and classified information may be involved in the planned transfer.
Volume VIII – Foreign Buyers Do Make a Difference
Not every potential buyer is a U.S. corporation controlled by U.S. interests. It is important, both for the buyer and the seller, to understand the implications of foreign ownership, control, or influence (“FOCI”) on the feasibility of a sale to foreign interests and the processes that apply to such sales. As the title of this posting makes clear, foreign buyers do, in fact, make a difference.
Volume VII—Investing in Small Businesses
Numerous government contracts programs support small businesses. There are prime contracts set aside for various categories of small business entities. Agencies have small business contracting goals and take them very seriously. Prime contractors often are incentivized, through evaluation factors, to propose significant small business participation. They can also face liquidated damages for failing to make good faith efforts to comply with their small business subcontracting plans. These programs promote economic growth by incentivizing investment in small business entities.
The primary obstacle to investing in small businesses, from a government contracts perspective, is that it is quite easy to lose small business size status as the result of a corporate transaction. The difficulties arise from the doctrine of “affiliation.”
You no doubt have heard by now about GSA’s 23 June effort to “embrace modern technology while moving away from outmoded practices” – specifically, its implementation of the new Transactional Data Reporting Rule (“TDR Rule”) and its concurrent elimination of the Price Reductions Clause (“PRC”) and the Commercial Sales Practices Format (“CSPF”). See 81 Fed. Reg. 41104 (June 23, 2016). The new rule covers certain GSA Multiple Award Schedules as well as the Agency’s GWAC and IDIQ contracts. As it represents the most significant change to the GSA MAS program since 1994 (when GSA removed federal sales as a PRC trigger), the new rule has the potential to change significantly the way Schedule contractors (and others) do business; hence, my willingness to interrupt your otherwise enjoyable day with a treatise on GSA Schedule contracting.
Effective August 1, 2016, the False Claims Act’s (FCA) civil penalty will double. As it currently stands, the FCA’s civil penalty ranges from $5,500 to $11,000 per violation. But as of August 1, the FCA’s civil penalty range will almost double to a minimum of $10,781 and a maximum of $21,563.
The increase is the result of an interim final rule issued yesterday by the Department of Justice. 81 Fed. Reg. 42491 (June 30, 2016). Although the increase was expected, it still reflects a dramatic increase in risk to those doing business with the federal government. Health care providers are uniquely at risk, because those entities are often sending thousands of claims to the federal government for reimbursement. When thousands of claims are at issue, the civil penalty can easily add up.
The private equity industry is facing increased scrutiny by the U.S. Government for potential violations of the Foreign Corrupt Practices Act (“FCPA”). The Securities and Exchange Commission (“SEC”) has created a new private fund unit and publicly asserted that it is more closely examining the operations of private equity funds and their portfolio companies. As with all SEC units, the private fund unit works in conjunction with the U.S. Department of Justice (“DOJ”) criminal and civil fraud divisions. This increased attention will lead to more investigations, and has enhanced the need for robust FCPA compliance by private equity funds.