The federal government sector has been abuzz lately with whispers and shouts about pending cybersecurity regulations, frameworks, and requirements. This attention is not particularly surprising, especially given the recent high-profile data breaches, the litigation threats surrounding those breaches, the recent identification of the encryption-disabling, consumer data threatening “Heartbleed SSL” OpenSSL vulnerability, and recent reports that the September 2013 cyber-incursion into the U.S. Navy’s Intranet network could have been prevented with the proper security contracting mechanism. Notably, however, while these stories – and the resultant damages that these stories’ topics leave in their wake – remain in the headlines, Congress has yet to act (and according to Senator Evan Bayh (D-IN), will likely not be acting anytime soon). By contrast, the Executive branch, and especially the FTC, is in a full-on sprint and tackling cybersecurity wherever it can be found.
As promised in his 2014 State of the Union Address, President Obama has turned to executive action to advance his agenda, which includes increasing the minimum wage and creating improved tools to ensure equal pay for women and minorities. And unfortunately for federal contractors, the President’s recent executive actions have imposed increased, and potentially costly, obligations on federal contractors.
This month’s Federal Register Updates include four important changes that will impact the day-to-day activities of Government Contractors and Agencies alike. The first, a final DFARS rule on Performance-Based Payments, provides detailed guidance and instructions on the use of the Performance-Based Payment analysis tool, which is required to be used by all Contracting Officers contemplating use of performance-based payments on new fixed-price type contract awards. The second is a proposed rule that would extend personal conflicts of interest to a newly expanded group of “covered employees” who perform functions closely associated with inherently governmental functions (not simply acquisition functions, as is currently the case under the present rule) and contracts for personal services. The third change does not impose requirements on contractors, but does establish DoD procedures relating to the reported foreign ownership, control, or influence (FOCI) information that DoD is tasked with evaluating, mitigating, or negating. And the fourth important change, the President’s Memorandum and Executive Order on Compensation Data Issued on National Equal Pay Day, continues the President’s push for greater pay equality between women and minorities.
On March 4, 2014, the United States Supreme Court, in a 6-3 decision, expanded the protections offered to whistleblowers under anti-fraud laws, in Lawson v. FMR LLC. In its decision, the Court ruled that a specific protection against retaliation enacted as part of the Sarbanes-Oxley Act after Enron’s collapse, i.e., 18 U.S.C. § 1514A, not only provides whistleblower protection to employees of public companies, but also protects a public company’s private contractors and subcontractors.
On March 6, 2014, the District Court for the District of Columbia issued an opinion in United States ex rel. Barko v. Halliburton Company et al. that should serve as a wake-up call for all companies conducting internal compliance investigations to evaluate whether those investigations are structured in a manner to maximize the protections of the attorney-client privilege and work product doctrines. The court ordered Kellogg, Brown and Root (“KBR”), a Halliburton subsidiary, to produce documents related to an internal Code of Business Conduct (“COBC”) investigation. The court found that these documents were not protected under the attorney-client privilege or the work product doctrine because the investigation was conducted to comply with Federal Acquisition Regulation (“FAR”) Mandatory Disclosure requirements and internal policy “rather than for the purpose of obtaining legal advice.” Critical to the court’s reasoning was that the investigation was conducted by non-lawyers without the involvement of the legal department.
The situation with respect to U.S. sanctions related to Russia and Ukraine is evolving rapidly. As we previously reported, on March 6, 2014, President Obama issued Executive Order 13660, which authorized the blocking of property of individuals and entities involved in the political destabilization of Ukraine. Under this Order, the U.S. Government was specifically authorized to take the following steps:
A. EPA Adopts Final Rule: EPA-Specific Past Performance Regulations (79 Fed. Reg. 15921-24) (3/21/2014)
The EPA is deleting EPA-specific past performance regulations in the EPA Acquisition Regulation (EPAAR) because they are no longer necessary to meet the agency’s needs in light of recent updates to the FAR. See 79 Fed. Reg. 46783 (Aug. 1, 2013). The new FAR requirements mirror current EPA policies for collecting and maintaining contractor past performance, so there is no longer a need for an EPA-specific supplement. FAR subpart 42.15, combined with the CPARS guidance and reference material included at the CPARS web site (www.cpars.gov) provides sufficient policy, procedures, and guidance to satisfy the EPA’s needs. Thus, the EPA deleted EPAAR sections 1542.15, 1552.242-71, and 1553.209.
A CEO receives an anonymous call claiming that someone is stealing company trade secrets or that an employee is taking kickbacks from a vendor. A GC gets a call from the HR director who has an employee accusing the company of submitting false bills to a government agency. You are served by a government agency with a subpoena seeking records indicating a criminal investigation is underway for violations of environmental laws, insider trading, tax laws or fraud. Your company receives a credible threat of litigation. These are all real scenarios that occur daily in companies of all sizes all over the world. They trigger critical internal investigations that require substantial time and resources. Regardless of the nature of the investigation, it is vital that it be conducted efficiently, with clear direction and attention to preservation of the attorney-client privilege. This article sets out best practices for doing so.
Sheppard Mullin government contracts partner David Douglass was recently quoted at length in an article discussing the defense of False Claims Act cases. Although the Government is all too often using the False Claims Act as an all-encompassing fraud statute, Mr. Douglass notes that companies are having more success defending against these allegations in recent years. The entire article can be found here.
1. Proposal to Amend FAR to Implement Revised SBA Regulations
On February 3, 2014, DoD, GSA, and NASA proposed to amend the FAR, via FAR Case 2012-022, to implement revisions made by the SBA to its regulations implementing section 8(a) of the Small Business Act “to provide additional FAR coverage regarding protesting an 8(a) participant’s eligibility or size status, procedures for releasing a requirement for non-8(a) procurements, and the ways a participant could exit the 8(a) Business Development program.” In addition to several editorial changes, the notice proposes the following substantive changes: