A federal district court in the Middle District of Florida issued a decision on Sept. 30th that threatens the federal government’s continued reliance on the False Claims Act (“FCA”) as the most powerful weapon in the Department of Justice’s enforcement arsenal. U.S. District Judge Kathryn Kimball Mizelle threw out a case against a group of Medicare Advantage organizations and providers on the grounds that an individual whistleblower suing on behalf of the federal government under the FCA, often called a “relator” in a “qui tam” lawsuit, violates the U.S. Constitution’s “appointments clause.” The Court concluded that relators, who are acting on behalf of the federal government, must be considered officers of the government and appointed in a manner consistent with Constitutional requirements. See U.S. ex rel Zafirov v. Florida Medical Associates, LLC, No. 8:19-cv-1236, 2024 U.S. Dist. LEXIS 176626, ECF No. 346 (M.D. Fl. Sept. 30, 2024).Continue Reading FCA Whistleblowers – No More?
Keep Your Eyes on the Size: Small Business Size Protests
While most contractors think of the Government Accountability Office and Court of Federal Claims (or even the agency) when considering whether to challenge a government contract award, there are additional options for small business set-asides – small business size and status protests. The government, recognizing the importance of small businesses to the American economy, provides small businesses certain preferences in government contracting, including only allowing eligible small businesses to compete for certain contracts (referred to as small business set-asides). But in order to be eligible for this exclusive federal marketplace (that was worth more than $178 billion dollars in FY 2023), a small business has to qualify as “small” under federal regulations. Small businesses are generally responsible for calculating their own size. But, a protester (usually a disappointed offeror), may bring a size protest alleging that the awardee on a small business set-aside contract is not actually a small business (and is thus ineligible for award) because it exceeds the applicable size standard. Below is the nuts and bolts of the size protest process.Continue Reading Keep Your Eyes on the Size: Small Business Size Protests
Government Contractors Beware: The Trap of the Unintended Agency-Level Protest and Timeliness Implications
One forum to raise a protest against the award of a contract is at the agency responsible for the procurement, pursuant to the procedures set forth in Federal Acquisition Regulation (“FAR”) 33.103. The procedures require that a protester submit a protest to the agency that details the legal and factual grounds for the protest; describes the resulting prejudice to the protester; establishes that the protester is an interested party; requests a ruling by the agency; demonstrates timeliness; and includes a request for relief.Continue Reading Government Contractors Beware: The Trap of the Unintended Agency-Level Protest and Timeliness Implications
Latest Round of SEC “Off-Channel” Communications Settlements Highlights Risks for Investment Advisers and Benefits of Self-Reporting
More than two years after announcing the first round of settlements in the ongoing “off-channel communications” probe, the SEC recently announced another round of settlements with 26 financial firms, totaling $390 million in fines. These most recent settlements are notable for two reasons: (1) they include the SEC’s second settlement with an entity operating solely as a registered investment adviser (“RIA”) with no associated broker-dealer, and (2) the SEC has again explicitly noted that companies that self-reported obtained lower fines.Continue Reading Latest Round of SEC “Off-Channel” Communications Settlements Highlights Risks for Investment Advisers and Benefits of Self-Reporting
DOJ Sues Georgia Tech Entities for Cybersecurity Failures in the Latest Civil Cyber Fraud Initiative (CCFI) Activity
On August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (“Georgia Tech”) and Georgia Tech Research Corp. (“GTRC”). The 99-page DOJ Complaint alleges the defendants knowingly failed to meet contractual cybersecurity requirements in connection with various Department of Defense (“DoD”) contracts. The suit raises claims under the False Claims Act and federal common law (including fraud, negligent misrepresentation, breach of contract, unjust enrichment, and payment by mistake). This is the latest DOJ activity relating to its Civil Cyber Fraud Initiative (announced in October 2021), which we previously have written about here, here, and here.Continue Reading DOJ Sues Georgia Tech Entities for Cybersecurity Failures in the Latest Civil Cyber Fraud Initiative (CCFI) Activity
The CMMC Rule To Update the DFARS is Here!
The proposed rule to implement the Cybersecurity Maturity Model Certification (“CMMC”) program in the Defense Federal Acquisition Regulation Supplement (“DFARS”) was published in the Federal Register on August 15, 2024 and will have a 60-day comment period (through October 15, 2024).Continue Reading The CMMC Rule To Update the DFARS is Here!
There Are Limits! Reining In FCA Penalties Pursuant to the Excessive Fines Clause
In the high-stakes realm of False Claims Act (FCA) litigation per-claim penalties can reach daunting levels that dwarf even treble damages. A recent ruling from the Eighth Circuit Court provides valuable guidance on the limits of penalties under the Constitution’s Excessive Fines Clause (Clause). In Grant ex rel. United States v. Zorn the Eighth Circuit provides clarity applying the Clause in FCA litigation, specifically identifying when a penalty for purely economic loss offenses might be considered excessive. Of relevance, the Court held that:Continue Reading There Are Limits! Reining In FCA Penalties Pursuant to the Excessive Fines Clause
Navigating the New Cybersecurity Regulatory Landscape Post-Chevron
On June 28, 2024, in a landmark decision, the Supreme Court overruled the four decade old case Chevron v. Natural Resources Defense Council. This pivotal decision should spur businesses to recalibrate their existing relationship with federal agencies. Indeed, we have already seen industry groups begin to use the overruling to influence agency rulemaking, signaling a future of significant shifts in the regulatory landscape. For those operating in regulated industries—including government contractors, and particularly those navigating the complex world of cybersecurity regulation—understanding the implications of the decision is crucial.Continue Reading Navigating the New Cybersecurity Regulatory Landscape Post-Chevron
Summer Heat Ramping Up: FedRAMP Releases Final OMB Memo and Announces Update on Roadmap Progress, Automation Site Launch, and the Agile Delivery Pilot Launch
It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released the final Emerging Technology Prioritization Framework, which outlines the prioritization of certain artificial intelligence capabilities. In mid-July, FedRAMP announced its Agile Delivery pilot program, which is a new process for reviewing significant changes without the need for advanced approval. FedRAMP also announced a new technical documentation hub (automate.fedramp.gov) that focuses on provided support to cloud service providers in the development of digital authorization packages. Lastly, just as the heat wave in Washington, D.C. ended, FedRAMP published the final version of the FedRAMP OMB Memo (“OMB Memo”) on July 26, 2024. The OMB Memo revamps FedRAMP through changes to the authorization paths and continuous monitoring and incident response processes, as well as enhancements through automation. Below are key points to know about each FedRAMP update released this summer.Continue Reading Summer Heat Ramping Up: FedRAMP Releases Final OMB Memo and Announces Update on Roadmap Progress, Automation Site Launch, and the Agile Delivery Pilot Launch
Data, Deals, and Diplomacy: How the Bulk Data Executive Order Will Shape Future Contracts and Security Practices
For companies in the U.S. that hold certain personal data and U.S. Government-related data, rules stemming from recent Executive Order (“EO”) 14117 on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” may create obstacles and new compliance obligations. Under this EO, the Attorney General is charged with issuing regulations to either outright prohibit or impose restrictions on transactions involving bulk sensitive personal data or U.S. Government-related data when such transactions involve a “country of concern.”Continue Reading Data, Deals, and Diplomacy: How the Bulk Data Executive Order Will Shape Future Contracts and Security Practices
Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focus
On June 17, 2024, the Department of Justice (“DOJ”) announced the latest settlement under its Civil Cyber-Fraud Initiative (“CCFI”) (previously discussed here).[1] The settlement resulted in a total of $11,300,000 in payments from two consulting companies (Guidehouse, Inc., the prime contractor, which paid $7,600,000; and Nan Kay and Associates, the subcontractor, which paid $3,700,000) to resolve allegations the two companies violated the False Claims Act by failing to meet cybersecurity requirements in federally-funded contracts.Continue Reading Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focus