Clearly Erroneous Audit Assertion – An Expensive Thorn in Contractors’ Sides

Auditing by the Defense Contract Audit Agency (“DCAA”) is a ubiquitous cost of doing business with the Department of Defense, and one which many defense contractors have come to dread. Unfortunately, far too often the DCAA’s audit reports rely upon faulty evidence and/or unreasonable interpretations that ignore the plain language of contracts, procurement regulations, and existing decisional law. When this happens, contractors typically have no choice but to engage in the costly process of challenging the audit findings and, when contracting officers lack the will to butt heads with the DCAA, to pursue litigation (and incur unallowable costs) to obtain relief from noncompliance determinations that never should have issued in the first place. Continue Reading

The Numbers Don’t Lie: The SEC Pursues a More Streamlined Enforcement Agenda

One of the most eye-catching items in the recently released 2017 Annual Report of the Enforcement Division of the Securities and Exchange Commission (SEC or the Commission) is the significant decline in enforcement activity from 2017. The report, issued on November 15th and summarizing the agency’s activity from October 1, 2016 to September 30, 2017, has drawn scrutiny from numerous commentators, who view the decline as the result of an ideological shift from the aggressive, prosecutorial style of enforcement of ex-Chairwoman Mary Jo White to a more restrained approach under new Chairman Jay Clayton. However, the SEC insists that despite this shift, it is not “slowing down.”[1] Instead, the SEC has identified new target areas that financial industry professionals should keep in mind. Continue Reading

NIST Releases Highly-Anticipated Draft Special Publication on Assessing the Security Requirements in NIST SP 800-171 for Controlled Unclassified Information (CUI)

Pursuant to DFARS 252.204-7012, DoD contractors are to implement the security requirements in NIST Special Publication (SP) 800-171 by December 31, 2017. NIST SP 800-171 includes security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and is expected soon to be required under civilian agency contracts through a forthcoming FAR case. On November 28, 2017, NIST released its highly-anticipated draft publication, NIST SP 800-171A on “Assessing Security Requirements for Controlled Unclassified Information.” Like NIST SP 800-53A, which provides assessment procedures related to the requirements in NIST SP 800-53 (containing security requirements for federal systems), the draft publication will “help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the security requirements in Special Publication 800-171.” The draft special publication includes assessment procedures relating to each of the security requirements in the fourteen families included in NIST SP 800-171 and describes methods by which companies can “generate evidence to support the assertion that the security requirements have been satisfied.” Thus, it appears an organization that conducts the suggested assessments in the draft publication and generates supporting documentation can present this to its agency customer as proof of compliance with NIST SP 800-171 (of course, this is subject to any agency-specific clauses or demands relating to safeguarding CUI). Continue Reading

While Protests and the Sustain Rate Decrease, the Effectiveness Rate Continues Its Upward Climb – A Brief Review of GAO’s FY 2017 Bid Protest Statistics

On November 13, U.S. Government Accountability Office (“GAO”) published its Annual Report to Congress (B-158766, November 13, 2017), which contains the statistics for bid protests filed at GAO in FY 2017. Continue Reading

Surprise, Surprise, Congress Does Listen — Well, Kind Of

An Analysis of NDAA Section 846’s Online Marketplace Provisions

There has been a lot of speculation about the future of commercial items purchasing within the federal Government since Representative Mac Thornberry circulated his “Section 801” proposal to hand over the bulk of DOD COTS purchasing to one or two existing online commercial marketplaces. (See Section 801 article HERE). Industry groups mobilized, companies called their legislators, and the media contributed several stories describing the wide spread criticism of the House NDAA proposal. To the surprise of many, however, the Senate seems to have heard industry’s concerns – or at least some of them. Continue Reading

Achieving Cyber-Fitness In 2017: Part 5—Cyber Incident Reporting And Response

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352.

As discussed in parts 1–4 of this series, the Defense Federal Acquisition Regulation Supplement cybersecurity clause, Safeguarding Covered Defense Information and Cyber Incident Reporting, mandates contractor compliance with the security controls in National Institute of Standards and Technology Special Publication 800-171 by December 31. DFARS 252.204-7012. Continue Reading

Industry Struggles With Ever Changing Acquisition Rules

Note: This post was originally published in the October 2017 issue of the National Defense Industrial Association’s National Defense magazine.

Recent studies show that the percentage of overall research and development spending sponsored by the government has dropped sharply over the last 50 years.

Whereas government funding accounted for 67 percent of R&D in 1964, it accounted for 23 percent in 2015, a 44 percent reduction. For the government, this is not a salutary development. Increasingly, “state of the art” is being defined by the commercial marketplace, without government participation and often without its access to the resulting technological advances. Continue Reading

Travel Ban: Déjà Vu All Over Again, Again

On September 24, President Trump issued a “Presidential Proclamation Enhancing Vetting Capabilities and Processes for Detecting Attempted Entry Into the United States by Terrorists or Other Public-Safety Threats.” Most people know it better as Travel Ban 3.0 or EO3 (for “Executive Order #3”), the President’s third attempt to impose travel restrictions on nationals of certain countries who seek to enter the United States. If it feels like you’ve seen this movie before, that’s because you have. Continue Reading

FCPA Accounting Provisions Have Teeth: Halliburton to Pay $29.2 Million to Settle FCPA Charges

Along with the anti-bribery provisions, the U.S. Foreign Corrupt Practices Act (“FCPA”) contains accounting provisions that apply to publicly traded companies. These provisions require that companies maintain and adhere to internal policies that manage risk and ensure that accurate financial records are maintained. There is no bribery requirement for there to be a violation of these provisions. There is also no foreign conduct requirement. All that is required is that a company have a policy in-place and circumvent that policy to obtain some business advantage (no matter how small). The Securities and Exchange Commission (“SEC”) often initiates investigations based on allegations of foreign bribery, but resorts to the accounting provisions when the alleged bribe cannot be proven (because an internal policy violation can almost always be found and the SEC does not want a company to get off scot-free). Continue Reading

Whatever Happened to the FCPA’s Foreign Conduct Requirement – How the FCPA is Being Used to Police Domestic Conduct and Internal Policy Violations

As its name implies, the U.S. Foreign Corrupt Practices Act (“FCPA”) was designed to prevent U.S. companies from engaging in foreign bribery. The Department of Justice (“DOJ”) and the Securities Exchange Commission (“SEC”), the U.S. Government agencies charged with enforcing the FCPA, have made great use of the FCPA in this regard. They have secured more than $5 billion in settlements over the past five years. This success has resulted in more expansive views of the FCPA’s reach and innovative arguments to find liability when the alleged misconduct occurred entirely within the U.S. The apparent preference for the FCPA in these situations over other potentially applicable laws is likely due to the ease with which an FCPA violation may be proven. An internal policy violation is all that is needed. Continue Reading

LexBlog