To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the past year) and 2024 Forecast (that previews what we expect to see in 2024). This Recap & Forecast covers the following five high-interest topic areas related to cybersecurity and data protection:Continue Reading Governmental Practice Cybersecurity and Data Protection, 2023 Recap & 2024 Forecast Alert

The United States Department of the Treasury has announced that it is working to address what it perceives as money laundering risks associated with investment advisers. Specifically, the agency asserts that absent consistent and comprehensive anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) obligations, corrupt officials and other illicit actors may invest ill-gotten gains in the U.S. financial system through hedge funds and private equity firms. Treasury indicated its intention to issue a proposal in the first quarter of 2024 that would apply Bank Secrecy Act (“BSA”) AML/CFT requirements, including suspicious activity report obligations, to certain investment advisers. Continue Reading Treasury Announces Renewed Push for Investment Adviser AML Rules

Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. This is the third article in a multi-part series on the Federal Acquisition Regulation (“FAR”) Cost Principles applicable to contracts with commercial organizations. The first article in the series addressed the criteria for determining the allowability of costs. The second addressed the allocation of direct and indirect costs. This Cost Corner focuses accounting for unallowable costs. The applicable Cost Principle is FAR 31.201-6, Accounting for Unallowable Costs. Among other requirements, FAR 31.201-6 incorporates by reference the practices for accounting for, and presentation of, unallowable costs provided in Cost Accounting Standard (“CAS”) 405, also titled “Accounting for Unallowable Costs.” We will address both the FAR and the CAS requirements.Continue Reading Government Contracts Cost and Pricing: Accounting for Unallowable Costs

Since our last Bid Protest Hub article in November, the Government Accountability Office (“GAO”) has published 37 bid protest decisions, two of which have resulted in decisions sustaining the protester’s challenge. As we enter into the new year, it remains critical for government contractors to understand what issues win at the GAO and why. Below, we cover a few important GAO decisions you should know from December 2023.Continue Reading Bid Protest Hub – December 2023

On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber incident disclosures, pursuant to a new Securities and Exchange Commission (“SEC”) rule. As a reminder, the SEC rule (which went into effect on Dec. 18, 2023) requires companies to disclose material cyber incidents via Form 8-K within four days of making a materiality determination. Our colleagues previously discussed the SEC rule and its new cyber reporting requirements here.Continue Reading For Limited Use Only: Guidance on National Security Delay Determinations under the SEC Cyber Reporting Rule

On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor Networks (the “Report”). Between 2018 and 2023, the DoD IG reports it conducted five audits related to DoD contractors’ protection of Controlled Unclassified Information (“CUI”), in accordance with the cybersecurity requirements in National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171. Additionally, the Report states that since 2022, the DoD IG has provided support/assessments for five investigations under the Department of Justice’s (“DOJ”) Civil Cyber Fraud Initiative (“CCFI”).[1] Continue Reading DoD IG Report Provides Insight Into Common Missteps When Protecting CUI

Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. This is the second article in a multi-part series on the Federal Acquisition Regulation (FAR) Cost Principles applicable to contracts with commercial organizations. The previous Cost Corner addressed the applicability of the Cost Principles and their general criteria for determining the allowability of costs. This Cost Corner focuses on the allocation of direct and indirect costs. We will address the applicable Cost Principles (FAR 31.202 and FAR 31.203) as well as the overlapping provisions of the Cost Accounting Standards (CAS) (CAS 402 and CAS 418), which include closely related but significantly more detailed (burdensome) requirements for CAS-covered contractors.Continue Reading Government Contracts Cost and Pricing: Allocation of Direct and Indirect Costs

Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”) program (the “Proposed Rule”). It has been just over two years since “CMMC 2.0” was announced in November 2021 (which we previously discussed here). And while there is nothing particularly surprising in the Proposed Rule, there certainly are several notable additions and clarifications. Below we outline the key portions of the Proposed Rule that will be of particular importance to defense contractors.Continue Reading New Year, New Rules: The CMMC Proposed Rule is Here

In addition to prohibiting the flow-down of non-mandatory FAR/DFARS clauses (which we talk about here), the Department of Defense (“DOD”) Final Rule in connection with the Defense Federal Acquisition Regulation Supplement (“DFARS”) Case 2017-D010 also touched on the decades-long debate as to which entities actually are subcontractors performing under a Federal prime contract. Yes, you read that correctly – there is no single definition for the terms “subcontract” or “subcontractor.” After almost 40 years of confusion, it appears the DFARS and Federal Acquisition Regulation (“FAR”) Councils are trying to end the debate once and for all.Continue Reading New Year, (Potentially) New Definition for “Subcontract”

On November 17, 2023, the Department of Defense (“DOD”) published a Final Ruleover five years in the making – addressing DOD policies regarding the applicability of laws to commercial products, commercial services, and commercially available off-the-shelf (“COTS”) products (DFARS Case 2017-D010). Partially implementing Section 874 of the Fiscal Year 2017 National Defense Authorization Act, DOD has imposed new regulations that expressly prohibit Contracting Officers (“CO”) and prime contractors alike from incorporating regulatory requirements of the Federal Acquisition Regulation (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”) in prime contracts and subcontracts unless mandated by regulatory text.Continue Reading It’s the Most Wonderful Time for New DOD Flow Down Policies: Flowing Down Too Many Clauses Will Get Prime Contractors More Than a Lump of Coal

Last week, the Department of Justice (“DOJ”) announced it declined to prosecute Lifecore, a U.S. biomedical company, after Lifecore voluntarily disclosed that a company it acquired paid bribes to Mexican officials and falsified documents both before and after Lifecore’s acquisition.[1] Continue Reading Voluntary Self-Disclosure of FCPA Violations Following Acquisition Avoids Corruption Charges