The Department of Homeland Security (“DHS”) announced on May 4, 2023 a planned end to the COVID-19 remote I-9 flexibility. The flexibility ends on July 31 and prior pandemic I-9s must be remediated by Aug 30, 2023. Therefore, employers should act quickly to review and remediate I-9s that were verified remotely in the past three years.
Over the last several years, the Securities and Exchange Commission (the “SEC”) and the Commodities Futures Trading Commission (“CFTC”) have been laser-focused on the use of so called “off-channel communications” in the financial services industry. On the theory that employees’ use of personal devices to communicate about business matters violates the “books and records” rules as these communications are not saved in company systems, regulators have conducted intrusive and extensive investigations requiring employees to turn over their personal devices for review. SEC Chairperson Gary Gensler recently stated that “bookkeeping sweeps are ongoing,” having resulted in well over $1 billion in fines so far. While the first round of investigations focused on the large banks, this “sweep” has since spread to hedge funds, credit rating agencies, online banking platforms, and now, to regional banks.
The National Institute of Standards and Technology (NIST) has released an initial public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Compliance with the security controls in NIST SP 800-171 is required for Department of Defense contractors and is expected to be incorporated into a new Federal Acquisition Regulation (FAR) clause and required for all federal contractors that process, store, or transmit Controlled Unclassified Information (CUI).
Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing regulations that apply to Government contractors. This is the second installment of a two-part article on the Truthful Cost or Pricing Data Statute, commonly known by its former name, the Truth in Negotiations Act (TINA).[1] As a reminder, TINA is a procurement statute that requires contractors: (1) to disclose information – known as cost or pricing data – when negotiating certain types of contracts, subcontracts, and modifications; (2) to certify that those data were accurate, complete, and current as of the date of agreement on price or other date agreed to by the parties (the “relevant date”); and (3) to agree to a contract clause entitling the Government to a price reduction if the contractor furnishes cost or pricing data that are defective, i.e., inaccurate, incomplete, or not current.[2]
On May 3rd, New York Attorney General Letitia James introduced legislation that, if passed, would substantially increase oversight and regulation of the cryptocurrency industry in New York. James touts the bill as the “Crypto Regulation Protection, Transparency and Oversight Act,” also to be known as the “CRPTO Act.” (the “Bill”).
Continue Reading NYAG Bill Seeks to “Bring Order” to Crypto Industry
The Cybersecurity and Infrastructure Security Agency (CISA) is seeking public comment on the secure software development common self-attestation form to be completed by software producers that sell software to the federal government. Federal agencies are scheduled to begin collecting attestation forms for critical software by June 2023 and for all other software by September 2023.
Continue Reading CISA Releases Proposed Security Attestation Form for Software Producers
While you were asking ChatGPT to create a 3-course menu for the upcoming book club you’re hosting or to explain the Rule Against Perpetuities, several federal government agencies announced initiatives related to the use of artificial intelligence (AI) and automated systems, focusing on the potential threats stemming from the misuse of this powerful technology. As the development and use of AI becomes integrated into our daily lives and employee work routines, and companies begin to leverage such technology in their solutions provided to the government, it is important to understand the developing federal government compliance infrastructure and the potential risks stemming from the misuse of AI and automated systems.
On April 4, 2023, the Defense Contract Management Agency’s (“DCMA”) Commercial Item Group held an industry day at Fort Lee in Virginia. The DCMA Commercial Item Group assists DOD purchasers in determining whether items provided to DoD qualify as commercial products or services and, thus, will be subject to fewer federal acquisition and DoD requirements. The Commercial Item Group also assists with market research, technical analysis, price analysis, negotiation support, commercial item database maintenance and providing support on commercial products and services initiatives.
Welcome back to the Cost Corner, where we address the complex cost and pricing regulations that apply to Government contractors. The last edition of the Cost Corner provided an overview of the regulatory framework for Government contracts cost and pricing, including the Truthful Cost or Pricing Data Statute,[1] the Federal Acquisition Regulation (FAR) Cost Principles,[2] and the Cost Accounting Standards (CAS).[3] This edition of the Cost Corner takes a closer look at the Truthful Cost or Pricing Data Statute, commonly referred to by its former name, the Truth in Negotiations Act (TINA).
The Federal Risk and Authorization Management Program (FedRAMP) Program Management Office recently released a revised version of its Obligations and Compliance Standards document for third party assessors – the organizations that conduct reviews and enable security authorizations for cloud service offerings to the federal government. The revised document seeks to further define the performance and compliance expectations for third party assessors (3PAOs) and incorporates changes stemming from the FedRAMP Authorization Act, which was enacted as part of the Fiscal Year 2023 National Defense Authorization Act and codified FedRAMP. The revisions reflect recent trends in cyber and supply chain security, focusing on identifying potential foreign influence and enhancing transparency with respect to the activities conducted by the third party assessors.
Companies regularly are required to interpret ambiguous and vague regulatory provisions. Today, the United States Supreme Court heard oral arguments in a pair of consolidated cases to determine whether a defendant’s subjective interpretation of an ambiguous regulation is relevant to determining the knowledge (or scienter) element of the False Claims Act or, as the Seventh Circuit held in the case below, that once a defendant can articulate an objectively reasonable interpretation its contemporaneously held subjective belief is irrelevant to the knowledge inquiry. The issue is a significant one for both the government and relators on one side, and potential defendants on the other, as False Claims Act (FCA) liability imposes treble damages and penalties exceeding $20,000 per claim as well as relators’ attorneys’ fees and costs.
Continue Reading Supreme Court Hears Arguments on False Claims Act Scienter Standard