We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE. The interim rule creates a new FAR Subpart 4.21, as well as two new contract clauses, FAR 52.204-24 and 52.204-25, which were effective August 13, 2019. These restrictions apply not only to prime contractors, but also to all subcontractors and throughout the supply chain. Concurrent with the release of the FAR interim rule, the Department of Defense (“DoD”) issued a memorandum, laying out DoD procedures to implement the prohibitions contained therein. These procedures apply to contracts, task orders, and delivery orders, including basic ordering agreements (BOAs), orders against BOAs, blanket purchase agreements (BPAs), and calls against BPAs.
Continue Reading Effective Last Month! – DoD’s Implementation of New FAR Prohibitions on Chinese Telecommunications Equipment and Services in Government Contracts

In accordance with Section 889(a)(1)(A) of the 2019 National Defense Authorization Act (Pub. L. No. 115-232) (the “2019 NDAA”), which required imposition of broad restrictions on procurements involving certain Chinese telecommunications hardware manufacturers such as Huawei Technologies Co. and ZTE Corp within one year, the FAR Council has released an interim rule implementing these restrictions. On August 13, the FAR Council released Federal Acquisition Circular 2019-05 (84 Fed. Reg. 40,216), creating a new FAR Subpart 4.21, as well as two new contract clauses, FAR 52.204-24 and 52.204-25, all of which are effective August 13, 2019. These restrictions apply not only to prime contractors, but also to all subcontractors and throughout the supply chain. Government contractors need to know that these new requirements are effective immediately and that opportunities for waivers are very limited.
Continue Reading Effective Immediately! – FAR Amended to Include Prohibition on Chinese Telecommunications Equipment and Services in Government Contracts

The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for it,” the Department of Defense (DoD) announced in June 2019 it is in the process of developing a new cybersecurity certification program for its contractors, which will involve using third party auditors to validate contractor compliance with required security controls. In addition, on June 19, 2019, the National Institute of Standards and Technology (NIST) released two new highly-anticipated draft special publications – NIST SP 800-171, Rev 2 and NIST SP 800-171B – with a tight turnaround time for comments by July 19, 2019.
Continue Reading Cyber Update: DoD Contractor Cybersecurity Certification and 33 New Enhanced Controls to Combat the Advanced Persistent Threat

On May 2, 2019, the General Services Administration (“GSA”) and the Office of Management and Budget (“OMB”) finally released their Phase 2 Implementation Report (the “Phase 2 Report”) for “Procurement Through E-Commerce Portals,” as directed by Section 846 of the National Defense Authorization Act for Fiscal Year 2018 (“FY 2018 NDAA”).[1]

GSA/OMB offered a sneak preview of the Phase 2 Report at an Industry Day held on December 12, 2018, during which GSA/OMB revealed their intent to proceed with a proof of concept contract utilizing only the E-Marketplace model. Industry pushback against a single model proof of concept was both quick and severe and, coupled with the lengthy delay issuing the Phase 2 Report, many wondered whether GSA/OMB were reevaluating their proposed approach.
Continue Reading The Future of COTS Procurement: Top 10 Questions from GSA’s Section 846 Phase 2 Report

On April 29, 2019, just months into her new job at the New York State Department of Financial Services (“DFS”), acting DFS Superintendent Linda Lacewell announced a significant reorganization within the financial and insurance regulator. The new Consumer Protection and Financial Enforcement Division (the “CPFED”) combines seven previously separate divisions and units – Enforcement, Investigations and Intelligence, the Civil Investigations Unit, the Producers Unit, the Consumer Examinations Unit, the Student Protection Unit, and the Holocaust Claims Processing Office – under a single executive deputy superintendent. Lacewell appointed Katherine Lemire, a former state and federal prosecutor, to head the newly-minted division.
Continue Reading New York DFS Consumer Protection and Financial Enforcement Division: New Name, New Look, Old Mandate

On May 15, 2019, President Trump issued an Executive Order (“EO”) targeting activities of certain foreign telecommunications companies based in hostile countries. Entitled “Securing the Information and Communications Technology and Services Supply Chain,” the EO declares a national emergency based on a Presidential finding that “foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services … in order to commit malicious cyber-enabled actions” rising to the level of “an unusual and extraordinary threat to national security.”[1] As a result, the EO allows the Federal Government, led by the Secretary of Commerce, to bar U.S. companies from doing business with foreign entities it determines are contributing to the threat. For more on this issue, see our Global Trade Law blog posting here
Continue Reading New Executive Order To Further Restrict Business with Huawei and Other Foreign Adversaries Engaged in Cyber Espionage

In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information.  In addition to updated Department of Defense guidance and procedures for evaluating contractors’ compliance with cybersecurity requirements, as well as an increase in Department of Defense cybersecurity audits, the Federal Acquisition Regulation (FAR) council also has promised a new FAR clause that will require compliance with NIST SP 800-171 security controls for civilian agency contractors that receive or create Controlled Unclassified Information (CUI).
Continue Reading “Internet of Things” Guidance to be Added to Cybersecurity Requirements for Agencies and Federal Contractors

Earlier this month, the Securities and Exchange Commission (“SEC”) took a break from its recent focus on digital assets and the Best Interest fiduciary standard to publish a Risk Alert encouraging investment advisers and broker-dealers to revisit their policies and procedures relating to Regulation S-P (“Reg S-P”) (17 C.F.R. Part 248, Subpart A), which sets out requirements designed to protect customer information and records. The Alert highlights several key compliance issues identified by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) during exams completed in the past two years.
Continue Reading SEC Issues Risk Alert on Customer Privacy Safeguards

The Enforcement Division of the United States Securities and Exchange Commission (“SEC”) recently released its annual enforcement report (“Report”) for fiscal year 2018. The Report reflects an increased focus on retail investors, cryptocurrency, cybercrime, and individual accountability. Further, it showcases that SEC enforcement continues to be robust under the Trump administration, despite industry and media expectations to the contrary.

In fiscal year 2018, the SEC brought 821 enforcement actions, an approximately 8.8% increase from last year. The SEC collected approximately $3.9 billion in monetary penalties, a 4% increase from last year. Notably, however, a significant portion of this amount came from a single case, in which $1.8 billion in disgorgement and penalties were awarded for a large-scale corruption scheme. Moreover, while total monetary penalties rose, there was a decrease in the total amount of disgorgement imposed. This is likely due in part to the Supreme Court’s 2017 Kokesh decision, which held that SEC claims for disgorgement are subject to a five-year statute of limitations.  
Continue Reading SEC Enforcement’s Annual Report Prioritizes Retail Investors, Cryptocurrency, Cybercrime, and Individual Accountability

The 2019 National Defense Authorization Act (“NDAA”) imposes new restrictions on procurements for telecommunications equipment or services based on ties to certain Chinese entities, thereby growing the list of forbidden products for contractors. Specifically, Section 889 prohibits executive-branch agencies from initiating procurements or entering into contracts for certain telecommunications equipment or services from companies associated with, owned, or controlled by the People’s Republic of China, that are to be used “as a substantial or essential component of any system, or as critical technology as part of any system.”
Continue Reading The List of Forbidden Products Grows: The NDAA’s Prohibitions on Use of Certain Chinese-Made Equipment