With the filing of relators’ brief in United Health Services, the Supreme Court is one step closer to resolving one of the most controversial issues in False Claims Act (“FCA”) jurisprudence: whether “implied certification” is a valid liability theory under the FCA.
Under the implied certification theory, the plaintiff may allege that, by submitting any claim for payment to the government, a contractor impliedly certifies compliance with all applicable statutory, regulatory, and contractual requirements. Thus, under this theory, even where the contractor provided all of the goods and services for which it seeks payment, the government is allegedly wronged because it would not have paid for the items or service if it was aware of the contractor’s noncompliance with these other requirements.
Because the FCA makes it unlawful to knowingly submit a false or fraudulent claim for payment to the government—and imposes treble damages plus civil penalties ranging from $5,500 to $11,000 per claim—plaintiffs are strongly incentivized to assert the “implied certification” theory, which does not require the more difficult showing of an express false statement. Not surprisingly, the aggressive use of the implied certification theory has contributed to much of the recent increase in government enforcement actions and billions of dollars in recovery, including by settlements designed to avoid the legal uncertainty and the potentially significant damages and penalties under the FCA. The Supreme Court agreed in December to hear the case to resolve a circuit split as to whether implied certification is viable. Continue reading “Supreme Court to Resolve Circuit Split, Decide Viability of Plaintiff-Friendly Implied Certification Theory for FCA Liability”
On January 29, 2015, the Department of Defense, General Services Administration, and National Aeronautics and Space Administration published a final rule, effective March 2, 2015, implementing extensive new prohibitions and compliance requirements to the Federal Acquisition Regulation (FAR). The changes, mandated by President Obama’s December 2012 Executive Order (E.O. 13627) and the FY 2013 National Defense Authorization Act, raise across-the-board compliance concerns for government contractors—especially those that regularly employ foreign nationals.
New Restrictions and Requirements
The rule, amending FAR Subpart 22.17 and Contract Clause 52.222-50, will prohibit contractors and subcontractors from denying employees identity or immigration documents; using misleading or fraudulent recruitment practices; charging employees recruitment fees; using recruiters that do not comply with local labor laws of the country recruited from; and providing or arranging housing that fails to meet the host country’s housing and safety standards. The regulations also generally require contractors and subcontractors to pay for or provide transportation of foreign workers back to their home country at the end of their employment if they were brought to the work-country for the purpose of working on a U.S. Government contract or subcontract; or if the work-country is the U.S., they are not a U.S. national, and transportation is required under existing temporary worker programs or pursuant to a written agreement with the employee.
If required by law or under the contract, contractors and subcontractors must provide a written work document to employees in a language the employee understands. The rule further requires that the document contain, at minimum, details about work description, wages, the prohibition on recruitment fees, work location(s), living accommodations and associated costs, time off, round-trip transportation arrangements, grievance process, and the content of applicable trafficking laws and regulations. Continue reading “New Anti-Trafficking Regulations Finalized for Government Contractors”
On Wednesday, March 12, 2014, the Department of Defense (DOD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) requested public comments on its draft implementation plan (draft plan) for federal cybersecurity acquisition. See 79 Fed. Reg. 14042 (Mar. 12, 2014). The draft plan is the first of several steps toward implementing the recommendations outlined in the Working Group’s recently finalized report on Improving Cybersecurity and Resilience Through Acquisition (summarized here).
As comments are due on April 28, 2014, federal contractors and other stakeholders should act quickly to submit their views on what will have a significant and lasting impact on federal cybersecurity acquisition practices.
The draft plan proposes a repeatable, scalable, and flexible framework for addressing cyber risk in federal acquisitions, and by design, it will affect nearly all contracting entities. The draft plan proposes a “taxonomy” for categorizing procurements so that the government can effectively prioritize those in need of additional resources, attention, and safeguards. As proposed, the taxonomy is modeled on Federal Information and Communications Technology (ICT) acquisitions—though the Working Group has asked whether this framework is a workable model for the categorization of all acquisitions. The Working Group would use the ICT framework to categorize all acquisitions that present cyber risk, after which it would separately assess the risks within each category. Categories that present greater cybersecurity risk (based on threats, vulnerabilities, and impacts) would receive more and faster attention in acquisitions. The taxonomy is, in our view, the most significant new development in the draft plan, as it will serve as the principal basis for categorizing the extent of cyber regulations for procurements. This aspect of the plan accordingly warrants particularly close attention. Continue reading “DOD and GSA Seek Comments on Draft Cybersecurity Implementation Plan”
On January 23, 2014, the Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) submitted its eagerly anticipated final report on integrating cybersecurity requirements into all federal procurements. This report, which satisfies Executive Order (EO) 13636 and Presidential Policy Directive (PPD) 21, includes recommendations on the increased use of cybersecurity standards in all federal acquisition activities, including strategic planning, capabilities needs assessment, systems acquisitions, and program and budget development.
The final report is perhaps most notable as another step toward an era where most every government contractor must satisfy baseline cybersecurity requirements. While the final report does not provide explicit guidance on the details of creating such a new procurement environment, in light of recent, imminent and forthcoming government activity, including the final rule imposing cybersecurity and reporting obligations on DoD contractors (issued November 18, 2013 and summarized here), the upcoming final cybersecurity framework of the National Institute of Standards and Technology (NIST) (to be released in mid-February), and the forthcoming final rule governing the safeguarding of government contractor information systems (likely finalized next year), we view this final report as a bellwether. Government contractors who ignore the final report and the course it has set do so at their own peril. Continue reading “DoD and GSA Issue Final Report on Improving Cybersecurity and Resilience through Acquisition”
Last November, the U.S. Department of Defense (DoD) issued a final rule imposing enhanced cybersecurity and reporting obligations on contractors and subcontractors with information systems containing unclassified controlled technical information (UCTI). 78 Fed. Reg. 69273 (Nov. 18, 2013). UCTI is defined to mean technical information with a military or space application that is subject to controls on its access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.
The final rule adds a new subpart (224.73) and corresponding contract clause (252.204-7012) to the Defense Federal Acquisition Regulation Supplement (DFARS), and together they direct contractors that handle UCTI to (1) implement enhanced safeguards and (2) report and investigate certain incidents affecting such information.
This final rule implements one part of the broader and more controversial proposed rule, published in June 2011. 76 Fed. Reg. 38089 (June 29, 2011). That rule, which proposed substantial compliance obligations for protection of unclassified information, applied to a larger class of nonpublic information, including nonpublic information either provided by or on behalf of the DoD or collected, developed, received, or transmitted in conjunction with the contractor’s support of an official DoD activity. Unlike the proposed rule, however, this final rule is narrower in scope because it concerns only a single category of data: UCTI. Continue reading “Final DFARS Rule Imposes New Cybersecurity and Reporting Obligations”