Last month, the General Services Administration (“GSA”) finalized a rule marking what the agency describes as the most significant development to its Schedules program in over two decades. The rule completely changes how GSA will analyze vendor pricing for products and services.
Under the rule, vendors will eventually be required to submit monthly transactional data reports with information related to orders and prices under certain GSA Schedule contracts and other vehicles. Along with the implementation of the new Transactional Data Reporting (“TDR”) requirement, GSA will relieve vendors from two preexisting compliance burdens—eliminating the Commercial Sales Practices (“CSP”) and Price Reductions Clause (“PRC”) reporting requirements when vendors begin submitting transactional data.
While vendors should welcome the relief provided from the elimination of two burdensome regulations, the shift to TDR will not be without cost and risk; and, the eventual efficiencies promised by GSA remain to be seen. Indeed, the impact of the change will likely extend beyond compliance burdens, with potential effects varying from the nature of False Claims Act suits to the potential publication of competitive information.
The government recently issued long-awaited amendments to the National Industrial Security Program Operating Manual (“NISPOM”). The amendments, known as Conforming Change 2, are targeted at combating insider threats and impose several new requirements warranting immediate action by contractors holding facility clearances.
There are four key elements to Change 2: (1) a mandated Insider Threat Program (“ITP”); (2) new cyber incident reporting requirements; (3) newly defined NISPOM components; and, (4) an updated standard for foreign-owned or controlled companies seeking access to proscribed information. We summarized these changes and provide implementation suggestions below.
I. Insider Threat – Mandated Insider Threat Program
Change 2 requires cleared contractors to have a written Insider Threat Program plan no later than November 30, 2016. The ITP must detect, deter, and mitigate insider threats consistent with the ITP requirements currently imposed on executive branch agencies (as set forth in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs). Continue reading “NISPOM Conforming Change 2: What You Need to Know”
The government recently finalized a sweeping amendment to the Federal Acquisition Regulation (“FAR”) that will impose basic information system safeguarding requirements on many federal acquisitions, marking the latest in the continuing government effort to regulate and enhance cybersecurity protections in the industry. The Final Rule, effective June 15, 2016, imposes fifteen basic safeguarding requirements for contractors with information systems containing information provided by, or generated for, the government under a federal contract.
Though many contractors likely maintain information security standards that meet or exceed the new rule, they should confirm their compliance status by assessing these requirements against their current cybersecurity compliance program (to help mitigate the risk of a breach of contract claim or more serious enforcement action). This should include confirming that the requirement is flowed down to subcontractors where appropriate. Continue reading “Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements”
In the latest regulatory action targeted at human trafficking, the Federal Acquisition Regulatory Councils (“FAR Councils”) on May 11, 2016 issued a proposed rule to include a sweeping new definition of the term “recruitment fees.” The proposed definition would cover nearly any conceivable charge related to recruiting, hiring, and onboarding of employees, no matter the location of the employee, the skill level of the job, or customary business practices in the industry. Contractors should pay close attention, given that the rule also makes them responsible for recruitment fees collected by third parties, including subcontractors at all tiers, recruiters, and staffing firms.
The Department of Justice (DOJ) is setting its sights on individual accountability for corporate wrongdoing. That is the message that DOJ has been promoting following the recent internal memorandum issued by Deputy Attorney General Sally Quillian Yates titled “Individual Accountability for Corporate Wrongdoing” (the Yates Memo), which relates to DOJ’s practices in conducting corporate investigations. Although the idea of holding individuals accountable for corporate wrongdoing is not new, the Yates Memo’s relative focus on individuals as part of corporate investigations suggests more scrutiny of individuals in civil and criminal investigations. This focus complements a well-documented increase in the suspension and debarment of individuals in recent years, and reinforces the heightened risks that business owners, executives, managers, and employees face throughout the government contracting community.
As the federal government and contracting community near the end of a year filled with headline-grabbing cyber incidents, the Department of Defense (DoD) has recently issued interim cybersecurity and cloud computing regulations that amend the DFARS and impose important new information safeguarding, reporting, and cloud computing requirements. These are major changes that impact all DoD contractors, and if your company holds DoD contracts you should carefully review these new requirements and assess them as part of your broader corporate cybersecurity strategy.
This alert highlights the key requirements in the Interim Rule (available here).
Information Safeguarding and Cybersecurity Reporting
The Interim Rule expands DoD’s cybersecurity safeguarding and reporting requirements, including the types of information covered by the requirements, governing standards, and triggering events. Up until now, many of DoD’s cybersecurity requirements applied to select groups of defense contractors—those deemed “operationally critical” under the 2015 NDAA or “cleared defense contractors” under the 2013 NDAA, and contractors handling “unclassified controlled technical information,” or “UCTI,” under the DFARS. Continue reading “What DoD Contractors Need to Know: New Changes to Cybersecurity and Cloud Computing Regulations”
With Congress quickly approaching a September 30 funding deadline with no adequate spending measures in place, and the Office of Management and Budget now directing agencies to prepare contingency plans, the possibility of a government shutdown is becoming increasingly likely. Unfortunately, government contractors faced these challenges just two short years ago during a 16-day shutdown. Among other challenges, contractors may face a lack of incremental funding; the inability to enter into new contracts or contract modifications; closed government facilities; furloughed government employees; delayed payments; increased indirect costs; and unexercised and deferred contract options. This alert highlights steps government contractors can take to protect their business interests in the event of a shutdown.
Review Your Contracts
Reviewing your contracts is good advice in all times, but particularly so when facing a shutdown. Several key areas are worth reviewing before a shutdown. First, contractors should consider the amount and type of contract funding for each contract. A shutdown will affect incrementally funded contracts more than fully funded contracts. Though exceptions may apply, the funding for incrementally funded contracts may lapse in the event of a shutdown, which could cause the contract work to come to a halt. Fully funded contracts may be impacted by furloughed employees, facility closures, or other unexpected costs. Second, the place of contract performance may affect the ongoing work on a contract if the contractor is performing at a government facility. Many government facilities will close during a shutdown and furloughed employees or limited hours may affect those government facilities that do remain open. Third, the period of contract performance may affect a contract in that the government cannot exercise options and contract extensions during a shutdown. Fourth, the statement of work could also affect how the shutdown applies to a contract. For instance, national security and emergency preparedness contracts are much more likely to be funded during a shutdown than facility maintenance work. Nonetheless, even those exempt contracts may still be affected if the statement of work requires contractors or projects to interact with furloughed employees. Continue reading “Déjà Vu All Over Again: Six Tips to Prepare for a Government Shutdown”
A recent proposed rule issued by the Small Business Administration (SBA) previews long-awaited changes to SBA’s regulations governing small business government contracting programs. These changes will impact both large and small government contractors alike and warrant close attention. This alert highlights key elements in the proposed rule, including major changes to subcontracting limitations for small business set-asides that first arose in the FY 2013 National Defense Authorization Act (NDAA). Given the explosive growth in enforcement for small business program violations, and draconian new penalties for such violations, all contractors should take steps to ensure they comply with the upcoming rule changes.
Changed Method for Calculating Subcontracting Limitations
The FY 2013 NDAA implemented a number of changes to small business programs in federal procurements (we recently covered these changes here). The primary reform in the NDAA—now addressed in the SBA’s proposed rule—is a significant shift in the method of limiting subcontracting under set-aside procurements. The SBA and FAR currently require prime small business concerns on set-aside contracts to incur set percentages of costs incurred under the contract based on the contract type (e.g., at least 50 percent of the personnel or manufacturing costs incurred under service and supply contracts). The challenges in monitoring this cost-based method led Congress to amend the Small Business Act. That statute now limits the percentage of the total contract price a prime awardee can subcontract out. Consistent with the statute, the proposed rule would amend 13 CFR § 125.6 to require small business primes to perform 50 percent of the total contract price for service and supply contracts, 15 percent for general construction, and 25 percent for specialty trade construction. Continue reading “SBA Proposes Anticipated Small Business Subcontracting Rule”
DOD, FYSA, SITREP – government contractors are familiar with the alphabet soup that goes hand-in-hand with doing business with the federal government as well as most common labor laws and their acronyms: Federal Labor Standards Act, (“FLSA”), the Family and Medical Leave Act (“FMLA”), or Occupational Safety and Health Act of 1971 (“OSHA”). Now, the question is whether contractors comply with these laws and recent developments in government contractor employment law. On July 31, 2014 the White House issued the Executive Order – Fair Pay and Safe Workplaces (the “Executive Order”) which creates new requirements that will add pre and post-award reporting demands on many new government services and construction contracts. The purpose of this alert is to help government contractors sort through the dense language of the Executive Order and provide a roadmap for what to do going forward so that violations of labor laws don’t lead to suspension or debarment.
What’s New? The Basics of Executive Order – Fair Pay and Safe Workplaces The Executive Order applies to all new “procurement contracts for goods and services” with an expected value exceeding $500,000. The new requirements do not apply to contracts for “commercially available off-the-shelf items,” or contracts presently being performed. According to the White House Fact Sheet for the Executive Order, the new requirements will be applied in stages, on a “prioritized basis” beginning in 2016. Neither the Executive Order nor the Fact Sheet define “prioritized basis,” but presumably, government contracts with the highest expected values and most hazardous contract conditions will be among the first to report under the new requirements. The 2016 date provides some time for both the Federal Acquisition Regulatory (“FAR”) Council and Department of Labor (“DOL”) to issue guidance for implementation as required by the Executive Order.
With the potential for millions of dollars in withholdings on contract payments, Department of Defense (DoD) contractors have become all too familiar with the Business Systems Rule since it was first implemented in 2011. The Department of Energy (DoE) is now following in the steps of DoD and promulgating its own Business Systems Rule. On April 1, 2014, DoE issued a Notice of Proposed Rulemaking for its Business Systems Rule, which is largely modeled off of the DoD rule. This expansion of the Business Systems Rule beyond DoD warrants careful attention by contractors who may not have previously been covered, as effective and proactive compliance is essential to mitigating the risk of withholdings under the rule.
Overview of the DoD Business Systems Rule
The DoD Business Systems Rule permits DoD to withhold contractor payments on covered contracts if one or more “significant deficiencies” are found in any of the six business systems covered by the rule. The term “significant deficiency” is broadly defined as “a shortcoming in the system that materially affects the ability of officials of DoD and the Contractor to rely upon information produced by the system that is needed for management purposes”–a definition which leaves great discretion to the Contracting Officers responsible for determining system acceptability. Continue reading “The Expansion of the Business Systems Rule Beyond DoD”