It is no secret that deregulation is a top priority for the Trump Administration and the Republican-led Congress. In the early weeks of governing together, President Trump and House Speaker Paul Ryan have dusted off the Congressional Review Act (“CRA”) as the tool of choice for undoing federal rules and regulatory initiatives implemented by the Obama Administration. The little-known but important law, enacted by President Clinton in 1996, provides Congress with the ability to enact legislation overturning certain federal agency rules. In the more than two decades on the books, the CRA has only been used to overturn a federal rule on one occasion when, in 2001, President George W. Bush signed a resolution overturning an ergonomics rule issued by the preceding administration. However, despite its past obscurity, the CRA is now more important than ever. Continue reading “How a Clinton-Era Law Could Reduce Regulations on Government Contractors under President Trump”
Last month, the General Services Administration (“GSA”) finalized a rule marking what the agency describes as the most significant development to its Schedules program in over two decades. The rule completely changes how GSA will analyze vendor pricing for products and services.
Under the rule, vendors will eventually be required to submit monthly transactional data reports with information related to orders and prices under certain GSA Schedule contracts and other vehicles. Along with the implementation of the new Transactional Data Reporting (“TDR”) requirement, GSA will relieve vendors from two preexisting compliance burdens—eliminating the Commercial Sales Practices (“CSP”) and Price Reductions Clause (“PRC”) reporting requirements when vendors begin submitting transactional data.
While vendors should welcome the relief provided from the elimination of two burdensome regulations, the shift to TDR will not be without cost and risk; and, the eventual efficiencies promised by GSA remain to be seen. Indeed, the impact of the change will likely extend beyond compliance burdens, with potential effects varying from the nature of False Claims Act suits to the potential publication of competitive information.
We summarize these and other key takeaways from the new rule below, and answer questions important to vendors as GSA rolls out this significant development. Continue reading “GSA’s Transactional Data Reporting Rule Ushers in a New Era”
The government recently issued long-awaited amendments to the National Industrial Security Program Operating Manual (“NISPOM”). The amendments, known as Conforming Change 2, are targeted at combating insider threats and impose several new requirements warranting immediate action by contractors holding facility clearances.
There are four key elements to Change 2: (1) a mandated Insider Threat Program (“ITP”); (2) new cyber incident reporting requirements; (3) newly defined NISPOM components; and, (4) an updated standard for foreign-owned or controlled companies seeking access to proscribed information. We summarized these changes and provide implementation suggestions below.
I. Insider Threat – Mandated Insider Threat Program
Change 2 requires cleared contractors to have a written Insider Threat Program plan no later than November 30, 2016. The ITP must detect, deter, and mitigate insider threats consistent with the ITP requirements currently imposed on executive branch agencies (as set forth in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs). Continue reading “NISPOM Conforming Change 2: What You Need to Know”
The government recently finalized a sweeping amendment to the Federal Acquisition Regulation (“FAR”) that will impose basic information system safeguarding requirements on many federal acquisitions, marking the latest in the continuing government effort to regulate and enhance cybersecurity protections in the industry. The Final Rule, effective June 15, 2016, imposes fifteen basic safeguarding requirements for contractors with information systems containing information provided by, or generated for, the government under a federal contract.
Though many contractors likely maintain information security standards that meet or exceed the new rule, they should confirm their compliance status by assessing these requirements against their current cybersecurity compliance program (to help mitigate the risk of a breach of contract claim or more serious enforcement action). This should include confirming that the requirement is flowed down to subcontractors where appropriate. Continue reading “Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements”
As the federal government and contracting community near the end of a year filled with headline-grabbing cyber incidents, the Department of Defense (DoD) has recently issued interim cybersecurity and cloud computing regulations that amend the DFARS and impose important new information safeguarding, reporting, and cloud computing requirements. These are major changes that impact all DoD contractors, and if your company holds DoD contracts you should carefully review these new requirements and assess them as part of your broader corporate cybersecurity strategy.
This alert highlights the key requirements in the Interim Rule (available here).
Information Safeguarding and Cybersecurity Reporting
The Interim Rule expands DoD’s cybersecurity safeguarding and reporting requirements, including the types of information covered by the requirements, governing standards, and triggering events. Up until now, many of DoD’s cybersecurity requirements applied to select groups of defense contractors—those deemed “operationally critical” under the 2015 NDAA or “cleared defense contractors” under the 2013 NDAA, and contractors handling “unclassified controlled technical information,” or “UCTI,” under the DFARS. Continue reading “What DoD Contractors Need to Know: New Changes to Cybersecurity and Cloud Computing Regulations”
This is the scenario: you are an executive or manager at a government contractor. It’s Friday morning. You are hoping to leave early and get a jump on the weekend. Then, the receptionist buzzes you and says, “There are men and women out here wearing FBI windbreakers and they want to execute a search warrant.” You wonder, “Can I tell the agents they cannot come in?” Your company does not have in-house counsel. You can call your attorney, but his or her office is across town and the FBI agents say they are not going to wait. “What should I do?”
This may sound like an unlikely scenario, but such government investigations happen all of the time around the country and are rarely expected. In recent years, prosecutors and agents from the Department of Justice (DOJ) and Inspector General Offices have brought charges of procurement fraud and corruption against over 100 defendants, including officers and employees of companies of all sizes. In September 2014, DOJ’s Criminal Division announced that it would be “stepping up” its investigation and prosecution of criminal violations of the False Claims Act, using a team of senior federal prosecutors dedicated exclusively to procurement fraud. DOJ’s announcement cited the use of search warrants as one of the significant investigative tools at prosecutors’ disposal. In addition to their increased exposure to law enforcement authorities, small businesses should expect greater scrutiny of their contracting dollars, an initiative that has received bipartisan support in Congress. In March, the House Small Business Committee approved a measure calling for a sweeping examination into abuses in small business contracting, and the Small Business Administration recently proposed a rule for harsher penalties relating to small business subcontracting limitations. Continue reading “Responding to a Warrant—What to Do if Your Company Is Subject to a Fraud Investigation”
On January 29, 2015, the Department of Defense, General Services Administration, and National Aeronautics and Space Administration published a final rule, effective March 2, 2015, implementing extensive new prohibitions and compliance requirements to the Federal Acquisition Regulation (FAR). The changes, mandated by President Obama’s December 2012 Executive Order (E.O. 13627) and the FY 2013 National Defense Authorization Act, raise across-the-board compliance concerns for government contractors—especially those that regularly employ foreign nationals.
New Restrictions and Requirements
The rule, amending FAR Subpart 22.17 and Contract Clause 52.222-50, will prohibit contractors and subcontractors from denying employees identity or immigration documents; using misleading or fraudulent recruitment practices; charging employees recruitment fees; using recruiters that do not comply with local labor laws of the country recruited from; and providing or arranging housing that fails to meet the host country’s housing and safety standards. The regulations also generally require contractors and subcontractors to pay for or provide transportation of foreign workers back to their home country at the end of their employment if they were brought to the work-country for the purpose of working on a U.S. Government contract or subcontract; or if the work-country is the U.S., they are not a U.S. national, and transportation is required under existing temporary worker programs or pursuant to a written agreement with the employee.
If required by law or under the contract, contractors and subcontractors must provide a written work document to employees in a language the employee understands. The rule further requires that the document contain, at minimum, details about work description, wages, the prohibition on recruitment fees, work location(s), living accommodations and associated costs, time off, round-trip transportation arrangements, grievance process, and the content of applicable trafficking laws and regulations. Continue reading “New Anti-Trafficking Regulations Finalized for Government Contractors”