Michael Joseph Montalbano
In January, the Department of Defense (“DoD”) released more information on its much-anticipated Cybersecurity Maturity Model Certification (“CMMC”) framework. While a final rule is not expected until the fall, contractors need to begin preparing now so they do not miss out on DoD contract opportunities.
What Is the CMMC?
The CMMC is a certification system that all DoD prime and subcontractors must comply with to be eligible to compete for and perform future DoD contracts. Under the new CMMC requirements, an accreditation body tapped by DoD will begin training third-party assessors in the spring of 2020, who will in turn certify defense contractors under the CMMC. There will be five CMMC certification levels, of ascending sophistication:
- Level 1 – Basic Cyber Hygiene
- Level 2 – Intermediate Cyber Hygiene
- Level 3 – Good Cyber Hygiene
- Level 4 – Proactive
- Level 5 – Advanced / Progressive
The contractor must comply with a combination of the following cybersecurity safeguards, depending on the certification level a contractor wants to achieve: (1) FAR 52.204 (Basic Safeguarding of Covered Contractor Information Systems); (2) NIST Special Publication 800-171 Revision 1 (“NIST Requirements”); (3) select subsets of a supplement to the NIST Requirements called NIST SP 800-171B; and (4) up to 171 “practices” identified in the CMMC. Though this may sound like a lot for contractors to process, DoD has released helpful appendices that put many of the requirements in easy-to-understand terms. Continue reading “New DoD Cybersecurity Regulations Are Coming—Is Your Company Ready?”
Merle M. DeLancey Jr., Jay P. Lessler, and James R. Staiger
The Federal Circuit’s recent decision in Acetris has left many contractors scratching their heads and asking questions. To recap, on February 10, 2020, the Federal Circuit held that, under the Federal Acquisition Regulation (“FAR”), to qualify as a “U.S.-made end product” under the Trade Agreements Act (“TAA”), a drug must be either “manufactured” in the United States or “substantially transformed” in the United States. (See Federal Circuit Holds Generic Drugs Manufactured in the U.S. from API Produced in India Qualify for Sale to U.S. under Trade Agreements Act (Acetris Decision).) This is a stark change from the Government’s long-held position that manufacturing and substantial transformation were one in the same.
As a result of the Acetris decision, federal contractors seeking to comply with or maintain compliance with the TAA are facing many questions. Some of the more prominent questions are below. Continue reading “After Acetris Decision, Trade Agreements Act Compliance Questions Abound: Contractors Need Guidance”
Merle M. DeLancey Jr., Jay P. Lessler, and James R. Staiger
Earlier today, the United States Court of Appeals for the Federal Circuit issued a decision that is sure to send shockwaves through the generic drug industry. In Acetris, the Federal Circuit held that a generic drug manufactured in the United States complied with the Trade Agreements Act (“TAA”) and could be sold to the Department of Veterans Affairs. The court made this determination even though the drug’s active pharmaceutical ingredient (“API”) came from a non-designated country, India. In reaching its decision, the court broke away from longstanding Customs and Border Protection (“CBP”) precedent that the country where the API was produced dictated the location of “substantial transformation” and thus the country of origin for any resulting drug. The court held that under the Federal Acquisition Regulation (“FAR”), to qualify as a “U.S.-made end product” under the TAA, a drug must be either “manufactured” in the United States or “substantially transformed” in the United States—but not be both.
For years, generic drug manufacturers that manufacture drugs in the United States from API produced in India and China have been precluded from selling their drugs to the U.S. Government under the TAA. The Federal Circuit’s Acetris decision opens up the U.S. Government market for generic drugs manufactured in the U.S. from API produced in India and China.
Carolyn R. Cody-Jones
A recent decision in the federal district court for the Eastern District of California is one of the first to recognize application of the False Claims Act (“FCA”) to Department of Defense (“DoD”) cybersecurity requirements, and will likely encourage future lawsuits alleging noncompliance with federal cybersecurity procurement regulations. In United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-2245 WBS AC, 2019 WL 2024595 (E.D. Cal. May 8, 2019), the court denied the defendant contractor’s motion to dismiss qui tam complaint fraud allegations against the company. The complaint—brought by a former employee from the company’s cybersecurity department a month after his termination from the company—alleged the defendant fraudulently entered into DoD and National Aeronautics and Space Administration (“NASA”) contracts despite knowing that it did not meet the minimum standards required to receive the awards. The court permitted the case to move forward despite the government declining to intervene.
The primary regulations at issue in the case are DFARS 252.204-7012, which recently required, as of December 31, 2017, that contractors have a cybersecurity plan in place complying with 110 recommended security control standards set forth in NIST SP 800-171. However, the court’s decision in Aerojet Rocketdyne focused on the previous 2013 final rule and the two interim rules in 2015 implementing DFARS 252.204-7012, and also a NASA cybersecurity regulation at 48 C.F.R. § 1852.204-76 involving contractor security controls for sensitive but unclassified government information. Continue reading “Eastern District of California Allows False Claims Act Allegations Based on Noncompliance with DoD Cybersecurity Requirements to Go Forward”
Michael J. Slattery
The Department of Justice (“DOJ”) recently released its annual fraud statistics for FY 2018. The statistics reveal that False Claims Act (“FCA”) recoveries reached their lowest level since FY 2009. However, although total recoveries are down, this decrease is more a by-product of a down year in major health care and financial services recoveries, and we think it is too early to view these numbers as reflecting a sea change in enforcement.
The annual statistics published by DOJ on December 21, 2018 demonstrate that the Government recovered a total of $2.88 billion in qui tam and non-qui tam FCA judgments and settlements in FY 2018. This represents the lowest amount recovered since FY 2009, when the Government recovered nearly $2.47 billion. It also demonstrates a short-term trend in declining recovery. FY 2018 was the second straight year in which fraud recovery decreased. However, recent comments by the Trump administration’s nominee for U.S Attorney General likely indicate that no affirmative decision to decrease FCA actions will occur in the next few years. Continue reading “What DOJ’s FY 2018 False Claims Act Recovery Statistics Reveal”
Justin A. Chiarodo and Stephanie M. Harden
The Department of Justice’s (“DOJ”) bombshell statement last month that it would seek dismissal of the Gilead False Claims Act (“FCA”) suit—a qui tam suit alleging misrepresentations and concealments regarding active ingredient sources and quality for HIV medications—surprised many in the government contracts community. Though DOJ had signaled earlier last year in the so-called “Granston memo” that it may seek dismissal of certain FCA cases, the fact that DOJ sought to do so while a case was on appeal to the Supreme Court—and without consulting relators—was unexpected. Continue reading “Breaking Camp(ie): Supreme Court Sends Gilead FCA Case Back for Likely Dismissal, Postponing Escobar’s Return”
Sara N. Gerber
The U.S. Supreme Court has granted a writ of certiorari to address a Circuit Court split concerning whether False Claims Act (“FCA”) relators may rely on the statute of limitations in 31 U.S.C. § 3731(b)(2)—a limitations period which is triggered by the government’s knowledge of the fraud—when the government does not intervene. The Supreme Court granted cert on November 16, 2018, to review the Eleventh Circuit’s decision in U.S. ex rel. Hunt v. Cochise Consultancy, Inc. The Eleventh Circuit reversed the Alabama District Court, reviving the relator’s complaint by giving the relator the benefit of the longer limitations period in § 3731(b)(2).
At the center of the matter is the interplay between the two limitations periods in the FCA after which a “civil action under section 3730” is time-barred: (1) “6 years after the date” of an alleged violation, see 31 U.S.C. § 3731(b)(1); or (2) “3 years after the date” when material facts “are known or reasonably should have been known by the official of the United States charged with responsibility to act in the circumstances, but in no more than 10 years after the date” of the alleged violation, see 31 U.S.C. § 3731(b)(2). The relator in Cochise Consultancy filed his claim more than six years after the alleged fraud occurred, but within three years of his disclosure of the fraud to FBI agents who had interviewed him about his role in a separate kickback scheme, to which he ultimately pled guilty and served time in federal prison. Continue reading “Supreme Court Grants Cert to Resolve Circuit Split on FCA Statute of Limitations”
Robyn N. Burrows
Over two years ago, the Supreme Court in Universal Health Servs. v. U.S. ex rel. Escobar, 136 S. Ct. 1989 (2016) upheld the implied certification theory of liability under the federal False Claims Act (“FCA”). Applying a two-part test, the Court stated that implied liability would attach where “at least two conditions” are satisfied: (1) the claim makes specific representations about goods or services provided and (2) the defendant’s failure to disclose noncompliance with a material statutory, regulatory, or contractual requirement renders those representations “misleading half-truths.” Courts interpreting Escobar have disagreed as to whether this two-part test is the exclusive means for establishing liability under the implied certification theory, or whether other circumstances might also trigger liability. For example, several courts have noted that Escobar’s reference to “at least two conditions” implies that other, unspecified factors might also be sufficient to create an implied certification claim. The Fourth Circuit, along with several other district courts, have adopted this more liberal view. Most other circuits that have addressed this issue, however, have found the two-part test to be mandatory. The First, Third, Fifth, and Seventh Circuits, as well as many district courts, have either explicitly or implicitly held that Escobar’s two-part test is the exclusive means of establishing implied certification. Continue reading “The Ninth Circuit Reluctantly Joins Majority of Courts in Mandating Escobar’s Two-Part Test for Implied Certification”
Merle M. DeLancey Jr.
Two recent judicial decisions involving the Trade Agreements Act (“TAA”) build on a trend reflecting a more favorable enforcement climate for contractors grappling with domestic preference regimes. Earlier this year, the U.S. District Court for the District of Columbia dismissed a qui tam action that alleged fraud in connection with country of origin requirements imposed by the TAA. United States ex rel. Folliard v. Comstor Corp., 308 F.Supp.3d 56 (D.D.C. 2018) (finding the relator failed to adequately plead that the alleged TAA noncompliance was “material” to the Government’s payment decision). The decision marked a welcome early defeat of a False Claims Act case based on the enhanced materiality and scienter requirements of the Escobar decision (as we wrote about here).
Two recent federal court decisions appear to extend the trend of taking some of the bite out of TAA enforcement, and potential exposure for alleged noncompliance. Despite this welcome news, domestic preference programs remain a key legal obligation for government contractors (and an area likely to remain under scrutiny with the Administration’s professed focus on Buy American and Hire American initiatives). Continue reading “Trade Agreements Act Enforcement Loses a Couple More Teeth”
Merle M. DeLancey Jr.
Recently, the United States District Court for the District of Columbia dismissed a qui tam action involving allegations of fraud in connection with country of origin requirements imposed by the Trade Agreements Act (“TAA”). United States ex rel. Folliard v. Comstor Corp., 308 F.Supp.3d 56 (D.D.C. 2018).
Comstor involved a False Claims Act (“FCA”) action filed by a serial whistleblower who alleged two contractors violated the FCA by selling non-TAA compliant products on their General Services Administration (“GSA”) Federal Supply Schedule (“FSS”) contracts to federal government customers. Depending on the dollar value of the acquisition, most procurements are subject to either the Buy American Act (“BAA”) or TAA. Currently (2018), the BAA applies to supply procurements valued at or below $180,000. Accordingly, the TAA currently applies to such procurements valued in excess of $180,000. GSA has determined the TAA applies to FSS contracts. Continue reading “Trade Agreements Act Compliance: Some Welcome News for Some Federal Contractors, But Will It Last?”