Tag: Internal Investigations and Disclosures

Time for Compliance with DOD’s Cybersecurity Regulations is NOW

Michael Joseph Montalbano and Samarth Barot 

On February 19, 2024, the Department of Justice (“DOJ”) notified the U.S. District Court for the Northern District of Georgia that it would intervene in a False Claims Act (“FCA”) case filed against Georgia Tech Research Corporation and Georgia Institute of Technology (collectively “Georgia Tech”) for not complying with the requirements of DFARS 252.204-7012 and National Institute of Standards and Technology Special Publication 800-171 (“NIST 800-171”).

All Department of Defense (“DOD”) solicitations and contracts contain DFARS clause 252.204-7012. DFARS 252.204-7012 requires a contractor to assess its compliance with 110 cybersecurity controls set out in the NIST 800-171 if the Company has controlled unclassified information. Specifically, pursuant to DFARS 252.204-7012, contractors must implement all of the NIST 800-171 requirements and upload the results of that assessment to the Department of Defense’s Supplier Performance Risk System (“SPRS”), or have a plan of action and milestones in place for any requirement the contractor has not yet implemented.

Continue reading “Time for Compliance with DOD’s Cybersecurity Regulations is NOW”

How to Manage a Potential Whistleblower

Dominique L. Casimir, Jennifer A. Short, and Michael Joseph Montalbano 


The federal False Claims Act (“FCA”) is one of the United States’ most effective tools to detect and prevent fraud against the Government. One reason the FCA is so effective is that it encourages the employees of an organization to come forward as claimants and receive a share of any financial recovery to the Government. Recognizing the central role of these whistleblowers in the FCA’s enforcement scheme, Congress included an anti-retaliation provision in the statute that protects them when they report suspected fraudulent conduct. Under the FCA’s anti-retaliation provision, employees, contractors, or agents can sue for damages on their own behalf if they are “discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of employment because of lawful acts done” in connection with a reported FCA violation. 31 U.S.C. § 3730(h)(1). Likewise, nearly every state also affords some degree of whistleblower protection, either statutorily or in the common law.

Continue readingHow to Manage a Potential Whistleblower

Expect GSA to More Closely Scrutinize Trade Agreements Act Compliance

Merle M. DeLancey Jr.

On January 21, 2022, the General Services Administration (“GSA”) Office of Inspector General (“OIG”) informed the Federal Acquisition Service (“FAS”) that ongoing monitoring by the OIG found that the FAS failed to properly monitor the sale of products for compliance with the Trade Agreements Act (“TAA”) during the COVID-19 response. Previously, in April 2020, GSA relaxed compliance with the TAA for a limited number of Federal Supply Classes (“FSCs”) to aid the government’s response to the COVID-19 pandemic. The applicable FSCs included those covering N95 masks, cleaners and disinfectants, disposable gloves, and hand sanitizers. After several extensions, the TAA exception policy expired on April 30, 2021.

The OIG identified two deficiencies in FAS’ implementation of the TAA exception policy. First, the OIG found that FAS failed to properly track the addition of non-compliant products to contracts. As a result, after expiration of the exception policy, there was no effective way for GSA to remove the non-compliant products from contracts. Second, the OIG found that GSA improperly permitted the addition of non-compliant products to GSA contracts. For example, some products that were added were unrelated to the government’s response to the pandemic; some products were added to GSA contracts prior to the effective date of the TAA exception policy; and, remarkably, in one case, a product was added to a contract that identified North Korea as its country of origin.

Continue reading “Expect GSA to More Closely Scrutinize Trade Agreements Act Compliance”

After Acetris Decision, Trade Agreements Act Compliance Questions Abound: Contractors Need Guidance

Merle M. DeLancey Jr., Jay P. Lessler, and James R. Staiger

The Federal Circuit’s recent decision in Acetris has left many contractors scratching their heads and asking questions. To recap, on February 10, 2020, the Federal Circuit held that, under the Federal Acquisition Regulation (“FAR”), to qualify as a “U.S.-made end product” under the Trade Agreements Act (“TAA”), a drug must be either “manufactured” in the United States or “substantially transformed” in the United States. (See Federal Circuit Holds Generic Drugs Manufactured in the U.S. from API Produced in India Qualify for Sale to U.S. under Trade Agreements Act (Acetris Decision).) This is a stark change from the Government’s long-held position that manufacturing and substantial transformation were one in the same.

As a result of the Acetris decision, federal contractors seeking to comply with or maintain compliance with the TAA are facing many questions. Some of the more prominent questions are below. Continue reading “After Acetris Decision, Trade Agreements Act Compliance Questions Abound: Contractors Need Guidance”

Federal Circuit Holds Generic Drugs Manufactured in the U.S. from API Produced in India Qualify for Sale to U.S. under Trade Agreements Act (Acetris Decision)

Merle M. DeLancey Jr., Jay P. Lessler, and James R. Staiger

Earlier today, the United States Court of Appeals for the Federal Circuit issued a decision that is sure to send shockwaves through the generic drug industry. In Acetris, the Federal Circuit held that a generic drug manufactured in the United States complied with the Trade Agreements Act (“TAA”) and could be sold to the Department of Veterans Affairs. The court made this determination even though the drug’s active pharmaceutical ingredient (“API”) came from a non-designated country, India. In reaching its decision, the court broke away from longstanding Customs and Border Protection (“CBP”) precedent that the country where the API was produced dictated the location of “substantial transformation” and thus the country of origin for any resulting drug. The court held that under the Federal Acquisition Regulation (“FAR”), to qualify as a “U.S.-made end product” under the TAA, a drug must be either “manufactured” in the United States or “substantially transformed” in the United States—but not be both.

For years, generic drug manufacturers that manufacture drugs in the United States from API produced in India and China have been precluded from selling their drugs to the U.S. Government under the TAA. The Federal Circuit’s Acetris decision opens up the U.S. Government market for generic drugs manufactured in the U.S. from API produced in India and China.

 

 

What Contractors Should Know about DOJ’s Revised Guidance on Evaluations of Corporate Compliance

Brian S. Gocial and Stephanie M. Harden

As government contractors know well, a robust compliance program can be critical—both in preventing, detecting, and resolving compliance problems and in working with agencies and/or the Department of Justice (“DOJ”) to resolve compliance issues when they arise. Though DOJ has previously issued guidance on how it evaluates corporate compliance programs, on April 30, 2019, it greatly expanded upon its earlier guidance with a lengthy new guidance document. The document is notable for its emphasis not just on the design of compliance programs, but also on their effectiveness in practice. The document is a useful benchmark for contractors to evaluate their compliance programs, as well as to demonstrate their affirmative responsibility to agencies when facing agency-level investigations.

The guidance document focuses on three central questions:

    1. Is the corporation’s compliance program well designed?
    2. Is the corporation’s compliance program implemented effectively?
    3. Does the compliance program actually work in practice?

The following outline provides a summary of the various factors DOJ discusses in connection with each of these questions—and more information on each topic can be found here.

Contractors should assess how their own compliance programs measure up against these factors: Continue reading “What Contractors Should Know about DOJ’s Revised Guidance on Evaluations of Corporate Compliance”

NISPOM Conforming Change 2: What You Need to Know

Justin A. Chiarodo and Philip Beshara

The government recently issued long-awaited amendments to the National Industrial Security Program Operating Manual (“NISPOM”).  The amendments, known as Conforming Change 2, are targeted at combating insider threats and impose several new requirements warranting immediate action by contractors holding facility clearances.

There are four key elements to Change 2: (1) a mandated Insider Threat Program (“ITP”); (2) new cyber incident reporting requirements; (3) newly defined NISPOM components; and, (4) an updated standard for foreign-owned or controlled companies seeking access to proscribed information.  We summarized these changes and provide implementation suggestions below.

I. Insider Threat – Mandated Insider Threat Program

Change 2 requires cleared contractors to have a written Insider Threat Program plan no later than November 30, 2016.  The ITP must detect, deter, and mitigate insider threats consistent with the ITP requirements currently imposed on executive branch agencies (as set forth in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs). Continue reading “NISPOM Conforming Change 2: What You Need to Know”

Exit mobile version
%%footer%%