Former DoD IG and In-House Chief Compliance Officer Lynne Halbrooks joins Nichols Liu

Washington DC (September 12, 2022)Lynne Halbrooks, a former Chief Compliance Officer and Acting Inspector General, has joined Nichols Liu as a Partner.

Ms. Halbrooks joins Nichols Liu from Acuity International where she was the Chief Compliance Officer and Deputy General Counsel.  Prior to that, she served in numerous senior legal and leadership roles within the government, including at the U.S. Department of Defense where she served as the Acting Inspector General and as the Principal Deputy Inspector General, the U.S. Senate Sergeant at Arms, the Special Inspector General for Iraq Reconstruction, and the U.S. Department of Justice, where she served as both an Assistant U.S. Attorney and in the Executive Office for U.S. Attorneys.  She was also previously a partner at Holland & Knight.

“We are delighted that Lynne has chosen Nichols Liu for her return to private practice.  Her stellar reputation and unique experience align perfectly with our mission to provide clients a one-stop shop with the best legal experts to help them navigate the complex issues that arise in government contracting,” said Robert Nichols, founding partner of the firm.

“As a former federal prosecutor and Acting Inspector General, Lynne has insights that will greatly enhance our already strong enforcement practice,” said Andy Liu, managing partner of the firm.  “She has a proven ability to help clients manage risk and solve problems.”

Ms.  Halbrooks’ practice will include advising companies on all aspects of government compliance and representing them in internal and government investigations and audits, including whistleblower reprisal investigations, and suspension and debarment proceedings.  She has experience advising companies and individuals on matters involving the False Claims Act, conflicts of interest, counterfeit parts, labor charging disputes, bribery and kickbacks, the Foreign Corrupt Practices Act, responses to subpoenas, and mandatory disclosures.

“I am thrilled to join the stellar professionals at this elite firm as it continues to grow and serve the government contractor community,” said Ms. Halbrooks.

Family Ties Create Contract Conflicts of Interest in Federal Acquisition. And More.

By Alan Chvotkin on August 25, 2022.

It is often said that you can’t pick your family. But sometimes, family relationships can affect whether a federal agency can pick a company in a competition because of a conflict of interest. Two recent Government Accountability Office (GAO) protest decisions looked at whether there were “hard facts” – not just innuendo and suspicion – necessary for GAO for determine whether a family relationship created a conflict of interest sufficient to sustain a protest of the agency’s award decision. Plus, here’s an update on pending legislation relating to the broader issue of acquisition conflicts of interest.

On July 6, 2022, GAO issued its opinion in KOAM Engineering Systems.[1] KOAM protested an award to McKean Defense Group for a Navy support services contract. One of the protest grounds was that McKean gained an unfair competitive advantage based on an apparent conflict of interest where one of the awardee’s key persons was married to an agency contracting officer’s representative (COR) on the protestor’s incumbent contract. KOAM asserted that, given their marriage, that both worked in close proximity at home, and that they shared a financial interest, there is an “irrefutable presumption of impropriety than cannot be overcome by the Navy’s after-the-fact investigation.” However, the Navy contended that its investigation found no evidence that the COR participated in the procurement or that the COR disclosed competitively useful information. GAO concluded that the unique facts here do not establish any impropriety requiring the exclusion of the awardee or reflect that the alleged conflict prejudiced the protestor.

On July 25, 2022, GAO issued its opinion in Deloitte Consulting/ManTech Advanced Systems.[2] The Defense Health Agency hired a consultant to help the agency with its acquisition planning. The consultant had a brother who worked for a company on the awardee’s team. The DHA contracting officer twice investigated the allegations and, after the second investigation, concluded that the award was not affected by the two brothers’ relationship. GAO concluded that the record before it did not support the allegations that a non-governmental advisor improperly influenced the procurement in favor of the awardee. In addition, GAO concluded that the protestors did not present the “hard facts” necessary to refute the agency’s conclusion.

Companies that become aware of a family relationship are well advised to take immediate action to separate the company employee from future action pending an internal review. It is often advisable to notify the government contracting officer as early in the procurement cycle as possible to allow the government to undertake its own review. You can be sure that competitors are going to know of, or discover, the relationship and potentially challenge any award decision as being tainted by that family relationship.

But potential post-award protestors need to be wary, as well. As these two, and other, GAO decisions affirm, protestors must provide “hard facts” to show that the family relationship created a conflict. Even then, however, a thorough analysis by the agency of the totality of the circumstances may still be enough to sustain the agency’s award decision even if a protest is filed.

Legislative Update

In my June 2022 column titled Stretching the Limits of FAR OCI Rules”, I wrote about proposed legislation introduced in both the House and Senate that would require the FAR Council to clarify the rules regarding organizational and personal conflicts of interest. Subsequently, on August 1, 2022, the United States Senate passed a modified version of the “Preventing Organizational Conflicts of Interest in Federal Acquisition Act.”[3] Under that Senate-passed bill, among other things, the FAR Council must revise the FAR to provide and update:

  • definitions related to specific types of organizational conflicts of interest;
  • definitions, guidance, and illustrative examples related to relationships of contractors with public, private, domestic, and foreign entities that may cause contract support to be subject to potential organizational conflicts; and
  • illustrative examples of situations related to the potential organizational conflicts identified.

The House Oversight and Reform Committee approved two similar conflict-of-interest reform bills on July 20, 2022 with substitute amendments.

Under H.R. 7602, also titled “Preventing Organizational Conflicts of Interest in Federal Acquisition Act”,[4] the bill directs the Federal Acquisition Regulatory Council to (1) identify contracting methods, types, and services that raise heightened concerns for potential organizational conflicts of interest beyond those currently addressed in the FAR; and (2) revise the FAR to address organizational conflicts of interest and require executive agencies to take certain actions.

Under H.R. 8325, titled “Preventing Personal Conflicts of Interest in Federal Acquisition Act”,[5] the FAR Council is directed to expand the scope of rules relating to personal conflict of interest, including providing improved definitions and examples, and requiring the OFPP Administrator to issue policy to prevent personal conflicts of interest in certain type of federal functions.

Finally, in my June 2022 column, I mistakenly noted that the FAR Council acted in March 2022 to close out one of the oldest unresolved open FAR cases – also dealing with conflicts of interest. In fact, the FAR Council withdrew the proposed rule without further action on March 19, 2021. I regret the error.

I doubt we have seen or heard the last of these GAO bid protests on family conflicts of interest or reached the end of the legislation on organizational or personal conflicts of interest. I’ll use future editions of this column to keep you up to date.

***originally published by Executive Mosaic on 8/25/2022***

[1] KOAM Engineering Systems, Inc., B-420157.2 (July 6, 2022), available at https://www.gao.gov/assets/730/721692.pdf.

[2] Deloitte Consulting LLP; ManTech Advanced Systems International, B-420137.7 through B-420137.11, (July 25, 2022) available at https://www.gao.gov/assets/730/722022.pdf.

[3] S. 3905, Preventing Organizational Conflicts of Interest in Federal Acquisition Act (Aug 1, 2022), available at https://www.congress.gov/117/bills/s3905/BILLS-117s3905es.pdf

[4] HR 7602, Preventing Organizational Conflict of Interest in Federal Acquisition Act (introduced April 27, 2022), available at https://www.congress.gov/117/bills/hr7602/BILLS-117hr7602ih.pdf. The text of the substitute amendment adopted by the Committee is available at https://docs.house.gov/meetings/GO/GO00/20220714/115007/BILLS-117-HR7602-M000087-Amdt-1.pdf.

[5] HR 8325, Preventing Personal Conflicts of Interest in Federal Acquisition Act (introduced July 11, 2022 available at https://www.congress.gov/117/bills/hr8325/BILLS-117hr8325ih.pdf. The text of the substitute amendment adopted by the Committee is available at https://docs.house.gov/meetings/GO/GO00/20220714/115007/BILLS-117-HR8325-M000087-Amdt-1.pdf.

Years in the Making: Aerojet Rocketdyne Settles for $9 Million Amidst Allegations of Cybersecurity Violations

By Andy Liu, Robert Nichols, Haaleh Katouzian, Madison Plummer, and Samantha Hoover

Years after relator Brian Markus brought a qui tam action against Aerojet Rocketdyne Holdings, Inc. (“Aerojet Rocketdyne”), the United States Department of Justice (“DOJ”) announced that the government contractor would pay $9 million to the Government to resolve False Claims Act (“FCA”) allegations.[1]  As we wrote about in 2019, Markus alleged that Aerojet Rocketdyne had fraudulently induced the government to award Aerojet Rocketdyne contracts by misrepresenting its compliance with cybersecurity requirements.[2]  Though the government declined intervention, the case ultimately went to trial and settled on the second day of the proceeding.  Markus will receive over $2.6 million of the settlement amount, which will likely inspire similar qui tam actions.

The ever-changing landscape of cybersecurity regulations, compliance, and enforcement can be difficult to track and navigate.[3]  DOJ commenced its Civil Cyber-Fraud Initiative in October 2021.[4]  DOJ’s announcement of the Aerojet Rocketdyne settlement put the Initiative into context:

The Department’s Civil Cyber-Fraud Initiative . . . aims to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.[5]

Earlier this year, DOJ announced what it claimed was its first FCA settlement under the Civil Cyber-Fraud initiative against a different contractor.[6]  The Settlement Agreement does not mention cybersecurity and, instead, the DOJ alleged that the contractor failed to disclose that it had not complied with the terms of the contract relating to the storage of medical records when it left scanned copies of some records on an internal network drive that could have been accessed by non-clinical staff.   DOJ’s touting of this settlement as a part of its current initiative to hold companies accountable for putting U.S. information systems at risk shows how aggressive they will be to categorize allegations as “cyber fraud.”

The Civil Cyber-Fraud Initiative came in the wake of President Biden’s Executive Order on Improving the Nation’s Cybersecurity, which stressed the federal government’s role in identifying, deterring, protecting against, detecting, and responding to sophisticated malicious cyber campaigns.[7]  Notably, that Executive Order also directed the Office of Management and Budget (“OMB”) to review the Federal Acquisition Regulation (“FAR”) and provide recommendations for updates to contract requirements and clauses.  Several agencies have also initiated notice & comment rulemaking procedures describe their intent to amend agency FAR supplements to enhance cybersecurity obligations.[8]

Just as we predicted FCA cases against Federal contractors for non-compliance, we also anticipate that there will be one or more suspensions and debarments for contractors who are not presently responsible regarding cyber compliance.  As such, it’s important for contractors to understand the regulatory obligations and to pursue a holistic approach that includes technical, governance, and legal risk management aspects.

Nichols Liu has teamed with a leading cyber compliance firm to develop a templated approach to cyber compliance.  We also have extensive experience advising clients on FCA matters, having served as lead counsel for hundreds of FCA cases.

[1] https://www.justice.gov/opa/pr/aerojet-rocketdyne-agrees-pay-9-million-resolve-false-claims-act-allegations-cybersecurity

[2] https://nicholsliu.com/cybersecurity-as-an-insecurity-in-the-fca-space/

[3] https://nicholsliu.com/dojs-new-cyber-fraud-initiative-looming-wave-of-fca-liability/

[4] https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative

[5] https://www.justice.gov/opa/pr/aerojet-rocketdyne-agrees-pay-9-million-resolve-false-claims-act-allegations-cybersecurity

[6] https://www.justice.gov/opa/pr/medical-services-contractor-pays-930000-settle-false-claims-act-allegations-relating-medical

[7] https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

[8] https://www.federalregister.gov/documents/2021/09/10/2021-18866/general-services-acquisition-regulation-gsar-gsar-case-2016-g511-contract-requirements-for-gsa;

https://www.federalregister.gov/documents/2021/11/17/2021-24880/cybersecurity-maturity-model-certification-cmmc-20-updates-and-way-forward.

Cyber Risks: DoD To Strictly Enforce Cybersecurity Regulations

By Robert Nichols, Alan Chvotkin, Michael Bhargava, and Madison Plummer

On June 16, 2022, the Department of Defense (“DoD”) published a memorandum that emphasized the potential consequences when contractors fail to comply with cybersecurity regulations.[i]  Although the memorandum addresses DoD contracting personnel, it sends a direct message to all defense contractors: become compliant or risk breaching your contracts.  Non-defense contractors are also well-advised to heed this warning.

What does compliance entail?  Contractors must understand and follow a litany of cybersecurity regulations and certifications, including:

  • cybersecurity of covered defense information and cyber incident reporting (DFARS 252.204-7012);
  • supply chain monitoring of covered defense telecommunications equipment or services (DFARS Sections 252.204-7016–18);
  • National Institute of Standards and Technology (NIST) Special Publication 800-171 certification (DFARS 252.204-7019–20); and soon
  • Cybersecurity Maturity Model Certification (CMMC) certification (DFARS 252.204-7021).

The DoD memorandum—from Principal Director of Defense Pricing and Contracting John M. Tenagalia—focuses first on the requirements of DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.”  In effect since December 31, 2017, this clause requires contractors to provide adequate security on all unclassed contractor information systems owned or operated by/for a contractor and that processes, stores, or transmits covered defense information.[ii]  Adequate security is explained in NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations;” it requires contractors to be fully compliant with 110 controls in the Standard and a plan of action and milestones for each control not yet implemented.  In addition, the -7012 Clause mandates reporting cybersecurity incidents within 72 hours of discovery, compliance with cloud computing services security, and a flow-down requirement to subcontractors.

DFARS 252.204-7020, “NIST SP 800-171 DOD Assessment Requirements,” applies to contractor information systems covered under DFARS 252.204-7012.  It allows the Government access to contractor facilities, systems, and personnel to conduct assessments of a contractor’s compliance with the NIST standards.[iii]  Contractors must upload a “Basic Assessment” of their summary level scores into the DoD-unique Supplier Performance Risk System (SPRS).  DoD will then conduct its own direct assessment and post the “High” and/or “Medium Assessment” summary level scores to SPRS for each system security plan assessed.

Importantly, the DFARS regulatory framework, as a whole, sets NIST SP 800 as the floor—not the ceiling.  Within the next year, contractors will be required to certify compliance with the DoD-unique CMMC 2.0.[iv]  DoD has made clear that the NIST SP 800-171 Assessment and CMMC assessments will not duplicate efforts, except in rare circumstances.  Thus, defense contractors need, at a minimum, a plan of action to implement both the NIST system security plan and the upcoming CMMC 2.0—or risk contract termination or award ineligibility.

For now, under the -7012 Clause, contractors self-certify their implementation of NIST SP 800-171.  But the 2022 DFARS Clause 252.204-7020 Clause enables the Government to audit a contractor’s implementation of the NIST SP 800-171 to validate the results of the contractor’s self-assessment.

The recent DoD memorandum not only stresses the importance of these clauses, but also cites the contractual remedies available to DoD contracting officers to ensure compliance with these cybersecurity requirements:

“Failure to have or to make progress on a plan to implement NIST SP 800-171 requirements may be considered a material breach of contract requirements.  Remedies for such a breach may include: withholding progress payments; foregoing remaining contract options; and potentially terminating the contract in part or in whole.”

The memorandum reminds Contracting Officers to verify, prior to award, that a contractor has a summary level score of the current NIST SP 800 DoD Assessment posted in SPRS for each new contract, option exercise, extension or modification, or order, regardless of whether the new award includes DFARS 242.204-7020.  In addition, Contracting Officers are reminded of their ability to negotiate bilateral modifications to include the DFARS 242.204-7020 in current contracts.

Non-DoD Government contractors should also begin implementation of these cybersecurity requirements, in light of President Biden’s May 2021 Executive Order “Improving the Nation’s Cyber Security,” which stressed the federal government’s role in responding to malicious cyber campaigns.[v]  As evidence, last fall, several civilian agencies initiated their own notice and comment rulemaking procedures to amend their FAR supplements to enhance cybersecurity preparedness to include, inter alia, compliance with the several NIST publications.[vi]  We expect that civilian agency Contracting Officers will be reminded that they have the same contractual remedies at their disposal as DoD Contracting Officers for contractors that fail to comply with requisite cybersecurity regulations.

For assistance on navigating these current and planned regulations applicable to either DoD or the civilian agencies, and/or developing your cybersecurity compliance plan, please contact the authors of this article or the Nichols Liu attorney with whom you regularly work.

[i] Memorandum from John M. Tenaglia, Principal Director of Defense Pricing and Contracting, “Contractual Remedies to Ensure Contractor Compliance with Defense Federal Acquisition Regulation Supplement Clause 252.204-7012, for contracts and orders not subject to Clause 252.204-7020; and Additional Considerations Regarding National Institute of Standards and Technology Special Publication 800-171 Department of Defense Assessments,” June 16, 2022, available at https://www.acq.osd.mil/dpap/policy/policyvault/USA000807-22-DPC.pdf

[ii] DFARS 252.204-7012; Memorandum from Shay D. Assad, Director of Defense Pricing/Defense Procurement and Acquisition Policy, “Implementation of DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting,” Sept. 21, 2017, available at https://www.acq.osd.mil/dpap/policy/policyvault/USA002829-17-DPAP.pdf

[iii] DFARS 252.204-7020.

[iv] Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019–D041)86 Fed. Reg. 61,505 (Nov. 30, 2020) https://www.govinfo.gov/content/pkg/FR-2020-09-29/pdf/2020-21123.pdf

[v] Exec. Order No. 14028, “Improving the Nation’s Cyber Security” (May 12, 2021), available at  https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

[vi] See, e.g., General Services Acquisition Regulation (GSAR); GSAR Case 2016-G511, Contract Requirements for GSA Information Systems, 86 Fed. Reg. 50,689 (Sept. 10, 2021), available at https://www.federalregister.gov/documents/2021/09/10/2021-18866/general-services-acquisition-regulation-gsar-gsar-case-2016-g511-contract-requirements-for-gsa; see, e.g., Semiannual Regulatory Agenda, “Federal Acquisition Regulation (FAR); FAR Case 2021–017, Cyber Threat and Incident Reporting and Information Sharing,” 87 Fed. Reg. 5,317 (Jan. 31, 2022), available at https://www.govinfo.gov/content/pkg/FR-2022-01-31/pdf/2021-27966.pdf (“DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to increase the sharing of information about cyber threats and incident information between the Government and certain providers, pursuant to OMB recommendations, in accordance with section 2(b)–(c), and Department of Homeland Security recommendations, in accordance with section 8(b), of Executive Order 14028, Improving the Nation’s Cybersecurity.”).

Chief Compliance Officers Over a Barrel: Sign and Certify, or No Deal?

By Andy Liu, and Haaleh Katouzian on July 5, 2022.

During a speech last month, Lauren Kootman, the Assistant Chief of the Corporate Enforcement, Compliance, and Policy Unit of the Fraud Section of the Department of Justice (“DOJ”), signaled a daunting change for chief compliance officers (“CCOs”).

It was reported that Kootman touted a “likely” new requirement that would be incorporated into every corporate fraud settlement.  This requirement would require CCOs to certify that the company’s compliance program was “reasonably designed” to prevent violations in the future.  Kootman reportedly took the position that this would “empower” CCOs—giving them involvement in transactions and decision-making.

Though claiming that the new requirement would not “put a target on the back of a chief compliance officer,” in essence DOJ indicated that without certification from the CCO there would be no deal with the Government.  DOJ has already included such a certification in last month’s $1.1 billion settlement with Glencore to resolve bribery and market manipulation charges.

Putting aside the vagaries of what constitutes a reasonably designed program and whether DOJ implicitly blessed the program as part of the agreement to settle a case, such a requirement could also put CCOs (and the company) in DOJ’s crosshairs in the event of a post-settlement violation.  It also remains to be seen whether such a requirement would be imposed only in settlements involving DOJ’s Criminal Division or whether they will also be required in False Claims Act settlements.

 

 

 

 

 

 

Stretching the Limits of FAR OCI Rules

By Alan Chvotkin on June 6, 2022.

The Federal Acquisition Regulation (FAR) has included coverage on organizational conflicts of interest (OCI) since its inception. Today, an OCI is defined in FAR 2.101 by three prongs: a situation where (1) “because of other activities or relationships with other persons, a person is unable or potentially unable to render impartial assistance or advice to the Government,” or (2) “the person’s objectivity in performing the contract work is or might be otherwise impaired,” or (3) “a person has an unfair competitive advantage.” The first prong of this definition requires that the agency define the nature of the activities or relationship that will impinge on the performance required by the instant (or group of) contract(s). It is only this first prong of the definition that is the subject of this commentary.

FAR coverage

Several pages of coverage in FAR Subpart 9.5 outline the general rules and procedures for agencies to identify, evaluate and resolve an OCI. However, while FAR 9.5 addresses creating solicitation provisions and contract clauses to highlight and address potential issues appropriate to the nature of the actual or perceived OCI, the FAR has never, appropriately in my view, had a standard (FAR Part 52) solicitation provision or contract clause because the nature of the OCI is dependent on the facts and circumstances of each agency procurement. When a buying agency is concerned about a potential conflict of interest, it is required to tailor a specific solicitation and contract clause appropriate to the work at hand.

Thus, FAR 9.507-1 (relating to solicitation provisions) and FAR 9.507-2 (relating to contract clauses) put the responsibility on the buying agency to identify what work called for under the current solicitation (and resulting contract) would give rise to a current or future (but never a past) conflict of interest. It is only after the agency has made that identification can the solicitation then require a bidding contractor to identify whether their “other activities or relationships” preclude the bidder from rendering impartial assistance or advice and, if desired by the agency, to propose a mitigation/avoidance plan for such potential conflict of interest. If the contractor does have an OCI that cannot be mitigated or avoided, the government may choose to waive the identified conflict.

FAR 9.508 provides eight non-exclusive examples of situations in which questions concerning OCI may arise “to help the contracting officer apply the general rules to individual contract situations.” There is an extensive litany of Government Accountability Office (GAO) decisions interpreting and applying the FAR OCI provisions. Many of the early GAO decisions addressed the contours of the three prongs in the definition. More recently, many of these GAO OCI cases properly focused on the buying agency’s behavior. If the agency had a concern about a potential OCI, did the agency follow the dictate of FAR 9-507-1 and “invite offerors’ attention to this concern?” Did the agency state the nature of the potential conflict as seen by the contracting officer? Did the agency state the nature of the proposed restraint on future contractor activities? If presented with a mitigation plan from an offeror, did the agency evaluate that plan? If the agency evaluated the plan, and the offeror was the successful offeror, did the agency incorporate the mitigation plan into the resultant contract and monitor compliance with it?

There have been very few regulatory initiatives to further address these matters in the FAR. The most significant was a FAR proposed rule, published on April 26, 2011 (eleven years ago!); in it, DoD, GSA, and NASA proposed to amend the FAR to revise regulatory coverage on organizational conflicts of interest (OCI) and provide additional coverage regarding contractor access to nonpublic information. But on March 19, 2022, the FAR Council withdrew the proposed rule without further action.[1]

Pending Legislation

The application of the OCI rules is also highlighted in pending legislation. On March 23, 2022, four United States Senators – two Democrats and two Republicans – introduced S. 3905, the “Preventing Organizational Conflicts of Interest in Federal Acquisition Act.”[2] The legislation was introduced “to help identify and mitigate potential conflicts of interest between taxpayer-funded projects and government contractors’ other business opportunities,” the sponsors said in a March 28, 2022 press release.[3]  One of the concerns behind the legislation was the “danger that conflicts of interest can pose in government contracting, such as when the consulting firm McKinsey worked for opioid manufacturers at the same time it was working for the FDA (Food and Drug Administration) on opioid-related projects,” according to Senator Charles Grassley (R-IA), a cosponsor of the bill. On May 27, 2022, an identical bill was introduced in the U.S. House of Representatives by Congresswoman Carolyn Maloney (D-NY), chair of the House Oversight Committee;[4] there has been no further action on this House legislation.

The Senate bill was amended and approved by the Senate Homeland Security and Governmental Affairs at its business meeting on May 25, 2022;[5] the amended version is an improvement over the introduced version although it is still vague on the outcomes to be achieved. It is awaiting future action by the United States Senate and additional amendments to the committee-reported are likely to be offered; one such amendment may be offered by Senator Hassan (D-NH) relating to company compliance actions and penalties for non-compliance, as she previewed during the committee markup.

In addition, on April 13, 2022, the House Oversight Committee released a 52-page interim majority staff report titled “The Firm and the FDA: McKinsey & Company’s Conflicts of Interest at the Heart of the Opioid Epidemic.”[6] The report asserts that “McKinsey had significant and long-running conflicts of interest due to its overlapping and conflicting work for FDA and opioid manufacturers,”[7] and that McKinsey’s conduct raises significant questions about the lack of regulation over consulting companies that advise both the federal government and private sector clients.”[8]  The report addresses the FAR provisions on OCI, and acknowledges that the FDA included a generic OCI clause in many of the McKinsey contracts,[9] but faulted McKinsey for failing to make disclosures to the FDA regarding these “conflicting activities.”

So What?

Appropriately, the FAR has placed the initial responsibility on the buying activity and its purchasing contracting officer to identify what areas of contractor activity would give rise to the agency’s concern about an organizational conflict of interest. Once the contractor responds to that concern, it is incumbent on the agency to evaluate the risk and offered mitigation factors before making a source selection decision. Suggestions that agencies skip that first step – or shift the responsibility to future offerors or to current contractors to speculate on whether its actions do, or should, raise a concern with an agency – create untenable positions for both agencies and contractors.

Improvements can certainly be made in the current FAR coverage. For example, the acquisition community would benefit from updated FAR OCI examples based on what the government now buys (e.g. solutions, not simply products or services) and how the government now buys (e.g. through multiple-award IDIQ contracts). But before launching into unchartered territory, it is worth Congress and the FAR principals, including the Office of Federal Procurement Policy, engage contracting agencies, contractor representatives, and the legal community in a robust discussion of the FAR’s current and future OCI policy and practice.

 

***** an “excerpt” was published by Executive Mosaic*****

________________________________________

[1]Federal Acquisition Regulation Case 2011-001, “Withdrawal of Organizational Conflicts of Interest,” March 19, 2022, available at https://www.govinfo.gov/content/pkg/FR-2021-03-19/pdf/2021-05658.pdf (concluding that “given the amount of time that has passed since publication of the proposed rule, and potential changed circumstances, a decision has been made not to proceed with finalization of the FAR rule”).

[2] S. 3905, introduced March 23, 2022, available at https://www.congress.gov/117/bills/s3905/BILLS-117s3905is.pdf.

[3] See press release from the Senate Homeland Security and Governmental Affairs Committee, March 28, 2022, available at https://www.hsgac.senate.gov/media/majority-media/peters-grassley-hassan-and-ernst-introduce-bipartisan-legislation-to-prevent-conflicts-of-interest-in-federal-contracting.

[4] HR 7602, introduced April 27, 2022, available at https://www.congress.gov/117/bills/hr7602/BILLS-117hr7602ih.pdf.

[5] See press release from the Senate Homeland Security and Governmental Affairs Committee, May 25, 2022, available at  https://www.hsgac.senate.gov/media/majority-media/peters-grassley-hassan-and-ernst-bipartisan-legislation-to-prevent-conflicts-of-interest-in-federal-contracting-advances-in-senate.

[6] See Majority Interim Staff Report by House Committee on Oversight and Reform  (“Majority Interim Staff Report”), available at  https://oversight.house.gov/sites/democrats.oversight.house.gov/files/2022-04-13.McKinsey%20Opioid%20Conflicts%20Majority%20Staff%20Report%20FINAL.pdf.

[7] Majority Interim Staff Report at 52

[8] Majority Interim Staff Report at 53

[9] Majority Interim Staff Report at 34-36

As Desperation Sets In, Biden Invokes Defense Production Act to Address Baby Formula Crisis

By Andrew Victor, Haaleh Katouzian, Madison Plummer

On May 18, 2022, President Biden invoked the Defense Production Act of 1950 (the DPA) to alleviate the baby formula shortage.

Biden’s Memorandum, addressed to the Secretary of Health and Human Services (HHS), stated that the “disruption threatens the continued functioning of the national infant formula supply chain, undermining critical infrastructure that is essential to the national defense, including to national public health or safety.”  Thus, to ensure a continued supply of formula, the HHS Secretary, in consultation with other cabinet and agency heads, may prioritize and allocate “all ingredients necessary to manufacture infant formula, including controlling the distribution of such materials . . . in the civilian market[.]”

The DPA, as amended, gives the President broad authority to influence domestic industries in the interest of national security.  Importantly, the President can mandate that persons and corporations (1) accept prioritized contracts; and (2) follow the President’s allocation of materials, services, and facilities.  50 U.S.C. § 4511(a); Defense Production Act of 1950, Section 101(a) (emphasis added).  Stated differently, the President can invoke the DPA to “prioritize government contracts for goods and services over competing customers, and offer incentives within the domestic market to enhance the production and supply of critical materials and technologies when necessary for national defense.”[i]

Most recently, the President invoked the DPA to address medical supply chain issues related to COVID-19.  Agencies used DPA authorities to 1) prioritize contracts for critical materials, such as COVID-19 vaccines, 2) fund projects for the expansion of domestic supply production, and 3) promote public-private partnerships.[ii]  In response, private companies found DPA awards provided “timely access to raw materials and supplies and helped them expand production faster than they could have on their own.”

With the DPA being utilized for more than the traditional defense context, government contractors should become familiar with this law as its use expands to different industries.  When working with federal agency partners, contractors should understand policies and procedures related to the DPA.  Additionally, contractors should consider how they can compete for DPA awards as these contracts offer not only monetary allocations, but also business development and growth opportunities.

If you have any questions or need any additional information, please do not hesitate to contact the authors.

Authors:  Andrew Victor, Haaleh Katouzian, Madison Plummer

_______________________

Reference

[i] Heidi M. Peters & Michael H. Cecire, Cong. Research Serv., R43767, The Defense Production Act of 1950: History, Authorities, and Considerations for Congress 1 (2022), https://sgp.fas.org/crs/natsec/R43767.pdf.

[ii] U.S. Gov’t Accountability Off., GAO-22-105380, COVID-19: Agencies Are Taking Steps to Improve Future Use of Defense Production Act Authorities (2021), https://www.gao.gov/assets/gao-22-105380.pdf.

Fourth Circuit Grants Rehearing En Banc in $680 Million Allergan FCA Case Dismissed Under Safeco’s Scienter (Knowledge) Standard

By Robert Rhoad, Andy Liu, and Haaleh Katouzian

On May 10, 2022, the Fourth Circuit granted a rehearing en banc for a case decided earlier this year, United States ex rel. Sheldon v. Allergan Sales, LLC.

In 2014, a relator brought a qui tam action against his employer, Forest Laboratories, LLC (Forest), alleging that Forest “engaged in a fraudulent price reporting scheme under the Medicaid Drug Rebate Statute[.]”  The Medicaid Drug Rebate Statute (Rebate Statute) requires a drug manufacturer to report its “Best Price” to the Centers for Medicare & Medicaid Services (CMS) so that CMS can calculate rebates it is owed based on that price.  The relator argued that Forest gave different discounts to different customers on the distribution chain but failed to aggregate those discounts when calculating its Best Price, resulting in the government paying $680 million more than if the discounts were aggregated.

The majority, in a 2-1 decision, included the following as an example of the allegation: “on one covered drug, [the relator] alleged that in FY2013 Forest gave a 20% discount to a patient’s insurance company and a 10% discount to the same patient’s pharmacy—two different entities on the distribution chain . . . [The relator] alleged that Forest was required to aggregate these discounts, report a Best Price of 70%, and give Medicaid a 30% rebate. Instead, Forest did not aggregate these discounts because they were given to different entities, reported a Best Price of 80% (based on the highest discount given to a single entity), and gave Medicaid a 23.1% rebate . . . [The relator] allege[d] that this led to the federal government paying 6.9% more for this drug than it would have if Forest had accurately reported Best Price.”

Forest moved to dismiss the action, arguing, among other things, that there could be no “knowing violation” of the False Claims Act (FCA) because its interpretation of the Rebate Statute was plausible and objectively reasonable.  The Fourth Circuit agreed.  Because “[t]he FCA defines ‘knowingly’ as including actual knowledge, deliberate ignorance, and reckless disregard” and “Safeco interpreted ‘willfully’ to include both knowledge and recklessness[,]” the Fourth Circuit, reasoned that the Supreme Court’s scienter standard set forth in Safeco Insurance Co. of America v. Burr, 551 U.S. 47 (2007) (“Safeco”) (addressing willfulness/scienter under Fair Credit Reporting Act), applied to the FCA.[1]

The Court concluded that the relator “failed to plead scienter as required by the FCA” because “Forest’s reading of the Rebate Statute was not only objectively reasonable but also the most natural. And Forest was not warned away from its reading by authoritative guidance from CMS.”[2]  The Court held that the defendant’s reading of the statutory text was “the best reading of that text” and that “CMS knew as early as 2006 that manufacturers were not aggregating discounts given to different entities along supply chains” but “never clearly stated that discount aggregation to different entities was required, [so] it did not act with the specificity necessary to warn Forest away from its interpretation.”

The majority made clear that Safeco only applied to legally false claims, such as those in the case before it.  Additionally, the majority stated that Safeco does not “write defendants a blank check.”  The Safeco test still “requires an objectively reasonable reading of the statute”—“and not every objectively reasonable reading will suffice.”  The test also “allows the government to issue authoritative guidance that clarifies its interpretation of the law and so warns defendants away from otherwise reasonable interpretations.”  Thus, “Safeco’s standard duly ensures that defendants must be put on notice before facing liability for allegedly failing to comply with complex legal requirements.”

“If the government wants to hold people liable for violating labyrinthine reporting requirements, it at least needs to indicate a way through the maze.”  The relator’s position, the majority stated, “instead makes sinister actors out of parties who have followed the law in every respect and sought administrative guidance where none was ever provided” and ultimately “takes the FCA a very long step toward a strict liability statute.”  It went on to hold that “[t]he False Claims Act does not assess liability through ambush. Companies must instead knowingly submit a false claim to be liable. And Forest simply did not do so here.”

The dissent strongly disagreed.  The Safeco decision, the dissent reasoned, instead “concerned a narrow issue: the proper interpretation of the Fair Credit Reporting Act’s scienter requirement.”  The dissent stated that the majority’s opinion “effectively neuter[ed] the False Claims Act—the Government’s primary tool for fighting fraud—by eliminating two of its three scienter standards (actual knowledge and deliberate ignorance) and replacing the remaining standard with a test (objective recklessness) that only the dimmest of fraudsters could fail to take advantage of.”

The rehearing of Allergan en banc will be closely watched given the importance of the applicability of Safeco to FCA claims, especially with similar cases moving up toward the Supreme Court.[3]

_____________________________________________

[1] The Fourth Circuit, “[i]n adopting this standard, . . . join[ed] each and every circuit that has considered Safeco’s applicability to the FCA.”

[2] This reasoning follows the “two-step analysis as to reckless disregard” identified by Safeco.

[3] See e.g., United States ex rel. Schutte v. SuperValu Inc., 9 F.4th 455 (7th Cir. 2021).  A petition for a writ of certiorari was filed on April 1, 2022.  The question presented is “[w]hether and when a defendant’s contemporaneous subjective understanding or beliefs about the lawfulness of its conduct are relevant to whether it ‘knowingly’ violated the False Claims Act.”  For the petition, see here.

When “Late is Late” and When It Isn’t: GAO and the Court of Federal Claims Issue Decisions Addressing the Contours of Late Proposal Submissions

By Andrew Victor, Haaleh Katouzian, and Madison Plummer

Two recent decisions, one from the Government Accountability Office and another from the Court of Federal Claims demonstrate the deference afforded to agencies in accepting late proposals.

In VERSA Integated Solutions, Inc., the protester submitted a proposal, but the proposal got stuck in the agency’s email quarantine, never reached the contracting officer, and, thus, the protester was never considered for award.  The protester argued that the agency shouldn’t have rejected its proposal because it submitted the proposal before the deadline and the agency had control over it, albeit in quarantine.  GAO denied the protest, stating that it would not relax the late is late rule because doing so would undermine FAR clause 52.212-1, which governed the submission of proposals.

When “Late is Late” and When It Isn’t

This decision comes on the heels of Savantage Financial Services, Inc. v. United States, a bid protest at the Court of Federal Claims.  Like the solicitation in VERSA, the solicitation in Savantage also included FAR 52.212-1.  Here, however, while offerors submitted initial proposals on time, two offerors were late in submitting proposal revisions.  Despite being late, the agency made award to these two late offerors.  The protester argued that the agency should have rejected the revisions, pointing to the late is late rule.  The court rejected this argument, holding that, although the late is late rule is strict, the contracting officer had discretion to waive the deadline for the late proposal revisions, and under that discretion the determination that the revisions were minor, was reasonable.

Ultimately, agency discretion is paramount.  The juxtaposition of these two cases emphasizes, once again, the importance of proper and timely submission of offers, while also underscoring that even the “late is late” rule may bend to the discretion of a contracting officer.

Update: Chvotkin’s Second Interview on Government Contractor Confidence Index Study With ExecutiveBiz

Alan Chvotkin, partner at Nichols Liu LLP and a key member of Executive Mosaic’s GovCon Expert program, recently spoke with ExecutiveBiz regarding the results of the Government Contractor Confidence Index study he recently co-wrote and the current set of growth initiatives for Nichols Liu to drive value for its customers.

“Overall, I thought the results of the survey were extremely positive and useful. My sincere compliments to my co-writer Russell Smith and to OCI Proposal Consultants for conceiving and executing the ‘Government Contractor Confidence Index’ study. I think it shows the continued strength of the federal marketplace and that the confidence by the contractors makes this a good marketplace for business.”

Alan discussed following questions in the interview with ExecutiveBiz:

  1. What can you tell us about Nichols Liu’s recent growth initiatives and how you’re driving value for your customers?

  2. What are your strategic goals for the coming year and any new markets that you’re keeping an eye on in the federal sector?

  3. What can you tell us about the results on the confidence in the federal market and the top priorities for government contractors in cyber, infrastructure and emerging technologies?

  4. How will the pace of policy changes in acquisition regulations continue to accelerate for the rest of 2022 and beyond? What improvements do we need to make?

You can read the full Executive Spotlight interview with Alan Chvotkin here

 

Photo: EPStudio20/Shutterstock