Photo of Trina Fairley BarlowPhoto of Peter J. EyrePhoto of Kris D. MeadePhoto of Christine B. Hawes

On August 3, 2020, President Donald Trump issued an Executive Order framed as “Aligning Federal Contracting and Hiring Practices With the Interests of American Workers.” The Order declares the “policy of the executive branch to create opportunities for United States workers to compete for jobs, including jobs created through Federal contracts,” and directs federal agencies to engage in two distinct reviews to assess how current practices align with that policy.

First, the Order directs the head of each federal contracting agency to review the extent to which “contractors” and “subcontractors” – undefined in the Order – utilize temporary foreign labor for contracts performed in the United States, as well as whether services previously performed in the United States are being outsourced for performance in foreign countries. Agencies are further directed to assess any effect the use of such foreign labor hiring and/or offshoring practices has on opportunities for U.S. workers, the eligibility of affected workers for Trade Adjustment Assistance, and national security interests. Finally, each agency must review its own employment policies to ensure compliance with policies requiring federal hiring of U.S. persons. Within 120 days of the Order, Agencies are required to submit a report to the Office of Management and Budget summarizing the results of this review and recommending corrective actions if necessary, timeframes for implementation of such corrective actions, as well as any Presidential actions that may be appropriate.

Second, the Order also directs the Secretaries of Labor and Homeland Security to take action, as appropriate and consistent with applicable law, to protect U.S. workers from adverse effects caused by employment of H-1B visa holders, including by requiring employers and “secondary employers” to file certifications required by the Immigration and Nationalization Act (INA) regarding the impact of hiring an H-1B visa holder. The administration has indicated that its goal is to restrict scenarios where a contractor outsources services to H-1B workers that would have otherwise been performed by US employees of the contractor; the intent would be for the outsourcing contractor, as the “secondary employer” of the workers performing the work, to also certify pursuant to the INA that the hiring of that employee has not impacted US citizen employees. This would be in in addition to the certification provided by the worker’s actual employer. It is unclear whether extending the certification requirement to “secondary employers” would address this identified issue.

This Executive Order follows a series of “Buy American and Hire American” orders issued over the past years, and reflects the current administration’s consistent emphasis on domestic sourcing of supplies and services. The administration has indicated that this Executive Order is a continuation of other efforts undertaken during the COVID-19 pandemic to limit immigration and protect American workers.

Like the previous actions, the present Executive Order provides little guidance regarding how agencies should conduct the contemplated reviews, omitting both the types of data agencies should rely upon and what authorities contracting agencies should rely upon to collect additional data from federal contractors and subcontractors. Accordingly, the potential impact on operations and customer relationships for federal contractors and subcontractors remains to be seen. Crowell & Moring intends to monitor agency implementation of this Order and continue to keep our clients updated regarding developments that may impact their business

Photo of Mana Elihu LombardoPhoto of Brian Tully McLaughlinPhoto of Amy Laderberg O'SullivanPhoto of Lyndsay GortonPhoto of Olivia Lynch

On July 28, 2020, the U.S. Small Business Administration (SBA) Office of the Inspector General (OIG) issued a report titled, “Serious Concerns of Potential Fraud in the Economic Injury Disaster Loan Program Pertaining to the Response to COVID-19.” The report identifies and summarizes OIG’s “serious concerns” of potential fraud and calls for “immediate attention and action” concerning the emergency funding provided under the Economic Injury Disaster Loan and Advance grant programs created pursuant to the Coronavirus Preparedness and Response Supplemental Appropriations Act, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), and the Paycheck Protection Program and Health Care Enhancement Act (PPP Act). While OIG focuses its attention on how SBA has administered the funds, the report highlights the significance that OIG is placing on rooting out fraud in these programs, as demonstrated by the swift opening of investigations into relief fund applicants just months or weeks after they submitted a loan request.

In its report, OIG identifies “potentially rampant fraud” as well as issues with internal controls related to the emergency funding programs. OIG has already opened dozens of investigations that will undoubtedly implicate the False Claims Act. And OIG is not acting alone in its investigative efforts. Financial institutions have played a large role, with nearly 440 contacting OIG to express “serious” concerns, including reporting at least nine types of “suspicious” activity to OIG, such as account holders claiming to use the funds to open a business; account holders attempting to withdraw loan funds in cash or transfer the funds to other newly established accounts; and economic injury loans or advance grants being deposited into personal accounts of customers of the financial institution—with no evidence of business activity. In response, these financial institutions have frozen funds on suspicious accounts, with nine institutions reporting a combined total of $187.3 million in suspected fraudulent transactions. One federal credit union reportedly audited 60 SBA deposits and determined that 59 of those were fraudulent.

OIG further found that SBA issued 6,132 economic injury loans and 20,692 advance grants to potentially ineligible businesses. Indeed, the report states that as of June 19, 2020, SBA had approved more than $250 million in COVID-19 economic injury loans and advance grants to potentially ineligible businesses and that, as of June 6, 2020, SBA had made duplicate economic injury loans to nearly 300 businesses. The report also identified numerous SBA economic injury loan fraud schemes developed through social media.

In light of these findings, OIG recommended that the SBA take two actions: (1) assess vulnerabilities for the purpose of strengthening or implementing internal controls to address notices of potential fraud; and (2) create an effective process and method for lenders to report suspected fraud to the Office of Disaster Assistance and to recover funds. The OIG noted that at the time of its review, SBA did not have a process or partnership in place with financial institutions to review instances of suspected fraud.

SBA’s response to OIG’s recommendations, attached to the report, highlighted the “robust internal controls” implemented by SBA in administering the relief funds and pointed to $17.7 billion in loans rejected and $78 billion in duplicate loans prevented on account of these controls, none of which were mentioned by OIG. Nevertheless, SBA noted that it is taking steps to further enhance its controls, including by providing additional guidance to banks on reporting suspicious fraud activity and improving SBA’s coordination with OIG with respect to potentially fraudulent applications. Indeed, OIG noted that it has since been in contact with SBA program officials on a daily basis to discuss specific instances of potential fraud. Moreover, banks are receiving formal (e.g. grand jury subpoenas) and informal inquiries from the Department of Justice—working with SBA—in connection with these loans.

SBA’s OIG and the Pandemic Response Accountability Committee (PRAC), to which the OIG reports with regard to use of federal funds in response to the pandemic, continue their mandate to focus on fraud, waste and abuse related to COVID-19 relief funding, including scrutinizing the Paycheck Protection Program and the Economic Injury Disaster Loan Program at issue in this report. Crowell & Moring will continue to monitor these developments. Please reach out to any of the contacts below for more information or assistance.

Photo of Adelicia R. CliffePhoto of Peter J. Eyre

This week’s episode is a deep dive into Section 889 developments featuring partners Peter Eyre and Addie Cliffe. Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

Photo of Christian CurranPhoto of Rob Sneckenberg

Crowell & Moring’s “All Things Protest” podcast keeps you up to date on major trends in bid protest litigation, key developments in high-profile cases, and best practices in state and federal procurement. In this episode, hosts Christian Curran and Rob Sneckenberg discuss a recent GAO decision highlighting the boundaries of an agency’s technical evaluation, as well as key considerations for offerors when proposing to go above and beyond what is required.

Photo of Lorraine M. CamposPhoto of Adelicia R. CliffePhoto of Alan W. H. GourleyPhoto of M.Yuan ZhouPhoto of Stephanie Crawford

Last week, the General Services Administration (GSA) announced that the Office of Governmentwide Policy would hold a live and recorded virtual webinar panel on August 12, 2020 to discuss the new interim rule implementing the 2019 National Defense Authorization Act Section 889(a)(1)(B) covered telecommunications prohibition.

The panel is expected to address the implementation and application of the new interim rule and answer the public’s pre-submitted questions.  Panelists will include Directors and Division Directors from offices of the Federal Acquisition Service and Public Building Service, including:

  • Multiple Awards Schedule Program Management Office
  • City Pair Program, Office of Travel, Employee Relocation, and Transportation
  • IT Security Subcategory, Office of Information Technology Category
  • Vehicle Purchasing Division, Office of Motor Vehicle Management
  • Special Programs Division, Office of Project Delivery, Office of Design and Construction
  • Innovation Technology and Performance Division, Office of Facilities Management
  • Lease Policy and Innovation Division, Office of Leasing

Questions may be submitted until August 5 at 5:00 p.m. Eastern.  Attendees must register.

DoD also issued guidance last week for Section 889 implementation that provides guidance to contracting officers generally and describes the role of the contracting officer in evaluating whether use of covered telecommunications equipment is a substantial or essential component of a system and whether an exception otherwise applies.

For a discussion of the new interim rule, see our July 14 summary of the new rule or our July 17 webinar addressing the nuances of the new rule 

Photo of Alan W. H. GourleyPhoto of Adelicia R. CliffePhoto of Lorraine M. CamposPhoto of M.Yuan ZhouPhoto of Stephanie Crawford

On July 14, the FAR Council published an interim rule revising FAR 52.204-24 and FAR 52.204-25 to implement Section 889(a)(1)(B) of the 2019 National Defense Authorization Act (NDAA) prohibiting executive agencies from entering into, renewing, or extending contracts with contractors that use Huawei, ZTE, or other identified telecommunications equipment and services (“covered telecommunications equipment and services”) anywhere within the contracting entity as a substantial or essential component of any system or critical technology of any part of a system, regardless of whether there is a nexus with the contractor’s performance of government contracts.  Among other significant differences from 889(a)(1)(A),which went into effect on August 13, 2019, the Section 889(a)(1)(B) prohibition is not a mandatory flowdown; does not include an exception for contractors’ use of backhaul and roaming features that include covered telecommunications equipment; and has more extensive waiver request requirements.  Moreover, while the rule currently only applies to the offeror entity, the final rule may apply to all offeror domestic affiliates and subsidiaries.  The new interim rule is effective August 13, 2020 unless a waiver is granted; however, contracting officers are expected to immediately begin including the new representation requirement (a revised version of FAR 52.204-24) in solicitations.  Comments on the rule are due by September 14, 2020.

We have pulled out a number of highlights and they are followed by a more detailed description of the nuances of the new rule:

  • Will Immediately Be Added as a Representation in Solicitations Whose Contracts Will Issue After August 13, 2020.
  • For Now Only the Offeror Entity Must Meet the Prohibition Requirements: The 889(a)(1)(B) representation is restricted to only the offeror entity.  Subsidiaries and affiliates need not be evaluated for compliance.  Indeed, the interim rule indicates that at most the final rule may apply the representation and prohibition requirement to domestic entities.  Therefore, it is unlikely offerors will need to assess foreign subsidiaries and sister companies’ networks, services, and equipment (except to the extent they are providing the contracting entity with products or services).
  • Applies to All FAR-Covered Contracts: The provision applies broadly to a range of industries and applies to commercial items, including commercial off-the-shelf items. The rule applies to the offeror entity and all of its activities.
  • No Third-Party Backhaul Services Exception for Contractors for 889(a)(1)(B): There is no third-party backhaul, roaming, and interconnection arrangement exception for contractors although the FAR Council recognizes such an exception for the government.  In the 2019 NDAA, there is an exception to this rule stating that “nothing… shall be construed to (a) prohibit the head of an executive agency from procuring with an entity to provide a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements…” The FAR Council has interpreted this to permit the government to buy a service that connects to backhaul that includes covered telecomm equipment, but not to permit contractors to use such services without representing such and obtaining a waiver.  The FAR Council clarified that: […the exception does not apply to a contractor’s use of a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements. As a result, the Federal Government is prohibited from contracting with a contractor that uses covered telecommunications equipment or services to obtain backhaul services from an internet service provider, unless a waiver is granted.] This means, for the time being, while contractors can provide services to the government that use covered telecommunications equipment in backhaul, interconnection arrangements, and roaming, the offeror entity itself may not use such services or must seek a waiver.
  • Extensive Waiver Request Requirements and More Than One Waiver May Be Required: There are extensive waiver request requirements, including for a comprehensive identification of each category of covered telecommunications or surveillance equipment or services in the entity’s supply chain and systems, as well as an identification of where such technology can be found in the equipment, systems, networks, and services of the entity or its supply chain where covered telecommunications equipment and services are used in any system.
  • Not a Mandatory Flowdown: This NDAA 889(a)(1)(B) provision is not a mandatory flowdown.  However, the offeror entity would need to evaluate any covered equipment or services in products or services subcontractors and suppliers are providing to the offeror entity.  Still the subcontractor or supplier entity would not be required to evaluate systems and services unrelated to those being provided to the offeror entity.
  • Offerors Are Expected to Develop Compliance Plans: Such a plan is expected to include at least:
    • (1) an understanding of the Section 889 requirements;
    • (2) a reasonable inquiry to identify any covered equipment within or affecting the entity’s infrastructure, systems, or services (including inquiry subcontractor and supplier relationships) – this will likely need to occur when a supplier or subcontractor is first used, when significant changes occur within the entity, and annually after the initial inquiry;
    • (3) training of procurement/purchasing personnel to ensure awareness of Section 889 and the compliance plan;
    • (4) procedures for replacing any covered telecommunications equipment or services once identified;
    • (5) plan for updating representation or providing notification to the government if covered telecommunications equipment is identified; and
    • (6) plan for requesting waivers (for entities planning to do so).
  •  Ongoing Efforts to Delay: Although not mentioned in the rule, there continue to be legislative efforts to extend the implementation date, perhaps through COVID-19 legislation, before the current August 13, 2020 effective date.
  • Deadline for Comments: September 14, 2020.

 

Summary of Key Elements and Related Application Concerns

Expect to Immediately See Representation Requirements in Solicitations and to See Modifications to Existing Contracts and Options August 13, 2020

The rule, consistent with Section 889(a)(1)(B), requires contracting officers to include a revised representation about a contracting entity’s use of covered telecommunications equipment and services in solicitations after August 13, 2020 and even in solicitations before August 13, 2020 if the resulting contract will be issued after August 13.  As such, contractors will begin seeing the expanded representation requirement immediately.  Contracting officers are also required to modify existing indefinite delivery contracts to include the expanded FAR 52.204-25 prohibition and representation before any new orders are placed and to include the representation before exercising an option period.

 

Representation Requirements and Prohibition Applies to All FAR-Covered Contracts 

The expanded representation requirement state that “After conducting a reasonable inquiry…  [the offeror] [ ]does, [ ] does not use covered telecommunications equipment or services, or use any equipment, system, or service that uses covered telecommunications equipment or services.”[1]  The prohibition against the covered telecommunications equipment applies to any equipment, system or service that uses covered telecommunications equipment or services, regardless of the whether the system, equipment or service is used to perform government work.  It applies to all FAR contracts, including micro-purchase and commercial items contracts.

Below we break the 889(a)(1)(B) representation down into key components:

  • Covered Telecommunications EquipmentTelecommunications equipment and services produced or provided by Huawei Technologies Company or ZTE Corporation (and all affiliates or subsidiaries of either) and others as identified. Video surveillance and telecommunications equipment produced by or services provided by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company, and others as identified.
  • Types of Products: Not just end-use products, but any equipment, system, or services that uses covered telecommunications equipment or services.  This includes products that are used by the entity that are unrelated to government contracts or subcontracts.
  • Who Must RepresentFor now, only the offeror entity that executes a contract is representing or must meet the requirements of the representation concerning telecommunications equipment.  This means that only the entity representing, not its affiliates, subsidiaries, or parents companies, must meet the telecommunications equipment prohibition requirements. However, for contracting entities that share equipment or otherwise rely on equipment with affiliates or other entities under the corporate umbrella, they must determine if such equipment uses the concerning telecommunications equipment.  In addition, the FAR Council is considering expanding this representation requirement to include domestic affiliates, parents, and subsidiaries of the offeror.  Although more burdensome, this indicates that the FAR Council will not expect foreign affiliates, parents or subsidiaries to meet the telecommunications equipment prohibition in any case.
  • Exceptions: The prohibition does not apply to telecommunications equipment that cannot route or redirect user data traffic or cannot permit visibility into user data.  Most importantly, the 889(a)(1)(B) requirements do not include an exception for contractors using third-party services such as backhaul, roaming or interconnection arrangements at this time.[2] While the government may purchase service that use covered telecommunications equipment for these third-party services, contractors would have to represent that their networks do include covered telecommunications services in the event they relied on such systems or services themselves.  The FAR Council explicitly identified this lack of an exception for the offerors.  Therefore, the government may not contract with an entity using covered telecommunications equipment or services for any of these backhaul or roaming services, unless a waiver is granted.

  

Requesting Waivers Will Be Burdensome, at Least in the First Instance

Executive agencies may grant a one-time waiver from 889(a)(1)(B) requirements that will expire no later than August 13, 2022.  The executive agency is required to conduct market research and obtain feedback from contractors when determining whether to issue a waiver.  If an offeror represents that it does use covered telecommunications equipment and is not subject to an exception, then the agency must seek, before issuing a waiver, (1)  a compelling justification from the offeror for additional time to meet the 889(a)(1)(B) requirements, (2) a full and complete laydown of the presences of covered telecommunications or video surveillance equipment or services in the offeror’s supply chain, and (3) a phase-out plan to eliminate covered telecommunications equipment and services from the offeror’s systems.

Waivers are expected to take at least a few weeks to obtain and the guidance indicates agencies may choose an offeror that does not require a waiver when time does not permit obtaining a waiver for another offeror.  Waivers must be reported to the Office of the Director of National Intelligence and certain Congressional committees. Waivers are expected to be on a contract-by-contract basis for now.  Waivers are not transferable between agencies or contracts at this time.  We expect agencies to create waivers broadly applicable at least within the agency.  As the representation is entity-wide, offerors may be able to use the same laydown and justification for multiple waiver requests.

 

889(A)(1)(B) Will Not Be Flowed Down to Subcontractors, But Suppliers and Subcontractors Will Be Subject to Businesses’ Reasonable Inquiries

This provision does not expressly require flow-down of its terms to subcontractors.  However, the prime contractor will need to make a “reasonable inquiry” of its supply chain to evaluate whether the prime contractor can properly represent that it does not use a service that relies on covered telecommunications equipment.  As such, subcontractors and service providers should be analyzing any relationship between its services to prime contractors and covered telecommunications equipment (to the extent not already done so for 889(a)(1)(A) compliance).  The lack of a backhaul exception may become particularly relevant in these inquiries.

 

Developing a Compliance Plan

The rule is currently offer-specific but the FAR Council is working on SAM edits to allow for annual representations like that now provided for 889(a)(1)(A) representations.  Once the annual representation is made available, only offerors providing an affirmative response would be required to provide offer-by-offer representations.

Submission of an inaccurate representation may constitute breach of a government contract and can lead to cancellation, termination, and financial consequences.  For this reason, contractors are expected to develop a compliance plan that will allow them to submit accurate representations.  At the least, the FAR Council expects contractors’ compliance plans to include:

  • (1) understanding the Section 889 requirements;
  • (2) reasonable inquiry to identify any covered equipment within or affecting the entity’s infrastructure, systems, or services (including shared technology and services and an examination of subcontractor and supplier relationships);
  • (3) training of procurement/purchasing personnel to ensure awareness of Section 889 and the compliance plan;
  • (4) procedures for replacing any covered telecommunications equipment or services once identified;
  • (5) plan for updating representation or providing notification to the government if covered telecommunications equipment is identified; and
  • (6) plan for requesting waivers (for entities planning to do so).

Both DoD and industry have pressed for a delay to the rule’s effective date.  There continue to be legislative efforts to extend the implementation date, perhaps through COVID-19 legislation, before the current August 13, 2020 effective date.  On July 13, an NDAA amendment was introduced in the House to extend the implementation date for Section 889(a)(1)(B) to January 1, 2022.

 

__________

[1] A reasonable inquiry is an inquiry designed to uncover any information in the entity’s possession – primarily documentation or other records – about the identity of the producer or provider of covered telecommunications equipment or services used by the entity.  However, it excludes the need for an internal or third-party audit.

[2] The new rule also adds definitions for the following terms that are part of an exception under 889(a)(1)(A).

  • Backhaul – intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network (e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless (e.g., microwave) or wired (e.g., fiber optic, coaxial cable, Ethernet).
  • Interconnection arrangements – arrangements governing the physical connection of two or more networks to allow the use of another’s network to hand off traffic where it is ultimately delivered (e.g., connection of a customer of telephone provider A to a customer of telephone company B) or sharing data and other information resources.
  • Roaming – cellular communications services (e.g., voice, video, data) received from a visited network when unable to connect to the facilities of the home network either because signal coverage is too weak or because traffic is too high.

 

Photo of Adelicia R. CliffePhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Michelle ColemanPhoto of Laura J. Mitchell Baker

On July 1, 2020, the Department of Defense (DoD) Office of Inspector General (OIG) published its audit report. The report assessed the DoD Joint Artificial Intelligence Center’s (JAIC) progress in developing an Artificial Intelligence (AI) governance framework and standards, as well as DoD components’ implementation of security controls to protect AI data and technologies from internal and external cyber threats. DoD OIG concluded that the JAIC must do more and ensure consistency with DoD’s adoption of ethical principles for AI (as we previously reported on here), including the following: (1) include a standard definition of AI and regularly, at least annually, consider updating the definition; (2) develop a security classification guide to ensure the consistent protection of AI data; (3) develop a process to accurately account for AI projects; (4) develop capabilities for sharing data; (5) include standards for legal and privacy considerations; and (6) develop a formal strategy for collaboration between the Military Services and DoD Components on similar AI projects. In addition, the DoD OIG found that four DoD components (Army, Marine Corps, Navy, and Air Force) and two contractors failed to implement security controls to protect data used in AI projects and technologies from threats. The DoD OIG therefore directed these DoD components and contractors to: (1) configure their systems to enforce the use of strong passwords, generate system activity reports, or lock after periods of inactivity; (2) review networks and systems for malicious or unusual activity; (3) scan networks for viruses and vulnerabilities; and (4) implement physical security controls, such as AI data. Following this report, contractors should expect to see a biannual AI portfolio review of all DoD components’ AI projects and guidance on legal and privacy standard operating procedures.

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Michael G. Gruden, CIPP/G

The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the risks posed by advanced persistent threats (APTs).

Unlike prior drafts, 800-172 incorporates the protection strategy and desired effects on the adversary directly into the implementation guidance for each control. The Department of Defense (DoD) expects 800-172 to impact fewer than one percent of defense contractors. However, numerous requirements from Draft 800-171B were incorporated into the Cybersecurity Maturity Model Certification (CMMC) Levels 4 and 5, likely giving commenters the opportunity to affect future CMMC revisions.

Comments for the final public draft are due August 21, 2020.

Photo of John E. McCarthy Jr.Photo of Rob SneckenbergPhoto of Rina Gashaw

In M.C. Dean, Inc., GAO reaffirmed that where an offeror has actual knowledge that a proposed key person has become unavailable before award, the offeror is required to notify the agency, which may result in the offeror’s exclusion. Interestingly, here the awardee key person at issue was still technically available to work on the contract, but had been denied a security clearance necessary to perform their proposed role: program manager. The awardee argued that the right to appeal the security clearance denial had not yet expired, and thus the person was not unavailable. But GAO emphasized that no appeal had been filed and, even if one were, there was no indication that it would be successful in time for the person to perform as program manager. The agency also argued that the key person was not material to the agency’s evaluation. GAO found that argument “irrelevant” given that the offeror had actual knowledge of the “unavailability” to serve in the proposed role and failed to notify the agency.