Yesterday, the FAR Council published the much-anticipated final rule amending the Federal Acquisition Regulation to expand the definition of trafficking in persons in government contracts and to finalize expansive compliance and certification requirements for certain government contractors. The new regulations present a substantial compliance challenge for contractors and leave contractors open to significant risks for inadequate compliance or violations of the new regulations.

A challenge now facing contractors is how to implement the compliance plan and certification requirements of the new rule, discussed in detail below – Crowell & Moring has done an analysis of many of the other compliance requirements and key provisions of the new rule, including the prohibited conduct, here.

Compliance Plan

When the new regulations become effective on March 2, 2015, under section (h) of 52.222-50, Combating Trafficking in Persons, contractors must implement a compliance plan to prevent trafficking in persons for any portion of the contract that: (i) is for supplies (other than commercially available off-the-shelf items) acquired overseas, or services performed overseas, and (ii) has an estimated value exceeding $500,000. When applicable, contractors are required to certify that they have implemented such a plan, and that the contractor, and its agents and subcontractors at any tier, have not engaged in any prohibited activity listed in 52.222-50(b).

While the rule requires contractors to implement a compliance plan, it provides contractors with little guidance as to what an adequate compliance plan should look like. According to the rule, compliance plans must be “appropriate”:

(i) To the size and complexity of the contract; and
(ii) To the nature and scope of the activities to be performed for the Government, including the number of non-United States citizens expected to be employed and the risk that the contract or subcontract will involve services or supplies susceptible to trafficking in persons.

FAR 52.225-50 (h)(2). Although the rule does provide some minimum compliance plan requirements, discussed in more detail below, the requirement that compliance plans be “appropriate” based on the size, complexity and nature of the contract does not provide contractors with much guidance, and raises the concern that what is considered “appropriate” may vary widely across various federal contracting stakeholders.

The final rule amendments provide that, at a minimum, the compliance plan (which according to the rule must be posted for employees), must include:

• an awareness program to inform employees about the anti-trafficking policy and rules,
• a process for employees to report potential violations without fear of retaliation,
• a recruitment and wage plan that, among other things, prohibits charging employees requirement fees,
• a housing plan that ensures contractor-provided housing meets local housing and safety standards, and
• procedures to “prevent agents and subcontractors at any tier and any dollar value from engaging in trafficking in persons” and to “monitor, detect, and terminate” any subcontractors or agents that have done so.

In particular, the last bullet point (subsection (v) of 52.222-50(h)(3)) potentially poses an enormous compliance challenge for contractors because it requires contractors to manage and monitor agents and subcontractors at any tier. Complying with subsection (3)(v) could require contractors to have comparatively more involvement and oversight with agents and subcontractors than is often the case. For some contractors, these requirements could easily extend down a long supply chain involving numerous companies. Under the new rule, contractors must conduct sufficient due diligence on agents and subcontractors sufficient to detect violations of the rule prior to award, and must continue to monitor the subcontractors and agents during performance of the contract.

Yet there is little guidance for contractors in the rule about how to effectively monitor agents or subcontractors in a way that is likely to detect prohibited conduct. Although in its discussion of the final rule, the FAR Council points contractors to other trafficking in persons resources maintained by the Departments of Labor, State, and USAID as source of information to be considered when developing compliance plans, consulting those resources does not assure a contactor that its compliance plan is adequate from the perspective of the government enforcement community.

Additionally, although while minimum requirements provide contractors with a starting point for a compliance plan, the rule language indicates that these requirements are the “minimum,” and suggests that for many contractors, the compliance plans must go well beyond these requirements to be “appropriate.” Yet what additional requirements may be necessary or encouraged remains to be seen.

Despite the open questions that remain for contractors developing a compliance plan, it is worth noting the importance of a robust compliance plan in this area. Not only is a compliance plan required by the FAR, but if the government determines that a contractor has violated the anti-trafficking in persons policy, the contracting officer may consider whether the contractor had a compliance plan (and whether the contractor was in compliance with it) as a mitigating factor to consider when determining what contractual or administrative remedies and actions to take against a contractor.

Certification

52.222-56, Certification Regarding Trafficking in Persons Compliance Plan, will require contractors that are required to maintain a compliance plan to certify:

(1) It has implemented a compliance plan to prevent any prohibited activities identified in paragraph (b) of the clause at 52.222-50, Combating Trafficking in Persons, and to monitor, detect, and terminate the contract with a subcontractor engaging in prohibited activities identified at paragraph (b) of the clause at 52.222-50, Combating Trafficking in Persons; and

(2) After having conducted due diligence, either—

(i) To the best of the Offeror’s knowledge and belief, neither it nor any of its proposed agents, subcontractors, or their agents is engaged in any such activities; or
(ii) If abuses relating to any of the prohibited activities identified in 52.222-50(b) have been found, the Offeror or proposed subcontractor has taken the appropriate remedial and referral actions.

FAR 52.222-56(c) (emphasis added). This certification requirement, like its compliance plan counterpart, poses another risk for contractors. Given the many risks associated with some types of certifications, including possible exposure under the civil false claims and false statement acts, this certification requirement creates a risk for contractors because it requires contractors to certify to the compliance of their subcontractors but it provides little guidance as to what level of “due diligence” is sufficient or required before making such a certification. In the response to comments on the proposed rules, the FAR Council declined to define or clarify the term “due diligence” and instead responded that “the level of ‘due diligence’ required depends on the particular circumstances. This is a business decision requiring, judgment by the contractor.”

The final rule leaves contractors facing a range of compliance challenges and open questions as contractors try to institute “appropriate” compliance plans to reduce the risk of the potentially serious consequences associated with violating the new rule.