Helping individuals, companies, and organizations understand key legal and practical considerations for promoting compliance and making better business decisions in these types of federal, state, and local government contracting matters MORE

This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory.  While it does not identify specific threats in the advisory, CISA states that the “Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.” Given the situation in Ukraine, there is concern about an escalation of cyber threats even here in the US.

Steps identified in the advisory are those that many in the defense industrial base (DIB) are already aware of or implementing. No matter whether you engage in government contracting or focus on commercial activities, your IT systems may be at risk, so forewarned is forearmed.  Here are some of the key steps identified in the advisory to help reduce damage from a cyber intrusion:

Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.

Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.

Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.

If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.

Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats

Do you have a crisis-response plan and team?  If not, now is a good time to put one in place.  Know what you have to do in the event of an incident and who has to do it. In addition to addressing the problem in real time, you will need to investigate, collect and preserve information for follow up reporting and remediation.  Timely reporting of cyber incidents involves more than just putting in a call. Defense contractors are required to have a designated person with authority to operate the Department of Defense (DoD) Cyber Crime Center (DC3) portal to report cyber incidents. But there may be other places to report to as well.  CISA and/or the Federal Bureau of Investigation (FBI) are also looking out for reports of incidents or unusual activities.

DoD DIB Collaborative Information Sharing Environment (DCISE) – https://dibnet.dod.mil ; DCISE@us.af.mil ; (hotline) (410) 981-0104/ (toll free) (877) 838-2174

CISA – https://www.cisa.gov/uscert/report

FBI (local field office) – https://www.fbi.gov/contact-us/field-offices

FBI (24/7 CyWatch) –CyWatch@fbi.gov ; (855) 292-3937

Even cyber intrusions that appear benign may result in infiltration of your networks, exfiltration of data, or more.  Be alert to unexpected or unusual emails or network behavior, and ensure your antivirus and anti-malware are engaged to protect your networks.  In the event you identify a potential cyber intrusion, act quickly to identify and address these threats.

Cyber incidents may trigger requirements beyond reporting on the incident to the government. If you have an actual or suspected cyber incident, consult with your counsel to assess and address these and other requirements. Contact the author or your Stinson counsel if you have questions about this advisory.

It is all but certain that mandatory arbitration clauses will no longer exist for workplace sexual assault and sexual harassment claims once the expected legislation many refer to as the #MeToo Arbitration Ban is signed by President Biden.  Stinson’s Labor, Employment & Benefits division reported on this bill in its Alert, Senate Passes #MeToo Bill Allowing Employees to Bypass Arbitration. While certain large government contracts have already included a similar prohibition on mandatory arbitration clauses for these types of claims, this soon to be law will apply to all employers, including all government contractors.  Once signed into law, an employee will have the right to choose whether to go to court to pursue a workplace sexual assault or sexual harassment claim – even if the employee has previously agreed to binding arbitration of all claims as part of an employment agreement.

This development is an almost perfect example of a situation where an ounce of prevention is worth a pound of cure.  The best way to avoid the challenges of having to litigate a sexual assault or sexual harassment claim against you as an employer is to have policies and procedures in place to minimize the risk of behavior that could lead to such claims, and a plan in place to address complaints internally as soon as they are made.  Mandatory sexual harassment prevention training for both supervisory and non-supervisory employees, for example, should be a regular thing, not just once in a while.  A process in place to report and address such complaints – with action required by your managers – is another.

Once again the President has invoked the Federal Property and Administrative Services Act as the authority for an Executive Order “to promote economy and efficiency.” In his latest Executive Order (EO) issued on Friday, February 4, 2022, President Biden mandated that all federal procurement construction projects valued at $35 million or more must use a Project Labor Agreement (PLA).

By requiring a PLA, the President would place considerable power over the terms and conditions of a performing a federal construction contract in the hands of unions. Under the EO, PLAs are defined as

a pre-hire collective bargaining agreement with one or more labor organizations that establishes the terms and conditions of employment for a specific construction project and is an agreement described in 29 U.S.C. 158(f).

Since the EO will apply the PLA mandate to “large-scale construction projects,” it is likely that any PLA will require the involvement of multiple unions and labor organizations to negotiate the specifications, terms and conditions of the project for the various trades that will be working at the site.  The EO requires that the PLA “contain guarantees against strikes, lockouts, and similar job disruptions” and set out binding procedures for the resolution of labor disputes arising during the term of the PLA. Notably, the EO would effectively appear to bypass the role and authority of federal agencies in certain key areas as the EO provides that PLAs will “provide other mechanisms for labor-management cooperation on matters of mutual interest and concern, including productivity, quality of work, safety, and health.” Such a collectively bargained PLA then would bind all federal contractors and subcontractors on the project to the contractor-union negotiated specifications, terms and conditions for performance of the project. The EO in fact states that it will require “every contractor or subcontractor engaged in construction on the project to agree, for that project, to negotiate or become a party to a project labor agreement with one or more appropriate labor organizations.”  Nowhere does it say that the federal procuring agency will be involved in this process or otherwise have any say in what is actually negotiated and placed in the PLA. The agency’s only role is to identify those projects where PLAs will be mandatory.

The EO allows for some exceptions to requiring a PLA in projects that (a) are found not to advance the federal government’s interests in achieving economy and efficiency; (b) market analysis shows the PLA would frustrate full and open competition by substantially reducing the number of potential bidders on the project; or (c) would otherwise be inconsistent with statutes, regulations, Executive Orders, or Presidential Memoranda. In contrast, the EO also allows agencies to expand the requirement of a PLA beyond procurements of large construction projects, to smaller construction projects, as well as construction projects “receiving any form of Federal financial assistance (including loan guarantees, revolving funds, tax credits, tax credit bonds, and cooperative agreements).”

The EO also directs the creation of a reporting regime for making public the data on the use of PLAs, as well as descriptions of any exceptions granted.

While the White House estimated that this EO will apply to $262 billion of federal construction contracts and impact nearly 200,000 workers, the total is likely to go much higher and the impact much broader once projects under the $1.2 trillion Infrastructure Investment and Jobs Act of FY 2021 are commenced.

Federal law requires that there be rulemaking notice and comment and impact analyses performed for issuance of FAR procurement rules. The EO gives the FAR Council 120 days to propose regulations to implement this EO, and the Office of Management and Budget (OMB) is directed, to the extent permitted by law, to issue guidance on the exception and reporting provisions of the EO. We can expect that there will be a number of comments filed in the future by trade associations, contractors, and other industry groups once the FAR Council issues a proposed rule.   Those potentially affected by the EO and implementing regulations and guidance should watch out for opportunities to provide their input not only during the forthcoming FAR rulemaking processes and OMB activities, but also through other routes since the EO seeks to extend the required use of PLAs – and therefore the role of trade associations and unions — far beyond federal procurements to grants, tax credits, loans, and other agreements, implicating not just federal projects, but other projects receiving some form of federal assistance.

Contact the author or your Stinson counsel if you have questions about this advisory.

On Tuesday, DOJ released its eagerly awaited False Claims Act (FCA) recoveries for the fiscal year ending September 30, 2021, announcing that DOJ had obtained $5.6 billion in settlements and judgments from civil cases involving fraud and false claims against the government.  This was the second largest annual total in FCA history (only surpassed by the $6.2 billion in recoveries in FY 2014), which was telling since the number of new qui tam matters filed actually decreased from 675 in FY 2020 to 598 in FY 2021 and the number of non-qui tam matters decreased from 259 in FY 2020 to 203 in FY 2021.  FCA recoveries had hit a decade low in FY 2020, so Tuesday’s announcement foreshadows a banner year for FCA enforcement in FY 2022, particularly given DOJ’s recent statements on its enforcement priorities.

As expected, the bulk, or $5 billion, of last year’s recoveries related to actions involving the health care and life sciences industries (with $2.8 billion due to the Purdue Pharma LP’s opioid-related settlement).  What was surprising about the report was the amount of recoveries for government-initiated, non-qui tam matters, which amounted to $3.98 billion, or 730 percent higher than in FY 2020.  $3.59 billion of that amount pertained to health care and life sciences matters, and $1.6 billion arose from the qui tam or whistleblower provisions of the FCA. A critically important statistic for government contractors, though, was the 254 percent increase in the amount of recoveries from whistleblower settlements and judgments for Department of Defense (DoD)-related matters.

So what does this mean?  It means that overall, while fewer FCA cases were filed, the government focused on initiating its own enforcement actions and pursued them vigorously.  It also means that the government appears to be intervening in more whistleblower actions in procurement fraud matters.  Indeed, the DOJ listed the wide variety of procurement fraud matters it settled last year, including:

Government contractors falsifying pricing data.

  • Navistar Defense LLC paid $50 million to resolve allegations that it fraudulently induced the U.S. Marine Corps to enter into a contract modification at inflated prices for a suspension system for armored vehicles.
  • Insitu Inc. paid $25 million to settle allegations that it knowingly submitted materially false cost and pricing data for contracts with the U.S. Special Operations Command and the Department of the Navy to supply and operate Unmanned Aerial Vehicles.
  • Furniture maker Workrite Ergonomics LLC paid $7.1 million to resolve allegations that the company did not provide the General Services Administration (GSA) with accurate information about its commercial sales practices during contract negotiations for office furniture, and subsequently violated the terms of its contract by failing to extend lower commercial pricing to government customers.

Government contractors provided goods or services that did not comply with contract requirements.

  • United Airlines Inc. paid $32.1 million to resolve allegations relating to its execution of contracts to deliver mail internationally on behalf of the U.S. Postal Service.
  • Cognosante LLC paid $18.9 million to resolve allegations that it used unqualified labor and overcharged the government for health care and IT services provided to federal agencies under two GSA contracts.
  • AAR Corp. and its subsidiary, AAR Airlift Group Inc., paid $11 million to resolve allegations that AAR Airlift knowingly failed to maintain nine helicopters in accordance with DoD contract requirements and that the helicopters were not airworthy and should not have been certified as fully mission capable.

Government contractors alleged to have paid or received kickbacks related to government contracts.

  • Level 3 Communications LLC paid $12.7 million to resolve allegations that the owner of two subcontractors paid kickbacks to Level 3 senior managers in return for favorable treatment for those subcontractors on government contracts. The government also alleged that Level 3 managers misstated compliance with woman-owned small business subcontracting requirements and knowingly obtained protected competitor bid information on the government contract to gain an advantage in bidding on task orders.
  • Schneider Electric Buildings Americas Inc. paid more than $9 million to resolve allegations that one of its senior project managers solicited kickbacks from subcontractors and that the company fraudulently charged the government for design costs by disguising those costs and spreading them across unrelated pricing components.

The key takeaway from DOJ’s announcement is that  now, more than ever, government contractors must focus on having and maintaining a robust compliance program.  Contractors also must establish a culture of compliance, where management actually buys in to implementing and acting upon the program, not just having a compliance program on paper.  With the increased DOJ focus on pursuing whistleblower claims in government contracting matters, companies must fortify their internal whistleblower programs, including providing compliance training for personnel, implementing measures for appropriate reporting of misconduct, and diligently investigating whistleblower reports when received. When a company maintains an effective compliance program, it encourages good behavior and makes it that much more difficult for bad actors to engage in unlawful conduct, and, if the conduct does occur, it increases the likelihood that the company will learn about and be able to address it promptly and effectively.

The Biden Administration continues its march towards implementation and enforcement of permanent vaccination mandates.

OSHA withdraws OSHA Emergency Temporary Standard (ETS)

On January 13, 2022, the Administration’s plan to force employers to vaccinate or test more than 84 million employees was blocked by the Supreme Court.  In its ruling, the Supreme Court held that OSHA did not have emergency authority to mandate that employers of 100 or more employees must vaccinate or test their employees.  In its decision, the Court’s majority stated that:

Although COVID-19 is a risk that occurs in many workplaces, it is not an occupational hazard in most.  COVID-19 can and does spread at home, in schools, during sporting events, and everywhere else that people gather.  That kind of universal risk is no different from the day-to-day dangers that all face from crime, air pollution, or any number of communicable diseases.  Permitting OSHA to regulate the hazards of daily life – simply because most Americans have jobs and face those same risks while on the clock – would significantly expand OSHA’s regulatory authority without clear congressional authorization.  … Contrary to the dissent’s contention, imposing a vaccine mandate on 84 million Americans in response to a worldwide pandemic is simply not “part of what the agency was built for.”

While some predicted that this ruling on the stay would be the effective end of the Administration’s efforts to force vaccination as the ETS would only be a temporary rule, the opposite appears to be the case.  On January 25, 2022, OSHA issued a prepublication notice of its intent to withdraw the OSHA ETS interim final rule, but stated that it intends retain the ETS as a “proposed rule” (the comment period closed January 19, 2022) for a “proceeding” to promulgate an occupational safety or health standard. In a separate statement, OSHA indicated that it intends to prioritize its resources to promulgate a permanent COVID-related standard for healthcare.  Thus, the Administration may be planning to make the requirement for vaccination for COVID-19 a permanent fixture – the question is whether this will be limited to healthcare or more broadly applicable. Given the language of the decision by the majority of the Court, a permanent rule that does not distinguish between the various businesses, types of work and workplace conditions will be vulnerable to a challenge. The Supreme Court’s reasoning in its January 13, 2022 decision made clear the majority’s position that COVID-19 on its own is not a uniquely occupational hazard subject to OSHA’s regulatory ETS authority. Accordingly, any permanent rule seeking to impose requirements similar to those set forth in the ETS, or which does not address occupation-specific risks related to COVID-19, may be subject to similar challenges.

Georgia v. Biden District Court Clarification of Preliminary Injunction

During the pendency of the appellate court’s review of the preliminary injunction enjoining implementation of the government contractor vaccination mandate, the Administration sought clarification of the scope of the injunction at the District Court – asking whether it could enforce the mandate where contractors had “voluntarily” accepted the clause and whether it could enforce the mandate’s masking and social distancing requirements.  On January 21, 2022, the District Court issued its ruling on the requested clarification.  The Court confirmed that it lacked jurisdiction over the injunction while an appeal was pending at the Court of Appeals.  However, the District Court found that it did retain jurisdiction to “supervise the enforcement of its injunction and to preserve the status quo pending appeal” per FRCP 62(c).  It declined to provide an advisory opinion on the question of enforceability of the mandate where there was voluntary acceptance of the clause, since that was a “vaguely-described hypothetical situation.”  With regard to the second part of the clarification request, the Court also declined to provide the requested clarification though it stated that the answer was straight forward, “Defendants are ENJOINED … from enforcing the vaccine mandate ….” While the Court may believe that this was a clear response, the Executive Order covered the guidance issued by the Safer Workforce Task Force, which includes guidance regarding vaccination as well as masking and social distancing.  Looks like we have to wait for the appellate court to act for further clarification on this case.

These matters continue to develop.  Contact the author or your Stinson counsel if you have questions on this advisory or related matters.  Stay tuned for more updates.