Govt. Contractors Face New Ethics Rule

A proposed new ethics rule that would significantly alter the marriage between business contractors and the federal government could potentially have parties on both sides asking for a divorce.

At issue is a proposed amendment to the Federal Acquisition Regulation—the body of rules that dictate the procurement policies and practices of some 25 federal agencies—that would require all companies doing business with the federal government to have in place an effective ethics and compliance program. The change was proposed by the General Services Administration, the Department of Defense, and NASA.

While other agencies (the Department of Defense, Veterans Affairs, and the Environmental Protection Agency) currently have similar policies in place, the new FAR Subpart 3.10 would have a much broader effect on the compliance landscape by applying to all companies: public and private, foreign and domestic alike. “There is no distinction as there has been in the past with other regulations,” says Michael Levin, of compliance software firm Integrity Interactive.

The new rule also would apply to a whole corporate enterprise, not just any single subsidiary that might be doing business with the government. Only commercial item contracts—items customarily used by the general public and for non-governmental purposes—and contracts performed outside the United States will be excluded.

Under the proposed rule, which is expected to go into effect anytime between now and November, companies with federal government contracts and subcontracts worth more than $5 million and lasting longer than 120 days must establish a written code of ethics and business conduct within 30 days after contract award. The rule also states that contractors must establish an employee ethics and compliance training program and an internal control system “proportionate to the size of the company” within 90 days after contract award.

Small-Business Woes

For contractors such as Boeing, Lockheed or Raytheon, the rule will change little since they already have compliance and ethics programs in place. The concern, experts say, is among smaller companies that primarily target the commercial sector and perform only a small amount of government work.

Cellini

“[Non-traditional business contractors] don’t think of themselves as government contractors,” says Richard Cellini, an Integrity Interactive spokesman. “Yet, they will be treated just like a major defense contractor.” Integrity Interactive estimates that at least 10,000 companies will be affected.

Similar alarms were sounded in comment letters about the rule. Michael Hordell, chairman of the American Bar Association’s committee on government contractor law, wrote that FAR 3.10 “may prevent eligible and responsible small businesses from doing business with the government.”

Hordell

One point of contention is the 120-day minimum contract length, which some argue is too short. “Companies with such a limited relationship with the government should not be put to the expense and effort (and risk) that the proposed rule would cause,” Hordell wrote. “This formal obligation should only be associated with longer-term contractual commitments of at least a year, if not more.”

FAR SUBPART 3.10

Below is an excerpt from Federal Acquisition Regulation Subpart 3.10.

Contracting officers shall ensure that the requirements of this subpart are implemented using the following procedures:

A. Exceptions. Commercial item contracts performed under Part 12 or performed outside the United States do not apply to this subpart and are not required to: (1) have an employee ethics and compliance training program and internal control systems; or (2) have the contractor display the fraud poster.

B. Contracts exceeding $5,000,000 shall require the contractor to: (1) display the agency OIG fraud hotline poster, unless the agency does not have a fraud hotline poster; and (2) display the Department of Homeland Security (DHS) disaster assistance poster in accordance with paragraph (d)(2) of this section.

In addition to the requirements of paragraph(b)(1) of this section, contracts exceeding $5,000,000 with performance periods of 120 days or more shall require the contractor to: (1) have a written code of ethics and business conduct; and (2) establish an employee ethics and compliance training program and internal control systems commensurate with the size of the company and its involvement in Government contracting.

C. Contracts valued at $5,000,000 or less. Agencies may establish policy and procedures for display of the agency OIG fraud hotline poster, without imposing the requirements of paragraph (b)(2) of this section, in contracts valued at $5,000,000 or less.

D. Fraud Hotline Poster. Agencies are responsible for determining the need for, and content of, their respective agency OIG fraud hotline poster(s). When requested by the Department of Homeland Security (DHS), agencies shall ensure that contracts funded with disaster assistance funds require display of any event-specific fraud hotline poster applicable to the specific contract. As established by the agency, such posters may be displayed in lieu of, or in addition to, the agency’s standard poster.

Source

General Services Administration.

Perhaps the biggest concern is the cost the regulation would impose on small businesses. According to a 2005 report by the Small Business Administration’s Office of Advocacy, small businesses with less than 20 employees already face an annual regulatory cost of $7,647 per employee—nearly 45 percent higher than regulatory costs faced by large firms with 500 or more employees.

Sullivan

“If a small business is required to implement an employee ethics and compliance training program and an internal control system, it is estimated … that the minimal set-up cost will be around $10,000,” Thomas Sullivan, chief counsel of the SBA Office of Advocacy, wrote in another comment letter.

“Also, many contractors already have internal ethics departments that are the first line for reports and investigation of suspected violations and other irregularities,” Hordell said. “This proposal appears to undermine those existing controls.”

Vague Language

Another concern for large and small contractors alike is the text’s vague language, which many argue could lead to inconsistent implementation.

“They don’t go into a lot of detail about how inclusive the plans are supposed to be,” says Krista Pages, a government contract lawyer with the law firm Winston & Strawn. “What does it mean when they say ‘training’? How often should they have training? A lot of the details have been left out.”

Pages frets that the proposed rule has no submittal requirement for companies to submit their plans for inspection, and allows the contractor to determine the complexity and cost of its programs.

Such vague language makes it difficult to advise clients on how detailed their plans and their procedures should be, Pages says; a compliance plan acceptable to one compliance officer for one kind of contract may not be acceptable by another compliance officer of another contract. That then becomes a liability that a court could hold against a company later on, she says.

Levin uses the example of a False Claims Act case. “If you make the representation—even impliedly—that you’ve met these mechanisms, that you have the written code, that you have the internal controls, and that you’ve done the training programs, and the government determines that you really didn’t, that misrepresentation is fraud” and is subject to fines, penalties, and damages, he says. Those fines and penalties might come on top of FAR’s other penalties for noncompliance, which include withholding contract payments; loss of award fee; and most seriously, termination of a contract or even bans against applying for future contracts.

Given such high stakes, many commentators expressed concern that a more detailed explanation is necessary before FAR 3.10 goes into effect.

Better Safe Than Sorry

Despite expressing numerous concerns with the language (or its lack thereof) in the text of the rule, none of the organizations that made comments about FAR 3.10 argued against having a compliance program itself.

Compliance programs are always a wise precautionary measure, Pages says. “Even if you don’t fall within that new FAR subpart, you should still be thinking about having a compliance program.”

Pages

For example, she says, if a rogue employee disobeys company rules, managers can refer back to the company compliance policy as reason for dismissing the person—and avoid any legal hot water. Plus, she adds, “you never know when you’re business might grow enough to then be included [under FAR].”

For large business contractors, especially those that may not already have an ethics plan in place, now is a good time to start. “This is quite a lengthy process, and 30 to 90 days just is not enough,” Levin warns.

Companies can start by making sure that what they spend on their compliance programs is proportionate to the size of their business. “Many companies have compliance programs in place,” Cellini says. “Far fewer have ones that are proportionately funded.” He estimates that large companies could spend $100,000 to $500,000 annually on compliance programs.

It’s also important to remember that the government does not expect a company to eliminate its problems to nothing. “The government assumes that if you’re a company of any decent size, you’re going to have problems,” Cellini says. “That’s not the issue. The issue is what you’re doing about them.”