The recently passed Coronavirus Aid, Relief, and Economic Security Act (CARES Act) injected previously unthinkable amounts of stimulus funds into the struggling U.S. economy. To oversee the disbursement of these funds and to curb fraud and misuse, the CARES Act created various oversight and enforcement mechanisms. Notable among these is the Special Inspector General for Pandemic Recovery (SIGPR). As we explained in a recent post, the SIGPR is conferred broad powers to audit and investigate waste, fraud and abuse involving hundreds of billions of dollars in CARES Act funds. Additional primary oversight bodies include the Congressional Oversight Commission and the Pandemic Response Accountability Committee (PRAC).

While arguably the most significant oversight leadership position, the SIGPR remains vacant; however, that may not be the case for much longer. President Trump’s pick for the SIGPR role, Brian D. Miller, has not yet been confirmed by the Senate – although Miller’s confirmation hearings were held on May 5 and his nomination was advanced to the Senate floor on May 12. The actions of similar special inspectors general offices, and in particular that established to oversee the stimulus package Congress passed after the 2008 financial crisis (the Special Investigator General for the Troubled Assets Relief Program, or SIGTARP), suggest the office of the SIGPR will be particularly aggressive in pursuing fraud and misuse related to disbursed CARES Act funds. Yet, even if the Senate confirms Miller soon, considerable time may pass before the Office of the SIGPR can bring to bear its full investigative and audit powers. After all, the Office of the SIGPR is not yet in existence and should Miller, who served as the GSA Inspector General from 2005 through 2014, be confirmed, he will need to lay the agency’s operational groundwork from scratch, including hiring a full staff of employees (Miller expects to hire 75-100 employees), securing office space, and equipping the office, etc.


Continue Reading Update: Investigations Under the CARES Act Ramp Up Even as Oversight Roles Remain Vacant

On April 8, the Department of Defense (DoD) issued a Class Deviation 2020-O0013 laying out the framework for implementing Section 3610 of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). DoD is to be commended for swift action to implement this useful permissive authority, which is but one of the many tools available to contracting officers to ensure affected contractors with contracts or agreements under Other Transaction Authority are fairly compensated and are prepared, to the maximum extent possible, to continue to support DoD’s mission.

The legislative provision, which we commented on when it first appeared in the Senate version of the bill, raised questions that the class deviation and subsequent implementation guidance and FAQs helpfully address.  Hopefully, DoD’s guidance will be helpful to agencies across the government that are eager to use the authority at Section 3610 but have been delayed due to uncertainty caused by unclear legislative language.

For example, the legislation authorizes agencies to reimburse at the “minimum applicable contract billing rates,” a term that is not defined, but only if the employees cannot perform work at a site that has been “approved by the Federal Government” without guidance on what such approval entails.  Further, Section 3610 provides that the maximum reimbursement authorized shall be reduced “by the amount of credit a contractor is allowed pursuant to division G of Public Law 116-127,” which is a reference to the Families First Coronavirus Response Act (FFCRA) payroll tax credits for paid sick and family/medical leave, and “any applicable credits a contractor is allowed under this Act,” which is not defined.


Continue Reading DoD Issues Framework to Provide Relief to Government Contractors Affected by COVID-19-Related Closures

On March 27, President Trump signed into law the $2 trillion coronavirus stimulus bill, named the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).  The law, the most expensive single piece of legislation ever passed, includes hundreds of billions in funds to help businesses remain afloat.  To provide oversight into how these funds are used, the CARES Act establishes a Special Inspector General for Pandemic Recovery (SIGPR), along with two other oversight bodies.

This action is not without precedent, as Congress established a similar watchdog to oversee the stimulus funds disbursed in the wake of the 2008 financial crisis, the Special Inspector General for the Troubled Asset Relief Program (SIGTARP).  SIGTARP’s broad interpretation of its mandate, as well as its aggressive pursuit of fraud involving stimulus funds, are instructive to forecasting how SIGPR will fulfill its mission and to how recipients of CARES Act funds can protect themselves.

SIGPR Duties & Powers

The CARES Act tasks the SIGPR with monitoring fraud, waste and abuse involving the $500 billion of CARES Act funds allocated to the Treasury Secretary (Economic Stabilization Fund) to support businesses, states and municipalities impacted by the COVID-19 pandemic.

The SIGPR, who will be appointed by the president and requires Senate confirmation, will be empowered to “conduct, supervise, and coordinate audits and investigations of the making, purchase, management, and sale of loans, loan guarantees, and other investments” relating to the Economic Stabilization Fund.


Continue Reading The Special Inspector General for Pandemic Recovery – Crisis Funding Comes with Heightened Investigation Risk

On March 18, President Trump issued an Executive Order invoking the Defense Production Act (DPA), a tool that may help the administration combat the COVID-19 pandemic. With companies like 3M, GE, and others voluntarily ramping production of medical supplies to accomplish the nation’s significant needs, the president is yet to unleash his recently invoked authority. Still, the Executive Order activates far-reaching executive powers to prioritize production of key medical supplies, including protective medical equipment and ventilators. With the apparatus needed to deploy the DPA now in place, government contractors should prepare themselves for what may come.

By way of background, Congress passed the DPA during the Korean War to ensure sufficient production of materials deemed critical to the nation’s defense. Echoing economic controls imposed in World War II, the DPA gives the executive branch extraordinary powers, including the authority to require manufacturers to produce and prioritize certain items; allocate raw materials and facilities for the production of these items; and, in certain circumstances, even set price and wage controls.


Continue Reading Administration Ready to Use DPA to Address COVID-19 Shortages

By failing to object to solicitation terms before the close of bidding, a protester typically waives those objections in a post-award bid before the Court of Federal Claims (COFC). An exception exists, however, where a protester filed a timely pre-award agency-level protest challenging patent errors or ambiguities.

But, as powerfully illustrated by the COFC’s decision in Harmonia Holdings Group, LLC v. United States, this exception is limited. In that case, Harmonia, one of the offerors on the procurement, initially brought an agency-level protest to challenge the U.S. Customs and Border Protection’s (CBP) issuance of two amendments to the solicitation, arguing that the agency improperly denied offerors the opportunity to revise their proposals in response to these amendments. CBP denied the protest.


Continue Reading The Importance of Being Timely: Protester Waives Protest Ground by Unduly Delaying Protest

A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft Cybersecurity Maturity Model Certification (CMMC). This new framework to safeguarding controlled unclassified information (CUI), which includes a certification requirement by a third-party auditor, presents both significant opportunities and challenges for DoD contractors.

In an overview briefing on the new model, DoD emphasized that the new framework will impose a unified cybersecurity standard for all DoD acquisitions and, in so doing, “reduce exfiltration of [CUI] from the Defense Industrial base.” To achieve this goal, the new model significantly bolsters the existing compliance regime around cybersecurity—which currently, for the most part, requires compliance with the security standards set forth in NIST SP 800-171 through DFARS 252.204-7012.


Continue Reading DoD’s Recently Released Draft Framework Signals Significant Changes in Cybersecurity Requirements

In an article published by Law360, we examined a report issued by the U.S. Department of Defense (DoD) Inspector General on July 23, which summarizes the findings of an audit into the protection of controlled unclassified information (CUI) on contractor networks.

The DoD reviewed nine contractors’ information systems and revealed some deficiencies that do not meet the standards set forth in National Institute of Standards and Technology (NIST) Special Publication 800-171. The exposed deficiencies include: not mitigating vulnerabilities on their networks and systems, not scanning their network for vulnerabilities, not mitigating high vulnerabilities identified in the contractor’s management programs and more.


Continue Reading Findings of DoD Audit and Recommendations for Cyber Enforcement