I recently outlined the ever-growing list of compliance obligations for businesses that sell goods and services to the federal government in an article for Risk Management. “Some of the new regulatory requirements – such as obligations relating to cybersecurity and counterfeit parts – address challenges posed by an increasingly global, networked economy,” I explained in the article. “Others, such as the mandatory disclosure requirement, continue the trend of the government relying on third parties, whether it be whistleblowers or contractors themselves, to police the procurement system.”
To address the rising risk these complications pose, businesses should first ensure they have established an underlying compliance structure required by federal procurement regulations, as well as design effective training programs, translate the obligations into actionable policies, and effectively monitor adherence with those policies.
In addition to highlighting ethics and compliance systems and mandatory disclosures required by Federal Acquisition Regulation (FAR), I highlighted key areas of evolving provisions to address beyond the overarching ethics and compliance program, including:
- Cybersecurity: Because recent cyberattacks have shown the vulnerability of infrastructure systems and exposed sensitive government data, federal agencies have responded with new system and security requirements that flow down to subcontractors at all levels of the supply chain. This is particularly the case for Department of Defense (DoD) contractors as the agency moves toward a third-party certification standard called Cyber Security Maturity Model Certification (CMMC).
- Telecommunications Equipment Prohibition: Due to concerns that the Chinese government may be using telecommunications and video surveillance equipment to spy on U.S. government activities, Congress prohibited federal agencies from purchasing goods or services using such equipment from several Chinese companies and their subsidiaries.
- Counterfeit Parts: The government now requires for certain DoD procurements that federal contractors put in place counterfeit electronic part detection and avoidance systems, and that they report and quarantine counterfeit and suspect counterfeit parts to mitigate the risk. While this obligation only applied to DoD procurements initially, the final rule published in November 2019 established a FAR provision applicable to civilian contracts.
The full article, “Ethics and Compliance in Government Contracts,” was published by Risk Management on September 27 and is available online.