COVID-19 Government Enforcement And Investigation Priorities: Minimizing Your Business Risk

The 2019 novel coronavirus (COVID-19) pandemic has changed our day-to-day routines and forced us to navigate many unique challenges in our personal and business lives. One challenge many businesses are facing is how to operate within the confines of the pandemic while complying with federal rules and regulations, both those that are well-established and those that have been promulgated to address specific needs brought on by COVID-19. While the pandemic has also affected the U.S. Department of Justice (DOJ) and other agency enforcement offices, there is no sign that government investigations into wrongdoing will decline. In some cases, government authorities are increasing their efforts to protect the public.

In this environment, it is important that businesses ensure operations are in accordance with DOJ and agency guidance so their actions do not trigger a government investigation. While some steps businesses can take to minimize the likelihood of an investigation were commonplace prior to the pandemic, others require a better understanding of specific guidance promulgated by DOJ and other agencies in the wake of COVID-19.

DOJ PRIORITIZATION OF EXPLOITATION CASES

The DOJ has taken clear steps to establish prioritization of investigations during the pandemic and will be focusing on exploitation cases and other COVID-19-related fraud schemes.

In March 2020, Attorney General William Barr directed all U.S. Attorneys to prioritize the investigation of these fraud schemes. Common schemes include:

  1. Individuals and business selling fake COVID-19 cures
  2. Phishing emails from entities posing as being associated with the World Health Organization or the U.S. Centers for Disease Control and Prevention
  3. Malicious websites or apps appearing to share COVID-19-related information to gain and lock access to devices until payment is secured
  4. Illegitimate or non-existent charitable organizations seeking donations
  5. Fraudulent billing by medical providers obtaining patient information for COVID-19 testing and then billing for other tests and procedures

To further that directive, the Attorney General’s Office also instructed each U.S. Attorney to appoint a Coronavirus Fraud Coordinator (Coordinator) for his or her judicial district. This Coordinator is to serve as legal counsel for his or her district on COVID-19 matters, direct the prosecution of COVID-19-related crimes, and conduct outreach and awareness initiatives regarding common forms of fraudulent schemes that seek to wrongly take advantage of needs and conditions resulting from the pandemic. The Coordinators in the Eastern District of Wisconsin and Western District of Wisconsin are Assistant U.S. Attorneys Kelly Watzka and Chadwick Elgersma, respectively.

DOJ is actively investigating and prosecuting wrongdoing during pandemic

Watzka, Elgersma and their colleagues at the various U.S. Attorneys’ Offices across the nation are encouraging the public to report fraud and other schemes resulting from the pandemic. Many U.S. Attorneys are contacting health care facilities for leads on potential schemes involving hoarding personal protective equipment and warning and advising the public on scams related to COVID-19 Economic Impact Payments. Additional measures include teaming with the American Association of Retired Persons (AARP) and other organizations to disseminate information to the public.

Since late March 2020, enforcement actions have been filed against providers and nonmedical personnel for promoting fake COVID-19 treatment. Charges have also been filed against those attempting to sell fake personal protective equipment to the U.S. Department of Veterans Affairs, attempting to smuggle mislabeled drugs into the U.S. to treat COVID-19, making false statements regarding accumulation and sale of personal protective equipment, and soliciting investments in a company fraudulently claiming funds would be used to market COVID-19 treatments and cures. Further, the DOJ estimates federal authorities have disrupted hundreds of internet domains that were used to exploit the pandemic to commit fraud and other crimes.

REDUCE YOUR RISK OF ALLEGATIONS OF FRAUD OR MISUSE OF GOVERNMENT FUNDS

While the cases above involve particularly egregious cases of fraud, it is important to remember that we are in the early months of COVID-19 relief programs and pursuit of COVID-19-related investigations. As the government continues to provide various aid packages to individuals and businesses alike, it will be important for all businesses, and especially those receiving federal funds, to take action to ensure compliance with the law relating to those funds in order to prevent future investigations. It is likely future investigations would be for less flagrant corporate actions.

Initiatives such as the White House’s National Emergency Declaration, which devotes $50 billion to containing the pandemic, and the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which includes a $2 trillion dollar stimulus package, will help relieve some of the financial stress impacting businesses. However, with these initiatives comes rules and regulations to ensure that the funds are used as intended.

The CARES Act also created a Special Inspector General for Pandemic Recovery (SIGPR) to “conduct, supervise, and coordinate audits and investigations” of the CARES Act’s financial assistance programs and any other U.S. Department of the Treasury programs established under the CARES Act. In so doing, the SIGPR will be meticulously monitoring those businesses that have received assistance under the CARES Act to prevent and detect fraud and abuse, and to facilitate the identification and prosecution of participants of fraud and abuse.

With these initiatives comes special concern for investigations, charges and enforcement actions under the False Claims Act (FCA).1 The FCA is the primary civil enforcement tool used by the DOJ to pursue those who fraudulently obtain relief money, and fraudulently bill under contracts with the government. The government’s employment of the FCA is likely to expand as small businesses and large corporations alike receive federal funds under the CARES Act, and enter contracts to meet the increased need for emergency goods and services.

Businesses of all sizes and operating in all industries should therefore take additional steps beyond their standard practices to limit the potential for allegations of fraud or misuse of government funds. These steps should not only reinforce pre-pandemic workplace compliance and internal governance standards, but should also involve a system for maintaining documentation and preservation of relief-related correspondence, documents and actions. Importantly, no business should ignore or loosen any of their internal governance procedures or any laws, rules or regulations in the name of expediency.

OTHER FEDERAL AND STATE AGENCY ENFORCEMENT POLICIES DURING COVID-19

Beyond DOJ, several federal and state government agencies have issued policy statements regarding their enforcement priorities and activities during the pandemic.

U.S. Securities and Exchange Commission

Unlike some agencies that have publicized their willingness to be flexible and considerate of the unique circumstances in exercising their enforcement authority, the Securities and Exchange Commission (SEC) has maintained that its enforcement division is fully operational and that it will be vigilant against threats targeting “Main Street” investors.

In its public statements, the SEC has emphasized the importance of maintaining market integrity and following corporate controls. Its recent enforcement activities have focused on fraud schemes and other illegal activity arising from the COVID-19 emergency. It has issued trading suspensions for a number of stocks, many for companies that purported to offer health products or services related to COVID-19. Additionally, the agency has cautioned about “fraudulent stock promotions, unregistered offerings, phony charitable investments, affinity fraud, and fake products offering high returns.”

Investment scams come in a variety of flavors suited to COVID-19. For example, investment in underfunded or fraudulent companies that supposedly make products or services related to COVID-19 prevention or treatment, alternative investments claiming to not be vulnerable to ongoing market risk, or investments purporting to offer unrealistic returns by taking advantage of the market volatility or low prices. In Wisconsin, the Department of Financial Institutions has specifically called out the threat of COVID-19-related charity scams.

In addition to investment scams, the SEC has warned about an increased potential for insider trading owing to a greater number of people who may have access to nonpublic information. The enforcement division has released a statement reminding directors, officers and employees of their obligations to keep nonpublic information confidential and to comply with insider trading laws. The statement likewise urged public companies to adhere to their established disclosure controls, codes of ethics and other regulatory obligations.

The SEC is also encouraging consultation with its staff to ensure that financial reporting standards are maintained, demonstrating enhanced focus on these issues, and may not be forgiving of regulatory lapses where consultation with the SEC was not undertaken. However, the SEC has stated that it is not looking to second-guess good faith attempts to provide investors and other market participants appropriately-framed, forward-looking information.

U.S. Department of Health and Human Services

In the wake of extraordinary efforts by health care providers to combat the COVID-19 pandemic, including through enhanced and novel collaborations among different entities, the U.S. Department of Health and Human Services (HHS) has issued blanket waivers with respect to the Stark Law, which generally prohibits providers from referring Medicaid or Medicare patients to entities with which they have a financial relationship. The blanket waivers permit such referrals for 18 specifically designated relationships, such as referrals by owners of physician-owned hospitals or owners of ambulatory surgery centers that temporarily convert to hospitals. The relationship must be related to the COVID-19 emergency (which is broadly defined) and must not raise concerns regarding fraud or abuse. The blanket waivers are retroactive to March 1, 2020.

Subsequently, in an April 3, 2020, policy statement, HHS’s Office of the Inspector General (OIG) announced that it will similarly relax enforcement of the Anti-Kickback Statute in relation to certain remuneration related to COVID-19. The Anti-Kickback Statute generally prohibits providing or receiving remuneration in exchange for patient referrals. The purpose of the OIG’s temporary policy is to afford flexibility to providers of health care services who may be unable to comply with technical aspects of the Anti-Kickback Statute. The policy permits providers to pursue certain financial relationships that would otherwise be prohibited, such as payments made by a facility or physician for space or equipment rental below fair market value, the purchase of items or services below fair market value, or payments to physicians that are above their normal contracted rate.

Importantly, while the Anti-Kickback Statute policy is based on the Stark Law blanket waivers, it is notably narrower than the blanket waivers, covering only certain of the 18 enumerated categories provided for in the blanket waivers. All other arrangements prohibited by the Anti-Kickback Statute are unaffected by this policy. Moreover, the Anti-Kickback Statute policy applies only prospectively to conduct occurring on April 3, 2020, and later. Like the blanket waivers, to qualify for the Anti-Kickback Statute policy conduct must be related to care provided in connection with COVID-19, must not create a risk of fraud or abuse, and must be adequately documented.

While these HHS policies show the agency’s willingness to accommodate the special needs of health care providers, the policies are complex and warrant careful review to determine how they may apply to your organization or practice.

U.S. Environmental Protection Agency

After early reports suggesting that the U.S. Environmental Protection Agency (EPA) was significantly curtailing enforcement efforts, the agency has since issued a more detailed temporary policy.

Under the Temporary COVID-19 Enforcement Policy, the EPA will not seek penalties for noncompliance with routine monitoring and reporting requirements, if, on a case-by-case basis, the EPA agrees that such noncompliance was caused by COVID-19. The same policy applies to administrative settlement agreements: the EPA will not seek penalties for noncompliance with basic reporting requirements provided such failure was occasioned by COVID-19. Businesses should continue to use notice provisions set forth in agreements to keep the EPA apprised of their compliance efforts.

Regulated parties must document the basis for a claim that the pandemic prevented it from conducting the routine monitoring and reporting. These case-by-case determinations will be made after the pandemic is over and the EPA reserves its right to disagree that any asserted noncompliance was caused by the pandemic.

The temporary policy does not excuse exceedances of pollutant limitations in permits, regulations or statues due to COVID-19. Regulated entities are expected to comply. The temporary policy does not affect businesses’ responsibility to prevent and respond to spills or releases, or to criminal violations. However, the temporary policy contemplates that the EPA’s response to compliance will be determined in light of the circumstances created by the public health emergency, provided that the facility contacts the EPA or their state agency as soon as possible.

Businesses that may encounter challenges complying with environmental laws and regulations as a result of COVID-19, due to workforce or resource issues, for example, should review the temporary policy carefully to determine whether it may apply.

As usual, states maintain parallel authority to enforce many environmental laws, and any exemptions allowed by the EPA may not be respected by state agencies. The Wisconsin Department of Natural Resources (DNR), in particular, has issued its own process for case-by-case determinations of flexibility from regulatory burdens. Regulated entities are encouraged to work with their DNR contact to discuss compliance assistance if COVID-19 justifies the assistance sought.

1Learn more about the FCA and COVID-19 through our recent article entitled Managing and mitigating the risk of qui tam actions in the wake of COVID-19.


Copyright © 2020 Godfrey & Kahn S.C.

For more on governmental actions on COVID-19, see the National Law Review Coronavirus News section.

Cybersecurity Whistleblower Protections for Employees of Federal Contractors and Grantees

For information security professionals, identifying cybersecurity vulnerabilities is often part of the job.  That is no less the case when the job involves a contract or grant with the U.S. government.

Information security and data privacy requirements have become a priority at federal agencies.  These requirements extend to federal contractors because of their access to government data.  Often, cybersecurity professionals are the first to identify non-compliance with these requirements.  As high-profile data breaches have become more common, those who report violations of cybersecurity and data privacy requirements often experience retaliation and seek legal protection.

Reporting non-compliance or misconduct in the workplace can be necessary, but it can also be daunting.  It is important for cybersecurity whistleblowers to know their legal rights when disclosing such concerns to management or a federal agency.

In many cases, federal law protects cybersecurity whistleblowers who work for federal contractors or grantees.  This post provides an overview of those protections.

What cybersecurity requirements apply to federal contractors?

Federal contractors are subject to data privacy and information security requirements.

The Federal Information Security Management Act (“FISMA”) creates information security requirements for federal agencies to minimize risk to the U.S. government’s data.  FISMA also applies these requirements to state agencies administering federal programs and private business contracting with the federal government.  Federal acquisition regulations codify the cybersecurity and data privacy requirements applicable to federal contractors.  E.g., 48 C.F.R. §§ 252.204-7008, 7012 (providing for cybersecurity standards in contracts with the U.S. Department of Defense); 48 C.F.R. § 52.204-21 (outlining basic procedures for contractors to safeguard information processed, stored, or transmitted under a federal contract).  

Pursuant to the FISMA Implementation Project, the National Institute of Standards and Technology (“NIST”) produces security standards and guidelines to ensure compliance with FISMA.  Key principles of FISMA compliance include a systemic approach to the data that results in baseline controls, a risk assessment procedure to refine controls, and implementation of controls.  A security plan must document the controls.  Those managing the information must also assess the controls’ effectiveness.  NIST also focuses its standards on determining enterprise risk, information system authorization, and ongoing monitoring of security controls.

Essential standards established by NIST include FIPS 199, FIPS 200, and the NIST 800 series.  Core FISMA requirements include:

  • Federal contractors must keep an inventory of all of an organization’s information systems.
  • Contractors must identify the integration between information systems and other systems in the network.
  • Contractors must categorize information and information systems according to risk. This prioritizes security for the most sensitive information and systems.  See “Standards for Security Categorization of Federal Information and Information Systems” FIPS 199.
  • Contractors must have a current information security plan that covers controls, cybersecurity policies, and planned improvements.
  • Contractors must consider an organization’s particular needs and systems and then identify, implement, and document adequate information security controls. See NIST SP 800-53 (identifying suggested cybersecurity controls).
  • Contractors must assess information security risks. See NIST SP 800-30 (recommending that an organization assess risks at the organizational level, the business process level, and the information system level).
  • Contractors must conduct annual reviews to ensure that information security risks are minimal.

In addition to generally-applicable standards, individual contracts may create other cybersecurity or data privacy requirements for a government contractor.  Such requirements are prevalent when the contractor provides information security products or services for the government.

What protections exist for cybersecurity whistleblowers who work for federal contractors?

Federal law contains whistleblower protection provisions that may prohibit employers from retaliating against whistleblowers who report cybersecurity or data privacy concerns.  See Defense Contractor Whistleblower Protection Act, 10 U.S.C. § 2409; False Claims Act, 31 U.S.C. § 3730(h); NDAA Whistleblower Protection Law, 41 U.S.C. § 4712.  These laws protect a broad range of conduct.

Protected conduct under these laws includes:

  • Efforts to stop false claims to the government;
  • Lawful acts in furtherance of an action alleging false claims to the government; and
  • Disclosures of gross mismanagement, gross waste, abuse of authority, or a violation of law, rule, or regulation related to a federal contract or grant. Id.

These provisions have wide coverage.  They protect any employee of any private sector employer that is a contractor or grantee of the federal government.  In some cases, even the employer’s contractors and agents are protected.

An employer’s non-compliance with information security requirements could breach the employer’s contractual obligations to the federal government and violate federal law and regulation.  Thus, whistleblowers who report cybersecurity or data privacy concerns related to a federal contract or grant may be protected from employment retaliation.

What is the burden to establish unlawful retaliation for reporting cybersecurity concerns?

Exact requirements vary, but an employee typically establishes unlawful retaliation by proving that (1) the employee engaged in conduct that is protected by statute, and (2) the protected conduct to some degree caused a negative employment action.  See, e.g., 10 U.S.C. § 2409(c)(6) (incorporating burden of proof from 5 U.S.C. § 1221(e)); 41 U.S.C. § 4712(c)(6) (same); 31 U.S.C. § 3730(h)(1).  

Under some of the applicable protections, an employee need prove only that the protected conduct played any role whatsoever in the employer’s decision to take the challenged employment action.  See 10 U.S.C. § 2409; 41 U.S.C. § 4712.

What damages or remedies can a cybersecurity whistleblower recover for retaliation?

The relief available depends on which laws apply to the particular case.  Remedies may include an amount equal to double an employee’s lost wages, as well as reinstatement or front pay.  In some cases, a whistleblower may also recover uncapped compensatory damages for harms like emotional distress and reputational damage.  Additionally, a prevailing plaintiff can recover reasonable attorneys’ fees and costs.

Recently, a jury awarded a defense contractor whistleblower $1 million in compensatory damages.  The whistleblower proved that the employer more than likely retaliated by demoting him after he reported issues with tests related to a federal contract, according to the jury.  Specifically, the whistleblower alleged he reported and opposed management’s directive to misrepresent the completion status of testing procedures.

In a recent case under the False Claims Act, a whistleblower received more than $2.5 million for retaliation she suffered after internally reporting off-label promotion for a drug outside its FDA-approved use.  The False Claims Act protects employees from retaliation who blow the whistle on fraud against the government, including those who blow the whistle internally to a government contractor or grantee.

Do any court cases address whether cybersecurity whistleblowers are protected?

Yes.  Judges and juries have applied these laws to protect cybersecurity whistleblowers.

For example, in United States ex rel. Glenn v. Cisco Systems, Inc., defendant Cisco Systems settled for $8.6 million in what is likely the first successful cybersecurity case brought under the False Claims Act.  The plaintiff/relator James Glenn worked for Cisco and internally reported serious cybersecurity deficiencies in a video surveillance system, soon after which he was fired.  Cisco had sold the surveillance systems to various federal government entities, including the Department of Homeland Security, FEMA, the Secret Service, NASA, and all branches of the military.  After monitoring Cisco’s public pronouncements regarding the system and confirming the company had not solved the problems or reported vulnerabilities to customers, Glenn contacted the FBI.  Multiple states joined in the complaint and brought claims under state laws.

While the case did not proceed to litigation, Glenn received nearly $2 million of the settlement, and the federal government’s attention to the issue proves that cybersecurity and data privacy are of utmost importance.

Surely, as more of our lives and businesses move online, the government will place increased importance on contractors and grantees following data security and privacy requirements and disclosing known vulnerabilities.  Cybersecurity whistleblowers working for government contractors play an important part in revealing these vulnerabilities and keeping the federal government secure.  Still, these whistleblowers may experience retaliation after blowing the whistle internally at their place of work.

How can employees enforce these protections from retaliation?

Employees generally have the right to bring claims of unlawful retaliation for cybersecurity or data privacy whistleblowing in federal court.  However, some claims limit that right to whistleblowers who first exhaust all their administrative remedies.  For example, in some cases whistleblowers will first need to pursue relief from the Office of Inspector General of the relevant federal agency.  Additionally, cybersecurity whistleblower claims are subject to strict deadlines.  See, e.g., 31 U.S. Code § 3730; 10 U.S.C. § 2409; 41 U.S.C. § 4712.


© 2020 Zuckerman Law

How an Entire Class of Prison Guard Trainees Could Have Been Saved by a Simple Bystander Intervention Program

In December 2019, an entire class of West Virginia prison guard trainees was reportedly fired for giving the Nazi salute in their graduation photo.

The incident is not only a chilling display of a detestable symbol of genocide. It is also a crystal-clear example of the problem of the passive bystander. But modern training methods, based on current research on the science of bystandership, can help prevent such abuses before they occur. Such programs are being successfully adopted by law enforcement agencies and other organizations around the country.

What happened in West Virginia: Several news outlets have published the November graduation photo showing a class of over 30 prison guard cadets displaying the Nazi salute. According to published reports, the gesture was one cadet’s idea of a tribute to the group’s training officer. An internal investigation of the incident found that the training officer, Karrie Byrd, “saw nothing wrong with the gesture and allowed it to continue.” Several class members objected to the gesture, but went along out of fear of retaliation. Two other instructors saw the gesture and spoke out, thinking their duty to object was fulfilled. A corrections department Captain, Annette Daniels-Watts, reportedly recognized that the picture would cause the Department embarrassment, but allowed the photo to be printed and distributed with graduation materials. The Department’s subsequent internal investigation concluded that the entire class (and several of the instructors) should be fired. Acting on the recommendation, West Virginia Governor Jim Justice fired the entire class on New Year’s Eve.

Multiple opportunities to intervene: As goes the adage often attributed to Edmund Burke, the only thing necessary for the triumph of evil is that good people do nothing. We don’t know if there were any actual Nazis in the West Virginia cadet class, but it is safe to assume not all were. Many participants in the incident had opportunities to intervene, but none did. The instigator of the incident reportedly said he was honoring the instructor with the gesture. To classmates who objected, he assured them that since there was no racial motivation behind it, the gesture was acceptable. Two other instructors witnessed the gesture being made during training exercises and informed the class of the inappropriateness of the gesture. Those instructors reportedly thought their comments stopped the inappropriate behavior. Yet multiple instructors later saw the graduation photograph and did nothing to stop its publication. And the Captain in charge of cadet basic training, when shown the photograph by a secretary responsible for assembling the graduation materials, reportedly told the secretary, “oh, I should just pull it, but since you have them all already printed you might as well go ahead and stuff them into the packets.” At each of these moments, a bystander could have helped stop the activity. But the bystanders didn’t have the tools they needed to act effectively.

Inhibitors to action: Why do people fail to effectively intervene against a behavior they know is wrong? We all do it. The answer is that the tactics and strategies for successful intervention are not innate. We need to be trained to overcome factors that inhibit action in the face of bad behavior. The West Virginia investigation report concludes as follows:

  1. There is “no dispute” that the gesture and photograph were highly offensive.
  2. The investigation did not reveal any overt motivation or intent of discrimination “towards any racial, religious, or ethnic group.”
  3. Rather, the report identifies the factors behind the incident as “poor judgment, ignorance, peer pressure, and fear of reprisal.”

All the factors identified in the report are well-documented inhibitors to active bystandership. Importantly, good peer intervention techniques are proven to address such inhibitors. The program instituted by the New Orleans Police Department is one such program. The program is known as “Ethical Policing is Courageous,” or EPIC. It was implemented by the men and women of the NOPD with the support and guidance of several outside experts, including the Department’s judicially-appointed monitors. Since then, the EPIC program has been brought to other municipal police departments, and at least one university police department.

In law enforcement organizations, one of the main inhibitors to intervention is peer pressure, particularly when officers fear ostracism or retaliation from fellow officers. This effect is sometimes referred to as the “blue wall of silence.” That wall of silence is rooted in the value of protecting fellow officers from harm, but becomes pernicious when it suppresses intervention against bad acts.

Some corrective actions may miss the mark. According to some reports, West Virginia plans to begin training its corrections department staff about the Holocaust as a result of the cadet graduation photo incident. Surely a better understanding of the Holocaust would help the cadets see that the Nazi gesture is offensive. But it might not be a complete solution. It doesn’t address the inhibitors to intervention that are present in all such situations, and which are especially pervasive in law enforcement environments.

Active bystandership makes us all better. Good peer intervention training programs work precisely because they can break the wall of silence. For example, the EPIC program ties positive, early intervention to the value of protecting fellow officers. Instead of relying on ethics training, discipline, or negative reinforcement, the program emphasizes that stepping in to prevent misconduct can help save a fellow officer’s life, safety, or career. Intervention skills are taught as a learnable skill, on the same level as learning to operate the radio, use a firearm, or apply handcuffs. When active intervention skills become pervasive, problems can be prevented before a crisis occurs. The EPIC program has garnered positive reviews from many quarters.

The West Virginia government has rightly been praised for its transparent and thorough response to this incident, but crisis management is difficult and traumatic. If objectionable behavior can be stopped earlier, the need for an expensive crisis response can be avoided. More importantly, officers can learn to be better through the intervention of a peer. Aronie reports that “many officers will recount with gratitude” throughout their careers the story of a partner or sergeant who prevented a mistake or misconduct through active and early intervention.

Peer intervention can help prevent officer misconduct, but it can also have other positive effects, including to increase the effectiveness of enforcement methods, improve officer and inmate safety, increase community engagement, and prevent excessive use of force. There are some indications that it may also help reduce officer suicides. More broadly, active bystandership has the potential to make us all better in the face of evil. Ervin Staub is a prominent scholar of the psychology of peace and violence. In the preface to his book on bystander intervention, The Roots of Goodness and Resistance to Evil, Staub recounts stories of bystanders who resisted the Nazi persecution of Jews during WWII. In some cases, resistance changed the behavior of the perpetrators, and lives were saved. Among the lives saved were those of Staub and his family, who were protected by Christian bystanders in Hungary in the summer of 1944.

In the end, not all offensive conduct can be stopped. But we can do better with proper awareness, and we will be better for it. The West Virginia incident provides an excellent example of how better intervention could have helped a whole community. As New Orleans civil rights attorney Mary Howell has said, Staub’s work on peer intervention challenges us “to think about how to be better people and how to not be silent.”


Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.

See the National Law Review Civil Rights law page for similar topics.

OFCCP Issues Supplemental CSAL – Were You Selected For A New VEVRAA Focused Review?

On November 8, 2019, OFCCP released its Corporate Scheduling Announcement List (“CSAL”) Supplement.  The list identifies 500 establishments selected for the new VEVRAA focused review compliance evaluation.  In 2018, OFCCP announced that it would be conducting focused reviews during which it would target its analysis on contractors’ compliance with  Executive Order 11246 (the “EO”) (equal employment opportunity regardless of race, color, religion, sex, sexual orientation, gender identity, or national origin); Section 503 of the Rehabilitation Act (“Section 503”) (equal employment for individuals with disabilities), or the Vietnam Era Veterans’ Readjustment Assistance Act (“VEVRAA”) (equal employment for protected veterans).

OFCCP has already commenced Section 503 focused reviews, but this is the first time the agency has scheduled VEVRAA focused reviews.  In its November 8, 2019 announcement, OFCCP also shared that it has created a VEVRAA focused review webpage “[t]o help contractors prepare for the upcoming reviews.”  The agency touts the resource as providing “best practices, protected veteran resources, answers to frequently asked questions, and other compliance assistance resources.”

Contractors are advised to review the Supplemental CSAL (available online) to see if they have been selected for a VEVRAA Focused Review and, if so, review the current and proposed VEVRAA Focused Review scheduling letters to prepare for their upcoming compliance evaluation, and consult with counsel as necessary.


© 2019 Proskauer Rose LLP.

For more OFCCP actions, see the National Law Review Government Contracts page.

Are Your AI Selection Tools Validated? OFCCP Provides Guidance for Validation of AI-Based Algorithms

We have long counseled employers using or contemplating using artificial intelligence (“AI”) algorithms in their employee selection processes to validate the AI-based selection procedure using an appropriate validation strategy approved by the Uniform Guidelines on Employee Selection Procedures (“Uniform Guidelines”).  Our advice has been primarily based on minimizing legal risk and complying with best practices.  A recently updated Frequently Asked Questions (“FAQ”) from the Office of Federal Contract Compliance Programs (“OFCCP”) provides further support for validating AI-based selection procedures in compliance with the Uniform Guidelines.

On July 23, 2019, the OFCCP updated the FAQ section on its website to provide guidance on the validation of employee selection procedures.  Under the Uniform Guidelines, any selection procedure resulting in a “selection rate for any race, sex, or ethnic group which is less than four-fifths (4/5) (or eighty percent) of the rate for the group with the highest rate will generally be regarded by Federal enforcement agencies as evidence of adverse impact,” which in turn requires the validation of the selection procedure.  These validation requirements are equally applicable to any AI-based selection procedure used to make any employment decision, including hiring, termination, promotion, and demotion.

As stated in the Uniform Guidelines, and emphasized in the FAQ, the OFCCP recognizes three methods of validation:

  1. Content validation – a showing that the content of the selection procedure is representative of important aspects of performance on the job in question;

  2. Criterion-related validation – production of empirical data demonstrating that the selection procedure is predictive or significantly correlated with important aspects of job performance; and

  3. Construct validation – a showing that the procedure measures the degree to which candidates possess identifiable characteristics that have been determined to be important in successful performance on the job.

With the exception of criterion-related validating studies, which can be “transported” from other entities under certain circumstances, the Uniform Guidelines require local validation at the employer’s own facilities.

If a selection procedure adversely impacts a protected group, the employer must provide evidence of validity for the selection procedure(s) that caused the adverse impact. Thus, it is crucial that employers considering the implementation of AI-based algorithms in the selection process both conduct adverse impact studies and be prepared to produce one or more validation studies.

The new FAQ also provides important guidelines on the substantial methods utilized by OFCCP in evaluating potential adverse impact.  In accordance with the Uniform Guidelines, OFCCP will analyze the Impact Ratio – the disfavored group’s selection rate divided by the favored group’s selection rate.  Any Impact Ratio of less than 0.80 (referred to as the “Four – Fifths Rule”) constitutes an initial indication of adverse impact, but OFCCP will not pursue enforcement without evidence of statistical and practical significance.  For statistical significance, the OFCCP’s standard statistical tests are the Fisher’s Exact Test (for groups with fewer than 30 subjects) and the Two Independent-Sample Binomial Z-Test (for groups with 30 or more subjects).

With the publication of this new FAQ, employers – and particularly federal contractors – should be sure to evaluate their use of AI-based algorithms and properly validate all selection procedures under the Uniform Guidelines.  Moreover, although not addressed in the OFCCP’s new FAQ, employers should also ensure that their AI-based algorithms are compliant with all other state and federal laws and regulations.

©2019 Epstein Becker & Green, P.C. All rights reserved.

Implementation of “Buy American” for Infrastructure Projects Begins May 1st

In 2017, President Trump issued an executive order entitled “Buy American and Hire American” which stated a commitment to do just that. Earlier this year, expanding on this policy, President Trump issued an executive order entitled “Strengthening Buy-American Preferences for Infrastructure Projects.” This order requires federal agencies to encourage contractors working on infrastructure projects that receive federal grants or loans to purchase domestically produced materials. Pursuant to the order, agencies are required to begin encouraging use of domestic products by May 1st, and requires submission of an implementation plan by May 31st.

The new executive order seeks to fill somewhat of a gap in current federal legislation that will no doubt have an effect on an investor’s analysis of a public-private partnership delivery model. The federal Buy American Act applies domestic preference to manufactured materials that are used in the construction of federal projects. Then, there are a set of federal laws that have domestic preference provisions for specific materials in specific construction projects that receive federal funding. The new executive order applies to “covered programs,” which basically includes infrastructure projects that received financial assistance from a federal program, but do not currently include domestic preference requirements. In other words, the policy now potentially applies to any project that receives federal funds, even if it is not solicited by the federal government.

The term “infrastructure projects” is broadly defined, and will apply to local projects that receive federal assistance like aviation, surface transportation, ports, water resources, and energy production projects. The new executive order expands both the types of materials and types of projects for which the Buy American policy is applicable. The interplay with rules for local preference enforced by local governments is unclear, although existing federal regulations typically prohibit the use of local preference for federally funded projects. Also unclear is whether there is or will be an actual enforcement mechanism. The significance and magnitude of this latest push for stronger domestic preference will be revealed in the coming weeks as federal agencies begin to encourage the policy and submit plans for implementation.

© 2019 Bilzin Sumberg Baena Price & Axelrod LLP. All Rights Reserved.

This post was written by Elise Holtzman and Albert E. Dotson, Jr.

Read more about US policy updates on the National Law Review’s administrative & regulatory page.

Don’t Let Down Your Guard: An Object Lesson In Dealing With Government Investigators

Every time we turn on the news recently, it seems there is a new government investigation being taken up. Putting aside any political angles, these investigations and the way they unfold highlight a very important life lesson for employers.

Employers frequently are visited by government agents of varying stripes. While these visits typically do not involve the FBI or something as serious as a criminal investigation, most employers can expect site visits at some point by agents of the Department of Labor, the EEOC, OSHA, ICE or a myriad of other federal, state and local agencies.

The government employees behind those visits can be friendly, cordial and in some cases may be people the employer knows personally. While employers have every reason (and in fact are legally required) to cooperate with government agents, it is vital that employers remember not to lower their guard. An off-hand comment – even one the employer may regard as innocent – potentially could be turned against the employer.

As with anything in life, the key in dealing with any government investigation is preparation. Preparation helps employers avoid getting caught flat-footed when agents show up at their doorstep. The single most critical component of that preparation should be to engage counsel as soon as possible.

Getting counsel involved not only brings in an ally and resource to coordinate the defense (and hopefully provide some much-needed reassurance), but also should help employers dodge landmines along the way.

For instance, if an investigator comes on site, the company may want to talk to employees about what is going on. While that sounds reasonable at first glance, consider that, if viewed in the wrong light, such discussions could be seen as retaliatory or interfering with the investigation. It would be best to confer with counsel first and work out a strategy to deal with questions about whether employees should be notified and, if so, how that will go down, what message will be communicated, and when it will be delivered.

In the same light, if an employer talks to the government without the benefit of counsel, then there is no one who can interject that topics are outside of the scope of the investigation, or who can spot potential problems and work out a strategy for dealing with them ahead of time.

Another point to consider is that government investigations can be very stressful for an employer – which raises the possibility that the employer may say something out of context or which could be taken the wrong way. All in all, this is not the best time for an employer to represent themselves. To paraphrase Abraham Lincoln, an employer that represents itself has a fool for a client.

If the government comes calling, it is best to lawyer up. And anytime a government agent says that you don’t need to have a lawyer present, it would be a good idea to treat that as a red flag.

 

© 2018 Barnes & Thornburg LLP
This post was written by Hannesson Murphy of Barnes & Thornburg LLP.

Focus on Military Readiness Means More Construction Work on Military Bases: Are Contractors Ready to Compete and Perform?

The United States military is the most powerful warfighting force in world history.

But Secretary of Defense Jim Mattis made a stark observation in the 2017 National Defense Strategy:

Without sustained and predictable investment to restore readiness and modernize our military to make it fit for our time, we will rapidly lose our military advantage, resulting in a Joint Force that has legacy systems irrelevant to the defense of our people.

The problem, in summary, is a lack of readiness.

But the Future is “BIG”

Readiness is not as exciting as futuristic weapons systems or as dramatic as battle. Instead, readiness focuses on the military’s more mundane, but essential, ability to train, house troops, repair equipment, and plan for mobilization.  Readiness undergirds the core ability of the military to defend the United States.  We are seeing a new emphasis on readiness.  Significantly, the current President and Congress are actively increasing the military’s budget to purchase goods and services, especially those related to the construction of military facilities.

This new construction is required because readiness demands it. For example, many structures at MCAS Cherry Point used for aviator and aircraft ground-support training, repair, and deployment are over 70 years old.  Many structures were built for World War II and the Cold War.  We now face different enemies, technologies, and strategies.  Combat aircraft fleet facility upgrades are essential to meet the raised readiness standard.

In addition, the new F-35 Joint Strike Fighter adds significantly increased technology, infrastructure, and security demands that cannot be met with the current facilities at MCAS Cherry Point and its tenant command, Fleet Readiness Center East (“FRC East”). MCAS Cherry Point will be home for probably 94 F-35 jet fighters.  FRC East’s role in servicing Air Force, Navy, and Marine Corps variants of the Joint Strike Fighter is essential to achieving the overwhelming lethality required for proper military readiness.

But MCAS Cherry Point and FRC East cannot fulfill their obligations to the readiness standard without new construction. The President has asked Congress to fund the following major construction projects for the federal fiscal year beginning in October 2018:

  • $133,970,000 for a new hangar that will house F-35B Lightning II Joint Strike Fighters for the Marine Corps’ Second Marine Air Wing, which is headquartered at MCAS Cherry Point.
  • $106,860,000 to modernize flight line infrastructure such-as electrical, water, and technology services as well as new access points and loading areas for the new hangar.

That’s about $180,000,000 more than MCAS Cherry Point has seen in a single fiscal year for at least the last 20 years. But this new funding is only the beginning of a rapidly accelerating plan to rebuild Cherry Point’s aging facilities, roads, and infrastructure.  We also expect the following projects to be funded over the next 10 years:

  • New streets, parking, security enhancements, and F-35 hangars at MCAS Cherry Point at a cost of around $600 million.
  • New repair hangars, test facilities, and improved facilities at FRC East at of a cost of around $400 million.

Overall, we expect to see around $1.2 billion in new construction and facility upgrades at MCAS Cherry Point and FRC East over the next 15 years.

A Place for Private Contractors

Successful construction needs more than just funding. It also needs private contractors who can build, install, and maintain the facilities and infrastructure.

The federal procurement process for construction of Defense Department facilities is a complex undertaking. Once a company enters the procurement process, there are special rules unique to federal contracting that the contractor must understand.  Therefore, companies should become familiar with the federal procurement rules before pursuing their first contract.  While a comprehensive primer on these rules is beyond the scope of this article, our attorneys handling government contracts are seeing an increase in the use of small business preferences and teaming arrangements.  These programs allow small businesses to benefit both from their size status and the competitive advantage of teaming with a larger or more sophisticated company.

Incentives: Federal Small Business Preferences

We have seen a marked increase in contractors interested in qualifying for the small business “set-aside” and other programs available in federal procurements. At the same time, the Defense Department itself is, at least in theory, promoting the set-aside programs.  Opportunity abounds for companies who qualify for small business programs.

Unlike most private sector commercial contracts, federal government contracts are used to support certain socio-economic goals.  Many of these programs favor small or disadvantaged businesses. The federal government has a specific goal every year for the percentage of contracts given to small and disadvantaged businesses.  The following programs are currently the most active for participation and promotion:

  • Woman-owned small businesses
  • Historically underutilized businesses in certain geographical areas (“HUBZone businesses”)
  • Veteran-owned small businesses (especially service-disabled veterans)
  • Mentor-protégé joint ventures and teaming agreements between large and small businesses, especially those teaming with Section 8(a) disadvantaged businesses.

Construction companies and other contractors who are ready for this wave of new projects will benefit from the increased attention to readiness upgrades. Unprepared companies will lose out on these opportunities.  This may not seem a big problem while the economy is strong, but in our experience, contractors who planned for federal work survived and even thrived during the recent Great Recession.

Conclusion

Fortunately, with proper planning, a good business plan, and sound legal advice, there is no reason to be discouraged from beginning or expanding your federal government contracts. Although entering and working within the federal contracting arena can be daunting, several programs assist small and innovative companies with getting and keeping federal contracts.

 

© 2018 Ward and Smith, P.A.. All Rights Reserved.
This post was written by James W. Norment of Ward and Smith, P.A.

Department of State Releases 2017 TIP Report

The Department of State has released its 2017 Trafficking in Persons (“TIP”) Report.  As with prior versions of the annual report, the State Department reviewed efforts made by more than 180 countries to address the minimum Prosecutorial, Protective, and Preventative standards necessary for effective anti-trafficking measures, as these standards are outlined in the United States’ Trafficking Victims Protection Act (“TVPA”).

The release of the report is notable because it can directly impact contractors’ diligence obligations for supply chain review under the Federal Acquisition Regulation (“FAR”) Human Trafficking Rule (located at FAR § 52.222-50).  As we have highlighted in previous articles, for those contractors required to submit compliance plans to the government, such plans should be appropriately shaped to the “nature and scope of activities to be performed for the Government . . .  and the risk that the contract or subcontract will involve services or supplies susceptible to trafficking in persons.”  See FAR § 52.222-50(h)(2)(ii).  Additionally, as set forth in a recent proposed memorandum, which remains the clearest articulation of the government’s views on supply chain diligence obligations to date (covered in a prior post), contractors are expected to take steps to “identify high-risk portions of [their] supply chain[s].”

For these reasons, movement of a particular country up or down in risk classification in the TIP Report may greatly impact a contractor’s supply chain risk profile, especially if the contractor sources a significant amount of goods or materials from that country.  Even where countries are not designated under the Trade Agreements Act for direct importation and sale of goods to the U.S. government, to the extent that contractors rely on these countries for the supply of materials or components to be “substantially transformed” in the U.S. or a designated country, those contractors will bear heightened risk of non-compliance under the FAR requirement should a country fall in placement.

Although this year’s TIP Report was recently revised for increased clarity per the recommendation of a late 2016 GAO Report, it continues to classify countries by the same “Tiers,” that it has in years past.  Tier 1 countries “fully meet the TVPA’s minimum standards for the elimination of trafficking,” and consequentially are considered to be relatively low risk.  Tier 2 countries “do not fully meet TVPA’s minimum standards but are making significant efforts to bring themselves into compliance.”  Tier 2 Watch List countries are still considered to be “making significant efforts to bring themselves into compliance,” but may have only made commitments to take action over the next year, or have yet to stem the absolute number of trafficking cases.  Finally, Tier 3 countries fail to meet TVPA standards and are not considered to be taking significant steps to come into compliance, either through commitments or otherwise.

For 2017, Iceland and China each fell in placement, while Malaysia and Afghanistan moved up in placement.  Per the classification standards mentioned above, Iceland is now on par with Afghanistan in terms of basic classification — both are now Tier 2 designated countries.  Malaysia is now also a Tier 2 designated country, moving up in placement from the Tier 2 Watch List.  The People’s Republic of China, in contrast, fell to a Tier 3 classification this year, greatly increasing its risk profile.  (Hong Kong, however, remains on the Tier 2 Watch List.)

In light of these changes, and recent indications that the Trump Administration remains committed to “devoting more” to anti-trafficking programs, contractors would be advised to make sure that their supply chain compliance and diligence programs are updated to reflect the latest information on country risk profiles available from the government.

For more legal analysis go to the National Law Review.

This post was written by Jennifer L. Plitsch   Ryan Burnette and Alexander B. Hastings  of Covington & Burling LLP.

Congress Boots “Blacklisting” Regulation and Sends it to President’s Desk

Congress Capitol blacklistingOn March 6, 2017, on a narrow straight party line vote of 49–48, the U.S. Senate passed a Congressional Review Act (CRA) Joint Resolution of Disapproval, which moots Executive Order (EO) 13673, “Fair Pay and Safe Workplaces“—also referred to as government contractor “blacklisting”— and which revoked its implementing regulations and Labor Department guidance. The U.S. House of Representatives passed the joint resolution, H.J. Res. 37 on February 2, 2017. The next step is to send the Joint Resolution of Disapproval to the president for signature.

If signed by the president, the CRA Joint Resolution of Disapproval prohibits the future re-issuance of a federal regulation in the same or substantially similar form without authorization of Congress.

President Obama signed EO 13673 on July 31, 2014, and implementing regulations were issued in final on August 24, 2016. The EO and its implementing regulations would require federal contractors and subcontractors to notify federal contracting officers of violations and “administrative merits determinations” of 14 federal labor and employment laws, and their state equivalents, including wage and hour, discrimination, union organizing, and collective bargaining, and workplace safety and health laws.

Key Takeaways

The resolution of disapproval does not repeal the executive order; it only disapproves of the Federal Acquisition Regulation (published at 81 Fed. Reg. 58562) to implement the EO, which the U.S. Department of Defense (DOD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) finalized on August 25, 2016. Nevertheless, the joint resolution has the effect of essentially repealing the EO or rendering it moot. President Trump is expected to revoke the EO in a separate action

In addition, the resolution will prohibit the paycheck transparency provision of the EO from being implemented. (A district court temporarily enjoined the other provision of the EO; the joint resolution also renders this injunction moot.)

This resolution of disapproval should relieve government contractors of having to implement the provisions requiring them to disclose labor law violations and revamp their payroll systems to meet the requirements of the EO’s paycheck transparency provisions. Not only would we expect the president to sign the resolution, but we also anticipate, at some point, that Executive Order 13673 will be rescinded and that the Labor Department will withdraw its guidance.

© 2017, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.