chevron-down Created with Sketch Beta.

Procurement Lawyer Newsletter

The Procurement Lawyer Fall 2024

Practical Insights From Section Annual Meeting Improve Advice We Provide Clients

Kelli A Hooke and Erin Loraine Felix

Summary

  • An overview of the Public Contract Law Section’s 2024 Conference meetings at the ABA’s Annual Meeting in Chicago.
  • Summarizes topics discussed at the conference, including fraud/FCA updates, FedRAMP and cloud security, Mentor-Protégé Joint Ventures, “Buy America” and domestic preferences, “Best-in-Class” IDIQ awards, and responding to a cybersecurity incident.
Practical Insights From Section Annual Meeting Improve Advice We Provide Clients
oxygen via Getty Images

Jump to:

In early August, the ABA hosted its 2024 Annual Meeting in Chicago, Illinois. The Public Contract Law Section was well represented, with meetings tailored to our specific areas of expertise. Finishing up a great 2024 program year, the Annual Meeting Conference Director Kelli Hooke and Co-Chairs Ashley Amen (CGI Federal), Erin Felix (Polsinelli PC), and Sara Burgart Styles (Crowell & Moring) tried to keep the PCL meetings practical, while also discussing interesting, cutting-edge cases. Our goal was to create programming that left the audience with information that can be directly applied to their practice. Here is a summary of what was discussed.

1. Beyond the False Claims Act—What Else Is on the Horizon?

While never the plan, noncompliance happens. In such cases, contractors understandably fear the crushing treble damages of the False Claims Act. But the False Claims Act is not the only issue that may be on the horizon for a contractor who finds itself out of line with the terms of its contracts. Other issues like suspension and debarment, merger and acquisition risks, poor performance ratings, and other agency-level penalties are all very real consequences that can have long-term effects on a company’s government contracting business even if a company is never accused of fraud. Sati Harutyunyan (Jenner & Block) moderated a panel consisting of Vincent DiCianni (President and Founder, Affiliated Monitors, Inc.), Stephen Kiraly (Managing Director, LitCon Group), and Derek Santos (Deputy General Counsel (Acquisition Integrity), US Air Force). The panel engaged in an interesting conversation about potential areas of exposure outside the False Claims Act that a contractor may face when something goes sideways during its performance of government work.

Stephen Kiraly described the increasingly important role of a company’s internal audit and compliance teams, not to mention the value of having anonymous reporting hotlines. Stephen discussed the positive impact these resources can have on helping contractors identify and respond to issues early before they become a bigger problem. A large part of the panel discussion addressed investigations, voluntary reporting, audits, and what agencies beyond the Department of Justice’s fraud unit would look to when assessing concerns regarding corporate misconduct or noncompliance. Having Vincent DiCianni on the panel offered an insider’s look into monitorship, and Derek Santos provided insights into the perspective of government suspension and debarment offices when responding to fraud claims.

2. The Realities of FedRAMP—Selling SaaS, PaaS, and IaaS to the Government

The Federal Risk and Authorization Management Program (FedRAMP) is a complex and onerous set of cloud computing rules that reaches many different types of contractors in the supply chain for some of industry’s leading technologies, including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). A contractor’s approach to complying with FedRAMP may look different depending on whether the contractor is a prime, a channel partner/reseller, an original equipment manufacturer, or a traditional subcontractor. Zach Prince (Haynes and Boone), Tom Barrow (General Counsel, GovSmart Inc.), and Holly Farrell (Counsel, Trellix) explored the various FedRAMP controls and explained the new FedRAMP memorandum that the US Office of Management and Budget published on July 26, 2024, just a week prior to the Annual Meeting. This timely topic was made even more interesting as the speakers described the various interactions among contractors that may affect pricing, licensing, and services as those SaaS/PaaS/IaaS deliverables are passed up through the supply chain to the government customer. Audience feedback on this panel was that our team of experts helped make an area of the law that seems inherently opaque much more understandable.

3. Laying the Foundation for a Successful Mentor-Protégé Joint Venture

Recent changes to the Small Business Administration’s (SBA) mentor-protégé program have substantially increased companies’ interest in creating mentor-protégé joint ventures (MPJVs). Still, any mentor-protégé relationship will face pressures from within and without that could cause the arrangement to crack, crumble, or collapse, so success depends on more than just meeting the regulatory requirements. In this fireside chat, Diana Lyn Curtis Shutzer (Fox Rothschild) and Laura Unger (Deputy General Counsel, Federal Contracts/Compliance, WSP) explained how prospective mentors and protégés can build a successful MPJV to withstand these forces. As with the FedRAMP panel, Diana and Laura navigated the added challenge of new government guidance published on July 22, 2024, and a new joint venture policy memorandum from the US Department of Defense released on July 19, 2024, both dropping just one week before the Annual Meeting. Though this panel was presented at our construction-focused breakfast, the panelists spoke more broadly, providing examples of how any company (not just construction companies) can identify and assess a prospective mentor or protégé partner and remain eligible for the program under the SBA regulations. For more information about the July 22, 2024 guidance, please see Laura Unger’s article, “An Industry Response to SBA ‘Perceptions’ of the Mentor-Protege Program,” in this issue.

4. Domestic Preferences: A Tangled Web

Modern supply chains are increasingly global and complex. Layer in the unique statutory domestic sourcing preferences and mandates imposed on government contractors—including under the Buy American Act; Buy America Act; Build America, Buy America Act; and Trade Agreements Act, not to mention agency-specific rules such as the Department of Defense’s Buy American Balance of Payments Program, and it is no wonder that prime contractors and subcontractors quickly throw their hands up with frustration when trying to understand and comply with their supply chain management obligations arising under federal contracts. This was a meaty session, providing an overview of these varying statutes and their implementing regulations. To continue with our theme of practical application, the panel employed a hypothetical fact pattern that evolved throughout the session to demonstrate how a simple change in a single fact can trigger different domestic sourcing requirements, exploring how a business can approach compliance throughout the supply chain. The panel’s main advice? Start with the dollar value, location, and nature of your specific contract and then determine which regime applies. Big thanks to moderator Holly Roth (Holland & Knight) and panelists Susan Lent (Akin Gump), Alejandro (“Alex”) Sarria (Miller & Chevalier), and Tony Wysocki (Director, Office of the Inspector General, US Department of Transportation) for untangling these laws and policies.

5. It’s Not Easy Being the Best: Recent Trends in Best-in-Class and Multiple-Award Contracting

Recent years have seen a substantial shift in the way the federal government procures goods and services, with increased focus on “Best-in-Class” contracts and other large multiple-award indefinite-delivery/indefinite-quantity (IDIQ) vehicles. This process has not been without its challenges. These contract vehicles have faced extended procurement timelines and delays, hundreds of protests (sometimes for a single procurement!), and myriad other complaints. And the problems do not end with contract award, as contractors sometimes find that winning actual task orders can be far more difficult than earning a spot on the IDIQ itself. Halimah Najieb-Locke (Chief Executive Officer of Locke Strategies LLC and former Deputy Assistant Secretary of Defense for Industrial Base Resilience) started the panel discussion with a primer on the Department of Defense’s strategic sourcing initiatives, as well as the goals and intent behind those actions. Moderated by Evan Williams (Mayer Brown), the panel included Ms. Najieb-Locke, Scott Johnson (Attorney Advisor, Army Sustainment Command), and Matthew Schoonover (Schoonover & Moriarty), and they discussed how this recent IDIQ strategy can create inadvertent challenges in getting meaningful small business participation at both the master contract and task order levels. The panelists frankly admitted that good intentions do not always result in success for small businesses or in the government reaching its small business contracting goals.

6. So I (May) Have Had a Cyber Incident … What Do I Do Now?

We ended the Summer Conference with a bang—or rather with a hypothetical of what could end up being a company’s worst day, coming in the form of cyberattacks initiated through ransomware, an insider threat, or phishing. As companies face ever-increasing cyber incidents affecting sensitive internal and customer data, US federal agencies are responding by imposing a patchwork of incident reporting and disclosure obligations, many of which contain strict reporting timelines but widely varying (and often vague) standards and criteria as to what must be reported. Led by Rick Rosenberry (Risk Consultant at USI), panelists Lyn Brown (Wiley), Randy Johnson (Principal Corporate Counsel, Microsoft), and Todd Row (Costangy, Brooks, Smith & Prophete LLP) walked the audience through the immediate aftermath of discovering a cyber incident, grappling with a multitude of questions: Who do I call? What do I tell my customers? Am I in breach of contract? Who pays for all this? Do I even HAVE a cyber incident that I need to report? How will the government agency coordinate its response? The audience followed along as the simulated cyber incident unfolded, and the panel used the hypothetical of a machine shop in a large aerospace company’s supply chain getting hit with ransomware to discuss recent developments and current trends in the government’s response and enforcement of the ever-evolving cybersecurity landscape.

Thank You and Next Time

The planning committee truly hopes that each attendee left with a better understanding of all these topics, with practical insights to help improve the advice we provide to our clients—whether you work for a firm, the government, or a company.

Our next event, the PCL Fall Forum, will occur from November 7–8, 2024, at the Hyatt Regency Hotel in Reston, Virginia. A PCL Section Council Meeting will also be held on November 9, 2024. We look forward to seeing you all there.

    Authors