On December 2, 2011, the new Personal Conflicts of Interest ("PCI") rules in the FAR took effect. These new rules apply to a contractor's "covered employees" who perform "acquisition functions closely associated with inherently governmental functions." FAR 3.1103. For such covered employees, government contractors must take steps to identify and prevent personal conflicts of interest. Contractors who fail to meet these new requirements risk suspension and debarment, and therefore should take steps now to ensure compliance.
The new regulations apply to those employees who perform activities such as: planning acquisitions; determining what supplies or services are to be acquired by the Government (including developing statements of work); developing or approving any contractual documents; evaluating contract proposals; awarding Government contracts; administering Government contracts; terminating contracts; or determining whether contract costs are reasonable, allocable and allowable. FAR 3.1101.
Contractors with covered employees are required have procedures in place to screen for potential PCIs, including obtaining and updating disclosure of interest statements from covered employees. FAR 3.1103(a)(1). Contractors must not assign covered employees to perform tasks for which a PCI has been identified and must obtain non-disclosure agreements from covered employees. FAR 3.1103(a)(2). Contractors must also maintain effective oversight of covered employees, take appropriate disciplinary action for failure to comply with PCI policies, and report any PCI violations to the contracting officer. FAR 3.1103(a)(4)-(6).
To meet these new PCI requirements, government contractors should consider taking these practical steps immediately:
Review current internal policies. While many companies already have internal policies on personal conflicts of interest, it would be a mistake to assume these automatically address the issues in the new FAR requirements. Existing internal policies are often focused on avoiding situations in which employees have a conflict of interest with their company. Consequently, existing policies may be silent on employees' personal conflicts of interest vis-a-vis the federal government. Government contractors should start by carefully reviewing their existing conflict of interest policies for compliance with the FAR and, if necessary, supplement those policies to address the new PCI requirements.
Establish reasonable reporting thresholds and forms. Government contractors will want to create new disclosure forms specifically to address the PCI requirements. Existing disclosure forms contractors have may request information that is not necessary to meet the PCI requirements, such as executive stock holdings or options. At the same time, existing forms may not require the disclosure of information now required by the FAR with regard to personal relationships and job offerors. When creating the new disclosure forms, contractors may want to model them on the Government's OGE Form 450, which is used by Executive Branch employees to report their financial interests. The disclosure of financial information must not be limited to covered employees, but also needs to cover the financial interests of their close family members or members of their household. FAR 3.1103(a)(1)(i)(A). The FAR also requires the disclosure by covered employees of negotiations for new employment. FAR 3.1103(a)(1)(i)(B). While the disclosure of financial information is important, contractors must also keep in mind that under the new PCI regulations a conflict of interest is not created solely by financial interests. PCIs can be created by "personal activity" and "relationships." FAR 3.1101. Contractors should therefore work closely with counsel to determine what personal information they want to gather from covered employees on the disclosure forms.
Training. Contractors should engage all employees in specialized training to cover the PCI requirements, beginning with senior management and progressing down all rungs of the corporate ladder to the lowest level employees. Such wide ranging training is necessary, given the lack of clarity in the definition of covered employee. For example, it is unclear whether the PCI rules apply to supervisors of covered employees. See FAR 3.1101. All the employees of a contractor need to be trained to recognize their own PCIs, how to report PCIs internally, the process for screening conflicted employees from contract work, and the disciplinary actions that will be taken if the company's PCI policy is violated. After the contractor's workforce has been trained on the new PCI requirements, the PCI training can be incorporated into the annual ethics and compliance training.
Prohibit covered employees from seeking non-public information or so-called "data mining." The FAR now expressly requires that contractors prohibit covered employees from using non-public information accessed through the performance of a government contract for personal gain. FAR 3.1103(a)(2)(ii). This provision is subject to being interpreted very broadly. Take for example, a situation where a contractor's covered employees are defining requirements and preparing evaluation criteria. Assume the contract the covered employees are performing under is itself being re-competed. Under the FAR's prohibitions, it could be argued that a covered employee is not allowed to share with the contractor's proposal team the number of government staff assisting with preparing the evaluation criteria.
Review standard subcontract agreements. The FAR clause for Preventing Personal Conflicts of Interest which is to be inserted into prime contracts contains a mandatory flowdown provision that government contractors must be aware of. FAR 52.203-16(d). If the subcontract is greater than $150,000 and the subcontractor's employees will be performing acquisition functions closely associated with inherently governmental functions, then FAR requires that the requirements for preventing PCI flow down to the subcontractor. Government contractors should review their standard subcontract agreements carefully to make sure they are in compliance with this flowdown requirement.
Immediate disclosure. The FAR requires that any PCI violation by a covered employee be reported to the contracting officer "as soon as identified." FAR 3.1103(a)(6). This reporting requirement, like many parts of the new PCI regulations, is less than clear. There is no indication of how long a contractor may investigate the alleged violation before making a report to the CO. There is also no indication of the degree certainty, such as the "credible evidence" standard in FAR 3.1003, which is needed before an alleged violation must be reported. Accordingly, contractors need to have procedures in place to immediately investigate any allegations of violations of the PCI regulations.
Given the broad definitions in the regulations and the scope of employees covered, the difficulty for government contractors to ensure compliance with these and other PCI requirements in the FAR cannot be overstated. Not only will contractors now have to engage in additional training of employees and information gathering, they will also face the risk of possible suspension or debarment. In addition, there is the threat of civil False Claims Act liability based on the theory that if the Government paid for services free of PCIs, any actual PCI will render the contractor's invoices false. Contractors must take steps now to implement procedures and to train their workforce to ensure compliance with the scope of the new PCI requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
