The federal government can provide a large and lucrative line of business, but not without significant risk. Alexander Major and Franklin Turner of McCarter & English caution companies regarding the growing trend toward contract-related claims, how False Claims Acts penalties are affecting suits and why preparing for a bid protest needs to begin at the inception of the bid itself. Their remarks are edited for length and style.
MCC: What are the key issues likely to confront your clients during the coming year?
Turner: First, I think increasing numbers of acquisitions will find themselves in the crosshairs of the bid protest process. This is largely the byproduct of two factors – the decrease in government spending on contracts, which naturally causes more contractors to file protests in order to maximize their opportunity to receive whatever revenue they can from an ever-shrinking pool of government money, and the increasing complexity of procurements, which makes it harder for the government to prepare solicitations and to evaluate contractors in strict accordance with the regulations.
Second, I am already seeing an increase in contract-related claims litigation. This uptick may well be occurring because, although the government has less money to spend on contracts, its expectations and demands are higher than ever. Accordingly, a growing number of contractors are receiving demands that they deliver goods and/or perform services that are not required by the contract, but which the government wants them to provide nonetheless.
Major: Federal contractors and commercial companies in general are facing issues with regulators that are not likely to go away. First and foremost, of course, are cybersecurity issues. We can’t escape hearing about them, and companies can’t escape having to deal with them. Many companies – government contractors and commercial alike – don’t have a holistic plan to secure their data and respond to cyber incidents, like breaches. That’s a problem, and one that could find itself at the center of False Claims Act (FCA) allegations in the future, especially since the False Claims Act appears to be going through a renaissance of sorts. Not only have penalty fines increased, but there is a lot of activity in the courts examining both the materiality and the scienter prongs of the act. There’s good news and bad news on this front, but it’s a moving target, which increases uncertainty.
MCC: In terms of the False Claims Act, what is the bad news?
Major: First and foremost, the government has increased the minimum per claim penalty from $5,500 to $10,781 and increased the maximum from $11,000 to $21,563. That’s per claim, meaning that with multiple false bills or false statements, the penalties could add up quickly – a significant additional financial enticement to the government and qui tam relators, meaning more suits and more expensive resolutions.
Making matters more threatening is the Supreme Court’s affirmation of the implied certification theory of liability under the FCA in its recent decision in Universal Health Services, Inc. v. United States ex rel. Escobar. Implied certification has been challenging for years. Essentially, it’s when the government or relator argues that an FCA violation can occur if the contractor submitted a claim for payment when it did not meet all relevant compliance standards associated with the underlying contract. Under this theory, contractors were seen, by implication, to have been certifying compliance with laws associated with the claim when it was submitted. Until Escobar, there was a split among the various federal circuits regarding the validity of implied certification as a theory of liability, and if valid, what test should be applied to assess it. Escobar validates that implied certification theory of liability but, at the same time, narrows its application
MCC: And that is good for contractors?
Major: The solidification of the implied certification isn’t great for contractors, but the narrower application is good. When contracting with the federal government, contractors must meet numerous requirements and, under this theory, certify that they are meeting them. Escobar stands for the premise that FCA liability exists when a defendant submitting claims makes specific representations about the goods or services provided but fails to disclose noncompliance with material statutory, regulatory or contractual requirements that make those representations misleading.
That materiality test is key here, and helpful to FCA defendants. Under Escobar, for liability to attach under the FCA, the misrepresentation must be material to the government’s decision to pay the claim. To reach this conclusion, courts are to look to the effect on the likely or actual behavior of the recipient of the alleged misrepresentation, including – but not limited to – whether the provision at issue is labeled a condition of payment and whether the contractor knew the government would not have paid the claim had it known of the noncompliance. The Escobar decision added a little meat to the materiality prong of the FCA, calling it both “rigorous” and “demanding.” Notably, and this is sure to find its way into every FCA brief, Escobar states that the FCA is not intended to punish “garden-variety breaches of contract or regulatory violations” or to impose “treble damages and other penalties for insignificant regulatory or contractual violations.”
MCC: Is there any other good news for contractors concerned about the FCA?
Major: Yes, to the extent that there can be any good news on the FCA front, courts appear to be getting more realistic in their examinations of what constitutes fraud sufficient to raise an FCA violation. Generally, the FCA is intended to combat intentional wrongdoing against the government, not simple negligence. That means to establish liability, the government or a relator must demonstrate that a defendant acted with the requisite level of knowledge, meaning intentionally, with deliberate ignorance, or in reckless disregard of the truth.
With the litany of rules contractors navigate in their dealings with the government, there are, of course, ambiguous regulations that could be subject to multiple interpretations. Accordingly, the question arises whether a contractor’s regulatory interpretation may expose it to FCA liability versus, for example, a simple breach of contract claim. There have been a number of different decisions in the last year, across many circuits, reflecting that a contractor facing a potentially ambiguous regulation or statute may defend itself from this knowledge/scienter element of the FCA if they were acting pursuant to a reasonable interpretation of the regulation they are alleged to have violated and were not provided a contrary interpretation by the government in advance of any FCA allegations. That’s helpful because federal contracting isn’t easy, and most often, the government not only is holding all the cards but also is the only one permitted to deal.
MCC: Data published by the Government Accountability Office (GAO) in its Annual Report to Congress indicates that only 12 percent of bid protests are sustained. In light of that fact, what advice do you have for companies that are considering, or may in the future consider, filing a bid protest?
Turner: Don’t let the data dissuade you from pursuing your rights. Although the FY 2015 GAO Report to which you are referring reflects a 12 percent sustain rate, the more telling number is the 45 percent effectiveness rate, which means that in nearly half of all cases, the protester obtained some sort of relief in response to the allegations raised in the protest. Quite often, this means that the procuring agency takes “corrective action” in response to the protest, which is usually a very strong indication that the protester has correctly pointed out procedural and/or substantive flaws in the acquisition process that the agency simply cannot defend. Although bid protests can sometimes be expensive, the prospect of losing a business opportunity typically outweighs dramatically the short-term legal expense of pursuing the protest, particularly when that business opportunity involves technology development activities, where a company that fails to receive an initial award can be effectively frozen out of a business line for years.
MCC: How can a company ensure that it is properly prepared to pursue a bid protest or to defend against one that is filed?
Turner: At the inception of your company’s involvement in a procurement, the government’s requirements need to be carefully evaluated by appropriate technical, financial and legal personnel. This means that every page of the solicitation should be examined to ensure that your organization completely understands the nature and scope of the acquisition and can prepare a responsive, competitive proposal, and that the document isn’t legally defective. If your company doesn’t understand aspects of the acquisition, it should formulate specific questions to ask the government during the question and answer process – and it should make sure that the government provides written answers to the questions that address the issues satisfactorily. If the document is legally defective – meaning, for example, that it contains patently ambiguous provisions and/or terms and conditions that are prohibited by law – a pre-award bid protest must be filed before the closing date is set for the receipt of proposals. Even if the document isn’t legally defective, developing a thorough, early understanding of the acquisition is critical because it will equip your company and its lawyers with the requisite knowledge base either to pursue a post-award bid protest in short order or to defend against one lodged by a competitor.
MCC: In terms of cybersecurity, what types of challenges are contractors facing, and how can they address them?
Major: The biggest challenge is the omnipresence of a threat inherent with having an online presence and companies being at a loss on how to identify issues and respond accordingly. There is far too little planning – or slow planning – and companies/contractors appear to address cybersecurity reactively versus proactively. Simply put, security needs to be the goal, not simply compliance, and that takes time, money and manpower – none of which necessarily provide income for the company. Many corporations are looking at toys and technology to help them secure their data simply because they see what they are facing as a technologic threat. That’s problematic because technology is a tool; the threat, actually, is very much a human one. You can’t start with technology; you need to start with your people – your IT staff, your IS staff, your employees. They are the heart of any cogent cybersecurity program.
In addition to mischaracterizing the threat vector, many companies don’t properly recognize the scope of risk facing their operations. Hackers aren’t the only risk; regulators and insurance companies are too. Companies need to be prepared for that and most are not. For example, cyberinsurance is all the rage right now, but the insurance companies are new to this arena, and they will want to ensure that corporate policyholders are doing exactly what they said they were doing when they placed coverage. Cyber-risk isn’t simply the product of threats times vulnerability times impact. It’s a function of many variables that companies must understand. It’s a calculus, and a highly complex one, that requires companies to accurately and honestly examine their data, their needs, their abilities and their employees. And that’s especially important for federal contractors, which have affirmative obligations to certify they are meeting strict cybersecurity standards addressed by the Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS), as well as the standards outlined in the National Institute of Standards and Technology (NIST) special publications. Failure to do so, I suspect, will very shortly be a leading cause of FCA allegations/suits … once the government can get its head around the issue.
MCC: How can contractors wishing to assert a claim against the government maximize their chances of recovery?
Turner: At the outset, the company should have policies and procedures in place to ensure the preservation of all relevant documentation and communications related to any instance in which the government has directed company personnel – either explicitly or implicitly – to deliver a good and/or to perform a service that is not required by the contract. As soon as the company receives such direction from the government, it should inform the contracting officer in writing that it regards the direction as a change to the contract under the operative changes clause(s). As a parallel effort, the company should begin quantifying the impact of the change – an increase in costs or an extension of the schedule, for instance – as soon as practicable and should implement change order accounting procedures that establish separate charge codes for the work related to the change so that the dollars associated with the cost of the change can be tracked effectively. The company should also be careful to comply with the Contract Disputes Act, which imposes a host of specific requirements that govern the submission of a claim, one of which is a six-year statute of limitations from the date of claim accrual and another of which is a certification requirement for claims in excess of $100,000. While these steps cannot guarantee that the company will recover on the claim, they will facilitate the informed evaluation of the claim by legal counsel and will blunt some of the government’s more popular defenses to contractors’ claims.
MCC: After a claim is submitted, what happens next?
Turner: The contracting officer will evaluate the claim, usually in conjunction with legal counsel and relevant program personnel, and is required to issue a final decision on the claim. If the claim is for less than $100,000, the final decision must be issued within 60 days. If the claim is for more than $100,000, the final decision may be issued within 60 days, or within the same 60-day period, the contracting officer may notify the contractor of the time within which the final decision will be issued. If the contractor believes that the contracting officer is unnecessarily delaying the issuance of a decision, it may deem the claim to have been denied and may appeal directly to an agency board of contract appeals or the Court of Federal Claims. If, on the other hand, the contracting officer actually decides the claim and the contractor wishes to appeal, it has 90 days from receipt of the decision to appeal to an agency board of contract appeals or 12 months to file a complaint in the Court of Federal Claims.
MCC: Are there any other areas of major concern that you think active or potential government contractors should keep on their radar?
Major: Yes, the implications of the Yates Memorandum – the disclosures required to obtain the Department of Justice’s cooperation credit. It really puts a company in a bad place because, to obtain the credit, a defendant must disclose all facts relating to the wrongdoing, including the individuals involved in the wrongdoing. That’s a pretty weighty disclosure with some far-reaching implications, and I don’t think we have seen the full effect of the memorandum yet. There have been a few recent FCA settlements in the healthcare industry in which senior executives were held financially responsible for the alleged actions. I suspect that will grow.
Turner: I think that’s right. We do a tremendous amount of investigations work for a broad spectrum of clients, and we sometimes submit voluntary “abundance of caution” disclosures or mandatory disclosures to comply with various statutory and regulatory requirements. The focus on individual misconduct required by the Yates Memorandum complicates the investigatory process because individuals may be less than forthcoming because they don’t want themselves or their colleagues to be pursued personally by the DOJ. In addition, there is an extent to which it seems that the DOJ is abdicating some of its investigative responsibilities by forcing companies to engage in individual manhunts to receive cooperation credit.
Published November 7, 2016.