Government contracts alert | Nixon Peabody LLP June 25, 2014 DoD final rule for the detection and avoidance of counterfeit electronic parts impacts contractors’ operations By Vincent J. Napoleon and Nia D. Newton Addressing the issue of counterfeit parts in the defense supply chain has been an issue of significance for those in our government responsible for the acquisition and fielding of sophisticated systems. The infiltration of counterfeit parts into the DoD supply chain, which drives the U.S. military’s major weapon systems, could expose our military personnel to hazards during critical operations and subject critical missions to risk of failure. The Department of Defense (DoD) has established directives to prevent the introduction of counterfeit materials and parts in the DoD supply chain, particularly directed at counterfeit materials which present a threat to personnel safety and mission assurance.1 Recently, to address these concerns, the DoD published a final rule imposing various requirements and responsibilities on DoD contractors to detect and avoid counterfeit electronic parts. This alert describes the final rule and how it will affect contractors’ operations moving forward. Background In 2011, the Senate Armed Services Committee (SASC) launched an investigation into counterfeit electronic parts in the DoD supply chain after a January 2010 Department of Commerce survey disclosed that incidents of counterfeit parts in the defense supply chain had increased dramatically between 2005 and 2008. By the close of SASC’s investigation in 2012, the SASC published a report that it had uncovered overwhelming evidence of counterfeit electronic parts infiltrating the DoD supply chain, which were primarily traced back to China and not sufficiently reported by contractors. SASC also discovered that the DoD was not properly informed of the scope and impact of counterfeit parts in its systems. More importantly, the SASC concluded that the defense supply chain, which relies on unvetted independent distributors to supply electronic parts for some of the most sensitive defense systems, was compromised. Critical military systems such as the U.S. Army’s Terminal High Altitude Area Defense (THAAD) missile, the U.S. Navy’s SH-60B helicopter and the P-8A Poseidon aircraft, the U.S. Air Force’s C-17, C-130J, C-27J aircraft and their resultant missions were exposed to an unacceptable risk of failure. In all, the SASC concluded the following: 1 DEPARTMENT OF DEFENSE, INSTRUCTION: DoD COUNTERFEIT PREVENTION POLICY NO. 4140.67, (2013). This newsletter is intended as an information source for the clients and friends of Nixon Peabody LLP. The content should not be construed as legal advice, and readers should not act upon information in the publication without professional counsel. This material may be considered advertising under certain rules of professional conduct. Copyright © 2014 Nixon Peabody LLP. All rights reserved. China is the dominant source for counterfeit electronic parts that are infiltrating the defense supply chain. The Chinese Government has failed to take steps to stop counterfeiting operations that are carried out openly in that country. The DoD lacks knowledge of the scope and impact of counterfeit parts on critical defense systems. The use of counterfeit electronic parts in defense systems can compromise performance and reliability, risk national security and endanger the safety of military personnel. Permitting contractors to recover costs incurred as a result of their own failure to detect counterfeit electronic parts does not encourage the adoption of aggressive counterfeit avoidance and detection programs. The defense industry’s reliance on unvetted independent distributors to supply electronic parts for critical military applications results in unacceptable risks to national security and the safety of U.S. military personnel. Weaknesses in the testing regime for electronic parts create vulnerabilities that are exploited by counterfeiters. The defense industry routinely failed to report cases of suspect counterfeit parts, putting the integrity of the defense supply chain at risk. As a result of the 2012 SASC report, the DoD released a proposed rule in May 2013 that would implement Section 818 of the 2012 National Defense Authorization Act (NDAA) and Section 833 of the 2013 NDAA (“Proposed Rule”). The Proposed Rule would modify the Defense Federal Acquisition Regulation Supplement (DFARS) by requiring DoD contractors to detect and avoid counterfeit electronic parts. More specifically, the §818 proposal would require the Secretary of Defense to assess the DoD’s acquisition policies and systems for the detection and avoidance of counterfeit electronic parts. Section 833 would impose counterfeit prevention obligations on defense contractors who were subject to Cost Accounting Standards (CAS) and that supplied electronic parts or products that include electronic parts under CAS-covered contracts. Those contractors would be responsible for avoiding and detecting the use or inclusion of counterfeit electronic parts or suspect-counterfeit electronic parts by developing counterfeit electronic part avoidance and detection systems that would implement policies and procedures. The policies and procedures address: 1) Training of personnel; 2) Inspection and testing of electronic parts, including criteria for acceptance and rejection; 3) Processes to abolish counterfeit parts proliferation; 4) Mechanisms to enable traceability of parts to suppliers; 5) Use and qualification of trusted suppliers; 6) Reporting and quarantining of counterfeit electronics parts and suspect-counterfeit electronic parts; 7) Methodologies to identify suspect-counterfeit parts; 8) Design, operation and maintenance of systems to detect and avoid counterfeit electronic parts and suspect-counterfeit parts; and 9) Flow down of counterfeit avoidance and detection requirements to subcontractors. On May 16, 2014, the DoD issued its final rule on how contractors should address and treat the issue of counterfeit electronic parts in their supply chain when responding to government requirements (“Final Rule”). The DoD’s Final Rule significantly changes contractor responsibilities to detect and avoid the use or inclusion of counterfeit or suspect-counterfeit electronic parts, the use of trusted suppliers and contractors’ reporting requirements of counterfeit and suspectcounterfeit electronic parts. Among the Final Rule changes is the imposition of a new DFARS clause 252.246-7007 (titled Contractor Counterfeit Electronic Part Detection and Avoidance System (May 2014)) that establishes actions contractors must take to develop and maintain an acceptable counterfeit part detection and avoidance system when contractors supply electronic parts or assemblies containing electronic parts to the government. DFARS 252.246-7007 DFARS 252.246-7007 limits its coverage to those contractors subject to Cost Accounting Standards (CAS) as outlined in 41 U.S.C. §1501 et seq. However, DFARS acknowledges that all levels of the supply chain have the potential to introduce counterfeit or suspect-counterfeit electronic items into the end items contracted for under a CAS-covered prime contract. Ultimately, responsibility for preventing introduction of counterfeit parts “flows down” to all subcontractors and suppliers of CAS-covered prime contractors regardless of the coverage or size of the subcontractors or suppliers. Counterfeit electronic part detection and avoidance system criteria Under the Final Rule, the DoD renders contractors responsible for establishing and maintaining an acceptable counterfeit electronic part detection and avoidance system, which must include riskbased policies and procedures that address, at a minimum, twelve enumerated areas. In addition to the nine policy and procedure areas outlined in the Proposed Rule, the Final Rule outlines three additional policies and procedures that should be established and implemented and would result in an adequate counterfeit electronic part avoidance and detection system. These policies and procedures include establishing and implementing the following: 1) a process for keeping continually informed of current counterfeiting information and trends; 2) a process for screening Government-Industry Data Exchange Program (GIDEP) reports and other credible sources of counterfeiting information; and 3) a process for controlling obsolete electronic parts. Notwithstanding these additional requirements, the DoD does not endorse specific mechanisms or technologies to satisfy the twelve requirements. Failure to maintain an acceptable counterfeit electronic part avoidance and detection system could result in the contracting officer’s disapproval of the contractor’s purchasing system and could cause a withholding of payments to the contractor. Cost allowability The Final Rule shifts the risk and cost of counterfeit parts to contractors. The rule establishes that costs of rework or corrective action when counterfeit parts were improperly introduced into the DoD supply chain are unallowable. However, the DoD’s proposal did provide specific exceptions that would enable costs to be reimbursed when a contractor 1) had a DoD-reviewed and approved operational system to detect and avoid counterfeit parts, 2) the counterfeit or suspect-counterfeit electronic parts were provided as government-furnished property and 3) the contractor provided notice to the government within 60 days of becoming aware of a counterfeit or suspect counterfeit electronic part. Some government contracting practitioners agree that while most contractors may be able to meet these requirements, subcontractors and suppliers which do not operate on a cost reimbursement basis with the government are unlikely to have their costs allowed. In the case of contractors performing pursuant to cost reimbursement contracts, reimbursement of costs will be based on the FAR principles of cost allowability. Definitional concerns The Final Rule is limited to electronic parts and specifically covers counterfeit electronic parts,2 suspect counterfeit electronic parts,3 and obsolete electronic parts.4 While there are no apparent and significant differences between the definition of these terms in the Proposed Rule and the Final Rule, there is concern among some commenters to the Proposed Rule regarding the “credible evidence” standard used in the definition of suspect counterfeit electronic parts and the lack of guidance given in the definition of obsolete electronic parts. Some commenters to the Proposed Rule argue that the “credible evidence” standard (equivalency of a reasonableness standard) is overbroad and the absence of a designated procedure for determining whether a part is suspect counterfeit makes contractors and suppliers more vulnerable to unintentionally violating the DFARS mandatory disclosure rules. The DoD’s response to these concerns recognizes that it is not practical or cost-effective to test every case of a suspected counterfeit, but that the phrase “credible evidence” along with examples strengthens a fact-based approach. Commenters to the Proposed Rule also express concern that the definition of obsolete parts does not address known risks and challenges of the DoD’s continued use of obsolete and out-ofproduction parts, the vulnerabilities created by the continued demand for such parts, and the increasing constraint on DoD’s ability to support and find ways to eliminate continued dependence 2 A counterfeit electronic part is defined as “unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacture, or a source with the express written authority of the original manufacturer, or a source with the express written authority of the original manufacturer. Unlawful or unauthorized substitution is described to include used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics.” 3 A suspect counterfeit part is defined as “an electronic part for which credible evidence (including, but not limited to, visual inspection or testing) provides reasonable doubt that the electronic part is authentic.” 4 An obsolete electronic part is defined as “an electronic part that is no longer in production by the original manufacturer or an aftermarket manufacture that has been provided express written authorization from the current design activity or original manufacturer.” on these parts. Commenters note that electronic parts have life cycles far shorter than the defense and aerospace products using them, so guidance from the DoD on what processes to use to mitigate risks inherent with obsolete parts is essential for contractor compliance. Obsolescence control is a fundamental aspect of counterfeit prevention and should be addressed by the contractor in its counterfeit detection and avoidance system. Looking ahead To ensure that counterfeit materials do not present a threat to U.S. personnel and mission assurance, the DoD’s Final Rule obligates all contractors providing electronic parts to the government to take proactive steps to identify and prevent counterfeit components from entering the DoD supply chain. This means that contractors are absorbing a greater burden in protecting and insulating the DoD supply chain from the risk of compromise. As a result of this burden, contractors will incur far greater costs for ensuring that their counterfeit detection and avoidance systems are appropriate and capable of minimizing the risk of exposure inherent in a compromised supply chain system. Increased liability also means that contractors will now be responsible for keeping subcontractors and suppliers accountable for the electronic parts that subcontractors and suppliers introduce to the market. This will likely force some contractors to expand the scope of their internal audit and compliance teams to review and audit the counterfeit detection and avoidance systems, which will inevitably raise contractors’ costs. One of the more challenging areas for contractors going forward is their response to the Final Rule’s reference to obsolete parts that are no longer being produced and not easily traceable to the original manufacturer. Certainly, some contractors may be left with only two options as they attempt to address this issue—contractors may either engage in the costly option of stocking up on parts while they are being made by original manufacturers or be forced to ensure that obsolete parts being purchased are from trusted suppliers. No matter the decisions, if contractors have to implement systems that account for obsolete parts compliance, the overall price of contractors’ contracts with the government will likely increase. The DoD claims that new requirements should not affect small business contractors; however, it is conceivable that higher costs, risks and liabilities could be detrimental to a smaller firm that does not have the money to establish new systems or hire new people. Because suppliers and subcontractors do not operate on a cost reimbursement basis with the government, they may also increase their prices to include such costs. As a result, prime contractors can anticipate paying more for the contracts with their subcontractors or suppliers. For more information on the content of this alert, please contact your Nixon Peabody attorney or: — Vincent J. Napoleon at vnapoleon@nixonpeabody.com or 202-585-8379