We recently wrapped-up 2016 with an article summarizing the many procurement-related fraud stories that December brought us. As we noted in that article, none of them really merited a stand-alone blog post; but taken together, they presented a pretty damning picture of the current state of procurement fraud. That article was written just before Christmas and posted on 28 December, and we figured that was it for the year.

But we were wrong.

There was at least one more fraud story to come out before year-end. But it’s okay, because this one would have merited its own blog article in any case. It ties together many of the themes we frequently repeat on this site, including:

• The prime contractor is responsible to its customers, not only for delivering on time and on budget, but also for the actions of its subcontractors. The prime must manage all the risks associated with its responsibilities. The notion that the prime’s risks can be transferred to the subcontractor is wrong. (The reason it’s wrong is called “privity of contract;” you can look that phrase up if you are not familiar with it.) The most a subcontractor can do is indemnify the prime contractor; and that only works for some risks and only up to the point that the subcontractor has sufficient resources (financial and otherwise) to provide indemnification.

• Because the prime contractor is responsible for program execution, and because risk cannot be effectively transferred to subcontractors, the prime contractor must take reasonable measures to ensure that its subcontractors are complying with the terms of their subcontracts. It is not DCAA’s job to audit your subcontractors; it is your job. At the very least, you have to try.

• Effective subcontractor management is the key to effective project/program management. This is especially true in today’s aerospace/defense environment, where up to 70 percent (and more) of a typical Major Defense Acquisition Program (MDAP) is subcontracted out into the supply chain.

• Contract types matter; and your choice of subcontract type impacts your risks and therefore impacts your risk management efforts. Choosing the wrong subcontract type will lead to many downstream challenges, not the least of which will be closing-out the subcontract.

With all that being said (yet again), let’s look at this end-of-year fraud story, brought to us by the U.S. Attorney’s Office of the District of Maryland.

In that press release (link above) we see that Advanced C4 Solutions, Inc., agreed to pay the U.S. Government $5.4 million to settle allegations that it violated the False Claims Act (FCA) by submitting “inflated invoices” to its government customer, SPAWAR.

First thing: Advanced C4 Solutions (ACS) is a small business, In fact, it is a certified “8(a) business,” which means quite a bit in terms of competitive advantage—but which meant absolutely nothing in terms of liability for contract compliance. Being a small business or a small disadvantaged business or an 8(a) business buys you nothing if the government believes you are trying to rip it off. And in this case, the government alleged that the ACS project manager—who was named—knew that ACS’ subcontractor, Superior Communication Solutions, Inc. (SCSI) was submitting invoices to ACS that “charged for labor hours that were not actually worked … at job classification rates for personnel that did not have the requisite credentials to be billed at those rates.”

Thus, we learn that ACS awarded SCSI a T&M type subcontract that had designated hourly billing rates for certain defined labor categories. SCSI billed ACS for labor hours by people that did not qualify for the labor categories under which they were billed. In addition, SCSI billed ACS for labor hours that were not actually worked, which we should all agree is kind of a no-no.

Importantly, the press release clearly states that the ACS project manager “was responsible for verifying the accuracy of all invoices submitted by subcontractors to the Company and, in turn, all the invoices submitted by the Company to SPAWAR.” This is important because, in our experience, too many PMs think that subcontractor invoice approval is a waste of their time. They tend to think it’s an accounting function or a contracts function. But it’s not: it is clearly a PM’s (or knowledgeable delegate’s) responsibility to verify that subcontractor services were provided in a compliant fashion—to include verifying that labor hours were performed by qualifying subcontractor personnel. PM’s have to do whatever it takes to verify compliance; they need to ensure adequate time and resources are budgeted in the project/program for those actions.

Because the PM will be held accountable, even if it is the company that ultimately pays the legal bills.

In this particular case, the PM (Andrew Bennett) and two others were individually indicted on federal criminal charges related to this matter. The $5.4 million settlement just got ACS off the hook; the PM is being held individually liable. (We note for the record that $5.4 million was probably a big hit to ACS’ 2016 profits.) Holding individuals liable separately from the company liability is a recent Department of Justice trend and one readers should be sensitive to. (Look up “Yates Memo.”)

So far, two alleged conspirators have pleaded guilty. The press release reports that “Bennett and Shank pled guilty to conspiracy to commit wire fraud for their conduct related to the DO 27 contract. The third defendant is scheduled for trial beginning on January 30, 2017.” A single wire fraud count carries with it a maximum sentence of 20 years in federal prison.

How’s that for individual accountability?

In summary, this story neatly confirms several of our recurring themes on this blog. You might want to print this one out and save it for your next staff meeting.