There’s a risk continuum for government contract compliance. Nearly two years ago I presented at the Society of Corporate Compliance and Ethics’ Annual Compliance Institute on the topic of “Taking a Dynamic Approach to Compliance Risk Assessments for U.S. Government Contractors”—and that was the takeaway from my show.

As I told the audience: “USG contractors work in a highly dynamic environment where compliance risks must be frequently evaluated, because they are frequently changing. Annual ‘snapshots’ will create gaps in compliance planning.” (Emphasis in original.) You can find the entire presentation on my LinkedIn profile, if you are so inclined.

A contractor’s compliance risks are based on factors that include (but are not limited to) contract type, contract value, competitive versus non-competitive awards, awarding agency, and the contract clauses found in the contracts. A small business has a different compliance risk profile than a large contractor. A contractor subject to Full CAS coverage has a different compliance risk profile than one that is Exempt or subject to only Modified coverage. A contractor that sells commercial items under FAR Part 12 procedures has a different risk profile that one that submits certified cost or pricing data under FAR Part 15 negotiated contract procedures. Et cetera. You get the idea.

Generally speaking, a contractor who is selling to the Federal government under a GSA Multiple Award Schedule (MAS) has a lower risk profile than one that sells directly to another Federal agency, especially the Department of Defense. In fact, GSA MAS are only supposed to offer items and services that qualify as commercial items, as that term is defined at FAR 2.101. When a contractor prepares its annual proposal to establish final billing rates as required by the contract clause 52.216-7, the GSA contracts are lumped along with any other commercial sales the contractor might have into “other-commercial.”

You might well conclude that GSA MAS sales are lower-risk. And you’d be right to do so, except “lower risk” is not the same thing as “risk-free.” There are risks associated with GSA MAS sales, including (but not limited to):

• Accurate disclosure of “commercial sales practices”

• Accurate identification of “Basis of Award” customers (those customers whose prices will be compared to the prices offered to GSA)

• Compliance with the Price Reductions Clause (which requires that discounts offered to Basis of Award customers also be offered to the GSA)

• Accurate calculation and timely payment of the Industrial Funding Fee (IFF)

• Compliance with Trade Agreements Act

• Compliance with required labor qualifications

I was recently reminded of the GSA MAS risks when I came across this press release from the Dept. of Justice, announcing that “SAP Public Services, Inc. has agreed to pay the United States more than $2.2 Million to resolve allegations that it violated the False Claims Act by failing to pay required fees” on its GSA MAS contracts.

SAP Public Services sold software engineering and support to government customers through its MAS contracts, but it cancelled those contracts in 2014. But it was too late. An internal investigation discovered compliance errors, and the company was required to disclose those errors to the GSA under the contracts’ mandatory disclosure provisions. Before I get into the details of the errors, let’s note that SAP Public Services received praise (and, I’m sure, credit) for its cooperation with Federal agency officials. The Deputy U.S. Attorney was quoted as saying “From the time that this matter was brought to its attention, SAP has committed itself to setting things right, despite considerable time and expense. We appreciate its cooperative approach and its intensive investigative efforts to get to the bottom of what happened here.”

What happened?

According to the press release, it seems that SAP Public Services made errors when calculating the IFF due GSA. “The United States’ investigation – conducted in conjunction with a robust internal investigation by SAP Public Services – determined that SAP Public Services failed to account for the IFF it owed on several contracts…”

But that was not all. SAP Public Service also (apparently) failed to comply with the Price Reductions Clause. The press release stated “SAP Public Services … did not always provide the appropriate contractual discounts …”

But that was not all. SAP Public Service also (apparently) failed to comply with the labor qualifications in its GSA MAS contracts. The press release stated “SAP Public Services was required to … meet certain educational or experiential qualifications in its staffing assignments. … SAP Public Services … did not always provide the appropriate … staffing.”

Thus, a $2.2 million settlement to resolve False Claims Act allegations involving at least three of the six compliance risk issues identified earlier in this article.

Before your company sells to the Federal government via a GSA (or Veterans Administration) MAS contract, consider making a robust compliance risk assessment. It’s probably in your best interest to do so.