A couple of themes seem to recur in the annals of Apogee Consulting, Inc.’s blog. That’s not really surprising, since we’ve been publishing the blog for more than 6 years now. It should be expected that certain topics pop up from time to time and thus allow us to look back on how they have evolved (or not) over time.

One recurring theme has been the Contracting Officer’s Final Decision (COFD). The Contracts Dispute Act requires that there first be a COFD—i.e., a decision from which to appeal to the courts. A COFD can be attacked on two grounds: either it was issued untimely, or it was not valid, because it was biased or otherwise lacked independence. We’ve written about the CDA’s 6-year Statute of Limitations many times on this blog. At this point, we don’t know if the 6-year Statute of Limitations is even enforceable any more, since Judge Dyk eviscerated previous case law in his Sikorsky ruling. We’ve also written about the required independence standard applied to the COFD before, though that second prong does not seem to be much addressed in the current decisions issued by the CDA fora.

Another theme that has shown itself from time to time is the use of questionable math in the “ROMs” issued by DCAA to Contracting Officers who need to issue a COFD with respect to a complex CAS-related matter. We have taken issue with DCAA’s use of such tactics to support Contracting Officers and the resolution of CAS-related disputes. Candid conversations with DCAA auditors reveal the pressures to issue a calculation – any calculation, no matter how flawed – so that the CAFU database can be updated to show progress on long-standing, thorny issues where it is thought that money can be recovered from contractors. The pressure on Contracting Officers to accept the DCAA ROMs and to do something is similarly intense – never mind the requirement to fairly and impartially weigh the facts and circumstances before issuing a Final Decision. In our view, the line between the DCMA Contract Recovery Initiative (as supported by DCAA) and outright asset forfeiture is uncomfortably blurred.

And yet another recurring theme is found in our series of discussions of questionable DCAA audit findings. Obviously, contractors are going to disagree with a certain percentage of DCAA audit findings. Indeed, DCAA auditors must ignore any contractor disagreements if they believe their audit findings are correct. (But note that DCAA auditors cannot simply ignore contractor rebuttals to draft findings; they must look at any additional evidence provided. The preliminary audit findings must change if the evidence indicates the original conclusion was wrong.) Notwithstanding the natural tendency between auditor and auditee to disagree, problems arise when DCAA auditors question costs without a solid basis, and when the Contracting Officer “rubber stamps” those findings when issuing a COFD. In certain extreme cases, contractors have been known to file suit against DCAA, accusing the auditors of professional malpractice. The DoD OIG asserted that as many as 81 percent of all DCAA audits contained GAGAS noncompliances, so should we be surprised if the majority of contractors think that too many DCAA audit findings are flagrantly wrong?

And our final recurring theme for this article is the Federal contractor known simply as KBR (formerly Kellogg Brown & Root) (formerly a subsidiary of Halliburton). A keyword search on this site returns 35 individual blog articles in which KBR is mentioned in some way or another. We write so often about KBR because the company is involved in a myriad number of issues. Without meaning to disparage KBR, we think that one can obtain a fairly decent idea of the current slate of Federal contract compliance issues by following the allegations, counter-allegations, disputes, and litigation involving KBR. For example, recently, KBR became the first contractor in a great long while to file suit against DCAA, alleging professional malpractice, regarding auditor disallowances of Private Security Contractor (PSC) costs the company paid to protect its employees when the local United States military forces proved unable (or unwilling) to do so. KBR is apparently at the forefront of the war being waged between Defense Department auditors and defense contractors.

Which brings us to a recent ASBCA decision on a Motion for Summary Judgment issued by Judge O’Sullivan in the matter of Kellogg Brown & Root Services v. United States (ASBCA No. 59557, January 22, 2015).

As is the case with so much of the litigation involving KBR, this dispute started with the LOGCAP contract, in which KBR provided logistics support to the United States Army in various far-flung and dangerous places including Iraq. This particular issue involved the requirement that KBR provide “Defense Base Act” insurance for its staff working on the LOGCAP Task Orders. Not only did KBR cover its own employees through DBA insurance, but it also covered the employees of its subcontractors. Judge O’Sullivan found that “Through 2005, KBR had provided insurance coverage to 94,405 subcontractor employees who were Third Country Nationals and 81,239 subcontractor employees who were Host Country Nationals.” That’s a lot of insurance coverage.

The way KBR obtained insurance coverage worked like this: “subcontractors provide[d] KBR with estimated payroll for each subcontract enrolled into the program. A separate DBA policy [was] issued for each subcontract under the master policy.” Importantly, KBR paid the premiums on behalf of its subcontractors. That eliminated any pyramiding of indirect costs and/or profit, and created economies of scale that might tend to lower the insurance premiums. Judge O’Sullivan noted: “The subcontractors [did] not reimburse KBR for the premiums and [did] not include DBA insurance costs in their billings.”

The key aspect of the DBA insurance program was that the premiums were based on estimated payrolls, not actual payrolls. The premiums were set based on the subcontractor estimates and did not change unless the estimated payrolls changed. KBR evaluated estimated subcontractor payrolls on a quarterly basis, and adjusted them for new Task Orders, change orders to Task Orders, and/or completed or terminated Task Orders (among other circumstances). But the one thing that KBR did not do was to adjust the DBA insurance premiums to reflect actual subcontractor payrolls if they should happen to differ from estimated payrolls. One reason given by KBR for the lack of true-up was a lack of visibility into the actual payrolls of its subcontractors. Another reason might have been that there was no need to adjust for actual payrolls – because premiums were established based on estimated payrolls and actual payrolls had no impact on premiums. Regardless, KBR was quite open with its DCAA auditors that it did not “true-up” DBA insurance premiums to account for any differences between estimated and actual subcontractor payrolls.

DCAA had a problem with that.

DCAA issued an audit report asserting that KBR’s method resulted in unallowable costs. The audit report stated—

KBRSI asserts it does not have visibility of the subcontractors' actual payroll records. However, based on KBRSI's subcontractor DBA insurance policy, the insurance company had the rights [sic] to verify the subcontractors' remuneration. KBRSI was unable to confirm the insurance company (AIG) or insurance broker (Aon) verified the subcontractors' remuneration.

The contractor is in noncompliance with FAR 31.201-2(d) -Determining Allowability which states:

‘A contractor is responsible for accounting for costs appropriately and for maintaining records, including supporting documentation, adequate to demonstrate that costs claimed have been incurred, are allocable to the contract, and comply with applicable cost principles in this subpart and agency supplements. The contracting officer may disallow all or part of a claimed cost that is inadequately supported.’

In addition, the contractor is in noncompliance with (i) FAR 31.205-19(d)(l) because it did not measure, assign, and allocate costs in accordance with 48 CFR 9904.416, and (ii) CAS 416-40(b) because it did not allocate insurance costs to cost objectives based on the beneficial or causal relationship between the insurance costs and the benefiting or causing cost objectives.

To determine how much of KBR’s DBA insurance premiums were unallowable, DCAA examined—

… one of KBR's subcontract Master Agreements and compar[ed] the ‘estimated DBA premium’ per the Master Agreement (a premium amount calculated by multiplying the labor hours invoiced under the Agreement for the period October 2006 to September 2007 by the Iraq/Kuwait premium rate) to the DBA premium amounts invoiced by the insurer and paid by KBR.

DCAA used that analysis to question 43 percent of KBR’s claimed FY 2007 DBA insurance premiums – some $33.9 million. In addition, DCAA issued a ROM to the Contracting Officer asserting that KBR’s alleged practice of immediately expensing DBA insurance premiums was noncompliant with CAS 416 and resulted in a cost impact to the Government of $34.4 million. All in all, KBR was on the hook for roughly $68 million plus interest. Plus attorney fees.

One problem KBR faced in its litigation to fight the government’s asset forfeiture (or perhaps “claim” if you prefer) is that it wanted the government to file a claim for the funds at the ASBCA so it could fight the claim. The government didn’t want to file a claim. The upshot of that particular dispute was that Judge O’Sullivan directed the government to file a claim.

In her decision, she noted that the government should file its claim first because of the paucity of information in the COFD. She wrote—

In this case, the government has asserted that $33.9 million in subcontractor DBA insurance premium costs incurred by KBR in performing the LOGCAP contract are unallowable, yet it has not articulated a basis for its claim. The Board has examined the ACO's decision which does not explain the rationale for finding these costs unallowable. The final decision includes the summary sentence: ‘The cost billed was not based on actual subcontractor labor incurred during FY 2007’ but does not explain why that fact, in the contracting officer's opinion, renders the costs unallowable. It is important to note the costs billed were KBR's actual incurred premium costs, as confirmed by the DCAA audit.

The final decision also states that it references and relies on the DCAA audit report and KBR's response to that report. The Board has examined the audit report, which states that it is disallowing the costs based on KBR's failure to ‘true up’ its subcontractor DBA insurance costs based on actual subcontractor payroll, and that this failure to ‘true-up’ is a noncompliance with FAR 31.201-2(d), which requires contractors to maintain records sufficient to demonstrate that claimed costs have been incurred, are allocable to the contract, and comply with applicable cost principles.

However, the audit report does not explain what significance, if any, actual subcontractor labor costs (even if such information were available to KBR) would have to the issue of the allowability of KBR's subcontractor DBA insurance costs, which were based on estimated subcontractor payroll and not subject to adjustment based on actual subcontractor payroll.

Now you see how the themes we mentioned at the beginning of this article weave together in this particular decision. Once again, KBR is forced to litigate a silly DCAA finding that was clearly rubber-stamped by the cognizant Administrative Contracting Officer who either did not understand the issues or chose not to understand the issues. As a result of the silly audit finding, a COFD was issued that failed to articulate the rationale for the government’s attempt to take nearly $34 million from KBR.

And this particular decision does not even address the DCAA “ROM” related to the alleged CAS 416 noncompliance.

Obviously the matter will be litigated on the merits, but from where we sit in our non-attorney couches, it seems to be very much a foregone conclusion. The DBA insurance premiums were based on estimated payrolls and actual payrolls were simply irrelevant to the matter. It’s a no-brainer, in our view. If KBR needed another cause of action related to DCAA professional malpractice, they may well have found it here.

We're under the pressure
Yes we're counting on you
That what you say
Is what you do

It's in the papers
It's on your TV news
The application
It's just a point of view

-- The Politics of Dancing, Re-Flex, 1983

In February, 2008, the FAR contract clause 52.222-50 (“Combating Trafficking in Persons”) was promulgated. Among other things, the clause announced that the United States Government “has adopted a zero tolerance policy regarding trafficking in persons”. To that end, Federal contractors and their employees were prohibited from engaging in “severe forms of trafficking in persons” and procuring “commercial sex acts” during the contract’s period of performance. (Those phrases were defined in the clause.)

Although we are 100% against trafficking in persons, we did not think much of the rule. One important concern we had was the definition of “commercial sex act” which was defined as “any sex act on account of which anything of value is given or to be received by any person.” We suspected that the definition was vague enough to make taking a person to dinner and a movie a precursor to a commercial sex act, which could be problematic. In addition, we thought the imposition of American morality outside of CONUS was a bit arrogant. Other countries might have less concern with “commercial sex acts” between consenting adults than Americans seem to have. Think Amsterdam, for example. Moreover, there are certain places in Nevada where “commercial sex acts” are permitted by law. Thus, prostitution that would be legally permissible under the local laws would be prohibited by this contract clause. That didn’t make much sense to us.

One issue (among many potential issues) is that the contract clause presumes that when a US citizen is employed by a contractor working on a Federal contract, that citizen has waived his/her right to engage in legally protected sex acts. We don’t think so. (But in fairness, we are not attorneys so what do we know?) The bottom line for us is, had the rule stopped at preventing human trafficking, we would have applauded it. But when it delved into morality and what is or what is not legally permitted sex acts between consenting adults, we thought it went off the rails.

In 2012, President Obama issued Executive Order 13627 to “strengthen protections” against human trafficking in Federal contracts. It directed studies that would lead to FAR revisions regarding the subject. While those studies were taking place, a year ago (as this article is being written), we told readers that the 2013 National Defense Authorization Act (NDAA) was going to lead to revisions in the anti-human trafficking rules. We wrote –

Among other things, requires contractors to annually certify that they have a compliance plan and have ‘implemented procedures to prevent [human trafficking] and to monitor, detect, and terminate any subcontractor, subgrantee, or employee of the recipient engaging in [such activities].’ Covered contractors will ‘provide a copy of the plan to the contracting or grant officer upon request, and as appropriate, shall post the useful and relevant contents of the plan or related materials on its website and at the workplace.’

Indeed, a proposed rule soon followed. And now we have a final rule that implements the NDAA legislative direction. We’re not going to quote the whole rule and the promulgating comments because, frankly, if you print it out it’s a book. For those who need to get deeply into the topic, start with reading the revised FAR Part 22.1703 and 22.1704. Then review the revised 52.222-50 contract clause. Importantly, the new rule applies to many contracts and many contractors. If your company performs work outside the United States, it is likely the new rule applies to you.

As per the rulemaking comments (link above), the new rule requires the following—

(a) Prohibit contractors, contractor employees, subcontractors, subcontractor employees, and their agents from—

(1) Engaging in severe forms of trafficking in persons during the period of performance of the contract;

(2) Procuring commercial sex acts during the period of performance of the contract;

(3) Using forced labor in the performance of the contract;

(4) Destroying, concealing, confiscating, or otherwise denying access by an employee to the employee's identity or immigration documents, such as passports or drivers' licenses, regardless of issuing authority;

(5)(i) Using misleading or fraudulent practices during the recruitment of employees or offering of employment, such as failing to disclose, in a format and language accessible to the worker, basic information or making material misrepresentations during the recruitment of employees regarding the key terms and conditions of employment, including wages and fringe benefits, the location of work, the living conditions, housing and associated costs (if employer or agent provided or arranged), any significant costs to be charged to the employee, and, if applicable, the hazardous nature of the work;

(ii) Using recruiters that do not comply with local labor laws of the country in which the recruiting takes place;

(6) Charging employees recruitment fees;

(7)(i)(A) Failing to provide return transportation or pay for the cost of return transportation upon the end of employment, for an employee who is not a national of the country in which the work is taking place and who was brought into that country for the purpose of working on a U.S. Government contract or subcontract, for portions of contracts and subcontracts performed outside the United States; or

(B) Failing to provide return transportation or pay for the cost of return transportation upon the end of employment, for an employee who is not a United States national and who was brought into the United States for the purpose of working on a U.S. Government contract or subcontract, if the payment of such costs is required under existing temporary worker programs or pursuant to a written agreement with the employee for portions of contracts and subcontracts performed inside the United States; …

(8) Providing or arranging housing that fails to meet the host country housing and safety standards; or

(9) If required by law or contract, failing to provide an employment contract, recruitment agreement, or other required work document in writing. …

That’s not all. The new rule also requires a certification (found at 52.222-56) that an apparent successful bidder has a compliance plan for the foregoing requirements. Moreover, the bidder must certify that it has implemented the plan through procedures designed to prevent any prohibited activities. The bidder must also have procedures to monitor, detect, and terminate any subcontract or agent agreement engaging in prohibited activities.

The certification is required if the contract or subcontract is for supplies (other than COTS items) that are being acquired outside the United States, or if the contract or subcontract is for services to be performed outside the United States, when the estimated contract/subcontract value exceeds $500,000. The certification must be executed and submitted annually during contract/subcontract performance. Prime contractors must obtain the certification prior to award of a qualifying subcontract, and annually thereafter.

There’s more, of course. Isn’t there always? But you get the gist. Importantly, prime contractors and subcontractors who fall under the certification requirements are going to have to generate a compliance plan with supporting procedures, and then they are going to have to execute that plan, performing “due diligence” to check for prohibited activities and then to report any findings to the Contracting Officer.

We are all about contract compliance. And now the fight against human trafficking has led to new contract compliance requirements. If you have a contract subject to the new requirements, you had better get moving.

How to get started? Well, the government contracts attorneys at Crowell & Moring have some good ideas. Here’s a link to some compliance plan basics, including some of the minimum required plan elements. Here’s a link to another C&M article on the contract administration aspects of the new rule. The C&M articles include this analysis of the risks involved in the new rule—

This certification requirement, like its compliance plan counterpart, poses another risk for contractors. Given the many risks associated with some types of certifications, including possible exposure under the civil false claims and false statement acts, this certification requirement creates a risk for contractors because it requires contractors to certify to the compliance of their subcontractors but it provides little guidance as to what level of ‘due diligence’ is sufficient or required before making such a certification. In the response to comments on the proposed rules, the FAR Council declined to define or clarify the term ‘due diligence’ and instead responded that ‘the level of ‘due diligence’ required depends on the particular circumstances. This is a business decision requiring, judgment by the contractor.’

The final rule leaves contractors facing a range of compliance challenges and open questions as contractors try to institute “appropriate” compliance plans to reduce the risk of the potentially serious consequences associated with violating the new rule.

For those prime contractors and subcontractors with significant OCONUS activities, this is going to be a challenging rule, we believe. Part of the challenge lies in the ambiguity of terms and requirements; another part lies in the fight (embodies in the rule) against certain activities to which mainstream American morality objects.

Writing in Policy Paradox: The Art of Political Decision Making (2012), Deborah Stone discussed the balance between precision and vagueness. She wrote—

Precise rules stifle creative responses to new situations. … Precise rules are good for only short periods; they lose their efficacy as time passes and conditions change. The failings of precision are the virtues of vagueness. Vague rules with broad categories and lots of room for discretion can be flexible and allow sensitivity to differences. They enable creative responses to new situations. Vagueness can boost a rule’s effectiveness by allowing individuals with knowledge of particular facts and local conditions to decide on the means for achieving general goals. … Vague rules allow decision makers to use tacit knowledge, the things people know but can’t put into words.

The problem with the new rule on fighting human trafficking is that it’s vague where it should be precise and prescriptive where it should allow discretion. Nonetheless, it’s a final rule now. Until a court interprets some of the ambiguities, contractors will have to muddle through. But make no mistake: these requirements will have to be implemented by contractors and subcontractors that are subject to them.