Legal Insights: Establishing Contractor Compliance Programs, Part I
Winter 2013

This three part article examines the establishing of contractor compliance programs. The current requirements for compliance programs were established effective December 12, 2008 when the Civilian Agency Acquisition Council and Defense Acquisition Regulations Council jointly issued a final ruling amending the FAR Entitled “Contractor Business Ethics Compliance Program and Disclosure Requirements.” Given the major changes brought on by the new ruling, confusion reigned in the contractor community as to how compliance programs should be implemented. In the four years since the final ruling was issued, these compliance requirements have become better understood.

Although in many instances, a compliance program is mandatory, even where it is voluntary under certain contracts or for certain contractors, a compliance program is a good idea. Not only can a compliance program prevent or minimize the consequences of wrongful conduct, the existence of a compliance program is likely to be deemed by both the government and the courts as a mitigating factor in assessing a contractor’s exposure to criminal, civil, or administrative sanctions. In U.S. ex rel. Hefner v. Hackensack University Medical Center, 495 F.3d 103 (3rd Cir. 2007), for example, the federal court of appeals addressed a False Claims Act (FCA) action against a university medical center. The relator alleged the medical center was reckless because it did not have a compliance system in place. After reviewing the record, the court concluded that the medical center did have compliance procedures and that the mere failure of a system designed to catch errors does not establish recklessness. Moreover, the court found that lack of recklessness was also demonstrated, at least indirectly, by the medical center hiring an outside consultant to help improve its compliance practices.

While compliance programs are an important shield when facing government investigations or an FCA complaint, contractors adopting a compliance program do need to ensure they actually comply with their own program. A contractor who ignores its compliance program is probably in a worse position than a contractor who has no compliance program at all.

The government also encourages the development and maintenance of compliance programs by considering them to be a cost of doing business. Thus, these expenses are generally allocable and allowable as indirect contract costs. A contractor compliance program consists of three basic elements: (1) a code of business ethics and conduct, (2) internal controls, and (3) mandatory disclosure requirements. The first element, a code of business ethics and conduct, is the subject of Part I of this article. The other two elements are addressed in Parts II and III, respectively. These components should be assembled together in a contractor compliance manual that is accessible to and used by company management.

Code of Business Ethics and Conduct

Contractor codes of business ethics and conduct are addressed in FAR 3.004(a). This provision requires that the clause at FAR 52.203-13 entitled “Contractor Code of Business Ethics and Conduct,” be inserted in solicitations and contracts if the value of the contract is expected to exceed $5 million and the performance period is 120 days or more. The clause recites that within 30 days after contract award, unless the contracting officer establishes a longer time period, the contractor is to have a written code of business ethics and conduct in place. This code is to be made available to each employee engaged in performance of the contract. In addition, the contractor is to exercise due diligence to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. FAR 52.203-13(b) (1) & (2). Contractors are also to include the substance of this clause in subcontracts that have a value in excess of $5 million and a performance period of more than 120 days. FAR 52.203-13(d).

The FAR does not say exactly what must be included in a code of business ethics and conduct. Indeed, the FAR Councils have noted that the specific issues that should be addressed in such a code may vary depending on the type of business. Generally speaking, a code of business ethics and conduct should address operational matters such as -

  • Product quality and safety 
  • Fair competition practices 
  • Accurate recordkeeping 
  • Equal opportunity and proper hiring practices 
  • Appropriate relations with customers and suppliers 
  • Dealings with foreign officials 
  • Political activities 
  • Conflicts of interest 
  • Handling of classified, proprietary and other confidential information 
  • Reporting violations of law

The code should also include a point of contact for questions.

Each contractor will, however, need to design a customized code reflecting its particular organization and the nature of its contracting activities. Contractors may find it advisable to retain legal counsel or another type of independent consultant to assist in crafting the code. Not only would this allow for an objective perspective on the contractor’s practices, engaging an outside expert will help demonstrate to the government and the courts the contractor’s commitment to compliance.

CLICK HERE to view the publication as published in the PACA Pulse winter 2013 newsletter.


Related Attorneys