Company Compliance: Three Ways to Consider
Compliance is front-and-center in federal contracting. As our previous alert observed, many businesses are subject to federal compliance obligations. Compliance obligations require a choice of how to comply. There are multiple sources that give rise to compliance obligations, each requiring its own attention. Sometimes the obligation may be dynamic, such as obligations imposed by sanctions in aid of Foreign Policy or National Security goals. Nevertheless, there remain three primary ways that a company may deal with most, if not all, of its compliance obligations.
Let’s look at the three ways, in inverse order of safety from the enterprise perspective:
- Do Nothing
This is the riskiest approach, and therefore not recommended for any enterprise that intends to continue in business, or whose executives and principles do not favor orange jumpsuits as a form of dress. It is a variation of the question that Inspector Callahan (played by Clint Eastwood) frequently asked in the cinema classic Dirty Harry, “You gotta ask yourself, ‘How lucky do I feel?’”
Even if a business feels lucky or has indeed been lucky in the past, there are many factors that are inexorably squeezing the possibility of any real luck out of the process like a Burmese python – slowly and ever more tightly. Among those factors is the fact that the federal government is aggressively pursuing compliance. In fact, it is pressing compliance assurance to ever-lower tiers in the supply chain. In practical effect, that means that it is only a matter of time before a business will receive a knock on its door from a federal compliance auditor. That official will decidedly not be there to help. Quite the contrary.
The statutes of limitations, increasingly, are not available as a defense because of many legal circumstances. For example, each invoice submitted to the government (directly or through a prime contractor) while in non-compliance often is considered a separate violation. And the last invoice – the one submitted last month – may be considered a part of a “scheme” to defraud the government and thus trigger potential exposure to ever more draconian sanctions under statutes that bring along large potential for expensive legal issues. Even if a company, its executives, and its principals manage to achieve an agreement with the government not to prosecute (NPA), the expense of getting to that point alone will be punishing. And a Non-Prosecution Agreement itself most likely will require payment of substantial sums to the government. And an NPA will never include the resolution of administrative sanctions such as suspension or debarment, which will have to be dealt with separately. The process itself clearly is a punishment.
- Do It Yourself
This is a less risky approach than the first. No business, other than one or more of the truly big “Best in Class” contractors has a legion of lawyers or personnel dedicated solely to compliance. Even in those cases, one can find reports of non-compliance slipping through.
If compliance oversight is assigned to an existing company employee as an “additional duty,” that introduces an almost unavoidable weakness – one that the government itself recognizes. Besides all else, how confident can one really be that both the employee’s regular responsibilities and that additional duty get the full benefit of the time and attention that they require? It is unlikely in the extreme that both will receive that degree of attention, let alone a level commensurate with the seriousness each requires. There are many reasons for that.
In today’s competitive environment, labor remains the largest single cost of performance. Nevertheless, business today often is time constrained. When pressed for time, the human tendency is to shortchange something. It happens. There is only so much available time. Such constraints are of no concern to a compliance auditor.
If this approach is chosen, a rigorous approach to compliance is essential. An occasional issue that arises will be more easily resolved in the presence of documented rigor. Nothing will excuse a pattern of neglect or carelessness.
A far better choice would be to hire capable staff dedicated entirely to compliance.
- Hire a Service Professional
While this may only be seen as adding expense to an already constrained bottom line, it should be correctly viewed as essential as general business insurance expense. The annualized cost may seem high, but it is very likely that the total cost ultimately will be far lower than the expense of being out of compliance when that inevitable compliance auditor arrives for an unwelcome, extended visit.
WEBINAR: The Race to 2024: Politics and Social Media in the Workplace and Employer Rights.
Over the last several years, employers have seen and continue to see increased political activities from their employees at work and on social media platforms, including on business-related social media platforms, like LinkedIn. Managing employee expression causes unique challenges for employers and HR professionals, and in a General Election year, these challenges are likely to increase as the Presidential race, and other races, heat up.
Webinar: A Cookieless Future and Promise of PETs: A Primer on Privacy Enhancing Technologies
This webinar will explore PETs – we will define what they are, what problems PETs exist to address, and emerging PET standards including the National Institute of Standards and Technology (NIST) draft guidance on how to evaluate PET effectiveness. We will provide specific PET use cases and discuss how PETs may be utilized to address the phase out of third party cookies by certain browsers for purposes of targeted advertising.
WEBINAR: Cybersecurity Resilience in Law Firms
This webinar focuses on law firms seeking useful information about robust cybersecurity strategies to protect their clients, maintain ethical and legal compliance, and fortify their digital infrastructure.