In a span of two days, two separate agencies took action against contractor policies and agreements that may discourage whistleblowers.  On March 30, 2015, the U.S. Department of State Office of Inspector General (“State OIG”) issued a report contending that certain contractor policies and agreements have a “chilling effect” on whistleblowers.  On April 1, 2015, the Securities and Exchange Commission (“SEC”) imposed a fine of $130,000 on a contractor for requiring confidentiality agreements that allegedly impede individuals from disclosing securities law violations.   Given recent scrutiny, contractors should consider reviewing policies, procedures, forms, agreements, or practices that may impede employees’ ability to report instances of fraud, waste, and abuse.

As we discussed recently, the SEC’s April 1 order was based on a violation of SEC Rule 21F-17, which prohibits “imped[ing] an individual from communicating directly with [the SEC] about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement. . . .”  The contractor that received the fine required employees to sign a confidentiality agreement after discussions in internal investigations.  Specifically, the confidentiality agreement prohibited employees from “discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department.”  The SEC found that this provision, coupled with a statement that such impermissible disclosures may be grounds for termination, violated Rule 21F-17, even though it was not aware of any evidence that the provision had been enforced.

State OIG similarly took issue with certain contractor confidentiality agreements and policies.  State OIG, in analyzing the practices of the 30 largest State Department contractors, faulted 13 contractors for having policies that have “a chilling effect on employees who wish to report fraud, waste, or abuse. . . .”  Specifically, State OIG criticized policies instructing employees to “consult with the Legal Department” or their supervisor before answering government investigators’ questions or handing over documents, or requiring consultants receiving subpoenas or other judicial demands for contractor confidential information to provide “prompt written notice” to the contractor in order to permit the contractor from seeking a protective order.  State OIG also flagged separation and employment agreements that may have the same “chilling effect”—citing agreements prohibiting statements that could be “derogatory or detrimental to the good name or business reputation” of a contractor.

According to State OIG, following certain “best practices” might mitigate such chilling effects.  These best practices—which exceed the requirements of the Federal Acquisition Regulation (“FAR”) for many contractors—include creating an internal hotline for anonymous reporting, displaying hotline posters, incorporating FAR anti-retaliation provisions and notifications of the right to directly contact the Government in policies, and instructing employees to cooperate with Government audits or investigations.

This follows similar action by Congress to protect whistleblowers.  Prior to the passage of section 828 of the 2013 National Defense Authorization Act, which established a pilot program extending whistleblower protections to subcontractors, Department of Defense (“DoD”) subcontractors were not covered under whistleblower protections, and if a case of whistleblower retribution by a subcontractor was brought to the DoD’s Inspector General for administrative investigations, it would not have been investigated.  Importantly, that Act also stipulates that whistleblower rights and remedies cannot be waived by any agreement, policy or condition of employment, which could presumably include an overly broad confidentiality agreement.   Further, in December 2014, Congress passed the Consolidated and Further Continuing Appropriations Act, 2015.  That Act, at Div. E, title VII, § 743, prohibits any appropriated funds from being available for any contract, grant, or cooperative agreement with an entity that requires employees or contractors to sign confidentiality agreements prohibiting or “otherwise restricting” employees or contractors from lawfully reporting waste, fraud, or abuse.

These recent actions call into question some common industry practices, and expose a tension between rules encouraging the disclosure of fraud, waste, and abuse, and a company’s ability to protect privileged information discussed in the course of internal investigations performed to obtain legal advice.  For example, at issue in the SEC matter was a confidentiality provision in a form statement that the contractor used with company witnesses in internal investigation that directed employees to not share information from that interview without authorization of the Law Department or be subject to discipline up to and including termination.   Neither the State OIG report, nor the SEC order addresses the legitimate need of the contractor to maintain privilege in an internal investigation. In the meantime, however, contractors should consider taking steps to limit compliance risks while balancing the need to keep confidential information protected.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.