Don’t Be Fooled by Fakes: Five Issues to Address in Complying with DOD’s New Counterfeit Electronic Parts Rule
Honest contractors never intend to be a pipeline for bogus electronic parts into the military's supply chain for complex weapons systems, but enough counterfeits have made their way into these systems to force the U.S. Department of Defense (DOD) to act. Last month, DOD published a far-reaching final rule on Detection and Avoidance of Counterfeit Electronic Parts that will require many contractors to implement systems to detect and eliminate counterfeit electronic parts from the DOD supply chain. See 79 Fed. Reg. 26,092 (May 6, 2014). We covered many of the key elements of the final rule, including important revisions that limited the scope of the rule, in a previous Alert. See DOD Issues Final Rule on Counterfeit Electronic Parts (May 6, 2014).
Industry critics continue to raise concerns about the details of the final rule, and contractors will no doubt face practical challenges in implementing the new requirements, but it is difficult to argue with DOD's ultimate objective of shoring up the integrity of its electronic parts supply chain. DOD's final rule includes important concessions that will relieve contractors from the risk of absolute liability for noncompliant electronic parts that was prominent in an earlier draft. Although the rule applies directly to only a subset of prime contractors who are subject to the Cost Accounting Standards (CAS), its broad flow-down requirement ensures that the clause will eventually be included in so many subcontracts and vendor agreements that it permeates DOD's electronic parts supply chain. This article addresses five questions that contractors should consider in implementing systems that will achieve the final rule's goals.
Is your company subject to the rule's requirements?
The final rule requires DOD to include a new DFARS 252.246-7007 clause in an array of prime contracts, including any for “(1) electronic parts; (2) end items, components, parts, or assemblies containing electronic parts; and (3) services where the contractor will supply electronic parts or components, parts, or assemblies containing electronic parts as part of the service,” unless the prime contract is a small-business set-aside. Although the clause may be included in a broad swath of prime contracts, it will apply only if the prime contractor is subject to CAS. Prime contractors who are not subject to CAS will not be obligated to comply with the clause or its flow-down requirement.
A different result obtains, however, for subcontractors and suppliers throughout the supply chain. When DFARS 252.246-7007 is included in a prime contract and applies to a CAS-covered prime contractor, the prime contractor is required to include the substantive provisions of the clause in all “subcontracts, including commercial item subcontracts for electronic parts or assemblies containing electronic parts.” Unlike for prime contracts, the application of the clause requirements would not be limited to CAS-covered contractors—it would apply to all subcontractors, at any tier, regardless whether the subcontractor is a small business or commercial item supplier. See 79 Fed. Reg. at 26,099 (clarifying DOD's position that the clause “do[es] apply to subcontracts for the acquisition of commercial items (including COTS items)”). Prime contractors that are subject to the rule will also have incentives to impose these obligations on their subcontractors and supply chain network in order to implement their own detection and avoidance systems and share the risks and burdens of the new rule.
The takeaway is clear: any contractor or vendor can be subject to DFARS 252.246-7007 if they are either (a) CAS-covered prime contractors that sell “end items,” “components,” or “parts” that “contain electronic parts” or “services” in which electronic parts are provided directly to the government, or (b) a subcontractor or supplier at any tier to one of those prime contractors. The direct application of DFARS 252.246-7007 may be targeted, but its ripple effect will likely be broad.
What is your company's risk profile?
DFARS 252.246-7007 requires covered contractors (prime and sub) to develop “risk-based policies and procedures” to detect and avoid counterfeit electronic parts in their supply chains. The risk-based approach affords contractors the flexibility to tailor systems to their unique risk profile and business needs, but contractors should be prepared to document a meaningful risk analysis that supports their risk assessment and the controls they ultimately adopt. A company's risk profile will turn on several factors, including the products and services it sells, the DOD customers and systems it supports, and the sources it uses throughout the supply chain.
How do current counterfeit detection and avoidance systems measure up against the requirements in DFARS 252.246-7007?
DFARS 252.246-7007 establishes a dozen “minimum system criteria” that a contractor's risk-based detection and avoidance system must address. These range from developing formal processes and procedures for identifying, capturing, and quarantining counterfeits and performing due diligence on suppliers to implementing training programs and managing flow-down requirements. At a minimum, contractors that will be subject to the new rule should undertake a robust review of existing processes and procedures and perform a gap analysis to identify whether and how these 12 “minimum system criteria” are addressed. It is likely that the rule will require most, if not all, companies to enhance or refine their existing systems and processes to accommodate the rule's minimum requirements; some contractors may need to implement new business systems from scratch.
Will your detection and avoidance system be evaluated during a purchasing system review?
Through the final rule, DOD has revised the DFARS purchasing system clause, 252.244-7001, to require contractor purchasing system reviews (CPSRs) to cover major elements of the contractor's system for detecting and avoiding counterfeit electronic parts (as required by DFARS 252.246-7007). DOD has also created a new “mini” CPSR for contractors subject to DFARS 252.246-7007 but not subject to CPSR under the existing DFARS 252.244-7001 clause: a new DFARS 252.244-7001 Alternate I provides for a CPSR that mirrors the procedure and standards set forth in the basic clause but that covers only the elements required for a contractors' system for detecting and avoiding counterfeit electronic parts.
As a result, all prime contractors subject to DFARS 252.246-7007 are now subject to some form of CPSR and thus could have their entire purchasing systems disapproved on account of “significant deficiencies” found solely in their detection-and-avoidance systems. That said, DFARS 252.244-7001 (basic and alternate) applies only to contracts awarded by DOD and is not a required flowdown to subcontractors. Thus, many DOD contractors may be required to have a system for detecting and avoiding counterfeit electronic parts because they are subcontractors subject to DFARS 252.246-7007, but will not have those systems subject to CPSR because the contractors do not hold any prime contracts with the DFARS 252.244-7001 clause.
Can you segregate costs related to counterfeit electronic parts and associated rework?
The final rule revised the DFARS to make expressly unallowable the costs of counterfeit electronic parts and suspect counterfeit electronic parts, as well as any rework or corrective action associated with such parts. Contractors accordingly should evaluate the readiness of their accounting systems to segregate costs incurred after discovering actual or suspected counterfeit electronic parts, including remedial and corrective actions. Contractors should implement all new and revised policies, procedures, training, and other controls necessary to ensure that such costs are properly segregated. Contractors also should ensure they are familiar with the narrow circumstances in which the DFARS revisions make these costs allowable so that if any safe-harbor circumstances arise, the contractor can avail itself of the cost relief.
Contractors should expect that any answers to these questions are just a start to meeting their obligations under the counterfeit electronic parts rule. Indeed, new regulatory guidance and requirements are already planned: DOD has opened a new DFARS case to propose refinements to the counterfeit-electronic parts rule, and other changes are under consideration for related FAR and DFARS requirements. No matter how these future regulations turn out, though, contractors should understand that DOD does not envision arriving at a silver-bullet solution that all contractors must implement uniformly. Contractors should act accordingly to identify the most effective system for their own unique supply chains based on the risks presented by their vendors and suppliers for the parts they provide. This is no doubt a complex and evolving task, and one that will require thoughtful attention and documentation to satisfy the requirements in DOD's counterfeit electronic parts rule.