New Federal Regulations Require Contractors to Have Compliance Programs

New Federal Regulations Require Contractors to Have Compliance Programs

October 1, 2008

By Dean B. Thomson

All contractors are, of course, required to abide by federal laws, but as of December 24, 2007, the federal government has added a new requirement for contractors working on federal government contracts in excess of $5 million: they must create and maintain programs designed to ensure compliance with federal law.

While these compliance programs are only requirements for federal contracts above a certain size, it is prudent to establish such programs for state and local projects as well as private construction work. State and local governments that choose to award contracts on the basis of “best value” may use the existence of compliance programs as a means to differentiate between competing proposals.In addition, compliance programs that satisfy the federal requirements will be relevant in determining whether a contractor has complied with its standard of care on state, local, or private construction projects.

This Briefing Paper will review the new federal requirements for an ethics and compliance program and conclude with how and why to establish one.


New Federal Compliance Program Requirements, Effective Dec. 24, 2007

In the new Federal Acquisition Regulation (“FAR”)[1] 3.10, contractors who:

·receive a federal government contract award in excess of $5 million[2]

·with a performance period of at least 120 days[3]

must abide by the following requirements:

Code of ethics and business conduct. Within 30 days after the award of the qualifying contract, the contractor must have a written code of ethics and business conduct.[4]

1.  If 30 days is insufficient, the Contracting Officer[5] may extend the time.[6]

2.  A copy of the code must be provided to “each employee engaged in the performance of the contract.”[7]

3.  The contractor “shall promote compliance with its code of business ethics and conduct.”[8]

Employee training program. Within 90 days after the award of a qualifying contract, the contractor must have instituted “an ongoing business ethics and business conduct awareness program.”[9] The time period may be extended by the Contracting Officer.

Internal control systems. Within 90 days after the award of a qualifying contract, the contractor must have instituted an “internal control system.”[10] Again, the time period may be extended by the Contracting Officer.While the regulations are not clear on what this system must be, they state that it must:

1.  Facilitate timely discovery of improper conduct in connection with Government contracts” and 2. “Ensure corrective measures are promptly instituted and carried out.”[11]

The regulations state (as a nonexclusive list) that the internal control system should provide for[12]

1.  Periodic reviews of company business practices, procedures, policies, and internal controls for compliance with (1) the Contractor’s code of business ethics and conduct and (2) the special requirements of Government contracting;

2.  An internal reporting mechanism, such as a hotline, for whistleblowing employees;

3.  Internal and/or external audits, as appropriate; and

4.  Disciplinary action for improper conduct.

In general, the regulations state that the employee business ethics and compliance training program and internal control system should:[13]

1.  Be suitable to the size of the company and extent of its involvement in Government contracting;

2.  Facilitate timely discovery and disclosure of improper conduct in connection with Government contracts; and

3.  Ensure corrective measures are promptly instituted and carried out.

Hotline posters. Contractors must display, in “common work areas,” posters informing employees of hotlines the employees can call to report fraud.[14] These hotlines include any hotlines required by the Department of Homeland Security, as well as Agency fraud hotlines or the contractor’s own reporting hotline, if the contractor has such a hotline.

Requirements of subcontractors. Prime contractors are required to include the requirements of these regulations in any subcontracts (including purchase orders, by implication) that meet the threshold requirements (i.e. that are for at least $5 million and have a performance period of at least 120 days).[15]

Additional Changes Proposed

It is important to note that more rules have been proposed and are currently being considered for addition into this section of the FAR. The FAR Council proposed these additional regulations in November of 2007 although they are not yet adopted.They would require more controversial measures, including:

Self-reporting requirements. Contractors would be required to “self-report” violations of federal laws, including criminal and subcontractor violations. Failure to do so could result in suspension or debarment, or other remedies. Contractors would also have to report “overpayment on a Government contract.”These requirements would be of questionable constitutionality, since they would arguably require self-incrimination on the part of employees. They would also obviously require delicate balancing – how much suspicion of a violation would a contractor need in order to be required to report? Furthermore, if an attorney’s advice were sought in regard to a potential violation, it is questionable whether the attorney-client privilege would protect the communication.

Exclusion of “principals”. Contractors would have to make “reasonable efforts” to exclude from their companies “principals” who due diligence would have exposed as having engaged in conduct that is illegal or otherwise in conflict with the contractor’s code of business ethics and conduct.

The FAR Council must by law consider and respond to all comments made on these proposed regulations. If you wish to submit comments on these proposed regulations you can do so at

Compliance Programs are a Good Idea Even if the Law Doesn’t Require One

While the new federal regulation applies (thus far) only to contractors working on federal contracts larger than $5 million, it is a good idea for contractors to have a compliance program even if they are not required to do so by law. Some reasons include:

·A compliance program should actually help ensure compliance on both federal and state projects thereby reducing a contractor’s exposure to fines and claims.

·Many state regulatory fines and penalties are reduced if the contractor has an active compliance program that evidences that the contractor is making an effort to ensure compliance with state and local statutes and regulations.

·The federal regulations’ compliance program requirements are likely to be referred to as the standard of care for contractors even if the federal regulation is not binding in the case in question. Thus, in a state negligence case, the fact that a contractor had a compliance program involving the claim at issue that satisfied the federal regulations would be important evidence that the contractor satisfied the industry standard of care.

·A compliance program will likely be taken into account by government officials as a positive factor in best value procurement. Now that public entities are looking for ways to differentiate between companies on factors other than price, the existence of a compliance program can be a competitive advantage in the state and local public bidding market.


Given the current political concern with corruption in procurement, more government investigation of compliance can be expected on both the federal and state level. Therefore, contractors would be well-advised to create a compliance program not only to ensure compliance, but also to provide a strong defense in case accusations of non-compliance are made. To help clients craft appropriate programs for their specific company, our firm has created an Ethics and Compliance Program practice group. Please contact the authors for more details.

[1]The Federal Acquisition Regulations are a set of federal regulations that govern federal government purchasing. They are generated and issued jointly by the Department of Defense, the U.S. General Services Administration, and the National Aeronautics and Space Administration. They are codified at 48 C.F.R. 1, but at this time the amendments to FAR 3.10 discussed herein do not appear to have been codified yet.

[2]This does not appear to include state contracts that are federally funded.

[3]There are two exceptions: contracts for “commercial items” and contracts to be performed out of the United States are not subject to these new rules.

[4]FAR 3.1004(a), FAR 52.203-13.

[5]“Contracting officer” means a person with the authority to enter into, administer, and/or terminate contracts and make related determinations and findings.FAR 2.101.

[6] FAR 52.203-13(b)(1).

[7]FAR 52.203-13(b)(1)(ii).

[8]FAR 52.203-13(b)(2).

[9] FAR 52.203-13(c)(1). This does not apply if “the Contractor has represented itself as a small business concern pursuant to the award of [the] contract.”

[10] FAR 52.203-13(c)(2). Again, this does not apply if the Contractor has represented itself as a small business concern pursuant to the contract award.

[11]FAR 52.203-13(c)(2)(i).

[12]FAR 52.203-13(c)(2)(ii)

[13]FAR 3.1002(b).

[14]FAR 52.203-14(b)-(c).

[15]FAR 52.203-14(d); FAR 52.203-13(d).