Coming not long after the issuance of its new internal policy guidance on counterfeit materiel, the U.S. Department of Defense (DOD) published on May 16, 2013 its first set of proposed regulations that would impose specific anti-counterfeiting obligations on defense contractors. These proposed regulations represent a partial implementation of Section 818 of the fiscal year (FY) 2012 National Defense Authorization Act (NDAA), which directed DOD to issue regulations making certain "covered" defense contractors responsible for detecting and avoiding the use or inclusion of counterfeit electronic parts in the products they supply to DOD. Defense contractors and their suppliers have been anxiously awaiting the proposed regulations, anticipating that DOD's regulations would begin to provide useful guidance regarding the types of processes and procedures contractors would need to adopt in order to have an "approved" counterfeit electronic parts avoidance and detection system.

This first set of proposed regulations, however, does little to add substance to Section 818's nebulous directives, instead largely parroting the statutory language as part of proposed new or amended Defense Federal Acquisition Regulation Supplement (DFARS) provisions or contract clauses. Even so, the regulations do provide some new guidance for contractors, as they indicate that DOD intends to evaluate contractor counterfeit avoidance and detection systems under the existing business systems rule, as a component of a contractor's purchasing system. The regulations also provide a definition of "counterfeit part" — a task that was left to DOD by Section 818, and one that DOD has fulfilled by proffering a definition that is so sweeping as to threaten to make "suspect counterfeit parts" out of any garden-variety quality issue in contract performance.

The proposed counterfeit electronic parts regulations are open for public comment through July 15, 2013, giving affected defense contractors and their suppliers the opportunity to be heard on whether and how the proposed regulations could be improved. This Legal News Alert discusses the key features of the proposed regulations and highlights several aspects of the regulations that may warrant comment by interested companies in the defense supply chain. A copy of DOD's proposed regulations is available here.

Definition of Electronic Parts

The proposed regulations adopt the same definition of "electronic part" found in Section 818(f) of the 2012 NDAA. Under that definition, an electronic part is "an integrated circuit, a discrete electronic component (including, but not limited to, a transistor, capacitor, resistor, or diode), or a circuit assembly." The duty to detect and avoid counterfeit electronic parts applies not only to companies that supply individual "electronic parts" (as that term is defined in the proposed regulations), but also to companies that supply products containing electronic parts.

Definition of Counterfeit Parts

The proposed regulations include three definitions of counterfeit parts, one of which is particularly troublesome for contractors in its breadth. Under the proposed regulations, a counterfeit part is:

  1. An unauthorized copy or substitute part that has been identified, marked, and/or altered by a source other than the part's legally authorized source and has been misrepresented to be from a legally authorized source
  2. An item misrepresented to be an authorized item of the legally authorized source
  3. A new, used, outdated, or expired item from a legally authorized source that is misrepresented by any source to the end-user as meeting the performance requirements for the intended use

The first definition tracks the definition of "counterfeit materiel" in the recently issued DOD Instruction (DODI) 4140.67, which establishes internal DOD policy and responsibilities regarding the prevention and detection of counterfeit materiel. That consistency makes sense, in that DOD understandably would want contractors to apply the same definition of "counterfeit" as DOD applies in establishing its own internal anti-counterfeiting policies and procedures. Yet the proposed regulations do not stop with that first definition, but instead offer two additional categories of "counterfeit" parts. It is not clear why DOD believes these additional categories of counterfeit parts should be addressed by contractor systems, when they would not necessarily fall within the definition of "counterfeit materiel" in DOD's own internal anti-counterfeiting policy guidance.

The third definition of counterfeit part in the proposed regulations is particularly problematic for contractors and their suppliers, because it sweeps so broadly and would arguably encompass any non-conforming part — even new, unused, genuine parts from the original manufacturer — that are discovered to have a quality issue and therefore fail to meet "the performance requirements for the intended use." Section 818 did instruct DOD that its definition of counterfeit electronic parts should include "previously used parts represented as new," but if giving effect to that congressional directive is what DOD intended to accomplish through its third definition, DOD far overshot the mark. Rather than limiting itself to previously used parts, the third definition includes new parts, and would label them as "counterfeit" simply for failing to meet the performance requirements for the intended use, despite a representation that they would do so. In other words, a garden-variety quality issue could now potentially be characterized as a counterfeit part (or, at least, as a suspect counterfeit part), if the non-conforming part had been supplied with a certificate of conformance representing it as meeting specification or contract requirements. Such a result would carry with it potentially devastating financial consequences for contractors and their suppliers, given the unallowability of costs associated with investigating, repairing, or remediating suspect counterfeit and suspect counterfeit electronic parts.

Covered Contractors

Technically, the proposed regulations apply directly only to contracts (and hence contractors) that are subject to the Cost Accounting Standards (CAS) — what Section 818 referred to as "covered contractors." Yet that limitation does not insulate smaller companies or companies that are not themselves subject to CAS coverage from the impact of these rules. One of the requirements of the regulations is that CAS-covered contractors flow these anti-counterfeiting requirements down throughout their supply chains. Thus, any company supplying electronic parts, or products containing electronic parts, to one of the major defense contractors — or even to a company that is in one of the major defense contractors' supply chains — will likely be confronted with purchase order terms and conditions requiring the adoption and implementation of similarly complex procedures to detect and avoid counterfeit electronic parts. Those purchase order terms and conditions will likely also include requirements that the supplier provide certifications of authenticity of supplied parts and indemnify the upstream customer for any damages resulting from the later discovery of a counterfeit or suspect counterfeit electronic part in the products supplied, a degree of potential liability that many downstream suppliers (particularly smaller firms or commercial item suppliers) may not be willing to assume.

DOD appears not to appreciate the extent to which these burdens will ripple through the defense supply chain to reach small businesses, as the Regulatory Flexibility Act analysis accompanying the proposed regulations blithely posits that the impact of these regulations on small businesses "should be negligible as long as the small entity is not supplying counterfeit electronic parts to the prime contractor." This statement fails to account for the expense and burden a small entity — or any entity in the defense supply chain — must incur to ensure that it is not supplying counterfeit electronic parts, burdens that include increased training of personnel, enhancements to the entity's purchasing, quality, and materials management systems, and increased demands for indemnification of potentially enterprise-threatening liability associated with the costs of investigating and/or remediating counterfeit or suspect counterfeit parts that escape detection even under a rigorous anti-counterfeiting program. Small businesses in the defense supply chain may wish to take the opportunity to comment on the proposed rules to help educate DOD on the impact these requirements will have on them.

Evaluation as Part of a Contractor's Purchasing System

At the prime contract level, DOD proposes to evaluate a contractor's counterfeit electronic parts avoidance and detection system as part of its approval of the contractor's purchasing system under the business systems rule for CAS-covered contractors. CAS-covered contractors are already required to undergo periodic evaluations and audits of six types of business systems, with the possibility of withholds of a percentage of contract payments if one or more system is identified as having a significant deficiency.

Section 818 had mandated that DOD establish processes for reviewing a contractor's counterfeit parts avoidance and detection system that would be "comparable to the processes for established for contractor business systems." Given that directive, it was widely assumed that DOD either would treat the counterfeit parts avoidance and detection system as a new, seventh type of business system, or would attempt to evaluate the counterfeit avoidance and detection system as a component of one or more of the six existing business systems. DOD elected the latter approach and proposes to treat the counterfeit avoidance and detection system as an element of a contractor's purchasing system.

Some elements of a counterfeit electronic parts avoidance and detection system fit neatly within the "purchasing system" context — for instance, the procedures regarding qualification and use of "trusted suppliers" and the requirements to ensure that counterfeit avoidance and detection responsibilities are flowed down to suppliers. However, other elements of the counterfeit avoidance and detection system are not so much a purchasing issue, as a quality or material management issue — for example, the contractor's processes for the inspection and testing of electronic parts, or for the reporting and quarantining of counterfeit and suspect counterfeit electronic parts. Thus, notwithstanding DOD's proposal to treat counterfeit avoidance and detection as an element of the contractor's purchasing system, contractors should be prepared to make appropriate changes to any of their supply chain management systems impacted by the proposed regulations — particularly their quality systems — and should not treat counterfeit parts prevention as purely a purchasing system issue.

Required Elements of a Contractor Counterfeit Parts Avoidance and Detection System

The proposed regulations identify nine required elements of a contractor's counterfeit electronic part avoidance and detection system. The contractor's system must address:

  1. The training of personnel
  2. The inspection and testing of electronic parts, including criteria for acceptance and rejection of parts
  3. Processes to abolish counterfeit parts proliferation
  4. Mechanisms to enable traceability of parts to suppliers
  5. Use and qualification of trusted suppliers
  6. The reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts
  7. Methodologies to identify suspect counterfeit parts and to rapidly determine if a suspect counterfeit part is, in fact, counterfeit
  8. The design, operation, and maintenance of systems to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts
  9. The flow down of counterfeit avoidance and detection requirements to subcontractors

Contractors have known since the adoption of Section 818 that their counterfeit avoidance and detection systems would need to address these nine areas, as this list recites, nearly word-for-word, the requirements for contractor systems spelled out in Section 818(e). What contractors have not known — and what the proposed regulations fail to identify — are the standards or criteria DOD intends to use to determine whether a contractor's system adequately addresses one of these nine required areas. For example, while the regulations mandate that a contractor use and qualify a system of "trusted suppliers," they provide no guidance as to what procedures contractors can or should use to "qualify" a supplier as "trusted." Nor do the proposed rules identify criteria for determining whether a contractor's "methodologies to identify suspect counterfeit parts" are sufficient.

Presumably, such criteria will be promulgated as part of the "standardized guidelines for contractors to employ in their processes for the detection and avoidance of counterfeit materiel into the DoD supply chain" referenced in the recently issued DODI 4140.67. The Defense Contract Management Agency (DCMA) will then use those guidelines as a checklist in evaluating a contractor's counterfeit electronic parts avoidance and detection system as part of DCMA's review of the contractor's purchasing system. DODI 4140.67 charges the Under Secretary of Defense for Acquisition, Technology and Logistics with identifying and establishing those standardized guidelines, but it is not clear from DODI 4140.67 whether DOD intends to follow notice-and-comment rulemaking procedures in adopting those guidelines, which would be necessary to afford contractors an opportunity to weigh in on, and possibly help shape, the standards against which their systems will be evaluated.

Unallowability of Costs to Remedy Use or Inclusion of Counterfeit and Suspect Counterfeit Electronic Parts

A key concern for contractors, and one not fully addressed by the limited "safe harbor" provision added in the FY 2013 NDAA, is that Section 818 allocates essentially all of the financial risk of counterfeit electronic parts prevention to contractors. Counterfeiters are using increasingly sophisticated methods to attempt to stay ahead of industry best practices for counterfeit detection. Even the best counterfeit avoidance and detection system is unlikely to be foolproof. Section 818 recognized these limitations — at least with respect to DOD itself — by instructing DOD to adopt internal counterfeit prevention policies and procedures that would "implement a risk-based approach to minimize the impact of counterfeit electronic parts or suspect counterfeit electronic parts." Section 818(b)(2) (emphases added). Contractors, on the other hand, were to be required to "establish policies and procedures to eliminate counterfeit electronic parts from the defense supply chain" — essentially, a zero tolerance approach. Section 818(e)(2)(A) (emphasis added).

That "zero tolerance" approach manifested itself in Section 818(c)'s directive that DOD define the cost of counterfeit electronic parts and suspect counterfeit electronic parts, and the cost of rework or corrective action that may be required to remedy the use or inclusion of such parts, as unallowable costs under DOD contracts. Defense contractors urged the U.S. Congress to reconsider the harshness of what amounts to a strict liability regime by affording contractors a "safe harbor," under which their costs would be allowable if the counterfeit part was included in government-furnished property (GFP), or if the contractor had a DOD-approved counterfeit electronic part avoidance and detection system and had obtained the part from an approved source. Congress did adopt a limited "safe harbor" provision in the FY 2013 NDAA, albeit one that was far narrower than contractors had sought. Under Section 833 of the FY 2013 NDAA, a contractor can recover the costs of rework or corrective action related to a counterfeit or suspect counterfeit part only if: (i) the counterfeit or suspect counterfeit electronic part was provided to the contractor as GFP; (ii) the contractor has in place a DOD-reviewed and -approved system to detect and avoid counterfeit and suspect counterfeit parts; and (iii) the contractor provides timely notice to the government of the discovery of the counterfeit or suspect counterfeit part. The use of the conjunctive "and," rather than the disjunctive "or," indicates that Section 833's "safe harbor" is only available if all three of the conditions are met.

While DOD arguably has the authority to expand upon the limited "safe harbor" Congress carved out in the FY 2013 NDAA, its proposed regulations do not do so. Instead, the proposed new DFARS section 231.205-71 tracks the provisions of Section 818(c), as amended by Section 833 of the 2013 NDAA. As noted above, this essentially creates a strict liability regime for contractors with respect to counterfeit or suspect counterfeit electronic parts that escape detection even under a rigorous and DOD-approved counterfeit avoidance and detection system. Unless the contractor is fortunate enough to have been provided the counterfeit as part of GFP, the contractor alone bears the financial consequences of any counterfeits that escape detection even under DOD-approved or industry best practice counterfeit detection systems.

It is not clear from the scope of the proposed cost principle whether the costs of forensic analysis or other testing on a suspect counterfeit part will be considered allowable if such testing establishes that the part was not, in fact, counterfeit. DOD could take the position that such testing falls within the scope of "corrective action that may be required to remedy the use or inclusion of a suspect counterfeit part," and is therefore unallowable notwithstanding that the test results proved the part to be genuine. Another issue not explicitly addressed in the proposed regulations, but which would be of concern to contractors, is whether DOD intends to apply this new cost principle retroactively, to disallow the costs of rework or corrective action on products that were delivered before the adoption of the Section 818 regulations. Contractors did not have the opportunity to account for the potential liability of these unallowable costs when they negotiated or set their rates for those prior contracts, and they may also have limited recourse against the particular supplier who supplied the counterfeit part if their purchase order terms and conditions did not specifically address this type of then-unforeseen liability.

Comment Opportunity on the Proposed Contractor Regulations

The public has the opportunity to submit comments on DOD's proposed regulations until July 15, 2013, and — as detailed above — several aspects of the proposed regulation are ambiguous or potentially troubling to contractors and their suppliers, large and small. Companies concerned about aspects of the proposed regulations or about DOD's implementation of Section 818 should strongly consider filing comments on the proposed regulations to apprise DOD of their concerns and to advocate for changes or refinements in the final regulations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.