Pursuant to a legislative mandate, the US Department of Defense (DoD) has issued an expansive rule (the Rule) aimed at protecting DoD systems of all types from “counterfeit” and “suspect” electronic parts (all references to “parts” in the following discussion are to electronic parts). The Rule, issued in final form on May 6, 2014, applies to DoD prime contractors and is required to flow down to all subcontractors and suppliers throughout the supply chain.
The Rule is one of four that are being developed to implement Section 818 of the 2012 National Defense Authorization Act. The Rule requires prime contractors to create and maintain acceptable systems and internal control procedures to detect and avoid counterfeit parts. These systems and procedures are also required to flow down to subcontractors and suppliers at all tiers that have any role in the buying or selling of electronic parts, assemblies containing such parts or in testing of parts. Prime contractors that fail to provide and maintain acceptable systems are at risk for substantial losses—such as withholding of contract payments, disallowance for costs of the counterfeit part and the costs of rework or corrective measures—as well as potential fraud claims.
The Rule applies to counterfeit electronic parts and suspect counterfeit electronic parts. A “suspect” part is defined as one for which “credible evidence (including visual inspection)” provides “reasonable doubt” that the part is authentic. A contractor’s system is required to include “risk-based policies and procedures” that address 12 areas. The Rule does not provide the risk-based polices and procedures, but leaves it to the contractor to determine risk and how to address it with appropriate systems. The practical effect is to confer substantial discretion on Government contracting personnel and auditors who review these systems to make judgments about their effectiveness and compliance. The areas to be covered by a contractors systems and, thus, flowed down for coverage by subcontractor/supplier systems include:
- Inspection and testing, which must be performed in accordance with “accepted Government- and industry-recognized techniques” selected by the contractor to minimize risk to the Government. DoD recognizes that it is impossible to test every part. Risk components include: (i) the risk of receiving a counterfeit part, (ii) the probability that it will be detected and (iii) the potential negative consequences of a counterfeit being installed (e.g., safety and mission success).
- Processes to abolish counterfeit parts proliferation.
- Processes for maintaining electronic part traceability. The processes are to enable tracing the supply chain back to the original manufacturer (whether the part is discrete or contained in an assembly). Traceability “shall” include certification, documentation, clear identification of the intermediaries from the manufacturer to the direct source of the product for the seller and, if possible, the manufacturers’ batch identification. Item Unique Identification IUID marking is not required, but is permitted. DoD states that with regard to mission-critical electronic parts and parts that could impact human safety it has a “zero-tolerance policy.”
- Use of suppliers that are the original manufacturer (OEM), or sources with express written authority of the OEM. For many defense systems, obsolete parts are an issue as the defense platform life exceeds the electronic part life. For parts that are not available from the preferred sources, contractors and subcontractors must develop detection and avoidance system criteria for other suppliers that comport with the Rule. DoD states that it views obsolescence control as a contractor responsibility.
- Processes for reporting and quarantining of counterfeit and suspect counterfeit parts. Reports must be made to the Government Contracting Officer and to the Government-Industry Data Exchange Program (GIDEP) whenever the contractor or subcontractor “becomes aware of or has reason to suspect that” a part purchased by or for the DoD contains a counterfeit or suspect part. Further, such parts “shall not” be returned (unless determined to be authentic).
- Procedures for “rapidly” determining if a part is counterfeit.
- Screening processes for GIDEP reports and processes for “keeping continually informed” about trends, including detection and avoidance techniques.
- Control of obsolete parts to maximize the availability and use of “authentic,” originally designed and qualified parts throughout the product’s life.
One of the additional rulemakings that is underway will address expansion of reporting requirements. While not yet clear, at least currently there is no guidance regarding how the Rule is to interact with the current Mandatory Disclosure provisions of the Federal Acquisition Regulation (FAR), which require contractors to self report if they have, among other things, “credible evidence” of a civil False Claims Act violation. The Rule’s commentary suggests that counterfeit part reporting should not be within the ambit of the Mandatory Disclosure requirements, but guidance is not provided.
The Rule has the potential to expose contractors and subcontractors to new compliance investigations, as well as new false claims actions. For commercial suppliers, these risks are new and the Rule is likely to require enhanced internal controls and compliance programs.