With the federal government back to work, we saw several important federal initiatives continue in earnest in November. Two of these initiatives will have a tremendous impact on nonprofits’ reliance on federal grant and contract funds – the President’s cybersecurity efforts under Executive Order 13636 issued this past February, as well as the President’s efforts to curb human trafficking, based on an Executive Order from September 2012.
Also, keep an eye out in the coming weeks and months for the anticipated release of the Super Circular (the consolidation of the various Office of Management and Budget Circulars, which are the primary regulatory framework for nonprofits’ administration, cost principles, and audit practices as they relate to federal funds).
Cybersecurity Regulation of Grantees
On November 14-15, 2013, the National Institute of Standards and Technology (NIST) held a workshop at North Carolina State University on the preliminary Cybersecurity Framework (PCF). Venable attended this workshop, as well as all of the previous NIST workshops addressing the Framework.
Of particular interest to federal grantees is EO 13636's direction to the Department of Homeland Security (DHS) to "coordinate the establishment of a set of incentives designed to promote participation in the [voluntary program]." That being said, the vast majority of these incentives likely would require federal legislation to be realized. As a result, DHS stated at one of the topic-specific working sessions earlier this month that it only can offer "a very limited set of incentives" in the near term. Indeed, it appears that the only incentive mentioned by DHS that would be available at "launch time" in February 2014 is prioritization of support and technical assistance. Other "incentives" noted in the DHS presentation include continuing engagement with the insurance industry and private sector "to understand the role of insurance in organizational risk;" coordinating with the General Services Administration and the Department of Defense on procurement considerations; working to link existing federal grant programs to adoption of the Framework; discussing rate recovery for price-regulated industries with responsible state and federal agencies; and examining the potential for regulatory streamlining to promote adoption.
Consequently, while nonprofits may not be particularly focused on cybersecurity, much like several other social reform efforts of prior administrations, the President may use the procurement and non-procurement (i.e., grant) programs as a means of implementing cybersecurity protocol and requirements at large. Venable has tracked and written extensively on the development of the preliminary Cybersecurity Framework developed by NIST.
On September 25, 2012, President Obama issued Executive Order 13627, Strengthening Protections Against Trafficking in Persons in Federal Contracts. Comments were due this month on a proposed rule issued by the Federal Acquisition Regulation (FAR) Council to implement the President’s Executive Order.
In short, the proposed rule strengthens prior legislation by imposing several new and significant responsibilities on contractors and subcontractors to act affirmatively to prevent human trafficking and forced labor. First, the rule prohibits certain conduct, such as the:
- Destruction, concealment, confiscation, or denial (in any manner) of an employee’s access to their identity documents (e.g., passport, work visa, etc.);
- Use of misleading or fraudulent recruitment practices;
- Charge of recruitment fees to employees;
- Provision or arrangement of housing that fails to meet the host country safety standards;
- Failure to provide a written employment contract, recruitment agreement, or similar document in the employee’s native language; and
- Failure to pay return transportation costs upon the end of employment for those brought into the U.S. for the purpose of working on a U.S. government contract or subcontract.
In addition to the prohibited conduct, contractors and subcontractors must also:
- Protect and interview all employees suspected of being victims or witnesses to prohibited activities;
- Not hinder or prevent the cooperation of employees with government authorities; and
- Self-report to the agency inspector general if the contractor/subcontractor becomes aware of credible violations.
The failure to comply can result in significant penalties, including:
- Civil fines;
- Criminal penalties; and/or
- A listing in the Federal Awardee Performance and Integrity Information System (FAPIIS).
Thus, contractors and subcontractors in receipt of federally funded contracts should be mindful of these eminent requirements and develop a compliance program to meet these standards. Alternatively, with respect to nonprofits that receive their federal funds solely through federal grants (i.e., non-procurement), these requirements do not currently apply. However, such nonprofits should be mindful that it would be a natural extension for the non-procurement regulation to be updated to adopt similar standards in the future.