New DFARS Clauses Raise Spectre of FCA Liability For Use of Overly Broad Confidentiality Agreements
On October 29, 2015, the Department of Defense (DOD) added two new clauses to the Defense Federal Acquisition Regulation Supplement (DFARS), which raise the potential for liability under the False Claims Act. The new clauses, DFARS 252.203-7996 and 252.203-7997, were added to comply with the Consolidated and Further Continuing Appropriations Act, 2015, Pub. L. 113-235, div. E, tit. VII, § 743 (2014), and subsequent appropriations acts, which prohibit the use of appropriated funds for federal government contracts with businesses that restrict employee whistleblowing to authorities.
The New Clauses
DFARS 252.203-7996(a), which is intended to be included in virtually all DOD solicitations, notifies potential offerors that appropriated funds may not
be used for a contract with an entity that requires employees or subcontractors of such entity seeking to report fraud, waste, or abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or contractors from lawfully reporting such waste, fraud or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information.
The clause further states that, by submitting an offer, the contractor represents that it does not require employees to sign a confidentiality agreement with this kind of restriction. DFARS 252.203-7996(b).
DFARS 252.203-7997, which is included in essentially all DOD contracts, similarly prohibits contractors from restricting the lawful reporting of waste, fraud, and abuse. See id. 252.203-7997(a). This clause further states that the contractor must notify employees that any language in the company’s existing confidentiality agreements that would be “covered by this clause” is no longer in effect. Id. 252.203-7997(b).
These clauses currently apply only to defense contracts subject to the DFARS (including FAR part 12 procurements); however, because the 2015 Appropriations Act applies to federal contracts generally, it is likely that similar clauses will be added to the FAR in the future.
Because these clauses are so new, there have not yet been any enforcement actions to show how they might be interpreted or enforced. That said, it is not unreasonable to think that violation of these clauses could result in, among other things, the loss of a contract award due to either a bid protest or non-responsibility determination; default termination of existing contracts; suspension or debarment; and potential liability under the False Claims Act if the contractor submits invoices for payment in breach of its representation regarding compliance. See id. 252.203-7996(b). In addition, it is possible that the government could refuse payment for work that has already been performed, or try to claw back money that has already been paid. Subsection (d) of DFARS 252.203-7997 seems to contemplate this possibility.
Examples From Other Contexts
Examples from other contexts that show how the clause might be interpreted. For example, as we previously reported here, on April 1, 2015, the SEC issued a cease-and-desist letter to KBR, Inc. based on its use of an overly restrictive employee confidentiality requirement. In that case, KBR received a complaint from an employee about potentially illegal or unethical conduct by KBR or its employees. As part of its internal investigation, KBR required employees that were interviewed (including the employees who originally lodged the complaint) to sign a confidentiality agreement that stated the following:
I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.
The SEC charged KBR with violating SEC Rule 21F-17, a whistleblower protection rule adopted under the Dodd-Frank Act, by requiring employees to sign the confidentiality agreement. Without admitting or denying the charges, KBR consented to the entry of a cease-and-desist order. The order states that KBR has amended its confidentiality agreement to state that it does not prohibit employees from reporting possible violations of federal law or regulation to any governmental agency or entity, without prior authorization. KBR also agreed to pay a civil monetary penalty of $130,000 to the SEC.
Contractors Should Review Their Confidentiality Agreements To Ensure Compliance
Contractors should consider whether the language of their current confidentiality agreements potentially run afoul of these new DFARS clauses. For example, an employment agreement might contain the following employee promise regarding confidential information:
Both during and after my employment, I will maintain in confidence all Confidential Information and will not disclose Confidential Information to any person without my employer’s prior written permission, except to my employer’s other employees who require it to perform authorized duties, or to the extent required by law, on condition that I will notify my employer in writing prior to disclosure. The obligations of this paragraph survive perpetually.
While it is unlikely that a contractor using this language would intend for it to restrict the lawful reporting of waste, fraud, and abuse, a literal reading of this language arguably has that effect. A possible solution would be adding language to the confidentiality agreement clarifying the employee’s right to report misconduct to appropriate government officials. We recommend that companies that contract with DOD examine their confidentiality agreements in light of this new law.