COVID-19 Resources

The Challenges Government Contractors Face Maintaining a Compliant Supply Chain

Written by Giacomo Apadula on June 30, 2017

Risk Management for Contractors, Part 1

As government contractors expand their supply chains across international borders, supply chain risk management is gaining the attention of the industry and U.S. regulators alike. Heightening regulation across industries requires contractors to effectively monitor their supply chains from end to end and manage risk each step of the way. The stakes have never been higher: Penalties for non-compliance can be devastating to operations.

New rules and restrictions continue to develop and evolve, escalating the responsibility defense contractors have to closely govern their own, as well as their subcontractors’, supply chains. For example, as part of its efforts to stem the flow of counterfeit electronics in its supply chain, the Department of Defense (DOD) issued a Final Rule in 2014 that requires DOD contractors to establish a risk-based counterfeit electronic parts detection and avoidance system in 12 enumerated areas. The rule was introduced partly as the result of an investigation commissioned in 2011 by the Senate Armed Services Committee, which found approximately 1,800 cases of suspected counterfeit electronic parts in military equipment over a two-year period. In August of this year, DOD amended this rule further to instruct contractors on how to implement these systems while adding substantive sourcing restrictions. As production and procurement grows more globalized and complex, it’s as critical as ever for prime and subcontractors to secure their supply chains against an array of ever-evolving compliance risks.

Read on for an overview of the Contractor Purchasing System Review, which governs contractor systems for working with subcontractors. As mentioned above, we’ll then look more closely at the new counterfeit parts rules and examine how the existing country of origin restrictions fit into contractors’ supply chain risk management efforts. In Parts 2 and 3 of the series, we’ll also examine human trafficking rules, export controls and other compliance hurdles government contractors might face in managing their supply chain.

What is a Contractor Purchasing System Review, and what are the risks?

A Contractor Purchasing System Review (CPSR), defined in FAR 44.101, evaluates the effectiveness and efficiency of a contractor’s system for purchasing materials and services, as well as the contractor’s compliance when engaging and managing subcontractors. A CPSR can be triggered at any point when a contractor’s sales to the U.S. federal government exceed $25 million during the following 12 months (excluding competitively awarded fixed-price contracts and sales of commercial items pursuant to FAR Part 12).

Unsatisfactory findings from the CPSR could pose substantial risks to a contractor. Based on the results of the CPSR, the Administrative Contracting Officer (ACO) can grant, withhold or withdraw approval of contractor’s procurement system. If approval is withheld or withdrawn, the contractor must submit a corrective action plan. In the meantime, their ability to conduct business could be materially affected until the deficiencies are corrected.

During the CPSR, purchasing systems under defense contracts are evaluated according to 24 criteria outlined in DFARS 252.240-7001(a). If the purchasing system is deemed significantly deficient by the contracting officer in one or more of the 24 criteria, the system will be deemed “unacceptable” according to DFARS 252.244-7001, and the contractor will then have 45 days to fix the problem or submit a corrective action plan. The government may also include contract clauses that allow the CO to withhold payments up to 10 percent of amounts due until deficiencies are corrected.

To minimize risk of deficiencies, review the 24 criteria listed in DFARS 252.244-7001(c) and in FAR 44.202-2 and 44.303, and use them as a checklist to evaluate your purchasing system and ensure it would be deemed adequate during a CPSR. Items to evaluate include—but are not limited to—the following:

  1. Inclusion of appropriate flow down clauses
  2. Appropriateness of types of subcontracts used

iii. Methods of evaluating subcontractor responsibility and past performance

  1. The documentation, systems and procedures the contractor has established to protect the federal government’s interests
  2. Policies and procedures pertaining to small business subcontracting programs
  3. Compliance with Cost Accounting Standards (if applicable) in awarding subcontracts

vii.Planning, award and management of major subcontracts

New Counterfeit Parts Legislation

As touched on briefly above, on August 2, 2016, the DOD published amendments to its rule, “The Detection and Avoidance of Counterfeit Electronic Parts,” DFARS (Case 2014-D005). These amendments enhance the original rule published on May 6, 2014 and codified in DFARS 252.246-7007. The new rule aims to ensure that DOD contractors and subcontractors obtain electronic parts from trusted suppliers. The new rules are also designed to give authority to contractors to identify and use additional trusted suppliers (subject to certain conditions).

The rule applies to all DOD sources of electronic parts, including contractors and subcontractors, by mandatory flow down, including sources of commercially available off-the-shelf (COTS) items and small businesses. For additional specifics on the scope of the Rule, please see page 9 for our Regulatory Update.

The government reviews contractors’ compliance with the Counterfeit Electronic Parts rule through the CPSR, and if it identifies a “significant deficiency”—i.e., a shortcoming in the system that materially affects the ability of DOD to rely on the purchasing system—the government can disapprove the contractor’s purchasing system or withhold payment.

Under DFARS 231.205-71, costs incurred in remedying the use of counterfeit or suspected counterfeit electronic parts are expressly unallowable, unless the contractor’s system for detecting and avoiding counterfeit electronic parts has been reviewed and approved, or the counterfeit or suspect counterfeit electronic parts are government-furnished, and the contractor provides notice within 60 days of becoming aware of the counterfeit or suspect counterfeit electronic part.

The new rule specifies a number of actions a prime contractor may take to mitigate risk, including:

  1. Relief when flow down is rejected: The rule specifies actions that may be taken when counterfeit prevention clauses are rejected by, for example, COTS electronic assembly manufacturers. Prime contractors are now given relief by notifying the contracting office in instances when flow down is rejected by a subcontractor; allowing contractor inspection, testing and authentication of the part; and making documentation of inspection, testing and authentication available upon request.
  2. Contractor-approved suppliers: Where parts are unavailable from original sources, prime contractors may use “contractor-approved suppliers.” This means a contractor may use a supplier that does not have a contractual agreement with the original component manufacturer for a transaction, but that has been identified as trustworthy by a contractor or subcontractor.
  3. Notice: DOD contractors and subcontractors that are not the original component manufacturer are now required to notify the contracting officer if it is not possible to obtain an electronic part from a contractor-approved supplier; i.e., if parts are obtained from non-contractor-approved suppliers due to non-availability, refusal to accept flow down clauses or inability to confirm that parts are new. The notice must be in writing and backed by appropriate documentation upon request.
  4. Traceability: The rule establishes contractor responsibility for inspection, testing and authentication if traceability is not possible. The contractor must maintain documentation of either traceability or the inspection, testing and authentication of these parts.
  5. Industry Standards & Processes: For those instances where the prime contractor obtains electronic parts from sources other than a contractor-approved supplier, the contractor is responsible for inspection, test and authentication in accordance with existing applicable industry standards.

Country of Origin Restrictions

Related to identification and elimination of counterfeit or suspected counterfeit parts, several statutes and regulations restrict the government’s purchase of foreign products, supplies or services. Key restrictions that can pose risks and significantly impact contractors’ supply chain management include the Buy American Act (BAA) and the Trade Agreements Acts (TAA).

  • The BAA restricts, but does not prohibit, the acquisition of supplies that are not “domestic end products.” The BAA uses a two-part test to determine whether a manufactured end product is “domestic”: (1) the end product must be “manufactured” in the United States, and (2) the “cost of its components” produced or manufactured in United States must exceed 50 percent of the cost of all components. The BAA applies to contracts for supplies for use within the U.S. that are above the “micro-purchase threshold,” currently $3,000 (except acquisitions under TAA). A waiver from these rules may be obtained if domestic product is 25 percent more expensive than identical foreign-sourced product, if the product is not available domestically in sufficient quantity or quality, or if it is in the public interest.
  • The TAA generally restricts the government’s purchase of products and services to only “U.S.-made” or “designated country” end products and services. Under the TAA, a “U.S.-made” end product is one that is either: (1) “mined, produced or manufactured in the United States” or (2) “substantially transformed in the United States into a new and different article of commerce with a name, character or use distinct from that of the article or articles from which it was transformed.” “Designated country end product” is similarly defined—the end product is wholly the growth, product or manufacture of a designated country, or was “substantially transformed” in a designated country.

The TAA applies to most acquisitions of supplies and services with an estimated value of more than $204,000 and to contracts for construction that exceed $7,864,000, although some trade agreements have different dollar thresholds, and some procurements are exempt from the TAA.

Country of origin provisions are implemented through the government’s solicitation provisions and contract clauses. Provisions under TAA require the offeror to certify the delivered end products are either U.S.-made or designated country end products, and to identify those, if any, that are not. Similar provisions apply under the BAA. Non-compliance can result in improper certifications of compliance, leading to federal government or qui tam actions under the civil False Claims Act. Criminal or fraud proceedings can also lead to administrative actions for suspension or even debarment from government contracting.

To minimize risk, address country of origin requirements prior to submitting a proposal or, at the latest, before the contract is awarded. Where the TAA applies and the end product is not wholly the product of the United States or a single designated country (but is sourced from more than one country), contractors should determine where substantial transformation occurred in light of applicable rulings from the Bureau of Customs and Border Patrol, or seek a country of origin determination from Bureau of Customs. Because making these determinations can be complicated and consequences for non-compliance can be severe, engaging outside guidance is strongly advised.

A reseller should consider obtaining a representation or certification from its supplier as to the end product’s country of origin. Prime contractors should be alert for red flags and consider taking other steps to demonstrate reasonable reliance. Likewise, suppliers should be attentive to the accuracy of such representations to avoid potential liability to the contractor and the government. Some prime contractors also require suppliers to agree to indemnify them for liability due to allegedly false certifications.

Stay tuned for Parts 2 and 3 of this series, where we’ll take a magnifying glass to the many pieces of the complex puzzle contractors and subcontractors face when managing their supply chains.

Julia Bailey is a managing director and may be reached at

Warren Averett is an independent member of the BDO Alliance USA. This article was borrowed with permission from BDO USA, LLP

Back to Resources

Related Insights