On November 19, 2020, Peter Driscoll, director of the Office of Compliance Inspection and Examination (“OCIE”) of the Securities and Exchange Commission (“SEC”), gave a speech urging advisory firms to empower their Chief Compliance Officers (“CCOs”). The speech, made at the SEC’s annual compliance outreach conference, accompanied OCIE’s Risk Alert, issued the same day, identifying notable deficiencies and weaknesses regarding Registered Investment Advisors (“RIAs”) CCOs and compliance departments. Driscoll’s speech complemented the Risk Alert by outlining the fundamental requirements for CCOs: “empowered, senior and with authority.”…

On October 30, 2020 the FDA published a list of essential medicines, medical countermeasures, and critical inputs as required by President Trump’s August 2020 Executive Order on Ensuring Essential Medicines, Medical Countermeasures, and Critical Inputs Are Made in the United States (Executive Order 13944), which required the U.S. government to purchase “essential” medicines and medical supplies produced domestically, rather than abroad. We previously wrote about this Executive Order in August (available here), expecting that once the list was issued, government agencies would begin implementing the “Buy American” priorities for these products and materials. The FDA has identified around 227 drugs…

After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a more proactive and systematic approach to cybersecurity. With the release of Revision 5, NIST hopes to provide updated security and privacy controls that will make information systems more penetration resistant, limit damages from cyber-attacks, make systems more cyber-resilient, and protect individuals’ privacy. NIST intends this update to be usable by a more diverse set of consumer groups than previous iterations of the document permitted.…

At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.”  The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well.  Continue reading for our breakdown of key provisions.…

On September 14, 2020, the Federal Acquisition Regulatory Council published the long anticipated proposed rule amending the Federal Acquisition Regulation (“FAR”) in accordance with President Trump’s Executive Order 13881, “Maximizing Use of American-Made Goods, Products, and Materials.” As previously discussed here, the Executive Order, signed on July 15, 2019, required significant changes to the implementing regulations of the Buy American Act, 41 U.S.C. §§ 8301-8305, changing policies dating back nearly 70 years. Accordingly, the proposed rule seeks to increase both the domestic content requirements and the evaluation preferences provided by the FAR for domestically manufactured goods, particularly with…

On September 10, 2020, the General Services Administration (“GSA”) hosted a webinar related to its implementation of Section 889 of the 2019 NDAA – the ban relating to certain Chinese telecom companies – and associated updated FAR clauses.  (We previously have written about Section 889 here, here, here, and here).  Below we provide highlights from the meeting.  Slides presented at the meeting also are available here.…

Beginning October 15, 2020, the U.S. Small Business Administration (“SBA”), implementing the 2015 National Defense Authorization Act (“NDAA”), will begin requiring women-owned small businesses (“WOSBs”) and economically disadvantaged WOSBs (“EDWOSBs”) to undergo a formal certification process to be eligible under the Procurement Program for Women-Owned Small Business Concerns (the “Program”). Thus, WOSBs and EDWOSBs no longer will be allowed to self-certify that they meet the Program requirements to compete for set-aside or sole source contracts, as has been the case for the last few decades. Instead, WOSBs and EDWOSBs now must apply for a formal government-issued certification at https://beta.certify.sba.gov/,…

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.…

For the first time outside of the originating case itself, a federal appeals court was called upon to apply the principles governing disgorgement in SEC enforcement actions established by the United States Supreme Court’s high-profile decision in Liu v. Securities & Exchange Comm’n, No. 18-1501, 2020 WL 3405845 (U.S. June 22, 2020) (see our prior blog article here).  In Securities & Exchange Comm’n v. Yang, No. 19-55289, 2020 WL 4530630 (9th Cir. Aug. 6, 2020), the United States Court of Appeals for the Ninth Circuit reviewed a district court order, issued eighteen months before the Supreme Court…