July 27, 2009

DoD Issues New Regulation for Private Security Contractors Providing Services in Areas of U.S. Combat Operations

Holland & Knight Alert
Christopher A. Myers | Ronald S. Perlman

Private security companies (PSCs) that provide security services in areas of U.S. combat operations are now subject to a Department of Defense (DoD) regulation that lays out policies and procedures for selecting, training, equipping and overseeing all U.S.-funded PSCs and PSC personnel.1

The interim rule, which became effective on July 17, 2009, amends 32 CFR Part 159 to: (1) close existing gaps in the oversight of private security contractors; (2) ensure compliance with laws and regulations pertaining to inherently governmental functions; and (3) ensure proper performance by armed contractors. The new regulation applies to all contracts for “private security functions” in an area of U.S. government “contingency operations.” It does not apply to contracts entered into “by elements of the intelligence community in support of intelligence activities.”

The DoD promulgated the rule in response to a mandate from Congress set out in Section 862 of the 2008 National Defense Authorization Act, which requires the Secretary of Defense, in coordination with the Secretary of State, to prescribe regulations on the oversight of personnel performing private security functions under a covered contract in areas of combat operations. Section 862 also requires the Defense Department to revise the Federal Acquisition Regulation (FAR) to require the insertion of a clause in each covered contract to address the oversight of private security functions. The rule states that the Department of Defense will comply with this measure and amend the FAR in “a separate and subsequent Federal Register action….”

U.S. Commanders Must Develop Detailed Guidance

The new regulation institutes a number of policies and procedures. At the outset, the rule requires combatant commanders to develop detailed guidance for security contractors operating in their geographic area of responsibility. The guidance must include procedures that address a number of subjects and operational concerns, including the following:

  1. The registration and maintenance of PSC personnel records in accordance with Department of Defense Instruction 3020.41, “Contractor Personnel Authorized to Accompany the U.S. Armed Forces.”2
  2. PSC verification that personnel meet all the legal, training, and qualification requirements for authorization to carry a weapon.
  3. Requests for authorization to arm PSC personnel, including a description of rules on the use of force and instruction on the potential for civil and criminal liability under U.S. and local law, and/or host nation Status of Forces agreements.

PSC Reporting Requirements

The rule also states that PSCs must document and report incidents involving weapons discharges, attacks, deaths or injuries of personnel. Finally, PSCs must also report any active, nonlethal countermeasures taken in response to a perceived threat if that incident “could significantly affect U.S. objectives with regard to the military mission or international relations.”

Many of these reporting requirements may already be included in existing PSC contracts, and a number of companies and industry associations actively endorse professional standards and appropriate government oversight. However, with the incorporation of these requirements into an enforceable regulation, the U.S. government, including the Department of Justice and relevant Inspectors General, will now possess a more formal set of tools and standards to pursue investigations, audits and potential civil and criminal action against contractors that allegedly fail to comply with relevant law and policy in contract performance and/or costs and billing.

Comments on the rule may be submitted until August 31, 2009.

Impact on PSC Contractors and Subcontractors

PSC contractors and subcontractors will need to develop and implement comprehensive internal control procedures to comply with these new requirements. They will then have to incorporate these new procedures into their ongoing compliance and ethics programs. This will mean careful training of relevant personnel, monitoring and documentation of compliance with the procedures and periodic audits. If violations occur, prompt corrective action must be taken, and the violations may be subject to the mandatory disclosure provisions added to the FAR last December.3

Recent amendments to the civil False Claims Act increase PSC exposure under the Act if any of their reports or certifications of compliance with these new regulations contain inaccurate or untruthful statements.4 The Department of Justice more and more frequently has used inaccurate and/or false certifications as the basis for both criminal prosecutions and False Claims Act actions. In addition, PSC employees, or others with knowledge of violations of these rules, can use the whistleblower provisions of the False Claims Act to file suit on behalf of the government and share in any government recovery. The most effective protection against all of these risks is a well-designed and fully implemented compliance and ethics program with procedures focused directly on these new regulations.


1 74 Fed. Reg. 34690 (July 17, 2009), accessible at: https://www.gpo.gov/fdsys/pkg/FR-2009-07-17/pdf/E9-17059.pdf; https://www.gpo.gov/fdsys/pkg/FR-2009-07-17/html/E9-17059.htm

2
Available at: http://www.dtic.mil/whs/directives/corres/pdf/302041p.pdf.

3
Holland & Knight Government Contracts Alert, New FAR Rule on Compliance Programs and Ethics Mandates Comprehensive Internal Controls and Mandatory Disclosure of Violations and Overpayments; (January 2, 2009).

4
Holland & Knight Compliance Services Alert, President Obama Signs Landmark Anti-Fraud Bill Into Law; (May 26, 2009).

Related Insights