Playing Dr. Frankenstein: DoD Memo Tries to Revive Joint Venture Facility Clearance Requirements

Back in 2021, GAO came down with a clear decision on whether Department of Defense (DoD) agencies could require a joint venture (JV) to have its own facility clearance level (FCL) if its component members held the required FCL themselves. Infopoint LLC, B-419856 (Aug. 27, 2021). That decision was “no,” and it was based on a very strong foundation: The 2020 National Defense Authorization Act (2020 NDAA), an act of Congress, contained a provision, Section 1629, expressly forbidding DoD agencies from doing such. We in fact did a blog post on this GAO decision and litigated this very matter. Despite this, in October 2023, the DoD quietly released a memorandum describing how they think they can still require JVs to have their own FCL. Today, we look at this memorandum to see what DoD is saying.

The 2020 NDAA and InfoPoint

Back in 2019, when Congress passed the 2020 NDAA, it contained a provision specifically prohibiting the DoD from requiring a JV to have its own FCL if its component members held the FCL required for the solicitation:

“TERMINATION OF REQUIREMENT FOR DEPARTMENT OF DEFENSE FACILITY ACCESS CLEARANCES FOR JOINT VENTURES COMPOSED OF PREVIOUSLY-CLEARED ENTITIES. A clearance for access to a Department of Defense installation or facility may not be required for a joint venture if that joint venture is composed entirely of entities that are currently cleared for access to such installation or facility.”

On top of this, SBA amended 13 C.F.R. § 121.103, the regulation governing affiliation rules, to include the following: “A joint venture may be awarded a contract requiring a facility security clearance where either the joint venture itself or the individual partner(s) to the joint venture that will perform the necessary security work has (have) a facility security clearance.”

Despite this fairly straightforward language, many DoD procurements continued to include a requirement that a JV hold its own FCL even if the component members of the JV held that FCL. This was in spite of the fact that a JV is really just the JV members working together: If the JV members each have the requisite FCL, that would mean that all those working as part of the JV meet the FCL requirement.

It took a few GAO protests, led by the Infopoint protest, to put an end to this. In InfoPoint, GAO observed that “section 1629 of the NDAA specifically states, and the plain meaning of the statute leads us to conclude, that it unambiguously prohibits DOD from requiring that a joint venture hold a facility clearance if the members of the joint venture hold the required facility clearances.” It further noted that 13 C.F.R. § 121.103 was “consistent with the 2020 NDAA,” and that “the relevant inquiry is whether the joint venture itself, or the individual partners that make up the joint venture, hold a facility security clearance.”

October 2023 DoD Memorandum

Despite the holding in InfoPoint, in October 2023, DoD issued a memorandum stating it was going to allow its agencies to require for a given contract that joint ventures hold their own or entity eligibility determinations or EEDs (the term the memo uses for FCLs, we’re going to stick to FCL), regardless of whether their members have their own FCL or not. The memorandum starts off by noting it is needed “in light of the recent Small Business Administration (SBA) rule (Oct. 16, 2020), which addresses JVs under the SBA’s programs, and a subsequent Government Accountability Office (GAO) decision (Aug. 27, 2021) that interpreted the SBA rule without addressing NISP requirements and 32 CFR 2004 or how the two interconnect, thus adding to the confusion.”

It appears that DoD is referring to a requirement in 32 C.F.R. § 2004.32 stating: “The CSA must ensure that all entities needing access to classified information as part of a legitimate U.S. or foreign government requirement have or receive a favorable eligibility determination before accessing classified information.” DoD thinks that JVs don’t have to have this clearance when they bid, only by the time they begin performance. Furthermore, DoD recognizes one exception to its requirement: “[I]f the JV is established by contract (not a separate legal entity), is unpopulated (no employees of the joint venture itself will be performing work connected with classified information), or other similar situations, and thus will not be involved with or otherwise influencing performance on the security work accessing the classified information,” then it does not need its own FCL. However, a joint venture that is formed as a separate legal entity (which, in our experience, is most joint ventures), will need its own FCL by the time it begins performance.

Adding to the confusion, DoD stated: “A JV formed as a separate legal entity may be awarded a classified contract and may hold an EED in its own right, although as with any U.S. legal entity, it is not required to hold an EED in order to be awarded the classified contract.” Similarly, DoD recognizes that a “prime JV offeror cannot be required to already hold an EED in order to submit an offer on a classified contract.”

To summarize its view, DoD finishes:

As envisioned by the SBA, all work involving classified information under the SBA programs covered by 13 CFR 121.103 will be performed by one or both of the individual partners to the JV and by their employees, not by the JV entity itself. Under the NISP, a NISP CSA will assess the business structure of the legal entity awarded the classified contract to determine the entity’s eligibility for an (FCL) or an appropriate exclusion from classified information under NISP rules at 32 CFR 2004.32(a)(1). The SBA rule does not change this. However, if the legal entity awarded the classified contract is an unpopulated JV formed pursuant to this SBA regulation, the NISP CSA will exclude the JV from access to classified information (rather than determining its eligibility for access) unless the JV’s structure or potential influence, access, or control over the classified information/contract indicates it must also have an (FCL).

Thoughts

It appears that DoD is arguably saying that it is going to allow its agencies to require separate legal entity JVs to have their own FCL since the SBA rule in 13 C.F.R. § 121.103 doesn’t conflict with such a requirement, and their own regulations require such. (DoD could certainly be clearer in describing its policy). DoD appears correct that 13 C.F.R. § 121.103 only is concerned with requirements that the JV have its own FCL at award and is silent on whether the JV can be required to have its own FCL at start of performance. However, while we understand DoD’s interest in security here, we feel there’s a major problem in its analysis. InfoPoint was not solely based on 13 C.F.R. § 121.103. In fact, it was primarily based on the 2020 NDAA, which is a federal statute. That statute, which then trumps any conflicting federal regulation, plainly states: “A clearance for access to a Department of Defense installation or facility may not be required for a joint venture if that joint venture is composed entirely of entities that are currently cleared for access to such installation or facility.” While it might be arguable that the DoD’s reading of 32 C.F.R. § 2004.32 does not conflict with the SBA’s regulations, that doesn’t change or resolve the issue that it appears to directly conflict with a federal statute. The language in the NDAA does not distinguish between award or performance.

We admit that we are a bit confused by DoD’s insistence on maintaining this requirement where the JV is already entirely made up of entities that have the required FCL. What does requiring the JV to have its own FCL in such an instance do to further security? All involved already have the required clearance. This was the issue with the old system that InfoPoint did away with.

One thing contractors can consider is that if you make a JV that doesn’t involve a separate legal entity (until now, this has not been the norm, but it may arise more in light of this), the FCL requirement won’t be applied. As for challenging this position, it appears a protest of this to GAO or COFC for a given procurement wouldn’t work, as the requirement only that the JV must hold the FCL by the time performance starts. That means it isn’t technically a requirement to bid on a procurement, so it isn’t suitable for protesting. That said, there are routes to challenge agency actions during a contract itself. This would go to a Contract Disputes Act matter, and it may be worth considering if getting the FCL by the time of award appears prohibitive. Again, while we get DoD’s interest in security, we are hopeful that DoD may consider revisiting this plan to prevent needless issues down the road. If this is not what DoD intended, then it needs to amend or reissue its guidance to make it clearer how small business joint ventures can comply. There’s no real need for it to play Dr. Frankenstein here.

Need legal assistance with a government contracting matter? Email us or give us a call at 785-200-8919.

Looking for the latest government contracting legal news? Sign up here for our free monthly newsletter, and follow us on LinkedInTwitter and Facebook.