WIXLIB

METHODOLOGYhe method of research and analysis the Task Forceused took place in four phases.PHASE 1Gather facts and relevant information to gain anoverarching understanding of the legal guidelines andreview executive orders to examine how the laws havebeen interpreted.PHASE 2Place the issues in a historical context through extensiveresearch supplemented by a series of interviews to assessthe evolution of OCI policy to its current state. The TaskForce met with experts from across the private sector and theexecutive and legislative branch (see Acknowledgements).PHASE 3Synthesize the information to determine patterns of OCIregulation, where consensus or resolvable fault linesexist, and where serious disputes have arisen. During thisphase, we identified themes that arose from the interviewsincluding consistency, a pendulum swing in OCI policy,cost analysis, and Organizational versus Personal Conflictsof Interest. These themes addressed patterns, consensus,and disputes and provided the framework for our findingsPHASE 4Enumerate clearly the OCI problem and the value-addedcontributions INSA can make to the debate for the IC andindustry members. The challenge was to develop a coherentanswer to the question of whether a path to consistency inthe interpretation and implementation of OCI regulationexists, and if not, whether it is necessary in a manner thatcaptured the varying perspectives among the Task Forceand the interviewees.FINDINGShile Task Force members were not inagreement with all aspects of OCI policy andmanagement, which is not surprising giventhe diversity of the companies represented, there were fourmajor principles that everyone agreed are both neededand currently missing. These include consistency, clarity,transparency and, most of all, leadership from the DNI.regulations. The DNI wants a certain degree of clarityso that the private sector can support more than oneagency at a time. ODNI plays a critical role in OCIpolicy development, despite the absence of procurementauthority, because it is in a unique position to use itsbureaucratic reach to influence the application of OCIregulation across the IC.CONSISTENCY/CLARITY/TRANSPARENCYThe primary reason for the varying standards of OCIpolicy is that the agencies, each with varying missionsand operations, tailor their interpretation of OCI to thenature of their outsourcing and contracting. For example,the CIA tends to engage in development contracts basedon a specific mission with a small group of contractors.As a result, avoidance is not a preferred OCI strategy forOne of the guiding themes of our study was discerningwhether a lack of consistency is a significant problem forthe IC and industry. While inconsistencies are problematicin that they can foster mistakes that jeopardize jobs andcontracts, there is a reasonable purpose to differing OCI6 Intelligence and National Security Alliance www.insaonline.org

the CIA because of the necessity to compartmentalizetheir contracts. The NSA also leans towards mitigationas a strategy. The NSA senior procurement executivesays that while she understands why some senior policymakers err on the side of caution, NSA’s interaction withindustry has fostered a comfort zone with mitigationfor their contracts. NRO contracts, however, are verydifferent in that they are large platform contracts thatrequire a significant amount of Systems Engineering andTechnical Assistance (SETA), and NRO has concluded thatno firewall is sufficiently high to mitigate OCI. Therefore,avoidance is the preferred method of OCI resolution.There are notable differences between the DFARS’ measureof resolution and that of IC agencies in the DOD. Thediagram below summarizes the differences in policies atthe NRO and those of the recently revised DFARS.1 Wecite these definitions and policies and compare them tothose of the DOD because the NRO regulations were themost restrictive and were already implemented as policy.Of note, according to some of our interviews, this morerestrictive posture has had a tangible effect on actions ofthe rest of the Intelligence Community. The effect is that thedivestiture of large organizations resulting from the NRO’savoidance strategy influences the services that contractorscan provide to the other agencies.Intelligence Agency PolicyThe primary reason for the varying standardsof OCI policy is that the agencies, each withvarying missions and operations, tailor theirinterpretation of OCI to the nature of theiroutsourcing and contracting.It is worth highlighting some of the relevant contrasts. Item2 is the first point of discrepancy in that NRO OCI policyrequires a review for all acquisitions, while the DOD OCIpolicy does not require a review for Commercial off theShelf (COTS) hardware. In a similar vein, the NRO policyis applicable to all tiers of the supply chain (Item 4), whilethe DFARS limits Major Defense Acquisition Program(MDAP) prohibitions to prime and major subcontractors.The NRO tailored their regulation to ensure access to thedevelopment contractor base with domain experienceand expertise, while the DOD has no clear preference toprotect SETA or the development contractor base.Items 5 and 8 get to the heart of the main differencesbetween the policies. Whereas the DFARS providesno limitation on the types of activities that may bemitigated through the use of a non-conflicted, firewalled,Proposed DFARS Policy1. States the Agency’s preference for avoidance1. States DOD’s preference for avoidance2. OCI policy and review required for all acquisitions2. OCI policy and review required for all acquisitionsexcept COTS hardware3. Aimed at ensuring access to development contractorbase with domain experience and expertise3. No clear preference to protect SETA or developmentcontractor base4. Policy applicable to all tiers of supply chain4. MDAP prohibitions limited to prime and majorsubcontractors5. Non-conflicted, firewalled subcontractors may be used as 5. No limitation on the types of activities that may bea mitigation approach in defined circumstancesmitigated through the use of a non-conflicted,firwalled, subcontractor6. Maintains flexibility to access highly specialized skillsand expertise6. Maintains flexibility to access highly specialized skillsand expertise7. Defines avoidance, neutralization, and mitigation7. Defines avoidance, neutralization, and mitigation8. Provides guidance on what and how particular of OCImay be mitigated8. Does not limit the type of OCI that may be mitigated9. Applicable to entire business organization9. Applicable to entire business organization10. Implements corporate OCI program which provides“phase-in” opportunity10. Allows a limited-time waiver to allow contractor time todigest of conflicting workSource: OCI Briefing from NRO Procurement ExecutiveINSA OCI WHITE PAPER 7

subcontractor, the NRO policy states that non-conflicted,firewalled subcontractors may be used as a mitigationapproach in defined circumstances. The NRO policyprovides guidance on what and how particular types ofOCI may be mitigated, while the DFARS does not limit thetype of OCI that may be mitigated.Item 10 is another significant difference. The NROimplemented a corporate OCI program which provides a“phase-in” opportunity, while the DFARS allows a limitedtime waiver to allow a contractor time to divest of conflictingwork. This policy has implications for the timing of contractbids and the decision to divest for large contractors. Fromthe industry perspective, timing is a significant factor. Nofirm wants to wait too long on avoiding or mitigating OCI,especially when divestiture is likely, because of fiduciaryresponsibility to shareholders.that reflected OCI during the bidding of a contract. Thepossibility, or appearance, of conflicts of interest during theprocurement phase is enough for some agencies to preferan avoidance regime. Other agencies express concernthat absent clear guidelines, the industry and governmentagencies may be pushing for divestiture too quickly. Theimplications are complicated because companies that areinvolved in programs require a boardroom judgment callon the value of a project.IMPACT ON INDUSTRYGiven that the IC agencies discussed above have differingOCI policies, it is not surprising that the industries thatsupport them also have differing perspectives. In general,the private sector has responded to the position and policiesof its key customers, for better or worse, to comply withtheir regulations. This construct appears to have few shortterm costs; however, in establishing these laws, regulationsMoving to the Intelligence Community at large, anotherand policies, there does not appear to have been a lotsource of inconsistency in the OCI assessment is theof analysis on potential long term impacts. Some peoplevarying perspectives and technical skill of CO’s throughoutwho were interviewed expressedthe government. The intentions ofconcern that the divestiture of a SETAthe WSARA and the proposedTheeffectofdivestitureofcomponent from a larger companyrules for DFARS are to reconstitutelargeorganizationsresultingthat produces large platforms maythe population of competent CO’sfromtheNRO’savoidancesee the divestiture as a loss becausecapable of assessing possible OCIstrategyinfluencestheservicesboard members above the firewallin a uniform manner. A lack ofthatcontractorscanprovidetoappreciated the insight and profitfamiliarity with OCI regulation ontheotheragencies.provided by the SETA component.the part of the CO creates delays inThe SETA company may see it asthe OCI assessment in some casesa slight gain in that it takes OCIcausing the assessment to be madeoff the table. Additionally, theyafter the industry team is formed. Thehavestrongownersfroma private equity firm with deepconsequences of any subsequent OCI violation discoveredpockets interested in preserving the technical expertise ofafter the contract award is retroactive. Also, if there is antheir organization. Some industry members on the Taskinadvertent release of information from the government, itForce identified that there is the long term risk of divestitureis the industry that pays in terms of loss of revenue or jobs.causing a loss of technical knowledge, organizationalThis leads us to the next point: allegations of OCI during thememory, and business vitality. This risk could precludeprocurement process versus OCI occurring in the executionone of the government’s principal SETA contractors fromof a contract. Throughout our research, we found no caseperforming its function.of the latter. Rather the case laws consisted of protests8 Intelligence and National Security Alliance www.insaonline.org

Other potential impacts of divestiture identifiedduring Task Force interviews included: A shift in the strategic buyer mix. OCIconcerns could reduce prime contractors’large services acquisitionsA lack of familiarity with OCI regulation on the partof the CO creates delays in the OCI assessment insome cases causing the assessment to be made afterthe industry team is formed. An overall increase in divestitures. Agenciesand CO’s drive company-oriented OCIanalyses, requiring divestitures of business withperceived conflicts More private equity platforms of businesses withsignificant government advisory components becomingactive acquirers of government advisory businesses OCI avoidance can rip the core out of what platform/SETA providers can facilitate under a contractCOST ANALYSISOne of the overarching questions discussed during ourTask Force meetings has been the cost of mitigationversus avoidance. Any study on cost analysis shouldreview cost to the Government and industry from all tiersin terms of financial cost and cost attributable to humancapital (expertise). There are three costs associatedwith an OCI avoidance structure: one is a significantoverhead cost associated with divestiture. Another is theeventual increase in cost of SETA and other services tothe Government resulting from the decrease in contractorsauthorized to provide them. According to one senioracquisition executive, the steady demand and diminishedsupply could drive the price of the services to rise as highas 10 to 15%. The third cost is the loss to industry ofexpertise that engineers gain by working in design andassessment after divestiture. However, there are hiddencosts of maintaining a firewall if mitigation is the preferredpolicy in terms of manpower, resources, and time. Thesecosts affect first tier and second tier companies differentlybecause their respective abilities to absorb the costs orthe loss of contracts are different. In the case of smaller tomid-tier companies, the loss of a contract causes layoffs. Bigcompanies have a broader and mixed portfolio allowingthem to shuffle people around and avoid extensive layoffs.Other questions critical to cost estimation which wereraised by our Task Force included, whether the OCIresolution process would be more efficient if the divestitureand mitigation costs were absorbed by the governmentand whether industry is better or more trustworthy atmitigation and separation than the government in terms ofkeeping a divide between advisor and builder. Answeringthese questions will require the perspectives of a variety ofagencies, industries, and policy makers to be integratedinto a coherent analysis.OCI VERSUS PCIThe Task Force sought to gain varying perspectives ofOrganizational Conflicts of Interest and Personal Conflictsof Interest (PCI) and what the liability of PCI is for industry.The OCI controversy and PCI are intertwined at theadvisory level. Yet, PCI can theoretically be applied toan unreasonable degree (e.g. if the spouse of a SETAcontractor has stock in the industry of a platform provider).It seems that an agency cannot reasonably create anavoidance regime in terms of PCI. We discussed “particularmatter,” a term that implies that a person can provide anadvisory role as long as it did not pertain to a specificcontract. Aside from that discussion, the vulnerability toPCI violations is mitigated more by the enforcement oflaws that already exist as opposed to PCI reform.INSA OCI WHITE PAPER 9

CONCLUSIONNEED FOR DNI LEADERSHIPThe Director of National Intelligence should provide guidance to create some level of consistency on the analysis andunderstanding of Organizational Conflicts of Interest. Even if the guidance is simply for the agencies to continue with theirrespective policies as they are, the consensus is that some policy is necessary. While the Federal Acquisition Regulationcontains provisions requiring acquisition officials to “identify and evaluate potential OCI early in the process,” it does notgo further to address the underlying analysis or descriptions of OCI. This would be useful territory for the DNI to provideguidance, and is process focused.The Task Force recommends that the DNI establish an OCI Board that meets regularly to get a better understanding ofthe specific OCI issues facing the CO/agencies within the IC and to help facilitate more consistency. INSA can hold aperiodic gathering of industry members as a companion to the OCI Board to provide an unfiltered perspective of OCIissues in order to continue open discourse.SPECTRUM OF OCI REGULATIONThe crux of OCI regulation is the language that determines whether mitigation is a preference or alternative to avoidance.The differing nature of contracts among the agencies and varying definitions used in terms of OCI resolution are theroots of inconsistent OCI regulation among the IC. Taken to the extreme, avoidance does not allow a lot of flexibilityto develop the best contracts in terms of value and is unrealistic. Excessive mitigation or wavering does not adequatelyprotect the integrity of the government procurement process. That said, the development of process driven protectionsagainst unethical people deliberately violating organizational or personal conflicts of interest is problematic. Laws, lawenforcement organizations, investigations, prosecutions and punishment systems already exist that make such acts illegal.Stringent enforcement of current regulations may be a more effective solution than a new policy. Another step would beto ensure that Contracting Officers and industry personnel know how to develop, execute and assess OCI mitigationplans in accordance with the existing guidelines.RECOGNIZE THAT DIFFERENCES IN OCI REGULATION CAN BE MAINTAINEDThe Task Force does not recognize one “correct” method for addressing OCI across the IC. For example, the NROhas very large programs with enormous SI/SETA needs while in contrast the CIA, for example, has a number of smallprograms with narrow mission needs and focus requiring less SI/SETA resources. Officials in each agency will use OCIregulation best suited for them as long as they have the support of their leadership. It is difficult to calculate the costassociated with each OCI structure, but a more thorough analysis could provide an assessment of the optimal policy.In the early stages of our review, we observed that inconsistencies can be problematic, and that OCI policy is currentlysub-optimal. However, our interviews among the government procurement executives indicate that flexibility is useful forthem. So, while inconsistencies do exist, it seems to be better to allow for flexibility given the spectrum of contracts acrossall of the agencies.1The WSARA required the USD/AT&L to revise DFARS to address OCI’s by contractors in the acquisition of major weapon systems. The DOD willalso establish an OCI Review Board that advises the USD/AT&L on policies relating to OCI’s in the acquisition of major weapon systems. TheBoard also advises program managers on steps to comply with the requirements of the revised DFARS, addresses OCI’s in the acquisition of majorweapon systems, and advises appropriate officials of the Department on OCI’s arising in proposed mergers of defense contractors. Based on these10 IntelligencetheandNationalSecurityproposedAlliance and allowed for discussion on the revisions throughout the summer of 2010.

ABOUT INSAINSA is the premier intelligencenational security organizationbrings together the public, privateacademic sectors to collaboratethe most challenging policy issuessolutions.andthatandonandAs a non-profit, non-partisan, publicprivate organization, INSA’s ultimate goalis to promote and recognize the higheststandards within the national security andintelligence communities.INSA has over 130 corporate membersand several hundred individual memberswho are leaders and senior executivesthroughout government, the p

Security Alliance (INSA) formed the OCI Task Force in response to a general consensus among senior IC officials and industry leaders that clarity regarding the OCI policies was needed. The purpose was to examine the issues of OCI based on an objective dialogue with the private sector. This Task Force was composed of representatives from