Law360, New York (September 27, 2013, 11:47 AM ET) -- The high-profile leaks by Edward Snowden and the tragic shootings at the Navy Yard by Aaron Alexis — both of whom were federal contractors who held security clearances at the time of their actions — have triggered renewed scrutiny on the security-clearance process as well as the hiring practices of federal contractors. While the U.S. government makes the ultimate call on granting or denying a security clearance, companies that perform classified work for the government have important requirements in the security-clearance process.
Contractors have significant responsibilities relating to new hires — whether those hires have an existing clearance or are applying for a new clearance — and ongoing responsibilities regarding the cleared personnel they employ. Above and beyond these requirements, contractors should implement certain “best practices” in the vetting, hiring and training of cleared employees. Contractors that not only meet their legally imposed duties in connection with security clearances but also implement additional safeguards can greatly reduce their potential liability, even under the microscope of the post-Snowden era, as well as improve national security.
Securing Cleared Employees
Contractor employees obtain security clearances through a simple yet rigid process from which the government never deviates.
Those employees have been identified, of course, by their contractor employers, which typically look to fill positions requiring a security clearance from the pool of people who already have a clearance. The increase in classified programs, however, makes that difficult. The alternative is to find a technically qualified candidate, and send the candidate through the clearance process.
Legally, contractors have little obligation to screen candidates before submitting them for a clearance. But in the wake of incidents involving Edward Snowden and Aaron Alexis, the scrutiny placed on contractors in connection with their hiring practices for national security-related positions will increase. Most contractors have a limited questionnaire they provide to candidates, asking basic questions that could affect their eligibility for a security clearance. The flaw is that the contractor relies on the self-reporting of the candidates, who are sometimes less than entirely honest on employment applications.
Once a candidate is identified and screened, the contractor’s facility security officer submits an investigation request through the Joint Personnel Adjudication System. The contractor then ensures that the candidate completes a clearance application (Standard Form 86) in the Electronic Questionnaires for Investigations Processing. The FSO reviews the application, approves it as complete, and then submits it for investigation and adjudication. After this, the contractor has no active role in the clearance process.
The application is submitted electronically to the agency responsible for the classified contract. Once the agency has reviewed the application, it is submitted to the Office of Personnel Management. The OPM, usually through one of its contractors, conducts an investigation and sends the results of the investigation to the agency. The agency then either grants a clearance or issues a letter of intent to deny clearance. The U.S. Department of Defense is responsible for issuing over 80 percent of all clearances issued to government employees and contractors.
Ongoing Contractor Responsibilities Regarding Cleared Employees
Contractors that employ cleared personnel also have several ongoing responsibilities, as set forth in the National Industrial Security Program Operating Manual (NISPOM) and specific agency guidance. (Note: This article doesn’t discuss the process by which contractor entities receive a facility clearance, nor do we discuss the many important requirements that attach to a facility eligible for access to classified information.)
The National Industrial Security Program (NISP) applies to all agencies and prescribes how, when, and under what conditions classified information can be disclosed by the government to contractors. Each contractor with access to classified information must appoint an employee (who must be a U.S. citizen) to serve as the facility security officer who implements the NISP through a standard practices procedures tailored to the particular contractor.
First, contractors must ensure that each cleared employee with a continuing need for a security clearance completes required periodic re-investigations of their security clearance in a timely manner. Failure to do so will result in the employee’s clearance lapsing. How often and how a reinvestigation is completed varies depending on the agency, the position, and level of clearance, but reinvestigations are generally conducted every 5-10 years for top secret and secret clearances and require submission of an updated security questionnaire, a new background check, and a security interview.
Second, contractors must educate cleared employees on their self-reporting obligations. Cleared employees are required to report to their facility security officers certain events and activities that may affect their clearances. These include changes in personal status (marriage, change of name, cohabitation), foreign travel, foreign contacts, loss or compromise of information, financial problems, arrests, and psychological counsel unless it is for family, marriage, grief, or combat-related issues. The failure to report an incident can be grounds for the loss of a clearance, even if the underlying change or incident itself would not have resulted in the loss of a clearance.
Third, contractors must meet reporting requirements regarding information they learn that may affect personnel clearances. The NISPOM states “Contractors shall report adverse information coming to their attention concerning any of their cleared employees.” The most likely source of information would be a self-report by the employee, but the contractor is required to report adverse information regardless of the source, although the NISPOM states “Reports based on rumor or innuendo should not be made.”
Nor does terminating an employee relieve the contractor of their reporting obligations. Adverse information is normally reported to the agency that provided the contractor’s facility clearance. If the cleared employee works on a federal installation, the report must also be provided to the commander or head of the installation. If the information concerns “actual, probable or possible espionage, sabotage, terrorism, or subversive activities” then the report must be made in writing to the nearest FBI field office.
Lastly, contractors are responsible for providing cleared employees with regular security training and briefings. FSOs must be properly trained. New employees, consultants, and contractors must receive initial security briefings that cover threat awareness, defensive security, reporting obligations and requirements, and applicable security procedures and duties. Nondisclosure agreements (SF 312’s) must be signed. At least annually, contractors must conduct refresher security training with all cleared employees. Upon termination, suspension, or revocation of the employee’s clearance or discharge, resignation, or retirement of the employees, contractors must conduct a debriefing.
Hiring Best Practices
Separate from their responsibilities regarding security clearances, contractors should also take great care in creating and implementing hiring practices that minimize risk to the company and ensure that only the right employees are being brought on board.
In performing work critical to national security, contractors should make every effort to confirm the qualifications and experience of potential employees. Hiring procedures should provide companies the authority to conduct basic background investigations and verification of education. Additionally, the company should interview references and maintain detailed internal memoranda outlining those conversations. By confirming authorization from potential employees and keeping accurate records of all pre-employment activities, contractors can hire employees more likely to deliver as promised to the company’s customers.
When the time comes to extend a formal offer of employment, contractors should provide a written document that both informs the potential employee and protects the company. Offer letters and accompanying employment agreements (if applicable) should:
- Outline basic terms of employment, such as compensation, paid time off, and a detailed job description;
- Specify if the contractor is located in a state where “at-will” employment applies;
- Require that employees acknowledge and agree to any applicable covenants, such as noncompete, nonsolicitation, and confidentiality agreements; and
- Perhaps most importantly if the company’s hiring practices are ever scrutinized, the agreements should reference the company’s employee handbook and/or code of conduct.
When signed, these documents may be used to prove the employee’s agreement to important company rights and employee obligations.
Proper hiring procedures also can provide liability protection for contractors. Most companies find themselves subject to investigation based on the acts of one or two individual employees. Whether under investigation by a federal law enforcement agency or by a suspension and debarment official at the DOD, contractors must be able to demonstrate that they have put forth appropriate effort to preventing illegal or unethical behavior by their employees.
The Federal Acquisition Regulation outlines requirements for an ethics program for all government contractors with contracts worth at least $5 million and lasting at least 120 days. Similarly, the United States Sentencing Guidelines provide a list of corporate actions that prosecutors and judges will consider to mitigate the sentence of a company under criminal investigation.
Each military contractor must carefully analyze its individual business and legal circumstances prior to deciding on the proper hiring procedure. For example, both the FAR and the sentencing guidelines allow for scalability within ethics program requirements based on the size of the company. Likewise, state laws and courts differ drastically with respect to employment covenants — meaning that the same noncompete covenant may be enforceable in one state, but unenforceable in another. As a result, it is critically important that contractors confer with legal counsel in setting forth the proper hiring practices.
There has not been significant fallout for contractors from the Snowden or Alexis breaches — yet. With Snowden, it was reported that there was an investigation into the contractor, responsible for conducting the investigation on behalf of the OPM, USIS, had commenced. Subsequently it was reported that USIS was also responsible for vetting Alexis. After the Navy Yard shooting, President Obama announced that there would be a review of the clearance granting process, but that investigation is not going to single out contractors.
Additional impact on the security clearance process for contractors may flow from lawsuits, no matter whether they are meritorious, by the survivors and families of victims of the Navy Yard shooting. It will be argued by The Experts, Aaron Alexis’ employer, that after submitting the SF86 to the government, its duty ended. If the courts find that the contractor had an additional duty in light of the employee’s national security position it could have widespread impact on what contractors are required to do not only to protect national security but to also limit their civil liability.
Taking the steps outlined above can help contractors reduce their potential liability and help protect national security.
--By Francis Q. Hoang and Christian B. Nagel, Fluet Huber & Hoang PLLC
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
 If the individual no longer requires a clearance or will not require a clearance after their current clearance expires, employers should terminate or downgrade the employee’s clearance.
 See “Roles and Responsibilities for Personnel Security, a Guide for Supervisors”, published by the Defense Security Service.
 NISPOM Section 1-302(a).