Exiger Regulatory Roundup, Episode 1

Distilling this week’s 17,593 alerts into the 21 alerts that you care about

Mary Kopczynski, CEO of RegAlytics, breaks down this week’s hot regulatory topics, exclusively for Exiger.

• Regulator of the Week: Alaska
• Topic of the Week: Forced Labor
• DHS: UFLPA Entity List
• FAR Proposal: Airline Human Trafficking Reports
• FAR Proposal: Sustainable Procurement
• SEC: Cyber Incident Reporting
• CISA: Cyber Performance Goals

Regulator of the Week: Alaska

This week, a lot of invitations to bid came out from all over the state. The Department of Public Safety is looking for help to repair aircraft engines. The Department of Transportation is looking for runway potassium acetate, disposal of used oil and oil water, as well as elevator maintenance on AMHS vessels.  Who says risk is boring?  Why not forward along some of those alerts to your sales teams and be the hero that brings in revenue.

Invitation to Bid: 2023-1200-0042B – Overhaul/Repair Aircraft Engines

Invitation to Bid 2524H014: Runway Potassium Acetate -Amended

Disposal of Used Oil and Oily Water for AMHS in Bellingham Washington

Invitation to Bid: Elevator Maintenance on AMHS Vessels

Request for Proposals: Assembly Building Apartment Furnishings

Request for Quotes: 665 Assembly Building Apartment Window Shades

Topic of the Week: Forced Labor

Human rights organizations allege that over 1 million Uyghurs and other Muslim minority groups have been subjected to forced labor and genocide the Xinjiang province of China.

To combat this, the United States passed the Uyghur Forced Labor Prevention Act. It places significant restrictions on imports from the region and puts the burden on companies importing goods into the U.S. to confirm, through their entire supply chain, that they are not using any goods produced from the area. It doesn’t matter if you think that it’s a high-quality company that for sure is paying their workers, there is a rebuttable presumption — which means it is assumed that anything coming from that region is problematic and you will have to demonstrate that supplies from that region aren’t linked to forced labor production.

For companies that don’t have data and insight like Exiger can provide, this is highly problematic because 20% of the world’s cotton is produced in China and 86% of that cotton is produced in the Xinjiang region. Even worse, 52% of China’s exported cotton is shipped to intermediary manufacturers in other countries and then supplied to 103 well-known global brands. That’s why Exiger is so valuable, because it can identify with a click of a button your 2^nd and 3^rd degree suppliers and help build the evidence necessary to demonstrate that your supply chain is clean from forced labor violations. 

[WEBINAR | UFLPA: One Year in and Looking Ahead]

DHS: UFLPA Entity List

The U.S. Department of Homeland Security (DHS), as the Chair of the Forced Labor Enforcement Task Force (FLETF), announces the publication and availability of the updated Uyghur Forced Labor Prevention Act (UFLPA) Entity List, which is a consolidated register of the companies to avoid.  Some of the entities are mining or producing goods from the region. Some are entities working with the government to recruit, transport, transfer and harbor forced labor. Some of these are facilities and entities that are known to be sourcing material from Xinjiang. And some of these are entities that are known exporters of products from the region.

In short, the Customs and Border Protection agency can hold up your imports any time there is suspicion of a violation, so be ready with proof.  

Uyghur Forced Labor Prevention Act Entity List

FAR Proposal: Airline Human Trafficking Reports

Also this week the DoD, NASA and the GSA are proposing to update the Federal Acquisition Regulation (FAR) to implement a section of the Frederick Douglass Trafficking Victims Prevention and Protection Reauthorization Act of 2018, which would require that domestic carriers who provide air transportation to the federal government submit an annual report that includes the following: 

• The number of personnel trained in the detection and reporting of potential human trafficking 
• The number of notifications of potential human trafficking victims received
• Whether the contractor notified the Global Human Trafficking Hotline

Federal Acquisition Regulations: Training to Prevent Human Trafficking for Certain Air Carriers

FAR Proposal: Sustainable Procurement

Moving on to other topics, DoD and NASA are also proposing to amend the Federal Acquisition Regulation laws to focus on current environmental and sustainability matters and to implement a requirement for agencies to procure sustainable products and services to the maximum extent practicable. 

Written comments for both changes are due in early October; so if you have thoughts, get them out there.

Federal Acquisition Regulation: Sustainable Procurement

SEC: Cyber Incident Reporting

What else do you really need to know this week? The SEC adopted rules requiring any publicly traded public companies to disclose material cybersecurity incidents to the SEC within four days of determining the incident was material. Additionally, companies will be disclosing info on their cybersecurity risk management, strategy and governance on an annual basis. These rules take effect in December 2023.

SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies

Statement by Gary Gensler, Chair of Securities and Exchange Commission: Public Company Cybersecurity Disclosures

Statement by Jaime Lizárraga, Commissioner of Securities and Exchange Commission: Improving the Quality of Cybersecurity Risk Management Disclosures

Remarks by Mark T. Uyeda, Commissioner of Securities and Exchange Commission: the Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Federal Register: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

CISA: Cyber Performance Goals

Last but not least, there is non-regulatory activity worth tracking that may have yet unclear regulatory impact in the future. The U.S. Cybersecurity and Infrastructure Security Agency, CISA, leads at the federal level for cybersecurity in many areas including the establishment of critical infrastructure performance goals. Working with industry partners,  CISA has completed cross-sector Cybersecurity Performance Goals (CPGs) that have been published, and now they are working with Sector Risk Management Agencies (SRMAs) to set up Sector-Specific Goals (SSGs). 

The first four critical infrastructure sectors CISA is working with include the Energy, Financial Services, IT, and Chemical Sectors. In addition, CISA will be working throughout the year with the Water/Wastewater Sector, Health and Public Health Sector, and Education Subsector on identifying approaches for how organizations in those sectors/subsectors can enhance their cybersecurity posture through implementing these goals.

Cybersecurity Performance Goals: Sector-Specific Goals