www.capitalthinkingmagazine.com

Search:     

PRINT PDF     SUBSCRIBE

ANALYSIS AND COMMENTARY ON CRITICAL BUSINESS AND LEGAL ISSUES

While the federal government is an attractive marketplace, it is markedly different from the commercial sector. Without a clear understanding of its culture—and its time frame—it’s easy for companies to stumble.

BY CARTER PATE
Managing Partner
PRICEWATERHOUSECOOPERS
Washington Federal Practice

Navigating the Federal Marketplace

Companies usually like big customers, and more and more are setting their sights on one of the biggest—the U.S. federal government. There is, undeniably, a lot of opportunity in selling to an entity that lets out literally trillions of dollars of contracts a year. But companies thinking about entering the federal marketplace should understand that it is simply not the same as the commercial sector—and those differences can be significant stumbling blocks if you’re not aware of them.

RECOGNIZE THE COMPLIANCE CULTURE

Federal employees operate under a tremendous number of rules and regulations governing relationships with private-sector vendors, and that scrutiny is only increasing. As a result, government workers are often sensitive to even the appearance of a conflict of interest.

Dealing with that reality often comes down to using the right language. Take, for example, something as simple as inviting a potential customer to lunch. There are many restrictions on entertainment and gifts for federal employees, so unless you make it clear that you are not buying, you may not get them to come to lunch. Instead of saying “let’s have lunch,” you might say “let’s go get a sandwich and split the check,” which lets them know you understand the rules and aren’t trying to buy anybody. It also lets them know that you’re not talking about a five-star restaurant—which is important because government employees may not be reimbursed for that kind of lunch. So it’s important to have all your employees who deal with an agency understand these sensitivities and the myriad compliance issues that federal employees have to think about.

ADJUST YOUR MARKETING APPROACH

In the private sector, having a top executive want to purchase your product or service is usually a key to making the sale. With a government agency, on the other hand, you may have the buy-in of an agency’s director or CFO, but that person may have little input into the actual purchasing process. That executive can be a champion for you, but the committee that awards the contract may have different ideas. Usually, agencies considering contracts award points for qualifications,  resumes submitted, past performance and price, and they can weight them any way they want.

The system is essentially designed to de-emphasize personal relationships within the agency. So, while knowing the people at the top can help, it is rarely enough. You need to understand how the agency makes decisions and its decision-making criteria, and work with a number of decision makers in the agency in order to build a broader acceptance of your company and your offerings.

BE READY TO CHANGE

Contracts with the federal government are designed to give the government maximum flexibility in its ability to change its mind—and as a rule, the government can terminate a contract whenever it deems it necessary to do so.

That’s not an unusual event by any means. Funding for a contract might be pulled by Congress after you begin work if lawmakers determine that there is a higher and better need for those funds. Economic changes, political changes and headlines can all prompt sudden shifts in an agency’s mission, which in turn can affect vendors’ contracts. Or, an agency may simply re-evaluate the project and decide it doesn’t want to do it anymore—or that it only wants to complete part of it.

Multilayered communication with all levels of the agency is thus critical. You need to have many ears to the ground so that you don’t get surprised. In particular, solid communications with the top of the agency can help you track pending shifts in policy that might affect your work—and give you early warning to prepare for the change.

PATIENCE AND KNOWLEDGE

Navigating the federal government landscape requires specific expertise that must be built up over years, not months. Simply arriving at a purchasing decision can take 12 to 18 months—if not several years. So you have to think long term.

Finally, there is one mandate that works well in both the commercial and federal marketplaces: Know your customer. You have to understand not only the agency’s requirements around your product or service, but also the larger context—the political issues, the mission, the decision-making frameworks. To succeed, you really have to learn to think like the agency. CT

- top of page -

Not Just an IT Problem

BY STEPHEN SPOONAMORE & TOM KELLERMANN
CYBRINTH

Hackers attack every few minutes, stealing company secrets and even entire databases.  An effective security strategy requires clear goals, policies, procedures—and leadership.

The entire process took just 37 minutes. The employee innocently installed instant-messaging, or IM, software on his PC. The IM program immediately began communicating with other IMs, bypassing the corporate firewall. An observant hacker used the IM gate to install a computer worm that opened up a “back door” into company systems. A few more hacks, and the perpetrator was stealing sensitive corporate data.

It happens every few minutes. Nine out of 10 businesses experienced a cyber-crime in 2005, according to the FBI. In the same time frame, the FTC reports, 56 million Americans were the victims of electronic identity theft—the nation’s single largest crime.

The attacks are increasingly refined—and pernicious. In the past, hackers were content to deface a website or swipe a few credit card numbers. Today, they use automated “malware” to steal company secrets or blended attacks to copy entire databases—replete with customer account numbers, passwords and other personal information.

Customer data is the criminal currency of choice in the new millennium. And for some unprepared financial services firms and electronic retailers in particular, the losses are mounting. Yet most corporate executives and general counsel remain blind to the problem. They assume that the IT department has it covered. After all, haven’t they invested in firewalls and virus scanners and intrusion-detection systems?

Yes, they probably have. But today, the threats are more sophisticated. Systems are more interconnected. Data management is increasingly outsourced. And a growing number of regulations place responsibility for protecting data squarely on the shoulders of corporate officers. In short, the risks are greater.

SECURITY LEADERSHIP

Today, data is cash. You need a data custody policy similar to a cash custody model. Data security needs to be managed as a business risk. It’s not enough for security fixes to bubble up from IT. Instead, you need a security strategy at the executive level and then to build a culture of security throughout your organization.

Start with your business objectives and processes. What information do you need to manage electronically, and who needs to have access to it? When?

Then quantify the value of that information. What are the consequences if the data is corrupted or stolen?

Next, estimate the threats to your data stores and your vulnerability to those threats. Only now does IT begin to enter the picture.

Establish clear goals, policies and procedures, and invest in the technologies and tools in line with these goals.

Your security strategy needs to be detailed, and it needs to assign roles and responsibilities. Every employee needs to be aware of it, abide by it and be accountable for violations. When a breach occurs, training, along with good systems, will allow you to minimize loss and recover quickly.

Security policies also need to extend to partners that may connect with your systems or handle your data. Computer systems are increasingly outsourced to third parties. Have you conducted a risk assessment of your outsourcer? Are they liable for the integrity and confidentiality of the data they manage?

Finally, you must be able to demonstrate that you’ve taken appropriate steps to protect your data. Sarbanes-Oxley, Gramm-Leach-Bliley, the Financial Institution Privacy Protection Act—plus a growing number of state laws and international mandates—all set guidelines for developing, enforcing and auditing security policies. They also specify stiff penalties for organizations—and the responsible individuals—that fail to do so.

There’s no longer any difference between IT risk and operational risk or reputational risk. Your business is completely dependent on your computers and on your ability to protect the information stored on them. You’ll never achieve 100 percent security. But with a carefully constructed strategy, leadership at the highest levels and data use aligned with business goals, you will operate at the lowest risk, with the fastest recovery and a minimum of exposures. CT

STEPHEN SPOONAMORE (in photo on left) is CEO and TOM KELLERMANN (right) is CKO of Cybrinth, a provider of data security policy and risk evaluation services.

- top of page -

China can be a maddening place to do business. But a network of strong, long-term, well-chosen business and political relationships—along with improved IP management strategies—can make it easier.  BY SCOTT CHAMBERS Deputy Chair of Patton Boggs’ Intellectual Property Department.

American business executives working in China often tell the story of a factory owner who makes a wrong turn while driving to his factory only to discover an exact copy of that factory on the other side of the mountain. The story, recounted recently in The New York Times, may be apocryphal, but it is not far fetched. Piracy in China costs U.S. businesses an estimated $1 billion in legitimate business each year. While the opportunities in China are vast, a business that does not carefully control its intellectual property will be creating a competitor that does not have to invest in R&D. Those that invest in such a company will see their returns erode over time as the business loses its competitive edge.

China can be a maddening place to do business. Laws are wildly complex and ever-changing. Despite the progress made in recent years, enforcement still can be slow or unsatisfactory. For example, damages won in legal cases to protect intellectual property (IP) are sometimes smaller than the cost of pursuing those damages and may not deter further infringement.

At the root of these frustrations is the fact that China has its own rules for conducting business. In the U.S., business dealings are based on contracts that are binding and enforceable regardless of their social acceptability. In China, contracts are just one part of a complex arrangement that can be puzzling to outsiders.

A critical rule for doing business in China is building a network of relationships known as “Quan Xi.” In particular, try to establish strong relationships with mid- to high-level local and national government bureaucrats and officials with influence over policy decisions. Remember that China is still a state-planned economy, and as such, politics pervades everything. Careful building of these long-term business and political relationships can be important in getting acceptable enforcement of contracts.

In the meanwhile, executives should take care to compartmentalize their IP in China. For example, avoid providing all the technical data about a product to a single location or manufacturing all of a product in a single place. Provide technical data only as needed. As the relationships build, so can the degree of sharing.

Chinese business partners should be chosen with an eye to the importance of these relationships, not just to numbers in a contract. Faced with competing bidders, for example, you may not always choose the cheapest or most convenient. Instead, you may want the one who has the contacts r the expertise you will need as your ties increase and deepen. The manufacturer who makes just a valve for you may be making the whole machine later on.

While piracy is a problem in China, the truth is that there is piracy anywhere you do business. So before entering China, take the time to improve your firm’s IP management strategies. You can start by doing a full inventory of the IP you have and deciding how to best protect each and every part of it. This will help you maximize the value of your IP no matter where you operate.

As IP rights are specific to the country, it will be necessary to apply for patents, trademarks and copyrights for your IP in China. It would be a mistake to neglect this step just because IP law enforcement is arguably lax right now. China has agreed to beef up its IP protections to conform to World Trade Organization’s Agreement on Trade- Related Aspects of Intellectual Property Rights. As this process moves forward, firms that don’t take advantage of current IP protections may be locked out later. A patent is a 20-year legal instrument, and IP protection in China will definitely improve during the next 20 years. You must file now for patents that will be in force during those years. Ask yourself: Do you think China will, in 20 years, come as far as it has in the last three or four regarding protection of IP?

As you take the legal steps to protect your IP in China, don’t neglect to register the Chinese language versions of trademarks. If you don’t create a Chinese mark, the market may give your product an unflattering Chinese nickname. Cultivating Quan Xi and political connections doesn’t mean you can stumble blindly into business deals. You need to employ the same due diligence that you would in the United States. The manufacturing ventures that have survived over the long term in China, however, have nurtured the necessary relationships and understood the unique environment in which things get done in China. CT

- top of page -

Home    |    Privacy Policy    |    Feedback    |   Subscribe

Copyright ©2006 Patton Boggs LLP   All rights reserved.  Capital Thinking Magazine