It has always been part of the National Defense Authorization Act (NDAA): the provision that contractors would be responsible for weeding counterfeit parts out of the Department of Defense (DoD) supply chain. Now it’s official: contractors must establish, maintain and certify counterfeit detection and avoidance systems or risk losing the opportunity to bid on federal contracts.
It’s not a big surprise—specifics of the NDAA have been debated since it was passed in 2011. But now that the rule is final, electronics component buyers should understand the nuances of the rule as it pertains to risk and accountability.
In the electronics supply chain, accountability equals traceability. The recent Defense Federal Acquisition Regulation Supplement (DFARS Case 2012-D055) rule, according to an article in the Washington Business Journal, requires contractors “to be able to demonstrate a degree of traceability for the parts they incorporate into systems, using industry standards and best practices. The DOD has a zero-tolerance policy for traceability of electronic parts deemed to be mission-critical or impacting human safety — that is, in those cases, contractors need to be able to point directly to the source.”
The rule did not go quietly through the supply chain: contractors, suppliers and distributors all expressed concerns during the public comment period. Sourcing electronics components isn’t a linear process. Parts flow from suppliers to customers and distributors but may also pass into the secondary – or open -- market where excess inventory is bought and sold. Not all companies that play in the open market maintain a high level of traceability or quality control standards. Sourcing from this market increases the risk of procuring damaged or counterfeit goods.
In the distribution market, for example, resellers are categorized as authorized or non-authorized distributors. Authorized distributors – that break down packages of components among their service offerings -- are required by contract to treat components as if they had come from the component maker’s factory floor. Shipments that were opened at an OEM or EMS factory and then resold as excess can’t always carry the same guarantee. Many independent, or non-authorized, distributors go to great lengths to ensure the quality of the excess (or unused) inventory they buy. But unscrupulous companies have been known to buy excess; mix lots of components or insert counterfeits into the mix; and resell the parts as genuine. Provenance documents can easily be mocked up and component re-marking has become increasingly sophisticated. Testing incoming components has helped end-customers to some degree, but testing adds cost to the entire procurement process.
Some sources are simply riskier than others, contractors point out. According to the Washington Business Journal article, “Some contractors feared [the] rule would impose unreasonable strict liability standards on industry, regardless of significant and good-faith efforts to address the issue. Others pointed to the potentially unaffordable costs of treating all electronic parts acquisitions equally, without any weighing of the odds of a counterfeit actually finding its way into the supply chain. “
That latter point did lead to a modest change in the final rule, the journal reports, "with the contractor now responsible for establishing a risk-based counterfeit detection and avoidance system ‘with the amount of risk based on the potential for receipt of counterfeit parts from different types of sources.’”
I’m not really sure how the latter part of that requirement is determined, but there are all kinds of risk management tools and consultancies available. Buyers manage risk all the time: there are shortages and overages; price hikes and declines; service disruptions and natural catastrophes. But in the military supply chain, risk can also include life or death. That lends a whole new meaning to the adage “buyer beware.”