Subcontractor Ethics Risk in Defense Contracting: Why Your Compliance Program Must Extend Beyond Your Walls
AIAI EthicsBusiness and Personal Ethicsbusiness ethicsChuck GallagherEthical Behavior

Subcontractor Ethics Risk in Defense Contracting: Why Your Compliance Program Must Extend Beyond Your Walls

By February 18, 2026No Comments

Subcontractor Ethics Risk in Defense Contracting: Why Your Compliance Program Must Extend Beyond Your WallsBy Chuck Gallagher — Defense Ethics Keynote Speaker and Trainer

The contract you didn’t lose… until you did

A prime contractor wins a strong award. Great customer. Solid program. Great team.

And then something strange happens.

The prime doesn’t fail.
The prime doesn’t miss the deadline.
The prime doesn’t deliver junk.

But the program still starts wobbling.

Not because the prime can’t perform…
but because someone in the supply chain quietly becomes the weakest link.

A subcontractor misses a requirement.
A vendor cuts a corner.
A third party “certifies” something they didn’t fully validate.
A component doesn’t meet the standard it was supposed to meet.
A cybersecurity expectation gets treated like optional.

And the prime is suddenly forced into a defensive posture:

“We didn’t know.”

In defense contracting, that’s one of the most expensive sentences you can ever say.

Because customers don’t only evaluate what you intended.

They evaluate what you delivered.

And when a subcontractor fails ethically or operationally, the prime inherits the fallout.

As a defense ethics keynote speaker and trainer, I’ve seen it repeatedly:

**Prime contractors don’t just manage performance.

They manage trust.**

And trust doesn’t stop at the walls of your organization.

The subcontractor risk no one wants to admit

Defense contracting runs on partnerships.

No prime can do everything.
No program survives without specialized suppliers, niche manufacturers, IT vendors, logistics partners, staffing firms, and subcontractors with unique capabilities.

That’s normal.

What’s not normal—but is increasingly common—is the belief that subcontractor ethics is someone else’s responsibility.

Here’s what I mean:

A prime has an ethics program.
A prime trains employees.
A prime has policies.
A prime has reporting channels.

But the subcontractor?

They might have:

  • weaker training
  • weaker controls
  • a smaller compliance function
  • looser documentation habits
  • “move fast” culture
  • or a “we’ve always done it this way” attitude

And the prime assumes it’s fine because:

“They signed the agreement.”

But signatures don’t prevent ethical failures.

Culture does. Controls do. Reinforcement does.

The ethical blind spot: “They’re good people”

Most primes select subcontractors based on capability, pricing, and speed.

And that makes sense—until it doesn’t.

Because the most dangerous subcontractor assumption is:

“They’re good people.”

They might be.
But “good people” without training and controls still make risky decisions under pressure.

And in the defense environment, pressure is constant:

  • tight delivery schedules
  • performance metrics
  • cost targets
  • staffing shortages
  • supply chain disruptions
  • customer expectations
  • documentation requirements
  • cybersecurity obligations
  • export control obligations

So the real question isn’t whether a subcontractor has good intentions.

It’s whether they have ethical discipline.

A public example: when supply chain integrity becomes a settlement

Here’s a real-world example that matters.

The Associated Press reported a settlement involving Revision Military, tied to allegations that foreign components were used in protective eyewear provided through a defense program requiring domestic sourcing under the Berry Amendment context.

I’m not sharing that to take a shot at anyone.

I’m sharing it because it highlights the prime contractor reality:

A single supplier decision can become a compliance issue, a reputational issue, and a customer-trust issue.

And once customer trust is shaken, everything becomes harder:

  • follow-on awards
  • option years
  • past performance ratings
  • future teaming relationships
  • internal morale

Subcontractor ethics risk is not theoretical—it’s structural

Subcontractor risk is built into the structure of the industry.

It shows up in places like:

1) Country of origin and sourcing

Domestic preference rules, approved suppliers, and documentation can break down quickly when supply chain disruption hits.

2) Quality shortcuts

A supplier tries to meet schedule and quietly substitutes materials, skips testing, or under-documents results.

3) Cybersecurity gaps

A subcontractor doesn’t meet the required cybersecurity posture—but the prime assumes they do.

4) Timekeeping and cost charging

A subcontractor mischarges labor, shifts costs, or bills inaccurately, creating downstream billing and compliance exposure.

5) Export controls

A subcontractor mishandles controlled technical data or fails to restrict access appropriately.

6) Conflicts of interest

Small suppliers often have tight networks; undisclosed conflicts can creep in fast.

None of these risks are rare.

They’re common.

And the most dangerous part is that they often look like “normal business” until the government or the customer asks questions.

Here’s the ethical truth primes need to accept

If you’re a prime contractor, you can’t outsource accountability.

You can outsource tasks.
You can outsource manufacturing.
You can outsource staffing.

But you cannot outsource ethical responsibility for performance under your contract.

That’s why I tell leaders:

I don’t deliver ethics training. I build ethical decision-making reflexes under pressure.

And in today’s defense ecosystem, that reflex must extend into the supply chain.

Because subcontractors make decisions under pressure too.

And those decisions can become your problem overnight.

Why most subcontractor compliance efforts fail

Let’s be honest: most subcontractor oversight is built on paperwork.

  • flow-down clauses
  • certifications
  • checklists
  • contract language
  • supplier onboarding forms

Those matter.

But paperwork alone does not create ethical behavior.

Here’s why it fails:

1) Oversight is treated as a one-time event

Once the subcontract is signed, everyone moves on.

2) Ethics is treated as legal language

Not a behavioral expectation.

3) Prime leadership doesn’t reinforce it

If program managers treat subs like “get it done” vendors, ethics becomes optional.

4) There’s no shared culture

The subcontractor doesn’t feel part of the mission—only part of the transaction.

And when a partner feels transactional, they act transactional.

What effective subcontractor ethics training and oversight looks like

If you want to reduce subcontractor ethics risk, here’s what actually works:

1) Treat subcontractors like an extension of your brand

Because they are.

2) Build role-based ethics expectations

Don’t just send a code of conduct. Explain:

  • what matters most
  • what can’t be compromised
  • how issues must be escalated

3) Use scenario-based conversations

Examples:

  • “What do you do if your supplier can’t meet spec?”
  • “What happens if a component must be substituted?”
  • “What do you do if you discover a cyber gap?”
  • “How do you handle controlled technical data?”

4) Require proof, not promises

Certifications are fine. Verification is better.

5) Make it safe to disclose problems early

You want subcontractors raising issues early, not hiding them until it’s too late.

6) Reinforce ethical expectations in program rhythm

Ethics isn’t a kickoff topic. It’s a recurring leadership topic.

A simple framework: “Flow Down + Follow Through”

Here’s a phrase I use with primes:

Flow-down without follow-through is a liability.

Yes, you must flow requirements down.

But you must also follow through with:

  • communication
  • reinforcement
  • monitoring
  • accountability
  • and support

Because when a subcontractor is under pressure, the question becomes:

“Do we do the right thing… or do we do the fast thing?”

And primes need subcontractors trained to choose the right thing.

Final thought: the supply chain is where ethics gets real

A prime contractor can have a beautiful ethics program and still get burned if a subcontractor:

  • lies
  • hides
  • cuts corners
  • or stays silent when something goes wrong

The best defense contractors understand something important:

**Ethics isn’t just internal.

Ethics is operational across the entire supply chain.**

And if you want to protect contracts, protect trust, and protect your reputation, your ethical awareness program has to extend beyond your walls.

What’s Next?

If you’re a defense contractor leader, here’s the question to ask yourself:

Do your subcontractors understand your ethical expectations—or just your delivery expectations?

Because if they only understand delivery, they’ll deliver… however they have to.

If you want help building an ongoing ethical awareness program that strengthens subcontractor integrity and reduces risk, I’d love to help.

As always, I welcome your comments and I’m happy to respond. Feel free to share your thoughts below.

 

Related Articles: 

Cybersecurity Compliance for Defense Contractors: When “We’re Fine” Becomes an Ethical Breakdown

ITAR and Export Control Ethics: The Training Gap That Creates Massive Risk for Defense Contractors

Next Post

Leave a Reply