The Department of Justice (DOJ), via messaging from its leadership, has made clear it will prioritize and pursue aggressive civil False Claims Act (FCA) enforcement against companies that receive federal dollars. As the government’s primary civil remedy to redress fraud against the government, the FCA generates billions of dollars in annual DOJ settlements and judgments with the majority initiated by whistleblower qui tam lawsuits. Here are 5 things companies receiving federal money can do to mitigate risks of exposure to FCA liability:
-
Strengthen Ethics and Compliance Programs and Policies
Review and revise corporate compliance and ethics programs with a focus on current and emerging risk factors, accompanied with regular, updated training, and policies and procedures for employees to both avoid common missteps and to report potential wrongdoing via a hotline.
-
Conduct Internal Investigations and Consider Disclosure Options
An effective internal investigation conducted by counsel under privilege can go a long way to managing risks to the company when initial wrongdoing is reported. In certain instances, the wrongdoing initially reported may differ greatly from the reporter’s impression and actually not be an issue at all. Every credible allegation, however, should be investigated by experienced counsel to make that determination. When misconduct is identified, companies should assess with counsel whether a disclosure to law enforcement and/or procuring agencies may be warranted or, in certain circumstances, required.
-
Anticipate Scrutiny of Employment Practices and Imports of Goods to the U.S.
On May 19, 2025, DOJ announced a Civil Rights Fraud Initiative aimed at utilizing the FCA to combat knowing violations of civil rights laws, including those related to Diversity, Equity, and Inclusion (DEI) programs. The FCA is also a key tool for the administration’s enforcement efforts related to imports and tariffs. Companies should consider conducting updated internal risk assessments focused on DEI policies and employment practices as well as import compliance protocols. Companies that import goods or components should consider re-evaluating their processes and policies for classifying the applicable country of origin on imports, and document good-faith interpretations of applicable laws and regulations.
-
Focus on Cybersecurity Compliance and Third-Party Assessments
Recent DOJ settlements demonstrate that cybersecurity non-compliance is a key area of focus for DOJ and qui tam relators under the FCA. Defense contractors should consider FCA risks as they update system security plans and cybersecurity scores and prepare for third-party assessments of their networks under the Department of War’s Cybersecurity Maturity Model Certification Program known as CMMC.
-
Review Subcontracts and Supply Chain Risks
Diligence and oversight of subcontractors and suppliers under government contracts—and attention to required flow-down clauses—can reduce cybersecurity and other FCA risks.
