On May 13, 2024, the U.S. Department of Justice (DOJ) issued a press release touting its 2023 False Claims Act (FCA) “accomplishments” – amassing nearly $2.7 billion in settlements and judgments. This figure, while noteworthy, is part of a broader narrative of evolving priorities within the DOJ, especially concerning self-initiated cases (rather than whistleblower-initiated cases) and areas like the Paycheck Protection Program (PPP) and cybersecurity fraud. 

The DOJ’s FCA Strategy: A Closer Look at 2023 and Beyond 

The FCA is a favorite tool of the federal government because, among other sanctions, it permits the recovery of treble damages, which provides DOJ with powerful tools to force settlements. Additionally, by allowing whistleblowers to sue on the government’s behalf and receiving a percentage of any recovery, whistleblowers are incentivized to bring claims. 

Whistleblower lawsuits have long been a cornerstone of investigations and litigation under the False Claims Act (FCA). This trend persisted into 2023, with whistleblower-initiated actions accounting for 87% of the recoveries by DOJ. The decision by the DOJ to intervene in these qui tam cases, however, remains a pivotal factor, with 81% of the FCA recoveries in 2023 occurring in cases where the government elected to step in. From a defense lawyers’ perspective, advocating during the investigative stage is critical. Statistically, if your advocacy on behalf of the client results in a non-intervention decision by DOJ, the likelihood of a claim being pursued goes down significantly. 

Regarding its FCA settlements and judgments, the Justice Department heralded 2023 as a record-setting year with 543 actions—the highest number recorded to date. Yet, the total recovery amount of $2.68 billion, while significant, represents one of the smaller sums in recent years. For context, between 2010 and 2019, annual DOJ recoveries frequently neared or surpassed $3 billion. Notably, 2021 saw an exceptional recovery of $5.7 billion, marking a historic peak for the department. 

As noted, in 2023, whistleblowers continued to be instrumental, with their actions leading to 87% of the DOJ’s recoveries. However, a significant shift was observed in the number of DOJ self-initiated actions. The department initiated 500 such cases, a notable increase from 305 in the previous year. This suggests DOJ is taking a more proactive stance rather than continuing to primarily rely on whistleblower-initiated actions. 

Key Areas of Focus: 

  1. Paycheck Protection Program (PPP) Fraud

PPP and other pandemic relief programs initiated during the COVID-19 pandemic to aid businesses has been ripe with alleged abuses.  This lead DOJ to initiate and resolved approximately 270 pandemic-related FCA cases in 2023, recovering over $48.3 million.  

  1. Civil Cyber-Fraud Initiative

Launched in October 2021, this initiative targets government contractors who fail to meet cybersecurity standards. A notable case in 2023 involved Verizon, which settled a claim for $4 million over allegations related to inadequate cybersecurity controls.  

Government contractors must diligently monitor and enhance their cybersecurity protocols. The introduction of new regulations by the Federal Acquisition Regulatory (FAR) Council underscores the growing emphasis on robust cybersecurity practices. These regulations necessitate that contractors not only establish systems capable of detecting breaches but also ensure that these breaches are swiftly reported. 

In a significant move last fall, the FAR Council proposed two critical rules aimed at bolstering cybersecurity measures among federal contractors. The first proposed rule seeks to “standardize cybersecurity contractual requirements across Federal agencies for unclassified Federal information systems,” as detailed in the Proposed Rule, 88 F.R. 68402 (October 3, 2023). This standardization intends to develop a unified security framework that enhances the protection of sensitive government data. 

The second proposed rule mandates that contractors must share information regarding cyber threats and report cyber incidents to the government within eight hours of discovery. See Proposed Rule, 88 F.R. 68055 (October 3, 2023). This rule underscores the critical need for timely communication between contractors and the government, facilitating rapid responses to potential cybersecurity threats.  

In addition to adhering to these enhanced requirements, companies that identify violations should proactively engage with the Department of Justice’s cooperation policy. By doing so, they can significantly mitigate potential liabilities. This proactive stance not only demonstrates a commitment to compliance but also positions the company favorably in terms of regulatory oversight. 

For legal professionals advising federal contractors, it’s imperative to stay abreast of these developments and guide their clients through the complexities of compliance with these emerging cybersecurity standards. This ensures that their clients not only avoid potential penalties but also maintain their standing as trustworthy government partners. 

Looking Ahead: DOJ Priorities for 2024 

Healthcare Fraud: Continuing to dominate FCA recoveries, DOJ is expected to remain focused on the healthcare industry. 

Cybersecurity: With proposed regulatory changes, contractors must ensure compliance with stringent cybersecurity protocols to avoid potential liabilities. This may be an area of increased FCA claims. 

Pandemic Fraud: DOJ is expected to continue investigations of alleged fraud related to pandemic relief efforts. 

Private Equity Oversight: Recent actions suggest increased attention on private equity’s role in healthcare, emphasizing the need for thorough due diligence and independent management of portfolio companies. 

The U.S. Department of Justice (DOJ) has increasingly utilized the FCA to address alleged violations by private equity investors and venture capital funds relating to their portfolio companies. A notable trend has emerged where the DOJ argues that neglecting issues identified during an investor’s due diligence—and failing to rectify these issues promptly—can lead to liability under the FCA. 

A good example of this is H.I.G. Growth Partners and H.I.G. Capital (H.I.G.) along with former executives of South Bay Mental Health Center, Inc. (South Bay). They agreed to a $25 million settlement over claims that they caused fraudulent claims to be submitted to federal and Massachusetts healthcare programs due to not addressing pre-investment misconduct promptly.  

The whistleblower in that case alleged that, during its due diligence, H.I.G. became aware of the misconduct at South Bay and either knew or should have known that the inappropriate conduct persisted post-acquisition. This case underscores the critical importance of not only conducting thorough due diligence but also ensuring that any discovered issues are swiftly and effectively addressed. 

For legal professionals advising private equity firms, it’s crucial to emphasize the necessity of rigorous due diligence processes, particularly assessing FCA risks. Moreover, ensuring that portfolio company management operates autonomously and maintains regular reporting to the board of directors is likewise vital. Ignoring these practices can blur the lines of corporate governance, significantly elevating the risk for private equity investors. 

Conclusion 

For FCA defense lawyers, staying abreast of DOJ priorities is crucial. The evolving landscape demands a proactive approach to compliance and a keen awareness of the areas under DOJ scrutiny. As DOJ continues to adapt its strategies to contemporary challenges, legal professionals must navigate these changes adeptly, ensuring their practices and clients remain well-informed and compliant with the latest regulatory and enforcement trends.