Updates From ACI’s Advanced Forum on False Claims and Qui Tam Enforcement, June 22-23 in New York

Government, industry and outside counsel convened in New York June 22-23 at ACI’s Advanced Forum on False Claims and Qui Tam Enforcement to discuss recent trends in False Claims Act (FCA) case law and enforcement priorities. The panels addressed several developments of potential interest to health care providers, contractors that certify compliance with government cybersecurity requirements, and private equity firms that invest in and manage government contractors.

First, health care providers will not be surprised to learn that the government obtained its highest-ever total annual recovery from the industry in FY2021 — approximately $5 billion. That may reflect overall growth in FCA recoveries rather than signal the government’s focus on the health care sector in particular, as FY2021 also saw the second-highest total annual FCA recovery by the federal government — with FY2020 taking the top spot. However, the majority of the approximately 200 new FCA investigations opened by the Department of Justice in non-qui tam cases in FY2021 did not involve health care matters and instead focused on other industries.

Second, both relator- and defense-side counsel agree that cybersecurity failures present a new and emerging FCA enforcement risk. The department’s announcement of its Civil Cyber-Fraud Initiative last fall was intended to serve as a wake-up call to all government contractors that interface with sensitive government information and critical systems, along with private individual information such as HIPAA-protected materials. The consensus among panelists was that FCA enforcement will soon extend beyond those companies that contract directly with the federal government to provide cybersecurity services, and will sweep in companies that contract with the government for other products or services and certify compliance with government cybersecurity protocols, whether by contract or through regulation. Relators’ counsel contend that potential plaintiffs are uncovering evidence of “basic” cybersecurity failures at their employers (such as the failure to password protect a company-issued laptop containing sensitive government information) and reporting that they are understaffed and undertrained in appropriate cybersecurity protocols. Counsel posit a real FCA risk for any government contractor that fails to have systems in place to monitor and respond promptly to cybersecurity incidents.

Third, another emerging area for FCA enforcement relates to private equity. PE firms that purchase government contractors are increasingly finding themselves the target of government enforcement efforts, along with the contractors they manage. DOJ has settled FCA claims against PE firms when it was able to plausibly allege some sort of involvement in, agreement to or knowledge by the PE firm of the contractor’s misconduct. Government counsel may look closely at prospectus documents, investment decisions and especially due diligence materials as important evidence to demonstrate participation by PE firms in the underlying FCA scheme.

Finally, government panelists confirmed that the DOJ’s latest policy on cooperation credit, announced by Deputy Attorney General Lisa Monaco in October 2021, restored prior department guidance that sought to incentivize disclosure and cooperation by potential FCA defendants. Potential targets will receive maximum cooperation credit by voluntarily disclosing misconduct and can receive partial credit by cooperating in other meaningful ways. DOJ Deputy Assistant Attorney General Michael Granston reported recent instances of cooperating companies settling FCA matters with the government for reduced amounts based on the application of 1.2, 1.5 and 1.6 multipliers — all reductions from the default double damages multiplier. Of course, the government’s provision of cooperation credit in any particular case varies significantly based on the facts and circumstances of the defendant’s cooperation, but also seemingly on whether the case is run out of Main Justice or a local U.S. attorney’s office. DOJ apparently does not internally track how consistently its prosecutors apply cooperation credit guidance in practice.

For more information on recent FCA developments, contact the members of Kramer Levin’s False Claims Act practice.