According to the Department of Justice’s (DOJ) statistics on False Claims Act (FCA) settlements and judgments for fiscal year (FY) 2024 – which ended on September 30, 2024 – DOJ saw the highest number of qui tam actions filed in history and total FCA settlements and judgments exceeded $2.9 billion. Qui tam cases – initiated by private citizens on behalf of the government – continued to account for approximately 70% of total FCA actions. Government-initiated enforcement remained steady, with a slight drop from FY 2023. We expect FY 2024’s uptick in FCA enforcement to continue and provide an overview of what federal contractors, grant recipients, and private sector companies should be on the lookout for this year.
Here’s what happened in 2024
Enforcement trends: DOJ v. cyber fraud
DOJ’s Civil Cyber Fraud Initiative continued to prioritize whistleblowers and enforcement tied to federal government contracts cybersecurity requirements, initiating its first litigation under the Civil Cyber Fraud Initiative in FY 2024. In August 2024, DOJ intervened in a qui tam action against the Georgia Institute of Technology (Georgia Tech) for purportedly failing to comply with cybersecurity standards and requirements for Department of Defense (DOD) contracts. Whistleblowers from Georgia Tech alleged that Astrolavos Labs (Astrolavos), a cybersecurity research lab operated by Georgia Tech, implemented an incomplete security plan, submitted a false cybersecurity assessment score to DOD, and failed to timely install antivirus or antimalware software on the laboratory’s computers and networking equipment in violation of both federal cybersecurity requirements and the university’s policies. DOJ’s complaint-in-intervention alleged that Astrolavos failed to implement cybersecurity controls required under the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting – under contracts with the U.S. Air Force and Defense Advanced Research Projects Agency (DARPA) and submitted a false assessment of its cybersecurity compliance to the government.
In the first-ever settlement under DOJ’s Civil Cyber Fraud Initiative, Comprehensive Health Services LLC (CHS), a for-profit medical management services provider, agreed to pay $930,000 to resolve allegations that it falsely represented to the State Department and the Air Force that it complied with contract requirements relating to the provision of medical services at government-run facilities in Iraq and Afghanistan. CHS allegedly failed to disclose that it had not consistently stored patients’ medical records on a secure electronic medical record (EMR) system. In another settlement under this initiative, ASRC Federal Data Solutions LLC (AFDS) agreed to pay $306,722 and waived any rights to reimbursement – including at least $877,578 in costs – to resolve allegations that it stored screenshots from the Centers for Medicare and Medicaid Services’ (CMS) systems containing personally identifiable information and potentially personal health information of Medicare beneficiaries on its subcontractor’s server without individually encrypting the files. These settlements demonstrate that the Cyber Fraud Initiative extends beyond contractors or contracts specifically tied to cybersecurity services and will address non-compliance across all types of contracts.
Taken together, these enforcement actions signal a strengthening push – perhaps even building momentum – by DOJ’s Civil Cyber Fraud Initiative. We anticipate cybersecurity will be a key focus of enforcement actions in 2025.
Eighth Circuit caps the cost on excessive FCA penalties
In Grant ex rel. United States v. Zorn, the Eighth Circuit joined the Eleventh Circuit in holding that the Excessive Fines Clause applies to penalty awards in FCA cases in which the government does not intervene. The FCA imposes treble damages and mandatory civil penalties for each false claim. Because FCA suits often involve numerous alleged false claims, mandatory penalties often exceed actual damages. In Grant, the district court found that the defendants submitted 1,050 false claims by overbilling the government for patient visits. This amounted to approximately $86,000 in actual damages and $260,000 in treble damages. But the district court calculated approximately $6.5 million in mandatory per-claim penalties – roughly 78 times the amount of actual damages. The Eighth Circuit determined that the Excessive Fines Clause applies in cases where the government declines to intervene. The Eighth Circuit also held that the penalty award of $6.5 million was unconstitutionally excessive and disproportionate to actual damages. Looking forward, Grant strengthens arguments by defendants for lower penalty awards in FCA qui tam cases. We expect further developments in the federal circuit courts related to the constitutional limits on FCA penalty awards.
(Un?) constitutionality of qui tam actions
The constitutionality of qui tam actions is under the microscope following the September 2024 decision in U.S. ex rel. Zafirov. v. Fla. Med. Assocs, LLC, where the District Court for the Middle District of Florida dismissed a qui tam action, holding unconstitutional the qui tam provisions that provide relators standing to prosecute violations of the FCA without intervention by the federal government. The court held that the relator, as primary plaintiff in the case, exercised power in prosecuting the case since 2019 without any intervention or assistance from the federal government in a way that unconstitutionally raised her to the level of an officer of the United States. Zafirov is currently on appeal before the Eleventh Circuit and is likely to make its way to the Supreme Court, though several other district courts have ruled that the qui tam provisions are constitutional. We are continuing to monitor the case and expect to see the Eleventh Circuit’s decision in 2025.
Here’s what’s coming in 2025
AFCA’s (potential) power play
Federal agencies now have broader authority to pursue potential fraud administratively without seeking authorization from DOJ. The National Defense Authorization Act (NDAA) for Fiscal Year 2025 substantively changed the Program Fraud Civil Remedies Act of 1986 (PFCRA) now known as the Administrative False Claims Act (AFCA). AFCA encourages federal executive branch agencies to pursue claims valued at up to $1 million, increasing that threshold from $150,000. It also broadens the pool of individuals authorized to hear cases and allocates additional DOJ resources to expand the number of officials reviewing AFCA claims. AFCA’s statute of limitations now aligns with the civil FCA, and AFCA enables agencies to recover costs related to investigating and prosecuting claims. Unlike the FCA, AFCA does not include a qui tam provision for whistleblowers, and companies can be held liable for disseminating false information even without an underlying claim for government funds. As a final matter, AFCA empowers federal agencies to conduct their own investigations, which, in turn, reduces their reliance on DOJ or private whistleblower actions. We expect to see more agency investigations and enforcement actions without DOJ involvement.
Diversity, equity… and fraud?
In the wake of President Trump’s Executive Order (EO) 14173 titled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” the U.S. Office of Personnel Management (OPM) issued further guidance on February 5, 2025, effectively ordering all federal agencies to eliminate all diversity, equity, inclusion, and accessibility (DEIA) offices, policies, programs, and practices that constitute “unlawful” employment discrimination. The Attorney General (AG) has also stated her intention to investigate and pursue enforcement action – both civil and criminal – against private sector companies “for the unlawful use of” diversity, equity, and inclusion (DEI) and DEIA policies. Publicly traded corporations; large non-profit corporations or associations; foundations with assets of $500 million or more; state and local bar and medical associations; and institutions of higher education with endowments over $1 billion are all in the AG’s crosshairs although the EO instructs executive agencies to issue guidance and reports that have yet to be released. While the AG awaits a report from the Civil Rights Division and Office of Legal Policy on recommendations for enforcement, it is advisable for federal contractors, grant recipients, and private sector companies to proactively assess DEI programs in light of DOJ’s new approach to identify any vulnerabilities. This includes, but is not limited to, conducting a review of company websites, compensation programs, hiring practices, and workplace trainings to assess whether they could be scrutinized by DOJ. As we learn more about this administration and its priorities, federal contractors, grant recipients, and private sector companies must remain prepared for potential investigations.
New tariffs bring new risks
On February 13, President Trump issued a policy memorandum on his Fair and Reciprocal Plan that is intended to “counter non-reciprocal trading arrangements with trading partners by determining the equivalent of a reciprocal tariff with respect to each foreign trading partner.” The announcement follows new tariffs imposed on Chinese-origin imports and tariffs on Canadian- and Mexican-origin goods set to begin on March 4, 2025, as well as adjustments to the existing tariffs on steel and aluminum imports that will take effect on March 12. These changes make country of origin, classification, and valuation key issues in assessing – and potentially mitigating – the tariffs’ impact. In addition to potential investigations and enforcement actions by U.S. Customs and Border Protection (CBP), which President Trump emphasized earlier this week, importers may also see an increase in qui tam actions from professional relators, whistleblowing employees, or competitors trying to ensure the entire market is playing by the same rules.
Keep your eyes wide open
In an ever-evolving regulatory landscape, staying ahead of FCA developments is essential for federal contractors, grant recipients, and private sector companies alike. Ongoing vigilance in compliance and training, especially concerning the Trump administration’s new focus on DEI and DEIA policies, remains critical to mitigating risk. Reed Smith’s White Collar Criminal Defense and Investigations, Government Contracts, and International Trade practices remain committed to monitoring developments and providing clients with the strategic counsel necessary to stay compliant and mitigate risk.
Client Alert 2025-049
