The False Claims Act: Recent Developments in One of GovCon’s Oldest Laws

The adage that old dogs cannot learn new tricks may well be true—but the False Claims Act is an exception to that rule. One of the oldest government contracting laws, the FCA continues to evolve with today’s controversies and changes to the acquisition landscape. And despite a downturn in traditional white-collar enforcement generally, the FCA continues to be a boon for the federal government, allowing it to recover significant sums from government contractors. In 2019, the Justice Department (DOJ) collected $3 billion in settlements and judgments—a similar figure to recent years. As in most years, the majority of recoveries came from cases filed by private individuals, or “qui tam relators.” Over 85 percent of those qui tam recoveries came in cases in which the government intervened or otherwise took action. This article catalogues important recent FCA developments.

DOJ Update

DOJ has issued several important directives, policy statements, and revisions to the Justice Manual that have clarified—for DOJ trial attorneys and for government contractors and their legal counsel—key substantive risks and procedural issues arising under the FCA. Guidance is good for all players, providing a road map for understanding FCA obligations and risks, defense strategies, remedial measures and resolutions, and how to avoid false claims in the first place.

The “Granston Memo”: DOJ Increasingly Dismissing Declined Qui Tam Suits

Under the FCA’s qui tam provision, a private individual—the “relator”—can step into the shoes of the government and prosecute an FCA claim. The relator must first file the complaint under seal and provide to DOJ a copy of evidence of the alleged fraud. DOJ has a statutory obligation to investigate the allegations and, ultimately, decide whether to intervene in the action in whole or part or to decline the case. A declination does not, however, foreclose the relator from continuing to prosecute the litigation to judicial decision.

Historically, upon declination, DOJ allowed the relator’s case to proceed. But the FCA does authorize DOJ to dismiss a declined case—even over the objection of the relator. The FCA provides:

The Government may dismiss the action notwithstanding the objections of the person initiating the action if the person has been notified by the Government of the filing of the motion and the court has provided the person with an opportunity for a hearing on the motion.

This section was added to the FCA in 1986, but DOJ initially exercised this authority “sparingly” and with “circumspection,” adopting a de facto (if not de jure) preference for allowing declined qui tam lawsuits to proceed.

That approach recently changed. In 2018, then-Director of DOJ’s Civil Frauds section, Michael Granston, issued a memorandum that signaled a new emphasis on dismissing declined qui tam lawsuits (the Granston Memo). The Granston Memo encourages a shift in practice by suggesting that DOJ attorneys should dismiss declined qui tam cases that lack merit. Such cases drain limited government resources and may “generate adverse decisions that may affect the government’s ability to enforce the FCA.” The Granston Memo identifies seven nonexhaustive factors that DOJ can use as a basis for dismissal:

1. curbing meritless qui tams;
2. preventing parasitic or opportunistic qui tam actions;
3. preventing interference with agency policies and programs;
4. controlling litigation brought on behalf of the United States;
5. safeguarding classified information and national security interests;
6. preserving government resources; and
7. addressing egregious procedural errors.

For government contractors accused of false claims, the implications are clear: obtaining the declination is not the only goal with DOJ. Convincing DOJ—using the factors in the Granston Memo—to dismiss a declined qui tam can save years of litigation and the significant resources required to litigate or settle a declined qui tam action. For government contractors facing FCA allegations, therefore, it is a significant opportunity and should be part of a contractor’s response strategy.

In 2020, DOJ leadership announced that since the Granston Memo, DOJ had dismissed 45–50 declined qui tam suits—about the same number that DOJ had dismissed in the preceding thirty years combined. And DOJ recognized in its January 2020 FCA report (covering FY 2019) that DOJ increased the tempo of Granston dismissals, making “increasing use of this tool to help prioritize and protect the expenditure of government resources.” Clearly DOJ is taking a more aggressive approach to dismissing these cases.

DOJ’s willingness to dismiss has not escaped congressional notice. Senator Chuck Grassley wrote a letter to Attorney General Barr in late 2019 expressing concern that DOJ was too eager to dismiss FCA claims. Senator Grassley alleged that DOJ had moved to dismiss multiple cases “without first conducting cost-benefit analyses or other evaluations of the merits of a case.” He also asked Attorney General William Barr to consider whether the Granston Memo creates “perverse incentives for alleged fraudsters to engage in abusive litigation tactics to prompt a case’s dismissal.” Grassley’s defense of FCA qui tam actions is unsurprising—he was one of the primary authors behind the 1986 amendments that revived the FCA and authorized qui tam actions. Given Attorney General Barr’s historical hostility to FCA actions—in 1989, he argued the qui tam provisions of the FCA were “patently unconstitutional” and an “abomination”—it also stands to reason that “Granston dismissals” will increase with Attorney General Barr at the helm of the Department (the Granston Memo was issued during Attorney General Sessions’ tenure). It will be interesting to see if the tempo of dismissals increases further—and whether that tempo generates further legislative push-back.

The increasing number of “Granston dismissals” has also been playing out in the courts, creating splits related to procedure and standards for these dismissals. Seldom confronted with the question of what standard to apply, courts are now grappling with (1) whether a relator must be afforded a hearing before a dismissal and (2) the standard to apply in deciding whether to approve a DOJ dismissal request.

A recent decision from the Third Circuit illustrates both issues. Although the FCA requires that a qui tam relator have “an opportunity for a hearing” if DOJ moves to dismiss, the Third Circuit recently held that an “opportunity” does not equate to a guaranteed hearing. The court joined other jurisdictions in holding that the FCA does not require a hearing “unless the relator expressly requests a hearing or makes a colorable threshold showing of arbitrary government action.”

In reaching this decision, the Third Circuit declined to weigh in on a circuit split concerning whether a court must approve DOJ’s dismissal of a qui tam action. Other courts, however, have acted in this regard. For example, the D.C. Circuit stated that DOJ has “an unfettered right” to dismiss a qui tam action and need not seek court approval. On the other hand, the Ninth and Tenth Circuits require that the government establish to the court’s satisfaction that there is (1) “a valid government purpose” for the dismissal and (2) “a rational relation between dismissal and accomplishment of the purpose.” If the government meets these prongs, “the burden switches to the relator to demonstrate that dismissal is fraudulent, arbitrary and capricious, or illegal.” For its part, the Third Circuit found that the relator’s showing fell short even under the stricter standard of the Ninth and Tenth Circuits, and therefore declined to take a side in this split. Ultimately, the standards for dismissal of qui tam lawsuits raise constitutional concerns grounded in separation of powers and questions of statutory interpretation that may be ripe for Supreme Court clarification.

DOJ Releases Consolidated False Claims Act Cooperation Credit Guidance

In 2019, DOJ issued a revised and consolidated set of guidelines for determining cooperation credit for organizations facing exposure under the False Claims Act. The guidelines define the credit as, typically, “reducing the penalties or damages multiple sought by the Department.” The guidance aims to consolidate and add uniformity to resolution of FCA investigations and cases—something that could vary considerably depending on the venue of the case. And while much of the guidance is common knowledge among experienced FCA practitioners, it is DOJ’s most concise public statement of how cooperation credit plays out in the context of the False Claims Act. The consolidated guidelines identify the main factors that DOJ will consider when assessing the maximum “credit” parties will get for (1) voluntarily self-disclosing misconduct, (2) proactively cooperating with FCA investigations, and (3) taking effective remedial measures.

Voluntary Self-Disclosure

DOJ continues to emphasize voluntary disclosures, making a timely self-disclosure the surest path to cooperation credit. Under the guidelines, companies and individuals that discover false claims and make a “proactive, timely, and voluntary self-disclosure” to DOJ should receive credit. Such parties will also qualify for credit for disclosing “additional misconduct going beyond the scope of the known concerns” uncovered during an internal investigation. Voluntary disclosure, the guidelines caution, does not include disclosure of information required by law or in responding to a subpoena, investigative demand, or other compulsory process. Nor does it include the disclosure of information under an imminent threat of discovery or investigation.

But self-disclosure is not a prerequisite to at least some cooperation credit. Partial credit is available to defendants who “meaningfully assist” DOJ’s investigations even after not self-disclosing the underlying conduct. But DOJ will not give credit to any entity or individual that “conceals involvement in the misconduct by members of senior management or the board of directors,” or to an entity or individual that “otherwise demonstrates a lack of good faith to the government during the course of its investigation.”

“Other Forms” of Cooperation

Individuals and organizations under investigation can also receive credit for taking steps to cooperate with DOJ. The factors below provide a road map for organizations looking to navigate FCA resolutions. Steps that could qualify for credit include:

• identifying individuals substantially involved in or responsible for the misconduct;
• disclosing relevant facts and identifying opportunities for DOJ to obtain evidence not in the possession of the entity or individual or not otherwise known to the government;
• preserving, collecting, and disclosing relevant documents and information beyond existing business practices or legal requirements;
• identifying individuals who are aware of relevant information or conduct, including an entity’s operations, policies, and procedures;
• making organization employees with relevant information available for meetings, interviews, examinations, or depositions;
• disclosing relevant facts gathered during the organization’s independent investigation (not including information subject to attorney–client privilege or work-product protection), including attribution of facts to specific sources rather than a general narrative of facts, and providing timely updates on the organization’s internal investigation into the government’s concerns, including rolling disclosures of relevant information;
• providing facts relevant to potential misconduct by third parties;
• providing technological expertise and assistance to the government in their review of relevant information;
• admitting liability or accepting responsibility for the wrongdoing or relevant conduct; and
• assisting in the determination or recovery of the losses caused by the organization’s misconduct.

DOJ attorneys are directed to use the following factors in weighing the value of any self-disclosure and cooperation by considering the following factors:

• the timeliness and voluntariness of the assistance;
• the truthfulness, completeness and reliability of information provided;
• the nature and extent of the assistance; and
• the significance and usefulness of the cooperation.

Effective Remedial Measures

Under the revised guidelines, remedial actions taken by an organization in response to an FCA violation that would receive credit include:

• analyzing the root cause of the underlying misconduct and how to address it;
• implementing or improving an effective compliance program designed to ensure the misconduct does not reoccur;
• disciplining or replacing those responsible for the misconduct (including supervisors) either through direct participation or failure in oversight; and
• any additional steps that demonstrate that the entity recognizes how serious the misconduct is, accepts responsibility for it, and will implement preventative measures to make sure it doesn’t reoccur.

Although the guidelines do not significantly alter existing DOJ policy and precise uniformity across all FCA resolutions is unlikely given the vagaries of each alleged FCA violation, investigation, and negotiated resolution, the guidelines provide a clear and concise set of directives to the Assistant U.S. Attorneys and Civil Frauds trial attorneys who will evaluate an organization’s cooperation and self-disclosure. For organizations seeking to understand their own obligations and potential options, understanding the government’s expectations and the framework for resolutions has never been more important—or easier.

The “Brand Memo”: DOJ Cools to Violations of “Sub-regulatory” Guidance?

Congress passes statutes. Agencies promulgate regulations. Both can create a basis for potential FCA liability (provided other elements like falsity and scienter are satisfied). But what about the thicket of so-called sub-regulatory guidance issued daily by agencies—directives, handbooks, manuals, policy statements, instructions, and other documents? Can violations of these sub-regulatory documents, again with the requisite intent, create FCA liability?

The FCA is broad, covering a series of acts across a wide swath of industries. Government contractors must make a myriad of representations and certifications from the bid stage all the way through contract performance and closeout. These representations include affirmative statements of statutory and regulatory compliance, statements that pricing is accurate, true, and complete, and beyond. If a contractor knowingly misrepresents compliance with a sub-regulatory guidance document, it could conceivably create FCA risk.

But with the Brand Memo, ironically also an agency sub-regulatory guidance document, the administration announced policy that DOJ trial attorneys should not use violations of sub-regulatory guidance as the basis for FCA enforcement. In affirmative civil enforcement cases, the memo directed, “the Department may not use its enforcement authority to effectively convert agency guidance documents into binding rules,” meaning “Department litigators may not use noncompliance with guidance documents as a basis for proving violations of applicable law” in FCA cases.

What type of document is off limits? The Brand Memo defined “guidance document” as “any agency statement of general applicability and future effect, whether styled as ‘guidance’ or otherwise, that is designed to advise parties outside the federal Executive Branch about legal rights and obligations.” The Brand Memo clarified that DOJ may continue to use guidance documents under some circumstances. For example, guidance documents that “simply explain or paraphrase legal mandates from existing statutes or regulations” may be used by DOJ trial attorneys in FCA cases. Likewise, DOJ may use “evidence that a party read such a guidance document to help prove that the party had the requisite knowledge of the mandate.”

This is an enforcement directive that is not binding on judicial treatment of the FCA or on relators, who may still attempt to use sub-regulatory guidance in proving FCA violations. It is also subject to revision at any time by this administration (or the next), and it does not eliminate risk that contracting officers or other agency officials might take contractual or administrative action against a contractor for violations of such guidance. But for government contractors facing FCA risk, the policy announced in the Brand Memo theoretically reduces the universe of policies and requirements that could serve as predicates for FCA liability. That, in turn, reflects an overall reduction in FCA risk.

Wither the Yates Memo? DOJ Dials Back Required Disclosures (a Little Bit)

The Yates Memo, issued under the prior administration, emphasized that DOJ settlements should focus on individual accountability and should not permit individuals to escape responsibility when the organization resolves its liability. Disclosure of “all facts” and “all individuals” involved was the order of the day—and an organization’s failure to do so jeopardized its eligibility for cooperation credit. While the Yates Memo has not technically been rescinded, DOJ announced policy changes that—while still emphasizing individual accountability and timely/complete disclosure—reduce the extent of the disclosure required to obtain cooperation credit in FCA cases.

Announced in a speech by then-Deputy Attorney General Rod Rosenstein, DOJ appears to have backed away from the “all facts” and “all individuals” approach of the Yates Memo. The revision was ultimately incorporated into the Justice Manual, which now provides:

To be eligible for cooperation credit in a civil corporate case, a corporation must provide meaningful assistance to the government’s investigation. To earn maximum cooperation credit, a corporation must do a timely self-analysis and be proactive in voluntarily disclosing wrongdoing and identifying all individuals substantially involved in or responsible for the misconduct, without making the government compel such disclosures with subpoenas or other investigative demands.

Though this shift is small and in practice will not affect every factual scenario, it reflects a shift in the expectations from the prior administration.

Supreme Court Decisions

The Supreme Court Addresses the Statute of Limitations

The FCA’s statute of limitations is, in the words of Justice Alito, “terribly drafted.” It provides:

A civil action under section 3730 may not be brought—

(1) more than 6 years after the date on which the violation of section 3729 is committed, or

(2) more than 3 years after the date when facts material to the right of action are known or reasonably should have been known by the official of the United States charged with responsibility to act in the circumstances, but in no event more than 10 years after the date on which the violation is committed, whichever occurs last.

Subsection (2) created confusion. Did it apply to an FCA claim brought by a relator—rather than the government—between six and ten years after a violation, but less than three years after the government knew or should have known the relevant facts? In 2019, the U.S. Supreme Court in Cochise Consultancy, Inc. v. United States ex rel. Huntresolved the circuit split by concluding that a relator can claim the benefit of this tolling provision even when the government declines to intervene and the relator knew of the alleged violation before the usual six-year statute of limitations expires.

The implications of the Court’s decision in Cochise for government contractors are significant. First, relators under certain circumstances now have more time—as many as four more years—to bring FCA claims. Second, because claims brought by relators are initially sealed while the government decides whether to intervene—a process that can itself take years—a government contractor may not learn of a timely filed complaint until more than 10 years after the alleged violation. Third, government recoveries in declined qui tam actions may trend upward, given that there is now a broader universe of conduct that could be encompassed by a relator’s complaint. Fourth, government contractors may want to evaluate their document-retention policies to retain documentation related to government claims until 10 years—or more—have elapsed. Burdensome though this may be, it may assist contractors in defending themselves against the aged FCA claims made possible by the Court’s interpretation of the FCA’s statute of limitations.

Update on Interpretation of the Materiality Requirement

As all FCA practitioners know, the Supreme Court’s recent landmark decision Universal Health Services v. United States ex rel Escobar included certain non-bright-line standards inconsistently applied across the circuits. The Court in Escobar affirmed potential liability for a false claim where a contractor implicitly certified compliance with a statutory, regulatory, or contractual requirement by making a claim for payment. But the Court limited liability to situations wherein the contractor “knowingly violated a requirement that the defendant knows is material to the Government’s payment decision.” The materiality requirement has so far proven difficult for lower courts to interpret and, despite several circuit splits arising from Escobar, the Supreme Court has yet to weigh in.

One aspect of Escobar that lower courts struggle to apply is the effect of the government continuing to pay contractors despite knowledge of the false claims. In Escobar, the Court stated that if the government continues to pay a particular claim despite actual knowledge of contractual violations, it is “very strong evidence” that the violation is not material. The strength of this evidence is inconsistent among—and even within—the circuits.

The Ninth Circuit presents a good case study in the courts’ difficulty with this standard. The Ninth Circuit has described the payment decision as “certainly probative” evidence, but nothing more—choosing instead to analyze the circumstances surrounding the government’s decision as a whole. Under this rule, a violation could plausibly be material despite the government knowing of it and continuing to make payments. On the other hand, the same court granted summary judgment on an implied false certification claim on the basis of the government’s payment of claims despite knowledge of noncompliance. Materiality—although an essential element of an FCA claim—continues to create confusion.

Subjects of Increased Enforcement

Cybersecurity Requirements: Not What President Lincoln Had in Mind, But the FCA’s Future?

If 2017 and 2018 were predominated by promulgation and implementation of cybersecurity requirements for federal contractors, 2019 was the beginning of what may be a cascade of FCA cases arising from those requirements. Recent settlements and cases show that the growing thicket of FAR and DFARS cybersecurity requirements have been fertile ground for FCA investigations and litigation.

In one of the first settlements of an FCA claim premised on cybersecurity misrepresentations, an IT contractor agreed to pay $8.6 million to the federal and state governments. The case, United States of America v. Cisco Systems, involved allegations from a former subcontractor whistleblower that an IT contractor knowingly sold video monitoring technology containing security flaws to the United States, eighteen states, and the District of Columbia. According to the whistleblower, the security flaws to the video monitoring technology created a backdoor to the system, enabling a potential user to gain unauthorized access to the entire network of a federal agency, take control of or bypass an agency’s physical security systems, or even allow an unauthorized user to obtain administrative access to the system to make modifications. Notwithstanding its awareness of the security flaws, and knowing that the disclosure of the security flaws would have prevented the federal government from purchasing the video monitoring technology, the relator alleged that the contractor withheld information regarding the security flaws from multiple federal and state agencies.

The contractor framed the settlement as a “partial refund” to the government and did not admit liability. The contractor acknowledged that “times and expectations have changed.” Interestingly, the conduct at issue took place in 2008—before the current and complex cybersecurity regime came into place.

If a wave of cybersecurity FCA claims is coming—and indications are that it is—that presents a new type of FCA risk. But it also will have influence outside the FCA context because it is likely that the substance of the DFARS and FAR cybersecurity provisions may first be interpreted and applied not by traditional government-contracting tribunals such as the Court of Federal Claims or the Boards of Contract Appeals, but by the district courts as they adjudicate FCA claims. The district courts are unaccustomed to the nuance and idiosyncrasies of federal contracting law. Discordant decisions about the substantive obligations under federal cybersecurity obligations would inject more uncertainty into an already new, evolving, and complex set of requirements.

FCA and the “China Initiative”: FCA Leveled at Research Institutions to Combat Chinese Influence?

DOJ’s use of the FCA to pressure organizations to tighten their compliance systems and to obtain significant civil financial recoveries is not “new news.” But what is new is DOJ’s use of the FCA in service of its “China Initiative” and the administration’s heightened scrutiny of government grantees and contractors, particularly representations and disclosures related to foreign collaborations, support, and influence. As shown by a recent DOJ settlement with a nonprofit research institution in Michigan that had obtained federal grant funding, DOJ is now using the FCA to advance its China Initiative and in so doing opening a range of grantees and R&D contractors to new FCA risk.

Officials at DOJ and FBI have repeatedly expressed deep concern with China’s Thousand Talents Program, which aims to recruit skilled U.S. researchers who will bring their research expertise and experience to China. DOJ turned that concern into action when it announced that the Van Andel Research Institute (VARI), a nonprofit biomedical research institute in Grand Rapids, Michigan, agreed to pay $5.5 million to resolve allegations that it had violated the FCA by submitting grant applications to the National Institute of Health (NIH) that “failed to disclose Chinese government grants that funded two VARI researchers.” DOJ alleged that one of VARI’s research personnel was receiving “generous support” from the Thousand Talents Program that VARI had failed to disclose to NIH. According to DOJ, VARI also failed to disclose other outside funding sources for multiple researchers in violation of NIH grant rules. DOJ stated that VARI had actual knowledge of the outside Chinese support but failed to submit complete and accurate grant applications to NIH that should have disclosed such support, and VARI failed to correct its grant progress reports made to NIH.

For recipients of federal funds, particularly research institutions and other federal grantees, there are several key takeaways from this development. Federal research funding is now under an enforcement microscope in ways that it has not been before. Yet grants and grant compliance sometimes receive less attention than government contracts and government-contracting compliance. Grant recipients often are nonprofit organizations that assess FCA risk to be low simply because the organization is a nonprofit doing basic research and because there are relatively few reported FCA enforcement actions. But ignoring FCA risk in the current enforcement environment would be a mistake. Grants are legally binding instruments and often involve the payment of hundreds of thousands or millions of federal dollars—and DOJ has brought a number of FCA actions against federal grantees.

Federally funded organizations should assess systematically the foreign affiliations of their personnel and review applicable federal disclosure requirements and existing and past employee questionnaires through the lens of the FCA. Such organizations should review their procedures for vetting of employees and researchers and their existing internal controls and policies. Organizations may be able to avoid compliance problems altogether, and if any federal funding agency or DOJ scrutiny does come, organizations should be prepared to quickly deploy a focused audit or internal investigation and consider policy revisions or an affirmative disclosure to take advantage of DOJ’s FCA cooperation guidelines.

FCA and the Opioid Epidemic: The FCA Deployed in the War on Drugs?

The opioid epidemic continues to take a staggering toll. In 2019, DOJ brought a “first of its kind” action against two pharmacies, their owner, and three pharmacists for allegedly dispensing and billing Medicare for prescriptions in violation of both the Controlled Substances Act (CSA) and the FCA. The action, seeking both injunctive relief and civil-monetary penalties, is a coordinated effort by the Department’s Prescription Interdiction & Litigation (PIL) Task Force, which reflects the DOJ’s commitment to use “all available . . . tools,” including the FCA, “to reverse the tide of opioid overdoses in the United States.” This action follows on DOJ’s 2018 civil action under the CSA and FCA enjoining several prescribers from “recklessly and unnecessarily distribut[ing] painkillers and other drugs.”

Opioid manufacturers felt the FCA, too. In one of recent memory’s largest single resolutions, the opioid manufacturer Insys Therapeutics paid $225M to settle combined criminal and civil claims for the alleged payment of kickbacks and illegal marketing of a fentanyl spray product manufactured by the drug maker. The FCA portion of the settlement was significant—$195M. The resolution included an “unprecedented” five-year corporate integrity agreement and involved guilty pleas and the admission of facts that could result in program exclusion.

The theories under each enforcement action rely on the host of certifications—implied and express—that must be made to the federal health care programs to obtain payment, including the representation that the drugs were medically necessary and the separate statutory prohibition of kickbacks.

COVID-19 and Stimulus Program Fraud

The adaptability of the FCA to emerging fraud schemes ensures that it will be a key component to the U.S. government’s response to COVID-19 and stimulus fraud. As of this article, more than $2 trillion has been appropriated and spent as part of the federal government’s response to COVID-19 and the 2020 economic crisis. The Paycheck Protection Program (PPP) contains numerous certifications and ambiguous regulatory guidance—fertile ground for FCA risk. Section 3610 of the CARES Act, the so-called Ready State provision—which Congress designed to ensure that government contractors were being paid even when they were not working as a form of economic stimulus and to maintain governmental readiness—has been construed by the government to prohibit “double dipping” regarding other CARES Act assistance, such as the loan forgiveness program under the PPP. FCA actions will follow. The billions of dollars in the CARES Act’s Provider Relief Fund—which comes with strings attached in the form of compliance with federal assistance rules and certifications—will also drive FCA enforcement in the coming months. COVID also caused many “first time” government contractors to flood the federal procurement marketplace because of economic pressures in the private commercial marketplace. These first-timers, with undeveloped compliance systems and experience navigating federal invoicing and FAR compliance, are at higher risk for FCA issues.

Conclusion

The FCA continues to evolve. But what remains the same? The FCA’s centrality to government contractors and the procurement system; the importance of strong compliance systems and internal controls; calculated investments to mitigate FCA risks; and the continual rebirth, for today’s events and controversies, of Lincoln’s Law.