5 Strategies to Reduce the Risk of a DOJ False Claims Act Investigation

1. Strengthen Ethics and Compliance Programs and Policies

Review and revise corporate compliance and ethics programs with a focus on current and emerging risk factors, accompanied with regular, updated training, and policies and procedures for employees to both avoid common missteps and to report potential wrongdoing via a hotline.

2. Conduct Internal Investigations and Consider Disclosure Options

An effective internal investigation conducted by counsel under privilege can go a long way to managing risks to the company when initial wrongdoing is reported. In certain instances, the wrongdoing initially reported may differ greatly from the reporter’s impression and actually not be an issue at all. Every credible allegation, however, should be investigated by experienced counsel to make that determination. When misconduct is identified, companies should assess with counsel whether a disclosure to law enforcement and/or procuring agencies may be warranted or, in certain circumstances, required.

3. Anticipate Scrutiny of Employment Practices and Imports of Goods to the U.S.

On May 19, 2025, DOJ announced a Civil Rights Fraud Initiative aimed at utilizing the FCA to combat knowing violations of civil rights laws, including those related to Diversity, Equity, and Inclusion (DEI) programs. The FCA is also a key tool for the administration’s enforcement efforts related to imports and tariffs. Companies should consider conducting updated internal risk assessments focused on DEI policies and employment practices as well as import compliance protocols. Companies that import goods or components should consider re-evaluating
their processes and policies for classifying the applicable country of origin on imports, and document good-faith interpretations of applicable laws and regulations.

4. Focus on Cybersecurity Compliance and Third-Party Assessments

Recent DOJ settlements demonstrate that cybersecurity non-compliance is a key area of focus for DOJ and qui tam relators under the FCA. Defense contractors should consider FCA risks as they update system security plans and cybersecurity scores and prepare for third-party assessments of their networks under the Department of War’s Cybersecurity Maturity Model Certification Program known as CMMC.

5. Review Subcontracts and Supply Chain Risks

Diligence and oversight of subcontractors and suppliers under government contracts—and attention to required flow-down clauses—can reduce cybersecurity and other FCA risks.