FCA in 2025: New Risks in Tariffs, DEI, and Beyond

A Civil War-era anti-fraud law is being weaponized in ways President Lincoln never could have imagined, as federal prosecutors transform the False Claims Act into a Swiss Army knife of enforcement that now reaches into corporate diversity programs, cybersecurity certifications, and political compliance battles.

This episode of The Ethicsverse examines the expanding application of the False Claims Act (FCA) in 2025, focusing on the federal government’s efforts to extend this Civil War-era anti-fraud statute beyond traditional billing fraud into contemporary compliance areas including diversity, equity, and inclusion (DEI) programs, cybersecurity certifications, and customs duty obligations. The research explores the legal challenges posed by these novel enforcement theories, particularly regarding materiality standards and the distinction between policy disagreements and fraudulent conduct.

• Nick Gallo, Chief Servant & Co-CEO, Ethico
• Lisa Dyksktra, Partner, Morgan Lewis
• Ari Yampolsky, Founding Partnenr, Whistleblower Partners
• Matt Kelly, CEO & Editor, Radical Compliance

Expanded Enforcement Scope Transforms Traditional FCA Applications

• The Trump administration’s approach to False Claims Act enforcement represents a significant departure from traditional fraud cases, expanding the statute’s reach into politically sensitive areas like DEI programs.
• Under new executive orders, federal contractors must now certify that their DEI programs do not violate federal anti-discrimination laws, creating potential FCA liability for organizations whose diversity initiatives are deemed legally problematic.
• This expansion transforms the FCA from a primarily transactional fraud tool into what experts describe as a “Swiss Army knife” of enforcement, capable of addressing a wide range of compliance issues beyond traditional billing fraud.

DEI Compliance Certifications Face Legal Uncertainty and Court Scrutiny

• The materiality standard for DEI-related False Claims Act cases presents significant legal challenges, as courts must determine whether civil rights compliance is genuinely material to every government contract regardless of the contract’s subject matter.
• Unlike traditional FCA cases where cybersecurity requirements directly relate to the contract’s purpose (such as missile defense systems), DEI certifications apply broadly across all federal contracts, creating potential constitutional and legal challenges.
• Legal experts express skepticism about whether these novel theories will survive judicial scrutiny, particularly given the FCA’s requirements for demonstrating falsity, knowledge, and materiality in fraud cases.

Good Faith Compliance Documentation Provides Critical FCA Defense

• Organizations can establish strong defenses against False Claims Act allegations by conducting privileged internal audits and documenting good faith compliance efforts through non-legal personnel.
• The compliance officer or business representative should independently review policies and procedures, then document their good faith belief that the organization complies with applicable laws, creating a defendable record separate from privileged legal advice.
• This documentation strategy helps demonstrate that any potential violations were not knowing or intentional, addressing the FCA’s scienter requirement while providing evidence of a genuine compliance culture.

Whistleblower Psychology Drives Most FCA Cases

• Approximately 70% of False Claims Act cases originate from whistleblower complaints, typically filed by employees who have already raised concerns internally and felt ignored or dismissed by management.
• These potential whistleblowers rarely seek financial gain as their primary motivation; instead, they pursue external reporting when they believe their organizations have failed to address legitimate compliance concerns through proper channels.
• Understanding this psychological dynamic is crucial for compliance professionals, as effective internal handling of employee concerns can prevent external whistleblower complaints that trigger costly government investigations.

Investigation Process and Communication Determine Whistleblower Escalation

• The quality of internal investigations and communication with reporting employees significantly influences whether concerns escalate to external whistleblower complaints.
• Organizations that conduct thorough investigations, document their findings appropriately, and communicate transparently with internal reporters (within privilege constraints) can often resolve issues before they become federal cases.
• Failed investigations typically result from dismissive treatment, lack of professional engagement, or inadequate follow-up with concerned employees, rather than from disagreements about investigation conclusions.

Government Intervention Fundamentally Changes Case Dynamics

• When the Department of Justice intervenes in a whistleblower-initiated False Claims Act case, the litigation landscape transforms dramatically, with over 90% of intervened cases resulting in settlements rather than trial victories for defendants.
• The government’s civil investigative demand authority allows DOJ to conduct extensive sealed investigations, gathering evidence and testimony before making intervention decisions, which gives them significant advantage in building strong cases.
• Non-intervened cases show the opposite pattern, with over 90% failing to achieve successful resolution for whistleblowers, highlighting the critical importance of government participation in FCA litigation.

FCA Litigation Timelines Impose Substantial Organizational Costs

• False Claims Act cases typically require 3-5 years from filing to resolution, with some cases extending over a decade through appeals and complex litigation processes.
• The sealed investigation phase alone can last 1-6 years, during which organizations face substantial legal costs and operational disruption without knowing the full scope of government scrutiny.
• These extended timelines create significant financial and reputational risks for organizations, making prevention through effective compliance programs more cost-effective than defending against FCA allegations.

Compliance Program Effectiveness Requires Cultural Integration

• Successful FCA defenses depend on demonstrating genuine compliance culture rather than merely maintaining paper-based policies and procedures, requiring integration of compliance considerations into daily business operations across all organizational functions.
• Effective programs show consistent enforcement through documented disciplinary measures, regular monitoring and auditing activities, and transparent reporting to senior management and board committees about compliance risks and remediation efforts.
• The Department of Justice specifically evaluates whether compliance functions report independently to business leadership rather than through legal departments, emphasizing operational accountability over legal oversight.

Cybersecurity and Tariff Enforcement Represent Established FCA Territory

• Unlike DEI compliance, cybersecurity certification requirements and customs duty obligations represent well-established areas of False Claims Act enforcement with clear legal precedents and material connections to contract performance.
• Cybersecurity requirements directly relate to contract substance in defense, healthcare, and research contexts, making false certifications about cyber compliance relatively straightforward FCA violations.
• Similarly, customs and duty evasion cases have decades of legal precedent, with recent court decisions reinforcing the government’s authority to pursue importers who underreport duties through various fraudulent schemes.

Proactive Compliance Investment Prevents Costlier Enforcement Actions

• Organizations should leverage the expanded False Claims Act enforcement landscape to justify increased compliance program investment, using the heightened risk environment to secure necessary resources from senior leadership and boards.
• The substantial costs associated with FCA investigations and litigation (regardless of ultimate outcome) make proactive compliance measures a cost-effective risk management strategy.
• Compliance professionals can use these emerging enforcement priorities to demonstrate the need for enhanced training, monitoring systems, and investigation capabilities that address the full spectrum of potential FCA risks.

Closing Summary