The purpose of the False Claims Act, which was enacted during the Civil War, has always been to protect the government from losing money to fraud. Its primary targets were federal contractors who deceived the government for gain. The legislation was significantly strengthened in 1986, when Congress amended the FCA to provide protections for whistleblowers and increased the related penalties — allowing the government to collect damages and civil penalties of up to $11,000 per claim. Any whistleblower whose suit is successful receives a share of the money recovered. Since these amendments, the government has recovered more than $21 billion under the FCA, with more than half coming through private whistleblower suits.
Until recently, the FCA only applied to a narrow category of fraud. The text of the law and related court decisions have limited it to situations in which parties clearly intended the government itself to pay a false claim, from funds that were physically in the government’s possession. Cases involving subcontractors or indirect payments and claims that were considered unintentionally false could not be brought under the law. Because of this interpretation, direct government contractors and Medicare and Medicaid programs accounted for the bulk of FCA liability, and other organizations were often unconcerned about or unaware of the law’s implications. Recent revisions are changing that.
Last May, President Obama signed the Fraud Enforcement and Recovery Act of 2009, amending the FCA once more. Senator Patrick Leahy (D-VT), who sponsored the bill, intended it to increase the government’s power to root out fraud involving funds expended under the Troubled Asset Relief Program (TARP) and the economic stimulus package. Leahy said in a statement, “This new law will help protect the billions of dollars in taxpayer money being spent to stabilize our banking system and housing markets, and to make sure those who have taken advantage of vulnerable homeowners, investors and retirees by committing fraud are held fully accountable under the law.”
Under FERA, the FCA extends to any false or fraudulent claim for government money or property — regardless of intent, regardless of who receives the claim, and whether or not the government has physical custody of the money. This means it now applies to entities that receive money from the government indirectly — such as subcontractors, mortgage brokers that offer federally insured loans, and entities that work with government grantees, including local governments and universities. It also means that the government does not have to prove that organizations that have submitted false claims or material false statements intended to defraud the government — if the government loses money because of those falsities, they are liable either way. FERA also makes clear that “knowingly and improperly” failing to return overpayments to the government (“reverse false claims”) results in liability under FCA.
Does your company accept any federal funds, directly or indirectly? Do you do business with federal grantees? Do you have a clear code of conduct and an ethics hotline available for your employees? Have your unit managers and executives been trained in fraud issues and made aware of this new legislation? Security executives — particularly those who have a hand in corporate compliance and ethics — should think hard about how these amendments may impact their organizations.
Marleah Blades is senior editor for the Security Executive Council, a problem-solving research and services organization that involves a wide range of risk mitigation leaders. Its community includes forward-thinking practitioners, agencies, universities, NGOs, innovative solution providers, media companies and industry groups. Backed by a Faculty of more than 100 successful current and former security executives, the Council creates groundbreaking Collective Knowledge™ research, which is used as an essential foundation for its deliverables. For more information about the Council, visit www.securityexecutivecouncil.com/?sourceCode=std.
