False Claims Act Enforcement Surges Again: What Drove the FY 2025 Spike and Record Recoveries

False Claims Act (FCA) enforcement surged again in FY 2025, producing a sharp year over year increase in recoveries and renewed attention to one of the government’s most powerful enforcement tools. The last comparable spike occurred in 2021, when the unprecedented scale and speed of pandemic spending — coupled with evolving COVID related fraud schemes — reshaped enforcement priorities and case volume.

While there are clear echoes of that earlier surge, last year’s results reflect something more structural than episodic. Matured investigative pipelines, larger dollar resolutions in traditional FCA sectors, and a steadily expanding set of compliance representations treated as FCA relevant all played a role. For government contractors, grantees, and other recipients of federal funds, the message is familiar but increasingly urgent: payment is only as defensible as the certifications and controls that support it.

Note: FCA statistics and Department of Justice (DOJ) year end summaries vary by fiscal year and are periodically updated. The discussion below reflects commonly cited enforcement drivers rather than a single reporting cutoff.

FCA Enforcement in Brief: Why “Spikes” Occur

The FCA imposes liability on parties who knowingly submit false or fraudulent claims for payment — or make false statements material to that payment. Two features consistently drive outsized recoveries.

Financial leverage. Treble damages and per claim civil penalties can quickly turn narrow billing or certification issues into significant exposure. In high volume environments, small issues multiply rapidly.

A durable whistleblower pipeline. Qui tam actions, lawsuits brought by private individuals (whistleblowers, or “relators”), continue to supply the government with leads, documents, and theories of liability. Even cases initially declined by DOJ can mature into substantial settlements years later.

Because FCA matters often take years to investigate and resolve, a “spike” rarely reflects new misconduct alone. More often, it marks the intersection of earlier funding decisions, evolving enforcement theories, and the timing of resolutions.

The 2021 Spike: COVID Era Spending and Rapidly Shifting Risk

The 2021 peak was driven largely by pandemic relief programs, emergency procurement, and compressed regulatory timelines. Programs launched quickly, guidance shifted often, and claim volume exploded — creating fertile ground for both misconduct and operational error.

Common COVID related FCA themes included:

• Misstatements regarding eligibility and use of relief funds.
• Testing, treatment, and telehealth billing issues.
• Emergency procurement problems involving pricing or nonconforming goods.
• Reporting and certification failures tied to rapidly evolving requirements.

Notably, many organizations faced FCA exposure absent intent to defraud. Rapid operational change, remote work, strained controls, and supply chain disruptions increased the likelihood that billing, documentation, and certifications drifted out of alignment.

Why FY 2025 Spiked: Bigger Cases and Broader Theories

Last year’s record recoveries appear to reflect fewer novel themes and more powerful combinations: large cases in core sectors, investigations that had time to mature, and broader use of certification based liability theories.

Health Care Still Drives the Numbers

Health care continues to anchor FCA enforcement. High claim volume, complex reimbursement rules, analytics ready data, and intricate financial relationships make even isolated control failures potentially systemic. When improper coding, insufficient documentation, or medically unnecessary services are tied to thousands of claims, exposure escalates quickly.

Contracting and Procurement: Did Performance Match the Invoice?

Outside of health care, enforcement continues to expand in the government contracting space. These cases frequently turn on whether billed labor, rates, and deliverables align with what was promised in proposals and certified during performance.

Timekeeping failures, labor qualification misstatements, indirect rate practices, nonconforming goods, and sourcing certifications remain recurring risk areas. Multiyear contracts and repeat invoicing can compound exposure when weaknesses persist.

Cybersecurity Enters the FCA Mainstream

DOJ’s sustained focus on cybersecurity compliance marks one of the FCA’s most important recent evolutions. Where payment depends — explicitly or functionally — on meeting security requirements, gaps between representations and reality may support FCA liability.

The risk extends beyond breach events. Differences between policy and implementation, proposals and actual controls, or certifications and auditable evidence are increasingly scrutinized as reporting and attestation requirements become more standardized.

Grants and Post COVID Funding Programs

Even as pandemic programs wind down, federal spending remains elevated across infrastructure, disaster recovery, research, and energy initiatives. Grant programs often hinge on certifications relating to eligibility, allowable costs, subrecipient oversight, and performance reporting. Weak documentation, unsupported cost transfers, and insufficient monitoring continue to create FCA risk in these environments.

Timing Matters: Big Recoveries Often Reflect Old Conduct

Record setting years often capture the back-end of long investigative cycles. Many large FCA matters began years earlier and evolved through data analysis, interviews, negotiations, and parallel proceedings. Last year’s results likely reflect a wave of cases reaching resolution — not a sudden spike in new misconduct.

Whistleblowers Plus Analytics

Whistleblowers remain central, but analytics increasingly shape enforcement. Billing and pricing outliers, cross agency data sharing, and pattern analysis allow faster targeting and stronger leverage — particularly where documents and controls do not back up certifications.

What Organizations Should Do Now

The current enforcement environment reinforces a simple takeaway: FCA risk tends to arise where certifications, billing, and reporting outpace the control environment supporting them. Practical steps can meaningfully reduce exposure:

1. Revisit certifications. Identify and inventory certifications embedded in proposals, invoices, progress payments, and attestations — and confirm each is supported by contemporaneous evidence.
2. Reinforce billing and timekeeping controls. Segregation of duties, audit trails, supervisory review, and periodic testing remain foundational, especially for labor intensive contracts.
3. Strengthen subcontractor and subrecipient oversight. Flow down key requirements, document monitoring, and validate cost and performance support before billing or reporting.
4. Make escalation real. Credible reporting channels, consistent investigative protocols, and strong non retaliation practices help surface issues internally before regulators do.
5. Use analytics proactively. Internal testing for outliers in billing, charging, and performance mirrors the tools regulators now rely on — and can identify issues earlier and on better terms.

Bottom Line

Last year’s FCA surge was not an anomaly. It reflects durable enforcement dynamics, broader liability theories, and an increasingly data driven approach to federal spending oversight. Organizations that align certifications, controls, and operational reality will be far better positioned as scrutiny of federal dollars continues to intensify.