Podcast Season 2 Episode 3 – False Claims and Other Risks of Non-Compliance
We’ve learned about FAR Part 9 and why cybersecurity compliance is so important under it but did you know about false claims and all the risks associated with non-compliance? Tune in to this episode where our legal expert Eric Crusius takes us through the risks of doing business with the government if you are not compliant. This is especially good for those working in prime/sub contracting arrangements.
Erin Keating: Hello, welcome back to NeoCast podcast. This season GovCon rules season number two, we are going deep on FAR Part Nine contracting qualifications, and how contractors should handle cybersecurity compliance. Hopefully, you joined us for episode one, where we really went deep on what is the FAR Part Nine. Then last week, we talked about our second episode focusing on the cybersecurity compliance specifically and how it’s important under FAR Part Nine. For this week, we welcome back our resident expert partner at Holland and Knight, Eric Crusius. Thank you so much for joining us.
Erin Keating: We will be reviewing false claims and other risks of noncompliance. So I think this is specifically very important for our listening audience because this is where we all of a sudden start to know what the consequences are if we’re not paying attention to these new rulings and these new certifications that we need to be thinking about. So welcome back to the show, Eric. Thank you so much for being here.
Eric Crusius: Thanks for having me.
Erin Keating: Absolutely. Well, let’s jump right in and let’s talk about false claims. I know we were going to talk about what is the False Claims Act, but again, just to be sure that there’s no new listeners out there getting a little bit confused, can you talk just a little bit about what is a false claim?
Eric Crusius: Sure, yeah.
Erin Keating: Just as a basic.
Eric Crusius: Absolutely. When you have a government contract, you eventually want to get paid for the work you’re doing for the government. Whether you’re providing products or services or whatever, it doesn’t make sense to have a government contractor if you’re not going to get paid. In order to get paid, you have to submit an invoice to the government for payment. When you submit that invoice, that is considered a quote unquote claim. There are other ways to have claims, but that’s the primary way that you have a claim.
Erin Keating: Aha. Okay, I did not know that. Thank you.
Eric Crusius: Sure. If you submit a claim or an invoice that is somehow incorrect, that’s a false claim. If you have an invoice where you’ve promised to provide 10 people for 40 hours a week in X location, and you provide eight people instead for 40 hours a week at X location, but you bill the government garment for 10, that’s a false claim. That’s a very basic level. But I mean the more nuanced one that you see a lot in the services industry is I need five people with this certification and three of them don’t have that certification. It’s a lot of times it’s a lot more nuanced like that, where actually the people can do the work. They just don’t have the background that was promised maybe in the proposal that was offered by the contractor or required by the contract.
Erin Keating: Right, okay. Thank you for that explanation. That helps us understand. So then what is the False Claims Act?
Eric Crusius: The False Claims Act started actually, it’s one of the older statutes we have out there, even though it’s pretty relevant today. The False Claims Act came into being during the Civil War. This was a President Lincoln initiative.
Erin Keating: Really?
Eric Crusius: Yes.
Erin Keating: Fascinating.
Eric Crusius: Yeah, and the Union army, you’d think we’re in the middle of a civil war and everyone, all hands would be on deck. But no, the Union army was receiving sawdust instead of gunpowder. When they ordered gunpowder, there’s a lot of saw dust mixed in. They were getting mules that were sick when they were trying to get fresh mules and things like that. So the False Claims Act came to be many years ago in order to make sure that if there is a problem like that, there’s some kind of resource against government contractors who are providing subpar products or services.
Erin Keating: Interesting.
Eric Crusius: So it’s been around for quite a long time. It is a very, very powerful tool the government has. Because not only do you have, let’s just say for instance you’ve submitted a claim that’s false. It is not just the fact that you’ve submitted the claim that’s false. There are penalties associated with that claim, and there are treble damages associated with the claim. The case law changes from time to time on this. But let’s just say that the treble damages can reflect what the government lost because of its false claim. If you were supposed to deliver gunpowder that was mixed with sawdust then, and you charged the government $5,000 for that, then all of a sudden your penalty is $15,000 because it’s treble damages. Let’s just say you submitted that claim over many years over and over and over again, all of a sudden that adds up very quickly.
Eric Crusius: Then there are penalties associated with that as well, which have changed recently to include higher penalties for contractors. So not only do you have the treble damages, but you also have a penalty for every invoice that has been submitted. It really can be quite something. So now as of three years ago, that penalty could be anywhere from $10,781, and I’m taking off the cents, I probably should have just said the cents because by now what we owed it to $21,562.
Erin Keating: Wow, for each incident, wow.
Eric Crusius: Each incident. So maybe the idea is you do want to do one invoice a year, I don’t know, but then you won’t get paid for a long time.
Erin Keating: Right, right.
Eric Crusius: But yeah, it’s a very powerful tool the government has. What’s more interesting about this is it’s not just the government finds out about something and it’s just the government finding out. There’s something called a qui tam relator, which means that whistleblowers can also find out about whatever wrongdoing there is, and file a complaint in secret essentially with the court. Department of Justice will evaluate it and decide whether they want to join into your lawsuit or not.
Eric Crusius: If they do, then the company has a big problem because you have DOJ essentially suing the company. If not, [inaudible 00:06:02] and their attorney could still pursue the case against the contractor unless DOJ seeks to dismiss it. It is really a powerful tool and it’s anybody can be a whistleblower. It could be your employee, it could be a subcontractor employee. As long as it’s not public knowledge about what’s happening, they are a quote unquote whistle blower. Whistleblowers are always in the news. If you watch the news of the day, you’ll probably see something about a whistleblower because they’re prevalent around the government and around industry.
Erin Keating: Yeah, well and of course we have a rather big, big article and news story these days about a whistleblower. But so just for my edification, are invoices the only types of things that qualify as a claim if you will, or are there other ways in which a government contractor would be submitting a claim, if you will?
Eric Crusius: So that’s the primary way that, but there are possibly other ways. Anytime that you’re asserting something to the government and it’s causing the government to pay or sometimes not collect as much money or what have you, that could be considered a claim. The government’s very creative and finding ways to call something a claim. They have a lot of incentive to. If you dispute an invoice or dispute what the government is paying you and you file what’s called a claim under the Contract Disputes Act with the agency, that’s separate and apart could be the basis for a False Claims Act claim. That’s why they ask you if it’s over a certain amount to certify it. That’s if there’s a payment dispute, but that can be a separate claim potentially. The primary way is through invoices though, but there are other nooks and crannies in ways that the government can do that.
Erin Keating: Is there some landmark case that you know of that was just like an excruciating amount of money that a contractor ended up having to pay over false claims?
Eric Crusius: There are landmark cases like that every year.
Erin Keating: Oh really, every year people are doing this. My goodness.
Eric Crusius: Yeah, so the government collects billions of dollars a year under the False Claims Act.
Erin Keating: Wow, and wow, okay. That’s either really sad that that many people are making false claims, or really sad that the government’s just tackling different contractors on this particular act. But whoa.
Eric Crusius: I think what really happens is, and I’ll just say last year the government recovered $2.8 billion. I’ve represented clients in this position where they don’t think the government’s right, but to fight the full weight of the federal government will cost the contractor millions of dollars so they’d rather just pay some lesser amount to kind of settle the matter. Even if not admitting liability, we’ll settle it, promise you won’t put out a press release or something like that. That allows everyone to move on. So that number captures that segment of the population as well.
Erin Keating: Right, wow. So just out of curiosity, given that we were talking about last episode what you’re required to do under FAR Part Nine, and there’s a mention of ethics and having clean records when you settle a false claim like that, does that impact your record with the government?
Eric Crusius: Yes it can. So it’s really interesting, the government has a lot of ways to find out what a contractor has done in the past. One of those ways is through past performance evaluations, CPARS, contract performance assessment that are within the government. They look that up every time a… and contractors get copies of them and can challenge them, but that’s a resource that they have. So undoubtedly, things like that are noted in the contractor’s past performance record so the contractor will have that follow them. And probably more importantly, if a contractor has found to have violated the False Claims Act, they may not be a contractor anymore because there may be suspension debarment proceedings that will follow closely behind. So perhaps when you settle a False Claims Act, you get the agency to agree not to pursue suspension and debarment.
Erin Keating: Sure, wow. There was a recent Supreme Court case, where the Court held that implied certification could form the basis of a False Claims Act case. What exactly does that mean?
Eric Crusius: This is really interesting. This is going to be a little nuanced, but I think it’s worth the time. There are a number of Federal Circuits Courts within the United States. So we have the District Courts, which where all the trials are and things like that. In the Supreme Court at the top, which everyone knows about, and in the middle there are a Circuit Courts around the country that hear these intermediary appeals. They all had different opinions on whether when a contractor submits an invoice and they sign off on the invoice, are they certifying that they’re compliant with everything that’s in their contract? Are they implicitly certifying that implied certification, or does that to be spelled out in the invoice itself?
Eric Crusius: There are some circuits that said it has to be spelled out in the invoice. There were some circuits that said it’s implied, you’re doing everything. The Supreme Court took a middle approach in this case called Escobar versus United Health. In Escobar, what the Supreme Court essentially said is that, “Yes, there is an implied certification.” So now that’s the law of the land around in every circuit or every district court. But that item that’s being certified has to be material. So for instance, if there’s always been a FAR clause that says people won’t text while driving.
Erin Keating: Really?
Eric Crusius: Yes.
Erin Keating: You learn something new every day.
Eric Crusius: I think they took that one out recently.
Erin Keating: Right.
Eric Crusius: If you are texting while driving, because the government’s going to still pay your bill. They’re not going to not pay your invoice because they found out somebody wasn’t compliant with that clause. On the other hand, a very important clause that’s in there, there’s almost too many to count, where the government says, “If you don’t do X,” maybe it’s the cybersecurity clause, “we will not pay your bill because that’s important to us.”
Erin Keating: That’s material.
Eric Crusius: That’s materia, exactly. That’s where that materiality line comes in. With Escobar, that changed a lot. Where the problem, and Justice Breyer in the Supreme Court raised this issue during argument, is that it’s not a bright-line rule, The government has a little bit of leeway to say, “Oh yeah, they’re all material to us,” at some point. But they have to show that there is a history of it being material, not just that it is. They can’t just make this ad hoc statement that it’s material when there’s no evidence that it ever has been for them and it never will be except in this one case. It’s kind of interesting to see where the line will be in. There’s been a bunch of cases that have come out trying to interpret that line. But the materiality aspect is one that we’ll see play out in the courts over the next 10, 20, 30 years probably until it gets more clarification, at least from the Supreme Court.
Erin Keating: How does that impact cybersecurity compliance considerations?
Eric Crusius: I do think that the government has made enough hay about cybersecurity compliance where cybersecurity will be material, so whatever clauses are in the contracts will be material. If a contractor is signing off on an invoice, that means that there will be a problem for the contractor as far as it being a material certification. In fact, just this past spring in May, there was a case that Federal District Court decided, what allowed the case to go forward. So what happened was is that there’s a company, I won’t mention the name, they were not cybersecurity compliant. The allegation from the whistleblower is that they knew that they weren’t cybersecurity compliant, but they certified that they were anyway, and essentially filed a whistleblower case.
Eric Crusius: The company moved to dismiss saying that’s essentially saying that cybersecurity is the DFARs clause is not enough for material implied certification. The court disagreed and said there’s enough here for the case to go forward. It hasn’t been finished or finalized. But at least courts are receptive to this and are taking this argument and letting it run down, and that causes of course increased costs to contractors and potential exposure down the road.
Erin Keating: Right. So what can happen if a company is not cybersecurity compliant?
Eric Crusius: With respect to the False Claims Act, you have those penalties we spoke about earlier, which are not fun. You also have issues with the contract itself where the DFARS clause allows for the agency to cancel the contract. There is of course a suspension debarment, which will allow the government to take action against the contractor that they think just doesn’t care about cybersecurity compliance because they’re not responsible under FAR Part Nine. So that’s kind of the range of things. There’s a lot more nuanced and granular things in there, but that’s the range of things that are possible.
Erin Keating: So, just again talking about like the little guys that might be coming in as subcontractors, if a prime contractor has been seen or convicted or I don’t know what language you would use in this particular way of a false claim, does that null and void everything that the subcontractors had done under that contract? Are they also impacted by that decision from the government?
Eric Crusius: Not necessarily. Let’s just say for instance that the government is seeking to collect back the money it paid a contractor because they weren’t cybersecurity compliant, and the contractor had three or four subcontractors under them. The government would go to the prime contractor and get that money back. It’s then up to this prime contractor to get it back from the sub if they think the subcontractor was the cause of that. If it went to litigation, that would be in the form of a lawsuit.
Eric Crusius: Any other, like any other lawsuit, it’s you always want to have a government contracts attorney involved in lawsuits like that, if they’re not litigating it themselves to begin with, because there’s a lot of nuanced terms and FAR clauses and DFAR clauses. But it’s a really a commercial contract and it’s a commercial lawsuit between the prime and the sub. The subcontractor of course is at risk of losing that money it collected, but if they were not the cause of the cybersecurity issue, there should be no basis for the prime to do that to the sub.
Erin Keating: Sure. But well, if the business is officially sort of cut down, so prime contractor does something wrong, makes a false claim. The subcontractor had nothing to do with the false claim, but the government has now said, “Sorry, prime, but you’re now done with this contract. We are ceasing and desisting,” or whatever language they would use. Does the subcontractor, they’re just sort of out whatever effort they’ve put in, or can they actually go to the government and say, “Look, we were not part of what the issue was on the prime. We need to still be compensated for the work we’ve done on this contract to the day, or we want to continue doing some of the work,” or whatnot, or is there just real, no?
Eric Crusius: Essentially if a contract is terminated, if the prime’s contract is terminated, the subcontractor has relief against the prime contractor, generally not against the government.
Erin Keating: Got you, okay.
Eric Crusius: But they should be able to collect that against the prime contractor. This is why it’s so important for prime contractors and subcontractors to know each other very well. It’s really a marriage, and they say that 50% of marriages end in divorce so it’s maybe true of primes and sub relationships. I’m not sure. But you really want to do your research on who you’re going to do business with because you’re going to be in bed with them for better or for worse and sometimes it is for worse. So knowing what their systems are like, and this goes both ways. Knowing how ethical they are, whether they’re prepared to take on these new regulations is all very important to ensure that you will get paid for the work that you did.
Erin Keating: That leads to the next question and the final question at least that I have for you in this particular episode, but what is the impact on a contract if a contractor is not cybersecurity compliant?
Eric Crusius: It can really cause the contract to be terminated. That’s probably the most dramatic thing. There’s two levels of termination, termination for default and termination for convenience. You never want to be terminated for default because that’s the Scarlet Letter on your shoulder, I guess, or wherever that happened.
Erin Keating: Right. Your reputation everywhere, wherever you put it…
Eric Crusius: Yeah, it doesn’t matter where. It will light up and be very bright and in the government [crosstalk 00:17:21].
Erin Keating: Be very bad.
Eric Crusius: Yeah, so that’s a possibility. Termination for convenience is often a way when the government is not really quite getting what they want, but they didn’t want to fight about it, so they just get out of it and they terminate for convenience. The contractor still gets paid for what they did so far, but it’s harder to get paid for lost profits and stuff like that. Those are really the biggest ways that a contract could be impacted if the contractor is not cybersecurity compliant.
Erin Keating: Right, okay. Typically when that is happening, when a false claim has been brought to their attention, to the government’s attention, and the government says, “Okay, we’re going to begin proceedings to figure out if this is really a false claim,” does all work typically stop on a contract at that point?
Eric Crusius: It actually does not because it will be kept secret until the government decides what they want to do. You could be accruing false claim after false claim, just have no idea that there’s a whistle blower out there.
Erin Keating: Wow.
Eric Crusius: Yeah, so it’s quite a dramatic tool that the government has. Whistleblower files a complaint in Federal Court, they send a copy to DOJ. I’m kind of simplifying the process, but you can get the idea. DOJ then reviews it to see whether it’s something they want to join in. Then they decide if they want to join in or not. At that point in time the complaint is unsealed, but all up until that point, and it could be a year or more, there’s that gap of time where you’re accruing maybe possible false claims or adding to the claim as a contractor.
Erin Keating: I feel like I would love to do an entire episode on just case history around this. Because I would imagine that the scary thing about it on all sides is that these bad actors potentially on all sides. On one side, you do want the government to be very smart with the tax dollars that they have to spend on certain things and you want them to be good stewards of their fiduciary responsibility. But on the flip side, for sure it being such a powerful tool, this could really take down businesses and contractors and so on and so forth and really cause some big ripples.
Eric Crusius: Yeah, you hope that the government uses it wisely and uses it on areas of law that are certain. Where I get frustrated is if it’s almost like they’re testing out a novel, testing a regulation of the way it hasn’t been tested before. That really puts the contractor, I think, in an unfair position of trying to defend something that they shouldn’t have to defend.
Erin Keating: Right. Well, this was a very informative session for me, Eric, thank you so much, on false claims and other risks of noncompliance. Do you have any parting thoughts for our listening audience on this particular topic?
Eric Crusius: I would just say it’ll be interesting to see where the whole cybersecurity versus False Claims Act dichotomy comes out and how they impact each other. I think CMMC certification will help lessen the impact of cybersecurity on the False Claims Act and being cyber security compliant, but how that road goes, it’ll be very interesting to see. We’ll all just have to keep an eye on it.
Erin Keating: Yeah, absolutely. Well, this concludes our season number two on FAR Part Nine contracting and qualifications and how contractors should handle cybersecurity compliance. I’m excited to know that we will be coming back for a season three. In season three, folks, we are going to be talking about the new FAR and how to navigate the new proposed rule now more stringent for non DOD and civil contractors. So thank you so much, Eric, for being with us. I look forward to speaking with you next on our season three episode one.
Eric Crusius: Thank you so much.
Erin Keating: Yeah, absolutely.