Enforcement
All articles →-
Enforcement
IBM Pays $17M to Settle DOJ's First DEI-Related False Claims Act Case Under Civil Rights Fraud Initiative
IBM agreed on April 10 to pay $17.08 million to resolve Justice Department allegations that it maintained discriminatory employment practices while certifying compliance with federal anti-discrimination requirements — the first FCA settlement under DOJ's new Civil Rights Fraud Initiative.
-
Enforcement
DOJ's Civil Cyber Fraud Initiative: Holding Contractors Accountable for Cybersecurity Compliance
The DOJ's Civil Cyber Fraud Initiative uses the False Claims Act to hold contractors accountable for falsely certifying DFARS/NIST 800-171 compliance. Since its October 2021 launch, it has produced settlements including a $9M Aerojet Rocketdyne agreement.
-
Enforcement
SBA's Expanded Administrative False Claims Act Powers Are Now in Effect — What Defense Contractors and 8(a) Firms Need to Know
As of May 4, 2026, SBA's new rule under the Administrative False Claims Act raises the agency's administrative enforcement ceiling from $150,000 to $1 million, adds reverse false claims liability, and extends the statute of limitations, materially expanding risk for small business program participants.
-
Enforcement
Raytheon and Nightwing pay $8.4M to settle FCA cybersecurity case — DFARS 7012 / FAR 52.204-21 violations
April 2025 DOJ settlement covers Raytheon's failure to implement required cybersecurity controls — including a missing system security plan — on an internal development system used for unclassified DoD work.
-
Enforcement
DOJ recovers record $6.8B in FY25 FCA settlements — Civil Cyber-Fraud Initiative settles $51.8M, 233% jump
DOJ's January 16, 2026 announcement: $6.8B total FCA recoveries in FY25 (record). Civil Cyber-Fraud Initiative drove $51,849,634 across 8 settlements — a 233% increase over FY24's $15.5M / 4 settlements. 1,297 qui tam suits, the highest ever.
-
Enforcement
Health Net / Centene pay $11.25M to settle TRICARE FCA — cybersecurity certs, no breach alleged
DOJ Feb 18, 2025 settlement: Health Net Federal Services + parent Centene pay $11,253,400 over false certifications of cybersecurity compliance under TRICARE 2015-2018. No exfiltration of PHI alleged — the FCA violation was the misrepresentation itself.
-
Enforcement
1260H list enforcement begins June 2026 — defense contractors must vet lobbyists for CMC ties
DoD's 1260H 'Chinese military companies' list (Section 1260H of FY2021 NDAA) begins June 2026 enforcement for contractors working with individuals/entities lobbying for CMCs. June 2027 expands to contractors sourcing from or doing business with 1260H entities.
-
Enforcement
SBA initiates termination for 628 firms in 8(a) Program — financial-record refusals trigger enforcement
March 4, 2026 SBA action: 628 firms terminated for refusing to turn over three years of financial documents. Cumulative termination action now reaches ~800 firms, roughly 20% of total 8(a) participants.
-
Enforcement
EPA 2026 enforcement priorities — and TSCA Confidential Business Information access for contractors
EPA's revised National Enforcement and Compliance Initiatives focus enforcement on imminent threats. Plus: contractors handling Toxic Substances Control Act (TSCA) Confidential Business Information must complete a multi-step access authorization for each employee.
-
Enforcement
DOJ flags DFARS 7012 cybersecurity compliance as 2026 False Claims Act priority
DOJ announced significant cybersecurity-related FCA actions against DoD contractors at end of 2025. Translation: DFARS 7012 compliance for firms processing CUI is an enforcement priority in 2026. Plus: BreakPoint Labs $50M HPCMP cybersecurity SME contract.