The Department of Justice (DOJ) recently announced that False Claims Act (FCA) settlements and judgments exceeded $6.8 billion in fiscal year 2025. This massive haul is the largest annual recovery in the statute’s storied history. Although health care enforcement continues to account for the majority of recoveries, DOJ’s annual statistics confirm that procurement fraud, cybersecurity compliance, pandemic-program enforcement, and trade-related fraud remain core enforcement priorities that government contractors should not ignore. The FY 2025 numbers reinforce a familiar message: FCA enforcement remains one of DOJ’s most powerful tools for policing federal spending, and contractors should expect continued scrutiny of their certifications, representations, and contract compliance systems.

For the uninitiated few, the FCA, 31 U.S.C. §§ 3729–3733, imposes liability on individuals and entities that knowingly submit false or fraudulent claims (e.g., invoices, representations, certifications) for payment to the United States. The statute permits treble damages and per-claim civil penalties and authorizes private whistleblowers, known as relators, to file qui tamactions on the government’s behalf.

The Government’s Enforcement Data

Total FCA settlements and judgments reached an astounding $6,888,096,266 in FY 2025—bringing total recoveries to more than $85 billion since the FCA was reformed four decades ago. FCA allegations are as abundant as ever, with DOJ reporting 1,698 new matters during the fiscal year—including 401 government-initiated cases and 1,297 qui tam lawsuits filed by whistleblowers. The continued dominance of whistleblower filings underscores the importance of internal compliance reporting channels and prompt investigation of employee concerns. In fact, whistleblower-driven cases again accounted for the majority of recoveries, with more than $5.3 billion in settlements and judgments arising from qui tam matters resolved in FY 2025 (and relators receiving $330,358,218 for their efforts in reporting purported fraud).

In terms of recoveries by agency, the Department of Health and Human Services led the way with more than $5.721 billion, while Department of Defense matters accounted for $633.9 million in judgment and settlement collections. Other agencies (which typically include those administering grants, loans, disaster relief funding and attendant cross-agency programs) accounted for $532.6 million in total recoveries.

Procurement Remains of Paramount Concern

DOJ’s numbers confirm several enforcement themes that have been developing over the past several years.

First, DOJ continues to emphasize procurement integrity and scrutinize contractors’ performance-related representations. The Civil Division highlighted enforcement involving the government’s purchase of goods and services, including matters affecting military procurement. Contractors should expect a continued focus on certifications related to pricing, cost accounting, labor qualifications, domestic sourcing requirements, subcontracting representations, and performance obligations.

Second, cybersecurity compliance remains firmly within FCA territory—and the Civil Cyber Fraud Initiative makes cybersecurity attestations higher risk. DOJ has further enhanced its focus on cases involving contractors and grantees that allegedly misrepresented compliance with cybersecurity performance standards, supplied software or hardware that does not meet contractually required security standards, or failed to disclose known cybersecurity incidents or breaches promptly. Contractors can face FCA risk even where the alleged misconduct does not involve direct monetary billing to the government but relates to false statements about compliance with material contract obligations. The Supreme Court has emphasized that FCA materiality is “demanding” and depends on whether a misrepresentation is capable of influencing the government’s payment decision. Universal Health Services, Inc. v. United States ex rel. Escobar, 579 U.S. 176, 192–94 (2016). Where cybersecurity requirements are expressly tied to contractual conditions or eligibility for payment, contractors should expect inaccurate certifications may therefore be deemed material under this standard.

Third, DOJ confirmed that pandemic-related fraud enforcement remains ongoing. Although pandemic programs are generally no longer active, investigations tied to relief funding, eligibility certifications, and cost claims continue to produce recoveries. Contractors that participated in COVID-19-era programs should assume these matters remain under review.

Fourth, DOJ also emphasized trade-related FCA enforcement, including matters involving customs duties, tariff avoidance, and country-of-origin misrepresentations. The Civil Division’s Trade Fraud Task Force continues coordinating these efforts across agencies, underscoring the risk for contractors with global supply chains. Taken together with developments in cybersecurity and procurement enforcement, these trends reflect DOJ’s broader use of the FCA to police regulatory compliance and contractual representations tied to federal funding and payment eligibility.

Finally, DOJ reiterated its emphasis on self-disclosure, cooperation, and remediation. Recent FCA resolutions increasingly reflect DOJ’s willingness to credit companies that promptly investigate issues, timely disclose misconduct, and implement appropriate corrective actions. Notably, DOJ policy expressly permits credit for voluntary self-disclosure, cooperation, and remediation in FCA matters, including potential reductions in damages multipliers or penalty exposure. Thus, the ability to demonstrate a credible compliance response can materially affect damages calculations and penalty exposure.

Conclusion and Path Forward

The 1,297 whistleblower filings in FY 2025 are a reminder that FCA exposure often originates inside the organization. Employees, subcontractors, and competitors remain key sources of allegations involving billing practices, compliance certifications, and contract performance. The FCA’s incentive structure remains powerful, as relators may receive 15 to 30 percent of recoveries in successful cases, which continues to drive filings across industries that receive federal funds.

In the world of government contracting, this reinforces the importance of maintaining strong internal reporting mechanisms and ensuring that potential issues are addressed before they become external investigations. Thus, contractors of all stripes would be wise to do the following.

Evaluate certification risk.
Carefully review existing and potential contracts to identify the representations your company has made or may be making to the government—including pricing certifications, domestic preference compliance, small-business representations, and performance attestations—and confirm that you have documentation supporting those certifications.

Don’t underestimate cybersecurity requirements.
Ensure that cybersecurity certifications and contractual representations (e.g., CMMC, FedRAMP, NIST 800-171, data handling/privacy requirements) are supported by verifiable controls, testing, and escalation procedures. These requirements change frequently, so be proactive rather than reactive. Avoid submitting a proposal that includes any cybersecurity certification that you “intend to achieve.”

Strengthen supply-chain compliance controls.
Country-of-origin representations, tariff classifications, and import documentation should be reviewed alongside procurement compliance controls to ensure accuracy. Remember, as a prime contractor, you are in direct privity of contract with the government and may face liability if subcontractors or suppliers introduce noncompliant goods or inaccurate trade representations into the supply chain.

Carefully review and update investigation and disclosure protocols.
Confirm your organization can quickly investigate potential FCA issues, preserve relevant data, evaluate disclosure obligations, and implement corrective actions promptly and in a defensible manner.