False Claims Act Enforcement Is Coming for Small and Mid-Sized Businesses: How to Prepare
Our friends at Hoyer Law Group, PLLC discuss how there is a common misconception among small- and mid-sized-business owners that the False Claims Act is really only a problem for large corporations. The logic makes sense on its surface: the headline-grabbing settlements involve household names and nine-figure recoveries. Why would the government bother with a company doing $20 million a year in revenue? An experienced business dispute lawyer can help companies understand their exposure, ensure compliance, and defend against potential claims.
The short answer is that it does, and increasingly so. In fiscal year 2025, the U.S. Department of Justice recovered $6.8 billion in FCA settlements and judgments. Whistleblowers filed a record number of qui tam lawsuits. And while the biggest numbers still come from the biggest targets, lower-middle-market companies are increasingly in the government’s crosshairs than many owners realize. For businesses of that size, the financial and operational consequences of an FCA action are not just painful; they are devastating.
What the False Claims Act Actually Does
At its core, the FCA imposes liability on anyone who submits false or fraudulent claims for payment to the federal government, or who knowingly makes false statements material to those claims. If the government pays out funds based on misrepresentations, or fails to collect money it is owed because of them, it can pursue treble damages and per-claim statutory penalties.
That multiplier effect is where things get dangerous for smaller companies. A billing error that might look modest on paper can spiral into multi-million-dollar exposure once penalties stack up. For a business operating on thin margins with limited reserves, that kind of liability does not just threaten profitability; it threatens its very existence. It threatens the company’s continued existence and, at times, the personal financial stability of its owners.
It Is Not Just Healthcare Anymore
Healthcare remains the DOJ’s primary enforcement focus, particularly around billing practices, prescription reimbursements, and government-funded insurance programs. But if you think the FCA only applies to hospitals and pharmaceutical companies, you are working with outdated assumptions.
Import and export companies, defense contractors, technology firms, and really any business that interacts financially with federal agencies face meaningful risk. If your organization receives government funds, submits certifications, or bills federal programs, you are operating inside the enforcement perimeter, whether you know it or not.
Whistleblowers Are Driving the Surge
A significant share of FCA cases begin not with a government audit, but with a whistleblower. Under the statute’s qui tam provisions, private individuals can file lawsuits on behalf of the United States and collect a percentage of any recovery. That financial incentive is a powerful motivator, driving substantial litigation volume.
Here is something that catches many business owners off guard: even when the DOJ declines to intervene in a whistleblower’s case, the relator can proceed on their own. And recoveries in these declined cases have been climbing. A disgruntled employee, a former contractor, or a competitor with inside information can trigger years of expensive litigation, regardless of whether the government decides to get directly involved.
The Criminal Exposure Most Owners Do Not See Coming
Many business owners assume that FCA liability is purely a civil matter. It often is not. Federal prosecutors frequently pursue criminal healthcare fraud, wire fraud, or related charges alongside the civil claims. In some cases, the first sign of trouble is a grand jury subpoena or a search warrant, not a politely worded letter from a government attorney.
Making things more complicated, a sealed qui tam complaint may already be sitting in federal court while the company has no idea it exists. When that seal is lifted, the business may face civil and criminal proceedings simultaneously. For smaller organizations without dedicated compliance teams or in-house counsel, that dual exposure is genuinely overwhelming.
Why Closely Held Businesses Face Unique Risk
The government does not limit FCA claims to the corporate entity. It can, and does, name individual executives, managers, and owners as defendants. For closely held businesses where the owner is also the operator, that distinction matters enormously.
There is also a practical wrinkle that trips up many companies. Unlike individuals, corporations cannot invoke the Fifth Amendment to refuse to produce documents on self-incrimination grounds. That means how a business maintains, organizes, and produces its records can become a central issue in the case. Disorganized documentation, inconsistent policies, and gaps in internal oversight are exactly the kinds of things government attorneys build narratives around.
What You Should Be Doing Now
The most effective defense against an FCA action is one you build before the action exists. Waiting until a subpoena arrives to think about compliance is like buying homeowner’s insurance after the fire.
Build a compliance program that fits your actual risks
Generic, off-the-shelf policies are not enough. A healthcare company needs to ensure that reimbursement claims align with documented medical necessity and valid physician orders. An import business needs to verify that duty calculations and country-of-origin representations are accurate and supported by documentation. The specifics matter. Clear written policies, employee training, and supervisory oversight help build a culture of compliance that can prove invaluable if allegations surface.
Conduct regular internal audits
Government attorneys and plaintiff-side experts often use statistical sampling to argue that a pattern of red flags demonstrates knowledge of fraud. Regular internal audits can catch problems early and, just as importantly, create a documented record showing that the company actively monitors its own operations. When you can demonstrate that you review claims, correct errors, and update procedures in response to regulatory changes, you undercut the argument that you were acting with reckless disregard or deliberate ignorance.
Designate a custodian of records
Every organization that interacts with federal programs should have someone responsible for overseeing document retention and production. In the event of an investigation, a clear chain of responsibility for preserving records can prevent costly mistakes and allegations of obstruction or spoliation.
Get counsel involved early
The first few weeks after receiving a civil investigative demand, subpoena, or complaint tend to shape the trajectory of the entire case. Decisions about internal investigations, employee interviews, government communications, and settlement strategy all benefit from experienced guidance. Waiting too long narrows your options and increases your risk.
The Bottom Line
The enforcement environment is not softening. Record recoveries, escalating whistleblower filings, and coordinated civil-criminal investigations reflect a sustained federal commitment to FCA enforcement that shows no sign of letting up. For small and mid-sized businesses, the time to act is before the complaint arrives.
Investing in compliance infrastructure, tightening internal controls, and building defensible documentation practices today is not just good risk management; it is essential. It can be the difference between litigation you can manage and a crisis that threatens your company’s future.
This blog is for general informational purposes only and does not constitute legal advice. For advice specific to your situation, please consult a qualified attorney.