Tag: DOJ

Environmental Enforcement, Suspension and Debarment With Robert Wagman, Jason Hutt and Kevin Collins [PODCAST]

On this episode of the Bracewell Environmental Law Monitor, host Daniel Pope talks with Kevin Collins, Jason Hutt and Robert Wagman about current trends and environmental and federal enforcement.

Kevin Collins is a partner in our Austin office.  He is a former Assistant U.S. Attorney from the Eastern District of Texas, and he helps manage the problems that arise during government investigations.

Jason Hutt is a partner in our DC office and chair of the firm’s environmental department.  He advises and defends clients on the complex environmental and energy issues of our day.

Robert Wagman is a partner in our DC office and heads up the government contracts practice.  He does a lot of government enforcement work.

What are you seeing generally these days from DOJ in the criminal enforcement context? What is the EPA doing on the civil side?

There’s been a resurgence and activity at DOJ. I think they feel invigorated under the new administration. The stats support that feeling. The United States attorney’s offices across the country are up about 10 percent in their charges. They’ve charged roughly 5,500 individuals for white-collar related crimes. Environment Natural Resources Division, in particular, at DOJ has already indicted 11 companies and 34 individuals. Many of those individuals are senior executives. Budget wise, they’re asking for a lot more money. So, there’s definitely interest in going after bad actors, particularly individuals at companies to a certain extent.

We’re still enforcing the same environmental laws, but the leniency factor or the posture factor is different. Part of the settlement expectations is increasingly a focus on protection of the community in which a facility or a violator operates. We are seeing increased expectations related to fence line monitoring demands and reparations or mitigation under a resolution that involves making things right, but in the community where the violation occurs or where the environmental damage associated with that violation occurs. Those are pieces that are seen as a posture shift in the government.

One of the terms that has come up a few times on this podcast already is the term suspension and debarment.  Can you give us your quickest suspension and debarment for dummies course so that we can all be on the same page?

A lot of companies don’t realize suspension debarment will impact them. It’s not just for government contractors. A lot of times it’ll apply to both procurement actions and what’s called non-procurement actions. The term that’s used in the regulations is cover transactions, which is essentially anything that’s not exempted out. When government money is involved, chances are it’s a covered transaction. This comes up a lot with federal leases. If you are a federal lessee, or if you are an oil field services company servicing federal lessees, suspension debarment can have a tremendous impact on your business. A lot of times this is companies, individuals. They don’t think about suspension and debarment and the administrative remedy that could be associated with it. So, in broad strokes, suspension and debarment means you’re excluded from doing business with the federal government for some period of time, usually three years. But it can vary. It usually follows criminal or civil enforcement, but it doesn’t have to follow civil or criminal enforcement. It can come from any referrals.

What are some areas where suspension and debarment issues might be a higher risk than others?

Environmental because of the statutory debarment provisions. It’s much more likely to hit the radar of the suspension and debarment official than other types of enforcement activities. If you are doing a lot of business with the government, you’re more likely to end up on somebody’s radar. Again, every agency has their own suspension and debarment official, so you could be facing debarment. It’s not just an EPA thing or not just one particular agency. Any agency in theory could debar you. If you end up being debarred, it applies company-wide.

There’s also a statutory debarment under several of the environmental statutes, but also there’s an ability to find yourself in the criminal culpability realm based upon mere negligence. That’s very different than most of these other statutes that we’re talking about. It’s the coupling those two things that gives rise to this being a heightened risk in the environmental world. In particular, when you have an incident or an accident, the notion of negligence is almost in the minds of enforcement folks because there was some significant amount of environmental damage or loss of human life that in their minds, and perhaps appropriately, that shouldn’t happen.

What best practices can companies implement into their accountability systems to make sure they’re looking at these kinds of issues and where their exposures are?

There really is no substitute for good corporate governance — all the types of things that say this is a trustworthy company the government can feel comfortable doing business with. It’s going to help in your criminal enforcement, your civil enforcement and everything else that you’re doing.

© 2022 Bracewell LLP
For more articles about climate change regulations, visit the NLR Environmental & Energy section.

COVID-19 Healthcare Enforcement Actions to Increase in 2022 and Beyond

The Department remains committed to using every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud. We will continue to hold accountable those who seek to exploit the pandemic for personal gain, to protect vulnerable populations, and to safeguard the integrity of taxpayer-funded programs”

US Attorney General Merrick Garland – March 10, 2022, Remarks

The Biden Administration, US Department of Justice (DOJ), US Department of Health and Human Services Office of Inspector General (HHS-OIG), and other federal agencies have prioritized prosecuting COVID-19-related fraud since the pandemic began. Although the United States appears to be finally emerging from the pandemic, the government’s pandemic-related enforcement actions are here to stay for the foreseeable future. DOJ has made clear that the government’s COVID-19 enforcement efforts will accelerate, with a more significant focus on complex healthcare fraud cases and civil actions under the False Claims Act (FCA). As the federal government continues to devote additional resources towards its pandemic-related enforcement efforts, healthcare companies, hospital systems and providers should prepare for increased scrutiny.

Additional Resources Devoted to COVID-19 Fraud Enforcement Efforts

DOJ and other federal agencies have already devoted an unprecedented amount of resources to investigating and prosecuting pandemic-related fraud cases. These extensive efforts have led to immediate results. To date, DOJ has brought pandemic-related criminal charges against more than 1,000 individuals with the total alleged fraud losses exceeding $1 billion, and has seized more than $1.2 billion in fraudulently obtained relief funds.

DOJ’s pandemic-enforcement efforts show no sign of slowing down anytime soon. Less than a year after US Attorney General (AG) Merrick Garland established the COVID-19 Fraud Enforcement Task Force, the Biden administration announced that DOJ would appoint a chief prosecutor to expand on the Task Force’s “already robust efforts,” to focus on “most egregious forms of pandemic fraud” and to target particularly complex fraud schemes.

On March 10, 2022, DOJ announced that Kevin Chambers has been appointed as DOJ’s director for COVID-19 fraud enforcement. During his introductory remarks, Chambers said that DOJ would be “redoubling [its] efforts to identify pandemic fraud, to charge and prosecute those individuals responsible for it and whenever possible, to recover funds stolen from the American people.” He also indicated that DOJ would use “new tools” it has developed since the start of the pandemic to investigate such fraud.

In a March 2, 2022, speech before the American Bar Association’s Annual National Institute on White Collar Crime, AG Garland also announced that the Biden Administration will seek an additional $36.5 million in the 2022 budget for DOJ to “bolster efforts to combat pandemic-related fraud.” As evidence of this point, DOJ plans to hire 120 new prosecutors and 900 new Federal Bureau of Investigation agents who will focus on white-collar crime.

DOJ and HHS-OIG to Increasingly Focus on FCA Cases

For the past two years, officials from DOJ and HHS-OIG have identified civil and criminal healthcare fraud relating to COVID-19 as a high priority. As the effects of the pandemic subside, COVID-19-related civil enforcement actions targeting healthcare providers and healthcare companies seem set to increase.

During remarks at the Federal Bar Association’s annual Qui Tam Conference in February 2022, Gregory Demske, chief counsel to the inspector general for HHS-OIG, emphasized that COVID-19 remains a key enforcement priority. Demske indicated that HHS-OIG is focused on the use of COVID-19 to bill for medically unnecessary services, and fraud in connection with HHS’s Provider Relief Fund (PRF) and Uninsured Relief Fund. Demske also confirmed that HHS-OIG remains intensely focused on fraud in connection with telehealth services, the use of which increased exponentially during the pandemic. And, in March 2022, AG Garland reiterated that DOJ will use “every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud.”

The majority of pandemic-related healthcare enforcement actions to date have been criminal prosecutions involving truly blatant instances of fraud and abuse. Going forward, civil and administrative actions likely will be used to pursue cases that turn on lower mens rea requirements or involve more complex regulatory issues. These civil actions will include qui tam actions filed by whistleblowers, as well as FCA cases initiated directly by the DOJ.

In 2021, DOJ recovered more than $5 billion in connection with FCA cases involving the healthcare industry. Given the unprecedented amount of government funds expended to combat the COVID-19 pandemic, DOJ and HHS-OIG will undoubtedly rely on the FCA to maximize the government’s financial recovery. DOJ has already reached FCA settlements in several Paycheck Protection Program cases. It is only a matter of time before we see similar FCA investigations, complaints and settlements focused on relief funding to healthcare providers.

Pandemic-Related Healthcare Priorities

HHS’s PRF

The PRF was created as part of the Coronavirus Aid, Relief and Economic Security (CARES) Act to provide direct payments to “eligible health care providers for health care-related expenses [and] lost revenues that are attributable to coronavirus.” More than $140 billion has been disbursed to hospitals and healthcare providers under the PRF, which is administered by the Health Resources & Services Administration (HRSA).

Payments under the PRF are subject to specific terms and conditions. To retain PRF disbursements, providers must attest to “ongoing compliance” with these requirements and acknowledge that their “full compliance with all Terms and Conditions is material to the Secretary’s decision to disburse funds.” Notwithstanding ongoing concerns and confusion regarding the PRF program requirements, any noncompliance with the terms and conditions could result in criminal, civil and administrative enforcement actions. As recently as March 3, 2022, AG Garland identified fraud in connection with the PRF as a key DOJ enforcement priority.

To date, the Healthcare Fraud Unit of DOJ’s Criminal Division has already brought criminal charges against nine individuals for fraud relating to the PRF. These criminal cases, however, have almost exclusively focused on egregious allegations of fraud and abuses, such as misappropriating PRF disbursements and using the money for personal expenses. For example, in September 2021, DOJ charged five individuals with using PRF payments to gamble at Las Vegas casinos and purchase luxury cars.

DOJ, however, has long indicated that the FCA will also play a “significant role” in DOJ’s PRF enforcement efforts. It is now just a matter of time before such civil investigations and settlements emerge.

HRSA’s stated oversight plan includes post-payment analysis and review to determine whether HHS distributed PRF payments to eligible providers in the correct amounts; audits to assess whether recipients used the funds in accordance with laws, guidance, and terms and conditions; and the recovery of overpayments and unused or improperly used payments. Among other things, HRSA and HHS-OIG likely will evaluate ownership changes, double counting reimbursed expenses and losses, and compliance with the balanced billing requirements.

PRF oversight and enforcement actions have been delayed partly because of program complexities and extended reporting timelines. For example, the first report from PRF recipients on use of funds was not due until the end of 2021. Depending on the date funds were received, PRF recipients may have no reporting obligations through 2023. Entities that expended more than $750,000 in federal awards, including PRF payments, also must obtain an independent audit examining their financial statements; internal controls; and compliance with applicable statutes, regulations and program requirements. These independent audits of PRF payments must be submitted to the Federal Audit Clearinghouse, for nonprofit organizations, or the HRSA Division of Financial Integrity, for for-profit “commercial” organizations. Recipients also may be subject to separate audits by HHS, HHS-OIG or the Pandemic Response Accountability Committee to review copies of records and cost documentation and to ensure compliance with the applicable terms and conditions.

Finally, DOJ and HHS-OIG have increasingly relied on sophisticated data analytics to drive their healthcare enforcement efforts generally. Now that the first round of reports containing specific PRF data certifications are available to HRSA and HHS-OIG, we expect to see the use of such analytics, in conjunction with all the other available information, in connection with PRF enforcement.

Telehealth

Telehealth use expanded exponentially during the pandemic. A March 2022 HHS-OIG report showed that during the first year of the pandemic, more than 28 million Medicare beneficiaries (approximately 43% of all Medicare beneficiaries) used telehealth services—a “dramatic increase from the prior year” in which only 341,000 beneficiaries used telehealth. This increase was largely the result of HHS temporarily waiving statutory and regulatory requirements related to telehealth to allow Medicare beneficiaries to obtain expanded telehealth services.

Telehealth has been at the forefront of DOJ’s healthcare enforcement efforts for years now. For example, DOJ’s 2021 nationwide healthcare enforcement action included criminal charges against dozens of individuals for telehealth fraud schemes involving more than $1.1 billion in alleged loses. The majority of these telehealth enforcement actions to date have involved the use of telehealth to engage in traditional fraud healthcare schemes, such as illegal kickbacks and billing for medically unnecessary services and equipment.

DOJ, however, has increasingly pursued criminal enforcement actions directly related to the telehealth waivers HHS issued in response to the pandemic. For example, in November 2021, a defendant was sentenced to 82 months in prison for participating in a $73 million telehealth fraud scheme. The defendant owned laboratories that provided genetic testing and had paid his coconspirators to arrange for telehealth providers to order medically unnecessary genetic tests. The telehealth providers were not actually treating the beneficiaries, did not use the test results and often never even conducted the telemedicine consultation. Although this was primarily a traditional Anti-Kickback Statute/medical necessity case, DOJ also charged the defendant with using the COVID-19-related telehealth waivers to submit more than $1 million in false claims for sham telemedicine visits.

Similar criminal prosecutions and civil actions relating to the expanded telehealth waivers and sham telehealth encounters can be expected in the future. DOJ and HHS-OIG will likely focus on telehealth visits that resulted in claims for services and equipment with particularly high reimbursement rates, such as genetic testing and durable medical equipment. DOJ and HHS-OIG likely will use data analytics to focus on instances in which telehealth services were billed by providers with whom the beneficiary did not previously have a relationship.

Improper Billing Schemes

DOJ has also pursued criminal cases involving traditional healthcare fraud schemes that sought to take advantage of the COVID-19 pandemic. For example, in May 2021, DOJ announced criminal charges against numerous individuals who were improperly bundling COVID-19 tests with other more expensive laboratory tests, such as genetic testing, allergy testing and respiratory pathogen panel testing. DOJ has likewise pursued criminal cases in which defendants improperly used COVID-19 “emergency override” billing codes to circumvent preauthorization requirements and bill Medicare for expensive medications and treatments. Any improper billing schemes that relate to the pandemic will continue to be a focus of criminal and civil enforcement efforts going forward.

Key Takeaways and Recommendations

DOJ, HHS-OIG and other federal agencies remain focused on pursuing healthcare fraud relating to the COVID-19 pandemic. The best way for hospitals, health systems and other healthcare companies and providers to prepare for this increased enforcement activity and scrutiny is to ensure that they have a robust compliance program in place.

There is no one-size-fits-all approach to compliance, but companies can take several proactive and practical steps to minimize their enforcement risk:

  • Monitor federal and state regulatory and statutory changes. The rules, regulations and guidance relating to the COVID-19 pandemic, including for the PRF and expanded telehealth waivers, have repeatedly changed over the past two years and continue to evolve. Monitoring such changes will not only help prevent enforcement actions, but a company’s reasonable and good faith efforts to interpret and follow such rules and regulations can be a powerful defense should an investigation arise, as discussed in connection with the Allergan case, above. Further to that point, where regulatory requirements and associated guidance is ambiguous, a good documentary record of the basis for your entity’s interpretation of the rules is critical.
  • Incorporate data analytics into your compliance program. DOJ and HHS-OIG continue to rely heavily on sophisticated data analytics, including artificial intelligence, to identify and prosecute fraud. In March 2022, AG Garland emphasized DOJ’s use of “big data” to identify payment anomalies that are indicative of fraud. Healthcare companies already have access to vast amounts of data that they can and should use to proactively identify errors, monitor risk areas and address any potential misconduct.
  • Adapt your compliance program and internal controls, as appropriate, to support PRF compliance, reports and audits. Recipients should continue to practice good compliance hygiene and maintain contemporaneous records regarding the receipt and spending of federal funds. Doing so may involve implementing additional systems to track spending, recovery and relief to avoid overlapping use of funds among relief programs, or consulting with grant accounting and compliance advisors to augment existing infrastructure. Recipients also should periodically review policies, procedures and controls, particularly following major updates to program requirements and interpretations.
  • Ensure the accuracy of required PRF reports, certifications and submissions. Particularly in light of ongoing political pressure, HRSA and HHS-OIG likely will conduct extensive oversight of the PRF to identify potential errors, overpayments and improper use of funds. Recipients should carefully review guidance and instructions to avoid inadvertent errors and misstatements on all submissions. Recipients may consider revisiting prior submissions underlying significant disbursements to identify interpretative issues or compliance concerns that warrant additional supporting documentation or disclosure.
  • Carefully consider the implications before entering into arrangements with other parties. The biggest risk to healthcare companies often comes from those with whom they do business. Compliance programs should focus heavily on reducing the risk of entanglement with bad actors.
  • Be diligent in the design and oversight of marketing strategies. Healthcare companies and providers should regularly review their marketing strategies to ensure total transparency and compliance (both historic and prospective) with applicable state and federal anti-kickback statutes. Companies should confirm that patients are reached through appropriate channels. Although issues relating to COVID-19 may be the impetus for a government investigation, violations of the Anti-Kickback Statute frequently result in larger recoveries for the government.
  • Proactively examine coding and billing practices. Providers should immediately review and revisit their coding and billing practices to determine if their practices involved bundling COVID-19 testing with other claims, the use emergency override billing codes or billing for other COVID-19 related services with high reimbursement rates. There is a strong likelihood that the DOJ will review the claims data for any providers with statistically significant use of these billing and coding practices, particularly when the providers are located in geographical areas where the DOJ’s Healthcare Fraud Strike Force and HHS-OIG’s Medicare Fraud Strike Force operate.

Article By Julian L. André, Benton Curtis, and Dawn R. Helak of McDermott Will & Emery

For more health law legal news, click here to visit the National Law Review.

© 2022 McDermott Will & Emery

The DOJ Throws Cold Water on the Frosties NFT Founders

The U.S. Attorney’s Office for the Southern District of New York recently charged two individuals for allegedly participating in a scheme to defraud purchasers of “Frosties” non-fungible tokens (or “NFTs”) out of over $1 million. The two-count complaint charges Ethan Nguyen (aka “Frostie”) and Andre Llacuna (aka “heyandre”) with conspiracy to commit wire fraud in violation of 18 U.S.C. § 1349 and conspiracy to commit money laundering in violation of 18 U.S.C. § 1956.   Each charge carries a maximum sentence of 20 years in prison.

The Defendants marketed “Frosties” as the entry point to a broader online community consisting of games, reward programs, and other benefits.  In January 2022, their “Frosties” pre-sale raised approximately $1.1 million.

In a so-called “rug pull,” Frostie and heyandre transferred the funds raised through the pre-sale to a series of separate cryptocurrency wallets, eliminated Frosties’ online presence, and took down its website.  The transaction, which was publicly recorded and viewable on the blockchain, triggered investors to sell Frosties at a considerable discount.  Frostie and heyandre then allegedly proceeded to move the funds through a series of transactions intended to obfuscate the source and increase anonymity.  The charges came as the Defendants were preparing for the March 26 pre-sale of their next NFT project, “Embers,” which law enforcement alleges would likely have followed the same course as “Frosties.”

In a public statement announcing the arrests, the DOJ explained how the emerging NFT market is a risk-laden environment that has attracted the attention of scam artists.  Representatives from each of the federal agencies that participated in the investigation cautioned the public and put other potential fraudsters on notice of the government’s watchful eye towards cryptocurrency malfeasance.

This investigation comes on the heels of the FBI’s announcement last month of the Virtual Asset Exploitation Unit, a special task force dedicated to blockchain analysis and virtual asset seizure.  The prosecution of the Defendants in this matter continues aggressive efforts by federal agencies to reign in bad actors participating in the cryptocurrency/digital assets/blockchain space.

Article By Matthew G. Lindenbaum, Robert L. Lindholm, and Daniel Curran of Nelson Mullins

For more crypto and cybersecurity legal news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

DOJ Aggressively Targeting PPP Loan Recipients for Fraud: What Businesses Need to Know

More than five million businesses applied for emergency loans under the Paycheck Protection Program (PPP), and with a hurried implementation that prevented a full diligence process, it’s not surprising the program became a target for fraud. The government is now aggressively conducting investigations, employing both criminal and civil enforcement actions. On the civil lawsuit front, companies that received PPP loans should be aware of actions brought under the False Claims Act (FCA) and the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA). This advisory details some of the key points of these enforcement tools and what the government looks for when prosecuting fraudulent conduct.

How will PPP Loan Fraud Enforcement Under the FCA Work?

A company can be liable under the FCA if it knowingly presents a false or fraudulent claim for payment or approval to the government or uses a falsified record in the course of making a false claim. 31 U.S.C. § 3729(a)(1)(A), (B). The FCA allows the government to recover up to three times the amount of the damages caused by the false claims in addition to financial penalties of not less than (as adjusted for inflation) $12,537, and not more than $25,076 for each claim.

The FCA can be enforced by individuals through qui tam lawsuits. This means a private individual, known as a relator, can file a lawsuit on behalf of the government. When a qui tam case is filed, it remains confidential (under seal) while the government reviews the claim and decides whether to intervene in the case. If the lawsuit is successful, the relator is entitled to a portion of the reward.

The False Claims Act has been used to pursue fraud claims in connection with PPP loan applications. Any company that participated in the PPP by applying for a loan should retain documentation justifying all statements made on the loan application and evidencing how any funds obtained through the loans were utilized.

How will PPP Loan Fraud Enforcement Under FIRREA Work?

The government is also utilizing FIRREA in response to fraudulent conduct related to PPP loans. FIRREA is a “hybrid” statute, predicating civil liability on the government’s ability to prove criminal violations. The statute allows the government to recover penalties against a person who violates specifically enumerated criminal statutes such as bank fraud, making false statements to a bank, or mail or wire fraud “affecting a federally insured financial institution.” 12 U.S.C. §1833a.

To establish liability under FIRREA, the government does not have to prove any additional element beyond the violation of that offense and that the violation “affect[ed] a federally insured financial institution.” The government has invoked FIRREA in the context of PPP loan fraud by stating the fraud related to obtaining the loan falls under one or more of the predicate offenses set forth in the statute.

What Factors Determine PPP Loan Fraud Penalties Under FIRREA?

While the assessment of a penalty is mandatory under FIRREA, the amount of the penalty is left to the discretion of the court but may not exceed $1.1 million per offense. There is an exception to this maximum penalty, however, if the person against which the action is brought profited from the violation by more than $1.1 million. FIRREA then allows the government to collect the entire amount gained by the perpetrator through the fraud. The actual amount of the penalty is determined by the court after weighing several factors including:

  • The good or bad faith of the defendant and the degree of his/her knowledge of wrongdoing;
  • The injury to the public, and whether the defendant’s conduct created substantial loss or the risk of substantial loss to other persons;
  • The egregiousness of the violation;
  • The isolated or repeated nature of the violation;
  • The defendant’s financial condition and ability to pay;
  • The criminal fine that could be levied for this conduct;
  • The amount the defendant sought to profit through his fraud;
  • The penalty range available under FIRREA; and
  • The appropriateness of the amount considering the relevant factors.

The government favors utilizing FIRREA penalties to pursue fraud claims for several reasons. The statute of limitations provided in 12 U.S.C. §1833a(h) is 10 years, which is much longer than most civil statutes of limitations. The standard of proof required to impose penalties is preponderance of the evidence, rather than the higher “beyond a reasonable doubt” standard that must be met in a criminal prosecution.

Checklist for PPP Loan Recipients

A company that applied for COVID relief funds, such as PPP loans, should ensure they satisfy the eligibility requirements for obtaining the loan, confirm false statements were not made during the application, and review the rules set forth by the SBA for applying for PPP. The government has shown it is willing to pursue remedies under the FCA and FIRREA for fraudulent statements made regarding a PPP loan application.

Article By Ronald G. DeWaard, Gary J. Mouw, and Gage M. Selvius of Varnum LLP

For more white collar crime and business fraud legal news, click here to visit the National Law Review.

© 2022 Varnum LLP

Electronic Medical Record Provider Pays $930,000 in First Civil Cyber-Fraud Initiative Settlement

For the first settlement as part of the Department of Justice’s Civil Cyber-Fraud Initiative, DOJ settled a case against medical services government contractor Comprehensive Health Services, LLC (CHS) for $930,000.  This settlement resolves allegations brought forth in two qui tam lawsuits, where four whistleblowers filed suit on behalf of the government under the qui tam provision of the False Claims Act.  Three of the whistleblowers received $15,000, in addition to attorneys’ fees, and one relator received $127,050 for reporting fraud.

“This settlement serves notice to federal contractors that they will be held accountable for conduct that puts private medical records and patient safety at risk,” said the United States Attorney for the Eastern District of New York.

CHS, as part of the medical services they provided to the U.S. government, was paid to implement a secure electronic medical record (EMR) system as part of contracts with the State Department and Air Force at various U.S. consulate and military locations in Iraq and Afghanistan.  The EMR system housed personal health information and medical records for anyone who received medical treatment at the locations CHS served, including U.S. service members, diplomats, officials, and contractors.  According to the allegations, CHS did not consistently store patients’ medical records on the secure EMR system and indeed left scans on a network drive which non-clinical staff could access.

As part of several contracts to which CHS was a party, CHS was supposed to provide medical supplies, including controlled substances subject to U.S. Food and Drug Administration (FDA) or European Medicines Agency (EMA) approval.  According to the allegations, CHS “knowingly, recklessly, or with deliberate ignorance” submitted claims for payment for controlled substances that they obtained by means not sanctioned by these contracts.  Not only did CHS lack a Drug Enforcement Agency license to export controlled substances, but CHS also obtained controlled substances by having their U.S.-based subsidiary request that a South African physician prescribe controlled substances, according to the allegations.  The South African physician prescribed these controlled substances, absent FDA or EMA approval, and a shipping company from the same country imported the substances to Iraq.

Government contractors are supposed to adhere to the terms of their contracts in order to receive reimbursement from the U.S. government.  This medical services provider ignored procurement guidelines to obtain controlled substances, undermining safety controls and misrepresenting their adherence to contract terms in providing medical services to U.S. military personnel.  The DOJ’s Civil Cyber-Fraud Initiative brings the power of the False Claims Act to bear on contractors whose job is to protect sensitive information and critical systems.  Representing that data is secure when it is, in fact, not is a violation of the False Claims Act and constitutes cyber-fraud.  As the Special Agent in Charge of the U.S. Department of State OIG, Office of Investigations noted, “…this outcome will send a clear message that cutting corners on State Department contracts has significant consequences.”

Whistleblowers raised data privacy concerns to CHS, but the contractor failed to implement better cybersecurity protocols in response to their concerns.  The Department of Justice has rewarded its first whistleblowers as part of the Civil Cyber-Fraud Initiative, and they’re just getting started.

© 2022 by Tycko & Zavareei LLP
For more articles about digital health, visit the NLR Health Care Law section.

GovCon Fraud Grounded: Whistleblower Receives Reward for Reporting Aviation Equipment Government Contracting Fraud

The United States Department of Justice settled a case against aviation equipment defense contractor Airbus Defense and Space Inc. (ADSI) for charging improper fees on government contracts. Under the terms of the settlement, the defense contractor paid $1,043,475 to resolve False Claims Act allegations. A former employee of the government contractor reported these improper fees and will receive $157,220 of the government’s recovery.

According to the allegations, the contractor included an unapproved cost rate on contracts, did not accurately disclose fees, and worked out a storage overbilling scheme with a third-party contractor, causing the government to pay more for storage than necessary. To disguise an additional and sometimes undisclosed indirect cost rate, the contractor added what they called an “Orlando Factor” to various price proposals for 62 contracts. Indirect cost rates are a complex portion of government contracting arrangements whereby a contractor attempts to obtain reimbursement for their company’s operational costs. From 2016-2017, this aviation equipment contractor’s “Orlando Factor” was applied in addition to their indirect cost rate approved by the federal agencies with which they were contracting.

The allegations further describe additional fees the contractor tacked onto equipment acquisitions in violation of federal acquisition regulations. Moreover, the contractor listed an unverified affiliate fee on its proposals. Finally, the contractor inflated storage costs by a factor of 10, resulting in General Dynamics passing on $80,000 in storage fees to the U.S. Navy instead of $8,000 in fees.

Defense contracting fraud harms taxpayers; inflating the cost of obtaining equipment can make defense budgets spiral out of control. This particular contractor seems to have found multiple ways to hide costs and pad proposals so as to turn a profit above and beyond their cost of doing business.

A former employee of ASDI reported these fraudulent practices and is being rewarded for speaking up, including receiving funds to pay for their expenses, attorneys’ fees, and costs. The Department of Justice needs whistleblowers to report government contracts fraud. Last year, only 35 defense fraud cases were filed by whistleblowers. With $720 billion spent, more fraud is out there.

© 2021 by Tycko & Zavareei LLP
For more articles on Government Contracts, visit the NLR

Government Contracts, Maritime & Military Law type of law section.

The Empire Strikes Back — Did the DOJ Hack the Colonial Pipeline Hackers?

Now we are in no way confusing the cyber-criminal enterprise DarkSide with the plucky light-side rebels from Star Wars, but it appears the United States Department of Justice seized 63.7 bitcoins, worth $2.3 million, paid to cyber-criminal enterprise DarkSide following the May 7 ransomware attack against Colonial Pipeline. The attack resulted in a highly publicized, brief shutdown of the company’s pipeline infrastructure, which transports approximately 45% of the oil consumed on the U.S. East Coast, and which took days to resolve and create widespread gasoline shortages in some parts of the country. The seizure was coordinated through the DOJ’s recently created Ransomware and Digital Extortion Task Force, which was created to address increasing ransomware and digital extortion attacks again U.S. businesses.

The story is big news because ransoms are rarely recovered.  Typically, the victim of a ransomware attack transfers the ransom to hackers, who then transfer the funds to hundreds of other wallets and the funds are essentially gone forever.  Even if the payments can be tracked to accounts, what is even more rare is the ability to unlock those accounts.  So the question on everyone’s mind is how did the DOJ unlock the account holding the ransom?

According to documents filed in the U.S. District Court for the Northern District of California, Colonial Pipeline provided investigators with the bitcoin address of the hackers it paid on May 8.  The hackers then moved the funds through at least six more addresses by the next day.  On May 13, DarkSide told affiliates that its servers and other infrastructure had been seized, but did not provide any details.  On May 27, the FBI seized 63.7 bitcoins traced to the Colonial ransom, when it  landed at a final address.  Impressive.

So how did the FBI get the private encryption key?  The FBI disclosed in its application for a warrant that it had the private encryption key for that bitcoin address.  The FBI has not, however, disclosed how it obtained the encryption key.  There are a few possibilities.  First, it is possible someone close to the attack tipped off the FBI.  Second, the attackers may have been careless.  The FBI noted that they had been investigating DarkSide since last year.  It is possible the FBI got access to communications that may have provided clues to the private key or access to a private server holding information about the private key.  Third, the FBI may have received assistance from the cryptocurrency exchange where the bitcoin had been moving from account to account.  Fourth, the FBI could have hacked the key on its own.  The most likely scenario is that the attackers were careless, and the FBI was able to capitalize on their carelessness to uncover the private encryption key.

The good news for the crypto community is that law enforcement was able to track down and recover much of the bitcoin.  Contrary to the perception that cryptocurrency is untraceable, it appears the public blockchain made it easier in this case to track and recover the ransom than it would have been if the ransom was paid in fiat.  We may never know how the FBI unlocked the private encryption key in this case, but if the DOJ is successful in recovering future ransom payments, it may shed some additional light on this case and others.

Copyright ©2021 Nelson Mullins Riley & Scarborough LLP
For more articles on the Colonial Pipeline hack, visit the NLR Communications, Media & Internet section.

The U.S. Department of Justice Releases its Cryptocurrency Enforcement Framework

Earlier this year, the U.S. Department of Justice (“DOJ”) released its highly anticipated Cryptocurrency Enforcement Framework (the “Framework”).  The Framework was developed as part of the Attorney General’s Cyber-Digital Task Force, and contains three sections:  (1) Threat Overview; (2) Law and Regulations; and (3) Ongoing Challenges and Future Strategies.

The “Threat Overview” section details various illicit uses of cryptocurrency and highlights how criminals increasingly have used cryptocurrency to fund illicit and illegal activities, including purchasing and selling illegal drugs and firearms, funding terrorist organizations, laundering money, and engaging in other illegal activities on the dark web.  The Framework also discusses how hackers have targeted cryptocurrency marketplaces for theft and fraud activities.

The “Law and Regulations” section of the Framework details the existing statutory and regulatory framework that DOJ and others have used and can use to regulate cryptocurrency.  As the Framework explains, DOJ is not the only enforcement actor in this space, and many other agencies – including, among others, the U.S. Treasury Department, the Securities & Exchange Commission, the Commodity Futures Trading Commission, and the Internal Revenue Service – have been actively enforcing violations by criminal cyber actors.  While the Framework is generally supportive of a broad, multi-pronged enforcement landscape, it highlights the difficulty of tracking and complying with an increasingly complex web of regulations created by these various agencies.

The third and final section of the Framework discusses current challenges and strategies for future enforcement.  This section notes the inherently decentralized and cross-border nature of cryptocurrency, and the problems it poses for enforcement.  Though the global nature of cryptocurrency might complicate investigations, the Framework makes clear it will not hinder DOJ’s willingness or ability to prosecute cases, stating, “The Department also has robust authority to prosecute VASPs [Virtual Asset Service Providers] and other entities and individuals that violate U.S. law even when they are not located inside the United States.  Where virtual asset transactions touch financial, data storage, or other computer systems within the United States, the Department generally has jurisdiction to prosecute the actors who direct or conduct those transactions.”  The enforcement section emphasizes the Bank Secrecy Act (BSA) and Anti Money Laundering (AML) laws as primary tools of enforcement, particularly for actors who deal with “anonymity enhanced cryptocurrencies” and technology that obscures the ownership of particular assets.  The report stresses that obligations to safeguard systems, protect consumer data, and properly maintain customer information apply not only to conventional virtual asset exchanges, but also to peer-to-peer exchanges, kiosk operators, and virtual currency casinos.

The DOJ released the Framework at a time when interest in cryptocurrency is at an all-time high.  Bitcoin passed $20,000 recently, and the record-setting level is a clear indication of increased interest in the major digital asset.  Cryptocurrencies continue to attract an increasing number of investors, including well-known companies and fund managers.  Further, the CME announced plans to expand its cryptocurrency offerings by adding Ether futures to its existing Bitcoin futures, while the CBOE recently announced plans to launch indexes tied to various digital assets in early 2021.  The Framework represents a clear indication from the DOJ that it is focused on cryptocurrency-related crimes.  Individuals and companies seeking investment or exposure to the cryptocurrency market should review their compliance obligations in light of the Framework, and ensure any deficiencies are resolved quickly.

Commentators have noted the Trump administration’s aggressive stance towards cryptocurrency, and the Framework certainly tracks that stance.  Of course, it remains to be seen whether the Biden administration will continue to take such an aggressive enforcement posture in the cryptocurrency space.  Some commentators have noted that they expect that the Biden administration will be different.  Notably, Mr. Biden has chosen Gary Gensler to lead his financial policy transition team, and Mr. Gensler has been supportive of cryptocurrencies in past writings.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.
For more, visit the NLR Communications, Media & Internet section.

Uncle Sam Wants to Protect Blockchain Technology

On August 27, 2020, the head of the U.S. Department of Justice’s Antitrust Division (“DOJ”), Makan Delrahim, spoke at the Thirteenth Annual Conference on Innovation Economics and emphasized that one of the DOJ’s top priorities is to protect innovation and ensure that antitrust laws do not act as an impediment to the burgeoning cryptocurrency market.  COVID-19 has illuminated the importance of innovative solutions, as businesses develop new ways to operate during the pandemic. In particular, Delrahim highlighted blockchain as an innovative technology that the DOJ seeks to protect because of its potential to topple existing monopoly structures.

Blockchain technology is essentially a shared ledger of information and transactions that is distributed across a number of computers on the network, the ledger updates with every transaction on each computer and is viewable by anyone with access to that particular blockchain at any time.  In traditional networking solutions, the company that owns or controls the network infrastructure (the intermediary) may be able to raise the cost of doing business on the network as it becomes larger.  In contrast, blockchain technology can operate a network without a centralized intermediary, resulting in potentially lower networking costs and limiting the concentration of market power.

Although blockchain technology offers tremendous value, Delrahim also underscored the potential for abuse.  He noted that those with current market power could use blockchain technology in an anti-competitive manner. This is particularly a concern with closed or permissioned blockchain networks where only insiders are allowed to operate a computer on the network. For example, seafood harvesters could collusively condition access to a permissioned blockchain, which tracks useful supply chain data, on agreeing to certain prices or output.  Such collusive activity would cause tremendous harm to competition and consumers.

In an effort to combat such potentially anticompetitive activities, Delrahim noted that the DOJ is taking proactive measures to understand how emerging technologies work and how they can affect competition. The Antitrust Division has implemented a new initiative to train its attorneys and economists in innovative technologies such as blockchain technology, machine learning, and artificial intelligence, to prepare itself for monopolists who may take advantage of these new technologies.

Delrahim’s speech is an acknowledgement that the DOJ looks favorably on innovative technologies, in particular blockchain solutions.  The DOJ wants to protect and promote the growth of these technologies by combating anticompetitive behavior.  Delrahim’s speech is also an important signal that the DOJ is focused on potentially anti-competitive applications of blockchain technology.  Any group of firms that are considering working together in developing a blockchain technology solution in their industry should take appropriate precautions to make sure their activities do not constitute a violation of U.S. anti-trust laws.

© Polsinelli PC, Polsinelli LLP in California
For more articles on Cryptocurrency, visit the National Law Review Communications, Media & Internet section.

10 Reasons Why FCPA Compliance Is Critically Important for Businesses

  • The Foreign Corrupt Practices Act (“FCPA”) prohibits companies from bribing foreign officials in an effort to obtain or retain business, and it requires that companies maintain adequate books, records, and internal controls to prevent unlawful payments.
  • The FCPA was passed in response to an increase in global corruption costs.
  • Implementing an effective FCPA compliance program can benefit companies financially and socially, and it can help companies seize opportunities for business expansion.
  • In drafted and implemented appropriately, an FCPA compliance program will: serve as an invaluable tool against corruption, promote ethical conduct within the company, reduce the societal costs of corruption, and foster business expansion domestically and globally.
  • Company leaders should consider hiring experienced legal counsel to provide advice and representation regarding FCPA compliance.

What is the Foreign Corrupt Practices Act?

Enacted in 1977, the Foreign Corrupt Practices Act (“FCPA”) is a federal law that prohibits bribery of foreign officials in an effort to obtain or retain business. It also requires companies to maintain adequate books, records, and internal controls in their accounting practices to prevent and detect unlawful transactions.

Congress passed the FCPA in response to growing concerns about corruption in the global economy. The FCPA includes provisions for both civil and criminal enforcement; and, over the past several decades, FCPA enforcement proceedings have resulted in billions of dollars in penalties, disgorgement orders, and other sanctions issued against companies accused of engaging in corrupt transactions with government entities.

What are the Risks of FCPA Non-Compliance?

The U.S. Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) are the primary agencies tasked with enforcing the FCPA. These agencies take allegations of FCPA violations very seriously, motivated in large part by the damage that bribery and corruption of foreign officials can cause to the interests of the United States. Prosecutions under the FCPA have increased in recent years, with both companies and individuals being targeted.

Due to the risk of federal prosecution, companies that do business with foreign entities must implement compliance programs that are specifically designed to prevent, detect and allow for appropriate response to transactions that may run afoul of the FCPA. In addition to helping to prevent and remedy FCPA violations, adopting a robust compliance program also demonstrates intent to follow the law and can create a positive view of your company in the eyes of federal authorities.

“Implementing an effective FCPA compliance program serves a number of important purposes. Not only can companies mitigate the risk of their employees engaging in corrupt practices, but they can also discourage corrupt conduct by other entities and demonstrate to federal authorities that they are committed to complying with the law.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

If your company is targeted by the DOJ or SEC for a suspected FCPA violation, it will be important to engage federal defense counsel promptly. Having counsel available to represent your company during an FCPA investigation is crucial for protecting your company and its owners, executives, and personal against civil or criminal prosecution.

Why Should Companies Implement FCPA Compliance Programs?

Here are 10 of the most important reasons why companies that do business with foreign entities need to adopt comprehensive and custom-tailored FCPA compliance programs:

  1. The FCPA is an invaluable tool in the federal government’s fight against foreign corruption.
    • The FCPA is a massive piece of legislation that is designed to allow the DOJ and SEC to effectively combat corruption and bribery involving foreign officials. Ultimately, enforcement of the FCPA is intended to eliminate the costs of foreign corruption to the United States.
    • An effective and robust FCPA compliance program promotes these objectives while also protecting companies and individuals against civil liability and criminal prosecution.
  2. Anti-corruption laws like the FCPA promote ethical conduct.
    • Companies that have comprehensive policies against bribery and corruption send a strong message to other companies and foreign officials that they are committed to aiding in the federal government’s fight against corruption.
    • Foreign officials are less likely to ask for bribes from companies that promote an anti-corruption corporate environment through their compliance policies and procedures.
    • Compliance with anti-corruption laws promotes positive morale among company personnel who feel the pride of working for a company that is committed to transparency and ethical conduct.
  3. The FCPA allows companies to develop strong internal controls and avoid a slippery slope toward an unethical culture.
    • Companies that regularly utilize bribes in their business operations are likely to eventually encounter multiple problems, both in the U.S. and abroad.
    • Once a foreign official knows that a company is willing to pay bribes, that foreign official will request larger bribe amounts. In order to continue business operations in the relevant jurisdiction, company personnel may continue to accept the foreign official’s terms and pay larger bribes.
    • If left unchecked, corrupt practices can become so prevalent that they create enormous liability exposure for the company.
    • Maintaining a focus on FCPA compliance allows companies to develop effective internal controls that promote efficiency in their business operations.
  4. The FCPA reduces the societal costs of corruption.
    • Corruption increases costs to society. This includes political, social, economic, and governmental costs resulting from unethical business conduct.
    • By adopting and enforcing strong FCPA compliance programs, companies can help reduce these costs.
  5. The FCPA reduces the internal business costs of corruption.
    • Corporate success depends on certainty, predictability, and accountability. An environment where corruption is rampant costs companies time and money, and it can lead to disruptions in the continuity of their business operations.
    • FCPA compliance instills predictability in investments, business transactions, and dealings with foreign officials.
  6. Corruption and bribery create an unfair business environment.
    • Companies are more likely to be successful in an environment that emphasizes fair competition, and in which all competitors sell their products and services based on differentiation, pricing, and efficiency.
    • Corruption and bribery allow for unfair results in the marketplace. For instance, companies that utilize bribes can achieve increased sales and increased market share despite offering an inferior product at an uncompetitive price.
  7. The penalties under the FCPA encourage compliance and accurate reporting.
    • The penalties imposed under the FCPA incentivize the disclosure and reporting of statutory violations. These penalties include fines, imprisonment, disgorgement, restitution, and debarment.
    • Whistleblowers can receive between 10% and 30% of amounts the federal government recovers in FCPA enforcement litigation, and this provides a strong incentive to report violations as well.
    • The risk of significant penalties is an important factor for companies to consider when deciding how much time, effort, and money to invest in constructing an FCPA compliance program.
  8. Anti-corruption laws foster business expansion and stability both domestically and globally.
    • For companies that plan to expand domestically or internationally, success depends on the existence of a competitive environment in which companies compete fairly based on product differentiation, price, and other market factors.
    • Fair competition and growth opportunities are hampered when competitors can simply bribe their way to success. Therefore, FCPA enforcement is essential to maintaining fair competition.
    • DOJ and SEC investigations can severely disrupt efforts to maintain stability and predictability, and they can lead to significant financial and reputational harm.
  9. Corruption leads to human rights abuses.
    • Companies that regularly utilize corruption and bribery to achieve their business goals often resort to other illegal practices as well. This includes forced labor and child labor.
    • These types of human rights abuses are commonplace in countries where corruption and bribery are widespread.
    • To reduce the risk of these human rights abuses, it is crucial for company personnel to be educated on the potentially disastrous consequences of corruption and bribery.
    • Developing a robust compliance policy is the best way to educate personnel, reduce the risks of corruption and bribery, and eliminate the human rights abuses associated with these risks.
  10. The FCPA encourages open communication between companies and their legal counsel.
    • With regard to FCPA compliance, it is a legal counsel’s job to represent the best interests of the company and help the company foster an environment of ethical conduct. Achieving these objectives requires open and honest communication between the company and legal counsel.
    • Due to the severe sanctions imposed under the FCPA, companies are incentivized to hire counsel to advise them with regard to compliance and to adopt and implement effective FCPA compliance programs.

Effective FCPA Compliance Programs Help Companies Avoid Costs, Loss of Business Opportunities, and Federal Liability

Working with legal counsel to develop robust FCPA compliance policies and procedures can help prevent company personnel from offering bribes and engaging in other corrupt practices while also encouraging the internal disclosure of suspected violations. Failing to maintain adequate internal controls and foster a culture of compliance can be detrimental to a company’s operations, and FCPA violations can lead to civil or criminal prosecution at the federal level. As a result, all companies that do business with foreign entities would be well-advised to work with legal counsel to develop comprehensive FCPA compliance policies and procedures.

Oberheiden P.C. © 2020

For more on the Foreign Corrupt Practices Act see the National Law Review Criminal Law & Business Crimes section.