Photo of Nayar IslamPhoto of Stephen M. ByersPhoto of Jason CrawfordPhoto of Nkechi KanuPhoto of Brian Tully McLaughlin

A False Claims Act (FCA) settlement recently announced by the U.S. Department of Justice stands at the intersection of two evolving trends:  DOJ’s increasing focus on cybersecurity lapses by government contractors as part of its Civil Cyber-Fraud Initiative, and DOJ policies incentivizing corporations to voluntarily self-disclose violations of federal law.

On September 5, 2023, DOJ announced a $4 million settlement with Verizon Business Network Services LLC (Verizon) addressing allegations that Verizon violated the FCA because certain telecommunications services it provided to federal agencies under its General Services Administration (GSA) contracts did not comply with applicable cybersecurity requirements, namely the Office of Management and Budget’s Trusted Internet Connections (TIC) initiative.  DOJ specifically alleged that Verizon’s Managed Trusted Internet Protocol Service (MTIPS)—an information technology service that allows federal agencies to securely connect to public internet and external networks—did not comply with three security controls in the Department of Homeland Security’s TIC Reference Architecture Document, including a control that required the use of FIPS 140-2 validated cryptography.  The Verizon settlement represents the latest example of DOJ’s continued focus on cybersecurity cases, a trend that we believe will only continue to escalate going forward.

Verizon’s Cooperation Credit

What makes this resolution particularly interesting is the discussion in the settlement agreement and the DOJ press release about the various steps that Verizon took that entitled the company to credit for cooperating with the government.  For instance, the recitals in the settlement agreement explicitly state that Verizon received credit under DOJ’s guidelines for taking disclosure, cooperation, and remediation into account in False Claims Act cases as set forth in § 4-4.112 of the Justice Manual.  As described below, the recitals shed some light on the sorts of steps that could be awarded credit in these circumstances.

Disclosure

After learning of the potential issues with the implementation and maintenance of certain security controls, Verizon provided GSA’s Office of Inspector General (GSA-OIG) with a written self-disclosure.  The company also initiated an independent investigation and compliance review of those issues and provided GSA-OIG with multiple detailed and thorough supplemental written self-disclosures.

Cooperation

The recitals note that Verizon cooperated with the government’s investigation of the issues in several ways, including by identifying individuals responsible for the issues; disclosing facts gathered during its independent investigation, with attribution to specific sources; and assisting in the determination and recovery of the losses caused by the issues.

Remediation

Verizon took prompt steps to remediate the issues, including by implementing compensatory security controls for its MTIPS solution; implementing a compliance program to avoid a reoccurrence of similar issues and conduct; making substantial capital investments in its governance, risk, and compliance platforms; reviewing and updating its MTIPS system security plan and related internal documentation; establishing a Compliance Center of Excellence to maintain and improve its cybersecurity compliance framework; and disciplining or replacing those employees Verizon identified as responsible for the issues.  

Value of the Cooperation Credit

While not stated explicitly in the press release, Verizon’s cooperation appears to have affected the amount of the total settlement.  There is no one-size-fits-all approach to settlements of FCA liability; however, it is not unusual for defendants to pay around 2x the amount of the single damages in settlements with DOJ’s Civil Fraud Section.  Any number of factors can influence that multiplier, from the perceived strength of the claims and defenses, the overall value of the matter, and more.  Here, the settlement agreement identified $2,727,545 as the single damages (i.e., restitution) amount and $4,091,317 was the negotiated settlement total.  This means that Verizon paid 1.5x the single damages amount to settle the case with DOJ Civil Fraud.  When compared with the 2x multiplier that typically applies to an FCA settlement, the credit that Verizon presumably received for its cooperation was worth more than $1.3 million.  The agreement does not provide any details as to how the restitution amount itself was calculated.  

What Comes Next?

The § 4-4.112 Guidelines were adopted in 2019, but to date they have received little publicity from DOJ Civil Fraud.  This stands in marked contrast to other DOJ components, which have frequently and prominently touted similar policies both before and after an initiative announced by Deputy Attorney General Lisa Monaco in September 2022 to provide Department-wide guidance for development of policies that incentivize voluntary self-disclosures.  For example, the DOJ Criminal Division, and the Criminal Fraud Section in particular, regularly incorporates statements about its voluntary self-disclosure policy in public speeches and announcements of case resolutions.  In contrast, the § 4-4.112 Guidelines have remained largely under the radar, but the Verizon settlement highlights the potential financial benefits for companies that take steps to disclose misconduct, cooperate with the government’s investigation, and implement remedial measures.  It remains to be seen whether the Verizon settlement will be touted by DOJ leadership as an example of the benefits of self-disclosure in an effort to encourage more companies to take similar steps.

The Verizon settlement is a reminder of DOJ’s continued focus on using the FCA to enforce cybersecurity requirements as part of the Civil-Cyber Fraud Initiative and of DOJ’s cooperation guidelines in the face of potential FCA issues.  Corporations that uncover evidence of FCA violations, including cybersecurity lapses that may implicate FCA liability, should consider whether to undertake voluntary disclosures as a measure of compliance and to obtain potentially valuable credit in resolving such matters.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Stephen M. Byers Stephen M. Byers

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves…

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves counseling and representation of corporate and individual clients in all phases of white collar criminal and related civil matters, including: internal corporate investigations; federal grand jury, inspector general, civil enforcement and congressional investigations; and trials and appeals.

Mr. Byers’s practice focuses on matters involving procurement fraud, health care fraud and abuse, trade secrets theft, foreign bribery, computer crimes and cybersecurity, and antitrust conspiracies. He has extensive experience with the federal False Claims Act and qui tam litigation, the Foreign Corrupt Practices Act, the Economic Espionage Act, and the Computer Fraud and Abuse Act. In addition to defense of government investigations and prosecutions, Mr. Byers has represented corporate victims of trade secrets theft, cybercrime, and other offenses. For example, he represented a Fortune 100 U.S. company in parallel civil and criminal proceedings that resulted in a $275 million criminal restitution order against a foreign competitor upon its conviction for trade secrets theft.

Photo of Jason Crawford Jason Crawford

When facing government investigations or high stakes litigation, clients trust Jason Crawford to evaluate allegations, identify risks, and formulate strategies to achieve the appropriate resolution. Jason advises and advocates for government contractors and companies from regulated industries in matters involving civil, criminal, and…

When facing government investigations or high stakes litigation, clients trust Jason Crawford to evaluate allegations, identify risks, and formulate strategies to achieve the appropriate resolution. Jason advises and advocates for government contractors and companies from regulated industries in matters involving civil, criminal, and administrative enforcement, with a particular focus on the False Claims Act (FCA).

As a litigator, Jason has defended government contractors, drug manufacturers, grant recipients, health care companies, importers, and construction companies sued under the FCA by whistleblowers and the Department of Justice (DOJ) in federal courts throughout the country. He also helps clients conduct complex internal investigations and respond strategically to Office of Inspectors General inquiries, grand jury investigations, search warrants, and civil investigative demands.

Jason previously served as a DOJ Trial Attorney in the Civil Division, Fraud Section where he investigated and litigated FCA cases involving government contractors, importers, and health care companies. He also previously worked with the U.S. Attorney’s Office for the District of Columbia where he prosecuted federal criminal cases.

A recognized thought leader on FCA developments, Jason has written and presented extensively on the fraud statute, and he is a co-host of the Let’s Talk FCA podcast.

Photo of Nkechi Kanu Nkechi Kanu

Nkechi A. Kanu is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm’s Government Contracts Group.

Nkechi’s practice focuses on False Claims Act investigations and litigation. Nkechi has significant experience assisting companies with…

Nkechi A. Kanu is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm’s Government Contracts Group.

Nkechi’s practice focuses on False Claims Act investigations and litigation. Nkechi has significant experience assisting companies with complex internal investigations and represents clients in government investigations involving allegations of fraud. She also focuses on assisting clients with investigations relating to cybersecurity and information security compliance. Her complementary litigation practice involves defending companies in government-facing litigation arising under the FCA, resulting in the dismissal of qui tam complaints and successful settlements of FCA claims with DOJ.

Photo of Brian Tully McLaughlin Brian Tully McLaughlin

Brian Tully McLaughlin is a partner in the Government Contracts Group in Washington, D.C. and co-chair of the False Claims Act Practice. Tully’s practice focuses on False Claims Act investigations and litigation, particularly trial and appellate work, as well as litigation of a…

Brian Tully McLaughlin is a partner in the Government Contracts Group in Washington, D.C. and co-chair of the False Claims Act Practice. Tully’s practice focuses on False Claims Act investigations and litigation, particularly trial and appellate work, as well as litigation of a variety of complex claims, disputes, and recovery matters. Tully’s False Claims Act experience spans procurement fraud, healthcare fraud, defense industry fraud, and more. He conducts internal investigations and represents clients in government investigations who are facing fraud or False Claims Act allegations. Tully has successfully litigated False Claims Act cases through trial and appeal, both those brought by whistleblowers / qui tam relators and the Department of Justice alike. He also focuses on affirmative claims recovery matters, analyzing potential claims and changes, counseling clients, and representing government contractors, including subcontractors, in claims and disputes proceedings before administrative boards of contract appeals and the Court of Federal Claims, as well as in international arbitration. His claims recovery experience includes unprecedented damages and fee awards. Tully has appeared and tried cases before judges and juries in federal district courts, state courts, and administrative boards of contract appeals, and he has argued successful appeals before the D.C. Circuit, the Federal Circuit, and the Fourth and Seventh Circuits.