- Verizon Cooperates with DOJ related to Cybersecurity Allegations
- Justice Department Demonstrates its Focus on Part C Fraud with Martin’s Point $22.5 M Settlement
- DOJ, BIS and OFAC Issue Tri-Seal Compliance Note
- Booz Allen Pays $377 M to Settle Improper Indirect Cost Allegations
- NextGen’s $31 M Settlement of an Alleged False Certification and a Kickback Violation
- Things Just Got Interesting: A Disclosure, A Lawsuit and A False Claims Act Settlement
- Genotox resolves AKS parallel investigation with the DOJ
- Self-Disclose to Avoid Self-Sabotage: Clarifying DOJ’s Criminal Corporate Self-Disclosure Policy for US Attorney Offices
- With Recent Enforcement Action, DOJ and FTC Join the FCC in Targeting the Use of Ringless Voicemails
- DePuy Agrees to Pay $9.75 Million in FCA Kickback Investigation
- False Claims Act
- Department of Justice (DOJ)
- Anti-Kickback Statute
- Financial Institutions
- Corporate Criminal Enforcement
- White Collar & Investigations
- Procurement Fraud
- Consumer Protection
- Cooperation Credit
- Medicare Fraud
- Bank Exam Privilege
- Paycheck Protection Program
- Stark Law
White Collar + Fraud + Investigations + Compliance
On Monday, the DOJ announced a settlement with Verizon Business Network Services LLC (“Verizon”), where Verizon agreed to pay $4.1 M to settle allegations that it failed to completely satisfy certain cybersecurity controls in connection with an information technology service provided to federal agencies. The settlement resolves allegations that Verizon’s Managed Trusted Internet Protocol Service (“MTIPS”), which was designed to provide federal agencies with secure connections to the public internet and other networks, did not completely satisfy three required cybersecurity controls related to its General Services Administration (“GSA”) contracts from 2017 through 2021.
When faced with the question of whether to self-disclose, companies often question the benefit of such a disclosure. There are a few important takeaways here.
First, this resolution is a great example of what a [seemingly] successful self-disclosure looks like. Based on the settlement and the press release, it appears that Verizon identified issues related to compliance with certain cybersecurity controls; provided the Government with a written self-disclosure; initiated an independent investigation and compliance review of the issues; and, provided the Government with detailed subsequent written disclosures. Apparently, Verizon also identified individuals involved in or responsible for the issues, assisted in the damages analysis, and remediated the identified issues, among other things. Verizon is demonstrating here what true cooperation looks like and how such cooperation can result in better results for the company. And, as a result of this level of cooperation, Verizon paid a 1.5 multiplier—substantially less than its potential exposure under the False Claims Act, which can be 3x the loss to the Government plus penalties.
Second, clients often ask about what makes a case criminal versus civil. By self-disclosing in a timely manner where the misconduct is clear, and cooperating with an investigation, the company can often avoid criminal liability. Once company management is made aware of misconduct, by continuing to engage in the conduct and failing to disclose such conduct (similar to the allegations set forth in the Booz Allen qui tam complaint), management exposes the company to civil and, possibly, criminal liability. In contrast, when companies voluntarily disclose such conduct, they can elect the venue of that disclosure, like whether to the approach the contracting agency directly or DOJ’s Civil Division. Likewise, by disclosing conduct, a company may avoid severe administrative remedies like suspension or exclusion.
Third, though we don’t know when Verizon submitted this self-disclosure, it appears that this process took less than 2 years given that the conduct ended in 2021—substantially shorter than most investigations initiated by qui tam complaints. This translates to lower (gasp) legal and expert costs for the company and, generally, lower reputational costs to the company and, ultimately, shareholders.
Finally, this resolution further demonstrates the Department’s commitment to the Cyber-Fraud Initiative that the Government launched in 2021. Meeting cybersecurity controls and requirements continues to be an area of the focus for the Government—companies should make sure they are staying abreast of their obligations of under their respective agreements to avoid pitfalls and disclose issues as necessary.
A link to the press release is provided here.