Educational only; not legal advice, and not a substitute for transaction counsel. Cases are described according to their public posture and resolve allegations without an admission of liability unless a court found otherwise.
You don’t just buy the business, you buy its sins
Every buyer understands they are acquiring a company’s assets and contracts. Fewer internalize that they are also acquiring its past conduct. When the company you are buying gets paid by the federal government, a healthcare provider billing Medicare or Medicaid, a defense or IT (information technology) contractor invoicing a federal agency, a business that took a federally backed loan, the False Claims Act turns that past conduct into a live financial risk that can outlive the closing.
Here is why it should have your attention. The False Claims Act (31 U.S.C. §§ 3729 to 3733) lets the government recover three times its actual loss plus a civil penalty for every false claim, in the 2025 adjustment, \$14,308 to \$28,619 per claim (DOJ 2025 penalty adjustment, via Sidley; 31 U.S.C. § 3729). Because the penalty applies per claim, a target that submitted thousands of small, tainted invoices can carry a liability that dwarfs the price you paid for the whole company. You would not be buying a business with a lawsuit attached. You would be buying a lawsuit with a business attached.
And the enforcement environment is not cooling. The Justice Department reported record False Claims Act recoveries exceeding \$6.8 billion in fiscal year 2025, with the large majority coming from health care, and it has named private-equity ownership of healthcare companies as an enforcement priority, meaning the government is increasingly willing to climb the ownership chain to the people who bought in (Morgan Lewis summary of DOJ FY2025). (Confirm the FY2025 figures against the DOJ release before relying on them; see the source log.)
The blind spot most buyers never see: the sealed case
This is the part that should genuinely unsettle an acquirer, because it defeats an otherwise careful process.
A whistleblower, the “relator”, does not sue in the open. Under 31 U.S.C. § 3730(b)(2), the complaint “shall be filed in camera, shall remain under seal for at least 60 days, and shall not be served on the defendant until the court so orders.” In plain terms: the case is filed in secret, served on the Justice Department, and the target company is not told it has been sued, sometimes for years, while the government quietly investigates and repeatedly extends the seal.
Sit with what that does to standard diligence. A litigation search turns up nothing, there is no public docket. The seller’s disclosure schedules list no pending suit, because even an honest seller may not know one exists. The “no litigation” representation is signed in good faith. You can run a thorough, professional process, collect your reps and warranties, and still be standing on top of a live federal fraud case aimed at the very company you are buying. The court file is legally hidden from everyone, including the defendant.
You cannot make the sealed complaint appear. But the government’s investigation leaves a footprint, and a diligence team that knows what to look for can often detect the shadow of a matter even when the matter itself is invisible:
- A Civil Investigative Demand (CID) the target received, an administrative subpoena the Justice Department issues under 31 U.S.C. § 3733, frequently before any public complaint, and one of the earliest signs an organization is under scrutiny (on CIDs).
- Subpoenas, document-preservation notices, or legal holds in place with no visible lawsuit to explain them.
- Unusual reserves or accruals for “government matters” or regulatory contingencies on the books.
- A history of internal whistleblower complaints, compliance-hotline tickets, or a cluster of departures in billing, coding, or compliance roles.
- Billing or coding anomalies you can surface independently (more below).
None of these is proof. Each is a reason to slow down, ask a pointed question, and price the risk.
Does the liability actually attach to me? It depends on the deal
Whether you inherit the target’s False Claims Act exposure turns first on how you structure the transaction, and this is a place to involve counsel early, because the law is genuinely unsettled at the edges.
- Stock purchase or merger: the target entity survives and keeps all of its liabilities, including its FCA exposure. You have stepped into the same corporate skin. There is little structural daylight here.
- Asset purchase: the general rule is that the buyer does not inherit the seller’s liabilities, but that default has well-recognized exceptions that courts will enforce. A buyer can still be on the hook where there is (1) an express or implied assumption of the liability, (2) a de facto merger, (3) a “mere continuation” of the seller, or (4) a fraudulent transfer designed to dodge creditors (Bloomberg Law on FCA successor liability).
There is also a broader, government-favored theory, “substantial continuity”, that can impose liability even without continuity of ownership when the buyer had notice of the claim before the deal and there is no real change in operations afterward. Courts are split on whether it applies to the FCA: a federal district court in Washington (in the Omeros litigation) declined to extend liability beyond the four traditional exceptions, and the Fourth Circuit has held the FCA does not expand common-law successor liability (Bloomberg Law; Ropes & Gray). The honest takeaway: the governing test is jurisdiction- and fact-specific, confirm it with counsel for your forum and structure.
And there is a second, sharper edge. The False Claims Act reaches anyone who acts “knowingly”, which includes deliberate ignorance and reckless disregard, with “no proof of specific intent to defraud” required (31 U.S.C. § 3729(b)). So even where you might dodge the predecessor’s liability, an acquirer who learns of a problem and keeps billing or certifying anyway can manufacture its own, fresh FCA liability after closing. The Justice Department’s posture is explicit: a buyer that fails to perform real diligence or to self-disclose misconduct at an acquired company can be left exposed to full successor liability for the predecessor’s conduct (Quarles). “We’d rather not look too closely” is the one posture guaranteed to lose.
This is not theoretical, the government is already doing it
| Matter (reported) | Acquirer’s exposure | Resolution | Why it matters to a buyer |
|---|---|---|---|
| Raytheon → Nightwing (2025) | DOJ named the acquirer “the successor in liability” for the predecessor’s cybersecurity-certification failures under a federal contract | \$8.4M | Conduct predated the acquisition by years; the buyer paid |
| Aero Turbine / Gallant Capital (2025) | A private-equity sponsor’s portfolio company; part of the conduct predated the sponsor’s acquisition | \$1.75M | DOJ tied the result to successor liability and the value of diligence |
Both figures are drawn from published legal analyses and must be confirmed against the DOJ settlement releases before publication (see source log). Settlements resolve allegations without admission of liability.
These are the cleanest illustrations that “the predecessor did it, not us” is not a defense when the structure, the notice, or the post-close conduct lines up against you. Across health care specifically, published surveys describe well over half a billion dollars in FCA settlements over roughly a decade involving private-equity-owned companies (Grubman Warner Berry).
The trap: the “safe harbor” you think protects you probably doesn’t
Many dealmakers have heard that the Justice Department offers an M&A “safe harbor” for misconduct discovered at an acquired company. It does, but read the fine print, because it is the wrong tool for this risk.
The 2023 DOJ M&A Safe Harbor (announced by then-Deputy Attorney General Lisa Monaco) gives an acquirer a presumption of declination if it discloses misconduct within six months of closing and remediates within a year. But it is a criminal policy, and it expressly “does not affect civil merger enforcement” (Goodwin; Skadden). The False Claims Act is civil. (Confirm the policy remains in force under current DOJ leadership before relying on it.)
What actually governs your civil FCA exposure is the Civil Division’s separate self-disclosure framework, which most often yields a reduced damages multiplier and reduced penalties, not a free pass (Winston & Strawn on the DOJ FCA disclosure guidance). Disclosure that is forced by a CID or an “imminent threat of discovery” earns no voluntary-disclosure credit at all. In one reported settlement the government applied a 1.1x multiplier instead of 2x, meaningful relief, but single damages and restitution still came out of someone’s pocket. The lesson: you cannot structure-and-pray your way out of this. The protection has to be built before you sign.
How a forensic team screens for it, before you sign
This is where the same skill set that powers offensive whistleblowing (see the companion piece, Catching Fraud With Public Data) gets pointed at the company you are about to buy.
1. Run the relator’s playbook on your own target. The public datasets that data-miner whistleblowers use to find fraud can be run defensively on a target during diligence. We benchmark the target’s federal billing against its peers, the same approach our tech lab walks through in Screening a State’s Medicaid Market With Public Data, using:
- CMS (Centers for Medicare & Medicaid Services) Medicare Physician & Other Practitioners data, to flag impossible volumes, peer outliers, and high-risk coding patterns. (In one real qui tam, public Medicare data implied a single physician had billed the equivalent of ~419.5 twenty-four-hour days of a particular service in one year, a number that is physically impossible and exactly the kind of red flag a screen surfaces. Sidley/Lexology.)
- CMS Open Payments, industry payments to physicians, a kickback / conflict-of-interest signal.
- The OIG (the HHS Office of Inspector General) exclusions list (LEIE, the List of Excluded Individuals/Entities, providers barred from billing federal health programs) and SAM.gov (the System for Award Management, the federal contractor registration and exclusion system), to confirm the target is not billing through, or contracting with, an excluded or debarred party, which is itself an FCA generator (OIG LEIE).
- USAspending.gov / SAM, federal award history and entity status for contractors.
A screen like this is cheap, fast, and best run before the letter of intent. It does not prove fraud, outliers have innocent explanations, and the data lags and omits commercial and Medicaid-only billing, but it tells you where to point the manual billing audit, and whether the target looks like the outliers the government ends up suing.
2. Read the shadows of a sealed case. Beyond the data, we interview the target’s compliance officer and outside counsel with specific questions, about CIDs, document holds, OIG contact, and whistleblower history, and we test the books for the reserves and accruals that a quiet government matter tends to leave behind.
3. Build the protection into the deal. Diligence narrows the risk; deal terms allocate what remains:
- FCA-specific representations, beyond a generic “compliance with laws” rep, a bespoke rep that billing and certifications to government payors are accurate, that the target is not excluded or debarred, and crucially “no CID, no government investigation, and no qui tam to the seller’s knowledge.” That rep forces disclosure and creates an indemnity hook if it proves false.
- A special indemnity backed by a dedicated escrow, separate from the general indemnity, sized to the FCA math, because the figures are punitive (illustration below).
- Eyes-open on R&W insurance. Representations-and-warranties insurance covers only unknown breaches; it standardly excludes known matters, anything disclosed in the data room, and issues identified in diligence (CBIZ on R&W trends). The very FCA exposure you most fear is the kind R&W will not cover, which is exactly why it belongs in a separate special escrow.
- A pre-close billing audit with claim sampling, statistically sampling claims to estimate an error/overpayment rate and extrapolate exposure, the same method the government and relators use offensively.
- A post-close plan, if something surfaces after closing: preserve documents immediately (a botched legal hold can turn a manageable matter into a spoliation problem), stop any ongoing false billing at once to avoid your own fresh liability, and evaluate a Civil Division voluntary disclosure for multiplier relief.
Why the escrow has to be sized to the FCA math (illustrative)
The single most common mistake is benchmarking an escrow to the expected overpayment. FCA exposure is built on a punitive formula, so the holdback has to be too.
| Input (illustrative, not a specific matter) | Figure |
|---|---|
| Estimated overpayment (single damages) | \$2,000,000 |
| Treble damages (3×) | \$6,000,000 |
| Tainted claims (count) | 5,000 |
| Per-claim penalty at the 2025 minimum (\$14,308) | \$71,540,000 |
| Illustrative exposure ceiling | far exceeds the overpayment |
The penalty column is deliberately stark. Courts have discretion and constitutional limits keep real-world penalties below the arithmetic ceiling, but the point stands: an escrow set to “\$2 million, because that’s the overbilling” can be a small fraction of true exposure. Sophisticated buyers stress-test (3 × estimated overpayment) + (penalty × claim count) and size the special escrow with that range in view.
Where the CFE lens does the work
Screening for this is forensic-accounting work, not a checklist a generalist runs. The ACFE’s (Association of Certified Fraud Examiners) Fraud Tree, asset misappropriation, corruption, and financial-statement fraud, tells a diligence team what kind of scheme a billing anomaly might be, and therefore what evidence confirms or clears it; the corruption branch (kickbacks, conflicts) maps directly onto the Anti-Kickback exposure that drives so many health-care FCA cases. The ACFE’s research that tips detect more fraud than any other method is also a practical instruction: the people most likely to know about a target’s billing problem are its own billing and compliance staff, which is why management interviews, asked with professional skepticism, earn their place in the process (ACFE Report to the Nations).
The honest limit, and why that argues for the screen, not against it
No screen can see a sealed complaint, and no public dataset can certify a target is clean. The screen narrows the haystack; it does not promise the needle isn’t there. That is precisely why the defensible posture pairs three things that cover each other’s gaps: a data screen to find what is findable, pointed interviews to read the shadows of what is hidden, and deal terms, reps, a special indemnity, a right-sized escrow, and a post-close disclosure plan, to allocate the risk that remains unknowable.
The acquirer who skips all three is making a bet that the company billing the government for years never once did it wrong, and that no analyst with a laptop and the public files has already noticed. Given who the government is now recruiting, that is a worse bet every year.
If your target gets paid by the government, treat False Claims Act exposure as its own diligence workstream, not a line in the legal rep. The outlier you could have found in an afternoon is the one a whistleblower may already be holding under seal.
Primary sources
- 31 U.S.C. § 3729 (liability, treble damages, scienter): https://www.law.cornell.edu/uscode/text/31/3729
- 31 U.S.C. § 3730 (qui tam, seal, intervention): https://www.law.cornell.edu/uscode/text/31/3730
- DOJ 2025 civil-penalty inflation adjustment (via Sidley): https://fcablog.sidley.com/2025/07/07/department-of-justice-announces-2025-inflationary-adjustments-to-fca-penalties/
- Morgan Lewis, DOJ announces record FY2025 FCA recoveries (>\$6.8B): https://www.morganlewis.com/pubs/2026/01/doj-announces-highest-ever-annual-false-claims-act-recoveries-over-6-8-billion-in-fiscal-year-2025
- Bloomberg Law, Untangling Successor Liability Under the False Claims Act: https://news.bloomberglaw.com/mergers-and-acquisitions/untangling-successor-liability-under-the-false-claims-act
- Ropes & Gray, Fourth Circuit on FCA successor liability: https://www.ropesgray.com/en/insights/alerts/2017/01/fourth-circuit-holds-that-the-false-claims-act-does-not-expand-common-law-corporate-successor-liability
- Quarles, DOJ uses successor liability as a civil enforcement tool: https://www.quarles.com/newsroom/publications/doj-uses-successor-liability-as-a-civil-cybersecurity-enforcement-tool-comprehensive-diligence-now-may-save-millions-later
- Gibson Dunn, DOJ FCA settlement and risks for PE sponsors: https://www.gibsondunn.com/doj-false-claims-act-settlement-highlights-risks-for-private-equity-sponsors-in-portfolio-companies-with-government-contracts/
- Goodwin, DOJ M&A Safe Harbor (criminal; does not affect civil merger enforcement): https://www.goodwinlaw.com/en/insights/publications/2023/10/alerts-otherindustries-doj-announces-safe-harbor-policy
- Winston & Strawn, DOJ Civil Division FCA self-disclosure credit guidance: https://www.winston.com/en/blogs-and-podcasts/government-program-fraud-false-claims-act-and-qui-tam-litigation-playbook/dojs-civil-division-issues-valuable-guidance-on-false-claims-act-self-disclosure-cooperation-and-remediation-credit
- CBIZ, Representations & Warranties insurance trends and exclusions: https://www.cbiz.com/insights/article/representations-and-warranties-insurance-in-2025-ma-trends-and-best-practices
- OIG, Exclusions (LEIE) FAQ: https://oig.hhs.gov/faqs/exclusions-faq/
- Sidley / Lexology, data-miner qui tam built on public Medicare data (the “419.5-day” outlier): https://www.lexology.com/library/detail.aspx?g=0d12202f-798f-4338-ad20-0d3a7abca6e5
- ACFE, Occupational Fraud 2026: A Report to the Nations (key findings): https://www.acfe.com/acfe-insights-blog/blog-detail?s=key-findings-report-to-the-nations-2026
Prepared by Noah Green CPA CFE. Sheepdog Prosperity Partners provides financial due diligence and analytics-enabled transaction support, including FCA-exposure screening for government-payment targets. This article is educational and is not legal advice; involve qualified transaction counsel on any specific deal.