From Whistleblowers to Algorithms: FCA Enforcement 2.0 Is Here

Petra Niedermayerova and Lucas Rozendaal contributed to this report.

The False Claims Act (FCA) was enacted during the Civil War to combat the misuse of government funds, such as the sale of blind mules and defective rifles. As fraudulent schemes have grown more complex, so too have the methods of detection and defense. 

Successive administrations have expanded the government’s capabilities to identify and prosecute fraud under the FCA. Most recently, this includes the launch of a joint DOJ and Department of Health and Human Services (DOJ-HHS) working group in July 2025. 

At the same time, the increasing use of artificial intelligence (AI) by both government agencies and whistleblowers is reshaping the enforcement landscape. To stay ahead, organizations must leverage all available data analytics tools to manage compliance risks and respond effectively to data-driven investigations.

How agencies are finding fraud faster

The availability of an unprecedented amount of information can be leveraged to understand patterns of misconduct by anyone who knows how to use it. In the context of FCA case initiation, this means that the regulatory playbook has changed.

The government has increasingly used its vast data resources to flag anomalies, launch investigations, and build FCA cases. A recent example of DOJ’s effective use of advanced analytics is the Covid-19 fraud enforcement task force, which has leveraged interagency data sharing, data collection and customized data platforms to generate actionable leads. Since its inception, the task force has charged 3,500 defendants, won 400 civil settlements and judgments of over $100 million and seized $1.4 billion.These results reflect the growing role of data analytics in transforming enforcement efficiency.

This trend of interagency data cooperation is likely to continue. On July 2, 2025, the DOJ and HHS announced a reinvigoration of aDOJ-HHS False Claims Act working group. According to an official news release, the group will “maximize cross-agency collaboration to expedite ongoing investigations […] and identify new leads, including by leveraging HHS resources through enhanced data mining and assessment of HHS and HHS-OIG report findings.” The DOJ further noted that “the agencies won’t just rely on qui tams but will actively investigate new leads.”

Compliance

Flying Blind on AI: The New Normal for Compliance Teams

by Jennifer L. Gaskin

July 1, 2025

Read moreDetails

The modern whistleblower: From insider to data miner

Today’s whistleblower, also known as a relator, no longer needs insider access to identify and report fraud. Instead, professional whistleblowers are now utilizing public datasets and training AI models to detect suspicious activity. In some cases:

• Relators have built proprietary fraud detection software using AI and machine learning.
• Algorithms trained on past FCA cases are used to flag potential misconduct.

For example, in 2021, a whistleblower company successfully persuaded the government for the first time to join a case against a group of nursing facilities using AI-derived evidence.

While changing archetypes of relators raises complex legal questions, it is clear that AI supported data-driven whistleblowing will remain a growing trend, complementing more traditional evidence collection.

Business compliance in the age of (un)limited AI

FCA activity is on the rise. In FY 2024, the DOJ recorded the second-highest number of FCA cases in history, including 979 qui tam actions, a record high. With both the government and private actors increasingly using big data to identify potential fraud, and the current administration’s strong focus on combatting fraud, businesses can expect a continued surge in FCA investigations, broader industry scrutiny and faster, more data-driven decision-making by regulators.

This means that even without insider tips or traditional red flags, companies may find themselves targeted based on statistical anomalies or predictive risk indicators alone. To mitigate exposure, organizations must take a proactive stance, leveraging their own data strategically to detect vulnerabilities, validate compliance and build defensible positions before enforcement actions arise.

Needless to say, companies need to understand the implications of AI for their business, including the likelihood of becoming targeted based on statistical anomalies or predictive risk indicators alone. To reduce risk, companies should take a proactive approach to compliance by leveraging their own data. This includes:

• Understanding what data is collected and how it’s structured.
• Building analytics tools to assess and visualize compliance risks.
• Creating internal benchmarks to detect anomalies early.
• Designing scalable data frameworks that ensure audit-readiness.

Making sense of massive data in FCA cases

Statistical sampling has been used in FCA cases for decades, but its relevance has grown with the rise of big data. Extracting insights from massive datasets and documents can be prohibitively expensive and time-consuming, particularly when each observation (such as a single healthcare claim or an insurance agreement) requires thorough expert evaluation (or when the required computing power is not attainable). In such instances, big data and statistical sampling work hand in hand. Once anomalies are flagged using AI or large-scale analytics, statistical sampling provides a cost-effective and scientifically accepted method with little to no sacrifices. 

When done correctly, using a representative sample instead of the entire dataset presents an opportunity for handling massive datasets efficiently, reducing costs dramatically and producing legally defensible evidence

Conclusion and business considerations

AI and big data are not just reshaping how FCA cases are identified and litigated, they’re redefining who can bring them and what constitutes sufficient evidence. Government agencies, professional whistleblowers and tech-savvy investigators are all turning to advanced analytics to uncover potential fraud. Organizations must adapt by developing equally sophisticated strategies, not just to defend against enforcement, but to prevent issues from arising in the first place.