The False Claims Act (FCA) poses significant risks for businesses operating in industries with a nexus to federal funding. The FCA broadly prohibits the making of any knowingly false or fraudulent claims for payment or approval of federal dollars.[1] Although its goal is to prevent fraud and abuse associated with federally funded programs, as a practical matter the FCA often exposes even the most well-run businesses to costly litigation and government scrutiny. The risks associated with the FCA take multiple forms, including providing economic incentives for employees to turn against their employers and granting the federal government power that it regularly uses to extract large settlement payments from businesses.

In this article, we focus on one aspect of the FCA: the U.S. Department of Justice’s (DOJ) broad authority to use Civil Investigative Demands (CIDs) as an information-gathering tool. DOJ may issue CIDs as part of an FCA investigation prior to formally alleging FCA violations in court. Broadly speaking, CIDs empower DOJ to require businesses to produce documents and other information.

Businesses should take CIDs seriously. The issuance of a CID likely means DOJ believes the recipient has committed FCA violations. By the time it issues a CID, the DOJ is often already building a case and planning to use the CID response in furtherance of an enforcement action against the business or its officers. Although the DOJ’s power to issue CIDs is broad, businesses are not powerless when faced with CIDs. As detailed here, there are several strategies businesses can and should employ to reduce the risks associated with CIDs.  

The False Claims Act: A Primer

The FCA targets false or fraudulent claims related to federal funds.[2] Its prohibitions go beyond false statements in documents like invoices. The FCA also prohibits knowingly making any false records or statements material to any false claim; possessing property or money intended for government use and failing to deliver it in full; or conspiring to violate the FCA, among other prohibitions.[3] The FCA carries significant penalties, including a fine ranging from $11,665 to $23,331 plus three times the damages actually sustained by the government.[4] In 2019 alone, the DOJ obtained $3 billion in FCA settlements and judgments.[5] The vast majority of these recoveries ($2.6 billion) stemmed from matters involving the healthcare industry.[6] In addition to civil penalties, the DOJ’s investigation of potential civil FCA violations may also result in the DOJ opening a parallel criminal investigation. It is not uncommon for an investigation that begins with a CID to ultimately result in criminal charges being filed against businesses or their officers.

Civil violations of the FCA can be enforced by private individuals, the DOJ or both. When a private individual (referred to as a “relator”) brings an FCA claim (referred to as a “Qui Tam” action), the federal government is given a period of time to decide whether to intervene in the case.[7] A successful relator may be entitled to a portion of any judgment, whether or not DOJ intervenes.[8] A successful relator is also entitled to recover costs associated with litigating the case, including attorneys’ fees.[9]

DOJ’s Authority to Issue CIDs and Engage in One-Sided Discovery

The FCA is often viewed as a statute that encourages whistleblowers—and plaintiffs’ attorneys—to file civil lawsuits in hopes of recovering a financial windfall in the form of treble damages and attorneys’ fees. Although this private-plaintiff process is relatively well known, the federal law enforcement aspect of the FCA is arguably much more dangerous. Unlike civil litigants, the Department of Justice has expansive resources (including salaried attorneys paid for by tax dollars) to chase individuals and entities it suspects might have committed FCA violations. CIDs are a major component of the DOJ’s power to subject businesses to scrutiny. 

The DOJ’s CID authority is codified at 31 U.S.C. § 3733. Under § 3733, DOJ may issue a CID “[w]henever” it “has reason to believe that any person may be in possession, custody, or control of any documentary material or information relevant to a false claims law investigation . . .”[10] The “reason to believe” standard is not a high one. As a practical matter, DOJ can issue a CID whenever it possesses information that—in its own judgment—an FCA violation may have been committed. Notably, the DOJ is not required to disclose the whistleblower complaint or any other information that may have given it “reason to believe” a violation has occurred.   

The history of the CID statute confirms the scope of the DOJ’s powers—and the one-sided nature of those powers. Congress added this CID authority to the False Claims Act in 1986 to expand the DOJ’s investigative tools after the Supreme Court’s 1983 decision in United States v. Sells Engineering, Inc.,[11] which greatly restricted the DOJ’s access to criminal grand jury information for civil investigative purposes.[12] In passing the CID statute, Congress made clear that it was empowering the DOJ to engage in civil discovery without having to file a case and without being subject to reciprocal discovery.[13] The DOJ’s CID powers include the hallmarks of civil discovery, i.e., the authority to issue document requests, to issue written interrogatories, and to take oral testimony.[14]

Strategies for Responding to CIDs

Although broad, the DOJ’s power with respect to CIDs is not limitless. Section 3733 places some restrictions on the scope of the DOJ’s CID authority. Section 3733 provides that the DOJ may not (1) demand anything that would be protected from disclosure under “the standards applicable to subpoenas . . . to aid in a grand jury investigation” or (2) “the standards applicable to discovery requests under the Federal Rules of Civil Procedure, to the extent that the application of such standards to any such demand is appropriate and consistent with the provisions and purposes of this section.”[15]

These statutory limitations give CID recipients some ability to limit the burdens they face when responding to a CID. For example, the CID statue does not entitle the DOJ to obtain access to information protected by the attorney-client privilege or other privileges.[16] Additionally, a business that receives a CID can and should take advantage of standard discovery-related arguments under the Federal Rules of Civil Procedure, including arguments under Rule 26(b) that certain requests would be unduly burdensome to respond to or that the information sought could be obtained from other sources.[17] As a practical matter, the DOJ is often willing to narrow some CID request items to avoid discovery-type disputes.  

There are, however, limits to how far the DOJ will go in negotiating the scope of CID requests. If the DOJ believes a party is pushing back too hard, it may seek judicial relief. CIDs may be enforced or challenged in federal court.[18] Although judicial relief is available to both the DOJ and a CID recipient, litigation typically favors the DOJ. Because CIDs are administrative subpoenas,[19] judicial review is “quite narrow.”[20] CIDs will generally be enforced so long as the information sought is relevant and material to the investigation.[21]

Because the DOJ’s CID authority is broad and the statutory grounds for challenging that authority are fairly narrow, responding to a CID appropriately and strategically from the outset is critical. The following steps, strategies, and considerations can help ensure you protect your rights and interests when facing a CID:

  • Initial Document and Evidence Preservation: Immediately after receiving a CID, you should take steps to preserve any documents or information that might be subject to disclosure, including preservation of emails, text messages, or other electronic communications. Preserving evidence is a critical first step because the DOJ may view any destruction or deletion of information after the issuance of a CID—even if unintentional—as part of a deliberate effort to obstruct its investigation.
  • Consider Hiring Outside Counsel to Conduct an Internal Investigation: A CID is much more than a mere records request or routine regulatory demand. It is part of a federal investigation that could ultimately result in your business paying millions of dollars in civil penalties or, even worse, lead the DOJ to open a parallel criminal investigation.[22] Given the high stakes, you should consider conducting an internal investigation into the topics at issue in the CID. It is a best practice to retain outside counsel to conduct the investigation, as the work of such counsel can be protected by the attorney-client privilege. To the extent the outside counsel’s investigation helps exonerate the business and the business elects to disclose the results of its investigation, the DOJ typically will view outside counsel’s opinions as more credible than the assessment of company insiders.
  • Negotiate with the DOJ Regarding the CID’s Scope: CIDs will often contain extremely broad requests, including requests for information that does not exist or documents that might be extremely burdensome to produce. The DOJ is often receptive to requests to impose reasonable limits to the scope of CID demands, in part because (as discussed above) the DOJ’s authority is limited by the “unduly burdensome” limits of Federal Rule of Civil Procedure 26. With respect to electronic document requests, the DOJ often will agree that a party’s document production work may be limited to documents that include certain terms defined by the DOJ. Such search-term-based limitations to locating documents can often be a productive way to limit the costs and burdens associated with responding to a CID.
  • Be Careful How Much Information You Share with the DOJ: If you attempt to negotiate limitations to the scope of the CID, you should expect the DOJ attorneys will ask you questions about your business’ operations, including questions about the responsibilities and roles of key individuals. Conversations about these topics may seem to be innocuous or in good faith, but you should keep in mind that the DOJ may gain a significant benefit from those discussions: further insight into your business and ways to expand the scope of their investigation. An assertive DOJ attorney may use conversations over the scope of a CID as an excuse to ask probing questions about the roles of various individuals at the company or engage in discussions that lead to the DOJ targeting new or additional information. Accordingly, any discussions with the DOJ should be handled with care. In some cases, the best approach may be to have little or no discussion with the DOJ while producing a minimal set of documents or information sufficient to comply with your CID obligations. Moreover, to the extent you engage in any substantive discussions with the DOJ, you should be careful to obtain the DOJ’s advance agreement that those discussions are inadmissible and subject to Rule 408 of the Federal Rules of Evidence, which provides protections for settlement discussions. Be wary of making voluntary presentations to DOJ investigators. Such presentations may result in waiver of privilege and may be discoverable by other parties in litigation.[23]
  • Manage the Risk of CID Certifications: The CID statute allows the DOJ to demand that businesses designate a corporate officer for purposes of certifying its CID responses.[24] The DOJ will insist on certifications under oath and “under penalty of perjury” that the company’s CID responses are complete and accurate. These certifications can be very intimidating to company officers, given that the certification effectively makes them personally responsible for the company’s CID response. To manage the risk and intimidation pressure associated with these certifications, you should revise the DOJ’s standard certification language to add reasonable limits to the scope of the certification. For example, you should consider adding caveats to your certification that make clear you performed a diligent search but cannot guarantee you were able to locate every responsive document. The nature of these caveats will vary depending on the nature of the case and business at issue. At a minimum, however, you should not agree to the DOJ’s standard certification language, which demands an unreasonable guarantee of completeness.

To discuss this or related issues, contact Jeffrey C. Corey at (801) 536-6926 or; Michael W. Young at (801) 536-6963 or; or Eric U. Johnson at (801) 536-6732 or


[1] 31 U.S.C. § 3729 et seq.

[2] Id.

[3] 31 U.S.C. § 3729(a)(1).

[4] Id.; see also Civil Monetary Penalties Inflation Adjustment, 85 Fed. Reg. 37004 (May 13, 2020) (providing for inflation adjustments to statutory penalties).

[5] Department of Justice, Justice Department Recovers over $3 Billion from False Claims Act Cases in Fiscal Year 2019, available at (last visited Nov. 30, 2020).

[6] Id.

[7] 31 U.S.C. § 3730.

[8] 31 U.S.C. § 3730(d).

[9] Id. § 3730(d)(2). The government is also entitled to recover attorneys’ fees associated with litigating FCA cases. Id. § 3730(d)(1).  

[10] 31 U.S.C. § 3733(a)(1).

[11] United States v. Sells Eng’g, Inc., 463 U.S. 418 (1983).

[12] See S. Rep. No. 99-345, at 33 (1986), as reprinted in U.S.C.C.A.N. 5266, 5298.

[13] Id.

[14] 31 U.S.C. 3733(a)(1).

[15] 31 U.S.C. § 3733(b)(1).

[16] Only federal privileges apply to CIDs. See 31 U.S.C. § 3733(b)(1); Cleveland Clinic Found. v. United States, No. 1:11MC14, 2011 WL 862027, at *1–3 (N.D. Ohio Mar. 9, 2011) (finding state physician-patient privilege inapplicable in CID context); United States v. Advanced Pain Mgmt. & Spine Specialists of Cape Coral & Fort Myers, No. 217CV272FTM29MRM, 2018 WL 4381192, at *3–4, 7–12 (M.D. Fla. June 28, 2018) (finding that federal attorney-client privilege could extend to protect communications between attorney and independent contractor).

[17] See Fed. R. Civ. P. 26(b); United States v. Picetti, No. 2:19-CV-00049 KJM AC, 2019 WL 1895057, at *2 (E.D. Cal. Apr. 29, 2019) (citation omitted).

[18] 31 U.S.C. § 3733(j).

[19] United States v. Markwood, 48 F.3d 969, 975–76 (6th Cir. 1995).

[20] Picetti, 2019 WL 1895057, at *2 (citation omitted).

[21] Id.

[22] Strictly speaking, a CID is not part of a criminal investigation. Rather it is issued solely as part of a civil investigation into suspected wrongdoing. However, information DOJ learns during its civil investigation—including information it receives in response to a CID—may prompt it to open a criminal investigation into perceived FCA violations. 

[23] See United States v. Bos. Sci. Corp., No. 11-CV-2453 (JNE/SER), 2019 WL 4052327, at *2–3 (D. Minn. Aug. 28, 2019) (finding that presentations made by CID respondent to government investigators resulted in waiver of attorney-work product protections and that materials disclosed to government were discoverable).

[24] 31 U.S.C. § 3733(f) & (g).