Navigating New Risks: DEI Policies Under the False Claims Act

Author: Phil Andonian

For years, most organizations treated diversity, equity, and inclusion efforts as a question of culture, talent, reputation, or institutional mission. That is no longer the full picture.

In Washington, the conversation has shifted. What once lived mainly in HR, academic affairs, procurement, or public-facing brand strategy is now being framed as a potential enforcement issue. Last May, the U.S. Department of Justice (DOJ) announced the formation of the Civil Rights Fraud Initiative, which will use the False Claims Act (FCA)—a statute that was enacted to combat traditional fraud schemes against the government—to investigate recipients of federal funds that it believes are engaged in unlawful discrimination through Diversity, Equity, and Inclusion (DEI) policies and initiatives in violation of federal civil-rights laws. This past March, President Trump issued an executive order requiring all federal contractors to certify that they will not engage in any “racially discriminatory DEI activities”—to include any disparate treatment based on race or ethnicity in the “recruitment, employment, contracting, program participation, or allocation or deployment of an entity’s resources”—or risk cancellation of their contracts. And just this month, IBM agreed to pay $17 million to settle claims that it violated the FCA by failing to comply with antidiscrimination requirements in its federal contracts, the first such settlement since the formation of the Civil Rights Fraud Initiative and a clear harbinger of more enforcement to come.

This dramatic shift matters because the FCA is not a symbolic tool. It is one of the federal government’s most powerful civil enforcement mechanisms. It carries the prospect of treble damages, statutory penalties, and the cost and disruption of a high-stakes investigation. And it comes with a procedural device that can be just as consequential as any eventual lawsuit: the Civil Investigative Demand, or CID. DOJ and other federal agencies can use CIDs to require production of documents, answers to interrogatories, and oral testimony as part of an FCA investigation, often with rapid turnaround times that add yet another layer of pressure, burden, and expense.

For business leaders, university administrators, in-house counsel, and compliance teams, the practical takeaway is straightforward: even if an organization has never thought of its DEI-related practices as an FCA issue, the DOJ and other federal agencies increasingly may. Currently, the government’s focus is on whether an organization that receives federal money made certifications or promises that are tied to compliance with federal civil-rights laws, such as Title IV, Title VI, and Title IX of the Civil Rights Act of 1964. So, what does this mean exactly? If the DOJ or other federal agencies believe that an organization’s DEI-related practices violate the law, then it is likely to scrutinize that organization’s certifications about compliance with federal law, to which eligibility for funding is tethered. In cases where such certifications were made, that organization might well find itself in the crosshairs of the FCA.

This is a seismic shift. The FCA, which was signed into law in 1863 by President Abraham Lincoln, was a direct response to rampant fraud by government contractors who were selling the Union Army defective weapons and other necessary supplies. And until now, the powerful statute has been confined to these types of traditional fraudulent schemes. But its application to DEI policies feels far different from the settings of the past. For organizations operating in the United States, this is not the kind of risk they expected to arise from formulating internal DEI policies, training, scholarships, fellowships, or hiring goals. Whether one sees this as a logical extension or an aggressive expansion, it is clearly a notable change in approach.

For organizations, the prospect of receiving a CID may change the way they operate, as these demands force organizations to move quickly and under extreme pressure. When facing a CID, an organization first has to identify the conduct under scrutiny, which often requires a robust—and costly—internal review. The organization may also need to hastily gather and review a large volume of documents, decide how to respond publicly and internally, and coordinate its legal, HR, compliance, and leadership teams. Though the accusation may feel amorphous, the time pressure is quite clear and intense and the disruption to operations is significant. And this all happens before the government reaches any conclusions.

This is an incredibly taxing issue to navigate in real time. Organizations are making evaluations under a cloud of uncertainty with no time to spare. They are facing terms like “illegal DEI” and “discriminatory DEI,” which are broad, opaque, contested, or inconsistently understood. Yet for these organizations, many of them already have a mix of formal policies, informal practices, legacy programs, public commitments, and decentralized decision-making. Because of this, it makes it challenging to speedily determine whether there is actual legal exposure and what documents may be relevant. These organizations are also challenged to figure out whether internal language or program design creates risk and what should be changed, paused, defended, or clarified.

Importantly, any organization that takes federal money and makes compliance certifications should be paying attention right now. This includes private businesses, healthcare systems, nonprofits, schools and universities, and research institutions. However politically charged the topic may be, organizations must treat it as a serious compliance matter and not mere rhetoric. It forces their hand to address a slew of practical questions about contract language, certifications, internal controls, and documentation. They also need to take a hard look at training, governance, and escalation procedures in case the government does come calling.

The shift with the FCA is happening. And now is the time for organizations to be asking the right questions. What exactly have we certified in our contracts and funding agreements? Which of our programs could draw scrutiny? Are there practices that go beyond what our written policies say? Who would lead the response if a CID arrived tomorrow?

There’s no question that organizations are being forced to manage tension right now. Some organizations may want to preserve inclusive workplace or educational goals while reducing legal risk. Others may decide to scale back, rework, or eliminate certain programs altogether. Regardless, the challenge is not just legal analysis. It is also institutional strategy. As a result, leaders may be balancing workforce expectations, public commitments, missions, funding exposure, and enforcement risk all at once.

Ultimately, the change we are seeing with FCA enforcement has flipped the script for organizations throughout the country. Yet the bigger story here is not simply DEI itself. Rather, it is about the federal government’s apparent willingness to treat certain DEI-related practices as a fraud issue when federal money is involved. This is quite a meaningful shift in risk. Even organizations that never expected to view these issues through an FCA lens may now need to do so. But the key for organizations is not to panic, but to be aware and prepared—often in coordination with knowledgeable and aggressive outside counsel—just in case that CID does eventually come along.