Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Compliance, Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Uncategorized

Proposed Rules Aimed at High-Risk Brokers Confirm FINRA Push for Firms to “Do Their Part”

Pen Financial Industry Regulatory Authority (FINRA) President and CEO Robert Cook spoke earlier this month at Georgetown University’s McDonough School of Business, where he outlined several proposals to further what he called one of FINRA’s “most important purposes”—“to protect investors from bad actors.”  Taking aim at “those who seek to evade regulatory requirements and harm investors for their own personal gain,” Cook outlined a series of new regulatory proposals he hopes will “further augment” FINRA’s “long-standing regulatory programs.”

The group of proposed regulations, approved by FINRA’s Board of Governors last month, is one component of FINRA360, “a multi-year exercise focused on creating an organization that is committed to continuous improvement.”

Among the proposals Cook outlined are rules that would:

  • reinforce the supervisory obligations of brokerage firms with respect to the continued employment of brokers with disciplinary records;
  • require heightened supervision by those firms of individuals with a disciplinary case pending on appeal;
  • grant adjudicators greater discretion to consider more severe sanctions when an individual’s history reveals repeated misconduct;
  • enable hearing panels to limit the activities firms and individuals may undertake while a disciplinary matter is pending;
  • increase fees related to FINRA’s statutory disqualification applications;
  • render more of an individual’s history relevant to a request for an exam waiver from FINRA; and
  • require disclosure in BrokerCheck of a firm’s status as a “taping” firm.[1]

It is vital for brokerage firms to remain abreast not only of proposed regulations, but also of the priorities they reveal—priorities that are bound to inform FINRA’s disciplinary and enforcement objectives.  The proposals outlined by Cook place special emphasis on the employment practices of member firms, beginning with the hiring process and extending to its ongoing supervision, and monitoring of its brokers.  In short, as Cook emphasized, member firms “must do their part.”

And importantly, FINRA will be on the lookout for those that don’t.  “FINRA is paying particular attention,” Cook made clear, to “whether firms establish appropriate supervisory and compliance controls” for high-risk brokers, and to “whether firms develop and implement a supervisory plan reasonably tailored to detect and prevent future misconduct by a particular broker based on prior misconduct and regulatory disclosures.”

Brokerage firms should act now to ensure a robust compliance and monitoring program is in place—one that not only satisfies the firm’s current supervisory obligations, but can also grow to meet additional regulatory requirements as they emerge.  Firms would do well, for instance, to follow Cook’s suggestion to “consider the need to adopt more rigorous supervisory procedures tailored to individuals who may pose a higher risk based on factors such as a recent history of customer complaints or disciplinary actions involving sales practice abuse or other customer harm.”  What shape those supervisory procedures take will depend, of course, on a number of factors.  But suffice it to say firms should feel comfortable with their ability to identify and root out any bad actors among their ranks.

Cook noted that FINRA will publish additional guidance in the coming months. We will continue to track this and other aspects of the FINRA360 initiative, as well as any related actions taken or guidance issued by FINRA.

[1] Under current regulations, firms are required to tape record phone conversations between brokers and investors if a certain percentage of those brokers worked within the last three years at a broker-dealer expelled for sales practice violations.

Financial Institution Regulation

Debt Collector Defined: Supreme Court Exempts Debt Purchasers


On behalf of a unanimous Supreme Court, Justice Neil Gorsuch delivered his first opinion on June 12 to determine whether debt purchasers fall within the statutory language under the Fair Debt Collection Practices Act (FDCPA) as debt collectors. The Court determined that a company may collect debts that it purchased for its own account without triggering the statutory definition of a “debt collector” under the FDCPA.

The FDCPA, effective in 1978, was designed to protect consumers from abusive, deceptive, and unfair debt collection practices. The FDCPA defines a debt collector as any person who regularly collects, or attempts to collect, consumer debts for another person or institution. The Court’s June 12 opinion involved a typical debt collection scenario: the Petitioners borrowed money for the purpose of purchasing automobiles and they defaulted on those auto loans. The Respondent purchased the defaulted loans from the originator and sought to collect on the debt owed. Both the district court and the Fourth Circuit ruled against the Petitioners, holding that the Respondent did not meet the definition of a debt collector under the FDCPA because the company did not regularly seek to collect debts “owed . . . another.” Rather, the Respondent only collected debts that it purchased and owned, therefore not triggering the protections afforded to the Petitioners offered by the FDCPA.

The Supreme Court agreed with the lower courts and addressed the following Petitioner arguments:

  • The word “owed” in the statute is the past participle of the verb “to owe” suggesting that the debt collector definition must exclude loan originators but embrace debt purchasers like the Respondent.
  • Had Congress been aware of the emerging default debt market at the time it drafted the statute, Congress would have included debt purchasers under the language of the FDCPA.

Gorsuch countered that such past participles are “routinely used as adjectives to describe the present state of a thing” and “Congress also used the word ‘owed’ to refer to present debt relationships in neighboring provisions of the Act…” Further, despite Gorsuch’s classic description of “[d]isruptive dinnertime calls, downright deceit, and more besides drew Congress’s eye to the debt collection industry,” he noted that “it is not this Court’s job to rewrite a constitutionally valid text under the banner of speculation about what Congress might have done…”

The Court expressly provided that it did not address two related questions in the opinion. First, whether a third party collection agent for debts owed to others could qualify as a debt collection. Second, was there an alternative definition for “debt collector” available under the FDCPA, that would include an entity engaged “in any business the principal purpose of which is the collection of any debts.” This may set the stage for the next legal battle over the issue or, as the Court stated, “these are matters for Congress, not this Court, to resolve.”

Enforcement and Prosecution Policy and Trends

U.S. Supreme Court Indirectly Limits Important Component of DOJ’s FCPA Pilot Program

ForeignCorruptPracticesAct91089734_jpg On June 5, 2017, the U.S. Supreme Court unanimously held in Kokesh v. Securities and Exchange Commission, No. 16-529, that the SEC may not reach beyond the general five year statute of limitations period in order to obtain “ill-gotten gains,” a remedy known as disgorgement. Although the case did not involve a Foreign Corrupt Practices Act (“FCPA”) enforcement action, it nonetheless has important implications for FCPA enforcement and importantly, the DOJ’s recently-renewed Pilot Program.

Prior to this case, lower federal appeals courts had been divided over whether the five-year time limit applied to not only civil penalties, but also to the equitable remedy of disgorgement through which the government also seeks all of the funds obtained as a result of a party’s alleged misconduct. Thus, in some jurisdictions disgorgement proved an important tool for the government in cases involving aged conduct.

The five year statute of limitations at issue in Kokesh is a general one that applies in FCPA civil enforcement actions as well as in the securities laws underlying Kokesh. Indeed, the parties’ briefing in the case referenced the large amounts of disgorgement in FCPA cases and that disgorgement in FCPA cases often goes directly to the U.S. Treasury and not to any victims as they may be difficult to ascertain in the FCPA context.

In holding that the statute of limitations applies to disgorgement, the Supreme Court affected a critical component of the DOJ’s FCPA Pilot Program. DOJ guidance expressly requires that to be eligible for the Program’s main benefit of mitigation credit, a company must disgorge all profits resulting from the FCPA violation. Accordingly, published declinations pursuant to the Program have indicated substantial disgorgements.

It will be informative to monitor any change in DOJ’s approach to the Pilot Program following Kokesh. Potential effects include DOJ seeking to have parties agree to waive the statute of limitations as a condition of their participation in the Pilot Program or requesting full disgorgement to obtain cooperation credit, or a possible reluctance of private parties whose conduct occurred primarily outside of the statute of limitations to engage in the Pilot Program.

Enforcement and Prosecution Policy and Trends, Securities and Commodities

U.S. Supreme Court Rules Time Limits Apply to SEC Disgorgement Orders

780536984A unanimous United States Supreme Court held Monday, in Kokesh v. Securities and Exchange Commission, that the five-year statute of limitations under 28 U.S.C. § 2462 applies to disgorgement sought by the Securities and Exchange Commission. Previously, the Circuits had been split on this issue.

The issue in Kokesh was straightforward. Kokesh appealed a trial court judgment ordering disgorgement of nearly $35 million for conduct between 1995 and 2009. Kokesh argued that this disgorgement award was in the nature of a penalty or forfeiture, and thus subject to the five-year statute of limitations under § 2462.

Conversely, the SEC maintained that disgorgement, by its nature, is not a punitive remedy. Rather, because disgorgement is merely a remedy that prevents offenders from reaping ill-gotten gains, the SEC argued it is not subject to § 2462’s five-year statute of limitations.

The Court, however, in a unanimous opinion authored by Justice Sonia Sotomayor, disagreed with the SEC. It held that disgorgement “bears all the hallmarks of a penalty: It is imposed as a consequence of violating a public law and it is intended to deter, not to compensate.” Thus, “[t]he 5-year statute of limitations in § 2462 therefore applies when the SEC seeks disgorgement.”

This is the second time since 2013 that the Supreme Court has narrowed the SEC’s ability to obtain monetary relief in enforcement actions. In Gabelli v. SEC, the Court held that the SEC cannot use the “discovery rule” to extend the statute of limitations for civil penalties, though the Gabelli court expressly declined to address whether the statute of limitations under § 2462 applied to disgorgement.  Kokesh has now answered that question.

As disgorgement is a routine remedy for the SEC staff, the Court’s ruling will substantially impact the damages the SEC can obtain in investigations involving long-running conduct, like the conduct in Kokesh. For others subject to investigation, however, it may represent a pyrrhic victory, as the SEC staff may become even more aggressive in its use of tolling agreements, now with an eye towards extending the statutes of limitations for both liability and damages. Indeed, the SEC staff may seek tolling agreements at ever earlier stages of an investigation, including at the very outset of an investigation. Finally, the staff will may become less flexible with deadlines and requests for extensions, as it seeks to hasten the resolution of investigations in light of this newfound limitation.

Financial Institution Regulation, Securities and Commodities

SEC Issues Guidance in Wake of WannaCry Ransomware Attack

binarydataOn Friday, May 12, the WannaCry ransomware attack struck hundreds of thousands of users across the globe, causing major disruptions in private and public networks. The attack, which encrypts a user’s files and holds them for ransom, may infect a computer without any action taken by the user.  With similar attacks expected, and as we have previously discussed, businesses would be well served to proactively take steps to protect themselves from WannaCry and other malicious cyberattacks.

On the heels of yet another high profile cyberattack, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued an alert to broker-dealers, investment advisers, and investment companies warning them of WannaCry and reminding them of the importance of addressing cybersecurity issues to protect investors and clients.  Regulated entities are required by Regulation S-P, 17 C.F.R. § 248.30(a), to adopt written policies and procedures (administrative as well as technical) to safeguard the personally identifiable information of their investors, clients, and customers.  The regulation requires that these procedures be reasonably designed to protect against anticipated cyber threats and unauthorized access to or use of customer records or information.

In 2015, OCIE launched its cybersecurity examination initiative, and the SEC’s Division of Investment Management and FINRA simultaneously offered guidance to regulated entities on cybersecurity.  The OCIE alert serves as a reminder to regulated entities of their obligation to safeguard client data.  In conducting a recent examination of 75 SEC registered broker-dealers, investment advisers, and investment companies, OCIE found that 26% of investment advisers and investment companies surveyed did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, and 57% of investment advisers and investment companies did not conduct penetration tests and vulnerability scans on critical systems.  Broker-dealers fared better, with only a 5% deficiency rate in both categories.

Both the SEC and FINRA have made enforcement of cybersecurity issues a focus, and recent SEC enforcement actions demonstrate its willingness to pursue firms that have suffered from cyberattacks and that lacked policies and procedures that the SEC deemed to be “reasonably designed” to safeguard customer information.  For example, R.T. Jones Capital Equities Management recently settled a cease-and-desist proceeding after an unauthorized, unknown intruder gained access to the personally identifiable information of over 100,000 individuals.  This breach cost R.T. Jones a $75,000 civil monetary penalty.

The WannaCry attacks and OCIE’s alert should serve as a reminder that regulators are watching how broker-dealers and other regulated entities safeguard customer data.  For a regulated entity, crafting effective cybersecurity policies and procedures is essential not only to preventing harmful and embarrassing attacks, but also to prevent a potentially costly regulatory action.  As a regulatory compliance matter, these policies and procedures are more than an IT policy and require scrutiny from well-advised in-house counsel.

Financial Institution Regulation, Securities and Commodities

FINRA President and CEO Robert Cook discusses FINRA360 and Consolidating Enforcement Divisions

On May 17, 2017, at the annual FINRA conference in Washington D.C., FINRA President and CEO Robert Cook discussed the recently-launched FINRA360 initiative: a top-to-bottom review of FINRA’s operations and organization.  Cook recognized that 2017 marks FINRA’s  ten-year anniversary since its “successful” but “complicated” merger of the National Association of Securities Dealers (NASD) and the regulatory arm of the New York Stock Exchange (NYSE).  He stated that, for the first time since its inception, FINRA now has occasion to conduct a “comprehensive, organization-wide self-assessment and improvement initiative.”

As part of FINRA360, Cook has been on what he dubbed a “listening tour.”  During the listening tour, Cook has met with member firms, investors, and others from inside and outside the brokerage industry.  He has also participated in a “continuing series of small member roundtables across the country,” gaining a great deal of useful feedback regarding how FINRA can improve.  As a result of the listening tour, Cook learned that FINRA should be asking itself the following three “key” questions:

  • Are our policies and programs focusing on the right issues, establishing the right standards, and dedicating resources to the right areas to best protect investors and market integrity while promoting healthy and vibrant capital markets?
  • Is our organization and operation optimally organized and managed to be the most effective and efficient self-regulatory organization that it can be?
  • Are we facilitating a constructive dialogue with members, investors, and other stakeholders to better understand their perspectives and develop an effective regulatory framework that is fully informed by the expertise and practical knowledge of its stakeholders?

CEO Cook provided a “concrete” example of a proposed improvement arising out of the FINRA360 initiative: consolidating FINRA’s enforcement programs.  He explained that FINRA has an enforcement program in its “member regulation group” and another in its “market regulation group.” He stated that, during the listening tour, he learned that stakeholders encounter these groups as “two different regulators.”  As a result, FINRA is trying determining whether these operations should be (1) “more coordinated” or (2) combined into one.  FINRA is weighing the pros and cons of each approach.

Consolidating the Member Regulation and Market Regulation groups would have significant effects.  As background, FINRA’s Member Regulation department examines firms and its employees to ensure compliance with its rules, as well as those of the SEC and the Municipal Securities Rulemaking Board.   FINRA’s Market Regulation department, on the other hand, oversees and regulates over-the-counter (OTC) trading of exchange-listed and non-exchange listed securities.

Be on the lookout for any FINRA notices requesting comments related to the FINRA360 initiative.


The CFPB’s Alternative Data RFI: Making Your Response Count

The Consumer Financial Protection Bureau (CFPB) recently issued a Request for Information (RFI) Regarding Use of Alternative Data and Modeling Techniques in the Credit Process, available here.  The deadline for response is May 19.  This post will provide practical advice on how to submit an effective RFI response.

binarydataThe RFI is the latest in a line of communications by the CFPB and other federal regulators showing interest in innovation and technology.  For example, last year, the Treasury Department conducted its own RFI on Marketplace Lending, and the Federal Trade Commission held a public workshop on Big Data.  Both projects culminated in agency reports covering developments on each of those issues and opining on related regulatory considerations.  The CFPB’s RFI is likely to follow a similar path.

The RFI consists of a preamble describing alternative data and models, and setting out some potential risks and benefits of each.  It then raises 20 questions of varying complexity.  In order to increase the chance that your response will garner attention and have a true impact, take the following issues into account:

  1. Consider Your True Audience

The RFI provides a rare public avenue to engage not just with the CFPB, but also with the wide range of stakeholders that are likely to closely monitor the responses.  This includes other state and federal regulators, legislators, media outlets, competitors, venture capital firms, and, indeed, anyone who may have an interest in the future of alternative data regulation.  As a result, the RFI is an opportunity for companies who use or would like to use alternative data and alternative models to make the best case for why such use should be encouraged, and how the CFPB may best do that.  For this reason, to the extent that you think there are specific steps that the CFPB or other regulators should take in this area, draft those suggested steps as specifically as possible.  You never know – your suggestions could well make their way into a congressional letter to a regulator.

  1. Choose Your Focus

The RFI is designed to reach a broad range of potential responders.  Thus, few entities will have relevant information to provide on all of the questions.  In order to make your response more impactful, consider the areas where you think you can provide the most in-depth or unique perspective.  Think of it as your competitive advantage vis-a-vis your fellow responders.  Once you decide where you can add the most value, group your responses into coherent themes that map onto the themes covered in the RFI.  Structuring your response into easy-to-follow sections will make it more likely that those skimming responses for a particular topic will stop on yours.

  1. Give Concrete Success Stories

One of the issues raised by the RFI is whether alternative data and models can increase responsible access to credit for underserved consumers.  This is an issue on which the CFPB has consistently focused, and which is likely to drive much of the thinking on their future approach.  With that in mind, consider whether you may be able to provide any specific data or examples of how your company’s use of alternative data has or could help you provide more credit or credit on better terms to consumers, particularly to those whom you might not have been able to reach otherwise.  The most useful examples would be those that provide side-by-side comparisons of traditional and new methods, such as comparisons of the results of traditional underwriting versus underwriting using alternative data.

  1. Highlight Any Examples Self-Regulation

The RFI makes clear the CFPB’s concern that the use of alternative data could raise potential fair lending and other compliance issues.  Some of the questions ask about companies’ practices in addressing these risks.  This is perhaps one of the most important sections of the RFI, because identifying for the CFPB what companies are currently doing to prevent risk to consumers will make it more likely that any future guidance will take those practices into account.  For example, if you have a process for vetting variables to ensure that they don’t raise any discrimination concerns, you should highlight that process or at least its existence.  Similarly, if you have taken steps to ensure that your compliance team is actively contributing to the decision-making on the use of alternative data and models, discussing those steps might also be useful.

  1. Make Your Wish List, but Check it Twice

One potential benefit of the RFI is that it allows you to alert the CFPB to particular areas where the lack of regulatory guidance is inhibiting innovation.  In fact, the RFI asks about “specific challenges or uncertainties” that companies face in complying with particular regulations.  Therefore, to the extent that you have unanswered questions about how the CFPB would apply a particular law to alternative data or models, you could raise that here.  As noted above, this information will be relevant not just to the CFPB but also to legislators or others who may be in a position to encourage the CFPB to provide further guidance.  However, in raising these issues, you need to be careful what you wish for.  The CFPB could respond to requests for guidance in ways that would create additional burdens on industry.  Thus, when you raise an area of uncertainty, it would be wise to consider outlining how you think that uncertainty would best be resolved in a way that encourages innovation while also protecting consumers.

  1. Call a Lifeline

McGuireWoods is helping a number of entities prepare responses to this RFI.  Our lawyers have first-hand experience on these issues and can help you determine the best approach to your particular response.  If you’d like to discuss how McGuireWoods might be able to assist you, reach out to the author, Alexandra Villarreal O’Rourke, co-lead of the firm’s FinTech Industry Group, at ao’ or 704-373-4632.

Immigration and Worksite Enforcement

H-1B Employers Face Increased Site Visits

Employers using the H-1B visa program should take note as additional site visits may be on the horizon.  U.S. Citizenship and Immigration Services (“UPassport-map-thumb-220x146-218SCIS”), part of the Department of Homeland Security, recently announced a new targeted approach to detect H-1B visa fraud and abuse and increased site visits of H-1B employers.

In selecting worksite visits, USCIS will focus on H-1B cases where:

  • USCIS cannot confirm the employer’s business information through commercially available data;
  • There is a high ratio of H-1B employees as compared to U.S. workers (as defined by statute); or
  • H-1B employees work off-site at another company or organization’s location.

Employers who may fall into one of these categories, as well as employers with onsite contractors, should be prepared for worksite visits and additional questions from USCIS.  USCIS may refer cases of suspected fraud or abuse to Immigration and Customs Enforcement (ICE) for additional investigation.  For more information on USCIS’s newly announced measures, click here.

McGuireWoods routinely advises on immigration and worksite enforcement issues, and can assist companies in responding to site visits.  Contact our experienced immigration attorneys to address your company’s questions or concerns.

Financial Institution Regulation

CFPB Fails to State Case Against Payment Processor

77006468.jpegThe United States District Court for the District of North Dakota recently dismissed the Consumer Financial Protection Bureau’s (CFPB) complaint against a payment processor, Intercept, in a case McGuireWoods has been monitoring.  The Court held that the CFPB failed to adequately plead an unfair, deceptive, or abusive act or practice under the Consumer Financial Protection Act (CFPA).  According to the Court, the CFPB failed to show that Intercept violated any industry standards, injured any consumers, interfered with consumers’ ability to understand the terms of their dealings with Intercept’s clients, or took unlawful advantage of consumers.

In CFPB v. Intercept Corp., the CFPB alleged that Intercept violated the CFPA by failing to heed warnings from banks and consumers, failing to monitor and respond to high return rates, and failing to investigate red flags when vetting its clients.  The Court’s decision hinged on whether the CFPB alleged facts sufficient to meet the definition of “unfair” and “abusive” acts in the CFPA.  According to the CFPA, an act is “unfair” if it substantially injures consumers, or is likely to do so, and the injury is not outweighed by countervailing benefits to consumers.  An act is “abusive” if it interferes with a consumer’s ability to understand the terms of a consumer financial product or takes unreasonable advantage of a consumer’s lack of understanding.

The CFPB’s complaint failed for a lack of detail.  As the Court explained:  “A close review of the complaint yields a conclusion that the complaint does not contain sufficient factual allegations to back up its conclusory statements regarding Intercept’s allegedly unlawful acts or omissions.”  The Court summed up the paucity of detail in the CFPB’s complaint:  “The Complaint simply does not sufficiently identify particular clients whose actions provided ‘red flags’ to Intercept or how Intercept’s failure to act upon those ‘red flags’ caused harm or was likely to cause harm to any identified consumer or group of consumers.”

We previously wrote about the broader implications of the CFPB’s case against Intercept, specifically the issues raised in briefs filed by Intercept and the Third Party Payment Processors Association (“TPPPA”) in support of the motion to dismiss.  We highlighted two issues in particular implicated by the Court’s order:  (1) whether unfair acts and practices under the CFPA required direct interaction with consumers; and (2) whether unfair acts and practices had to be predicated on underlying rules violations.  While the Court’s order dismissing the CFPB’s complaint does not tackle these issues head-on, it provides some guidance and indicates that in suits against payment processors the CFPB must do more than simply allege that a payment processor harmed consumers.

On the question of whether violations of the CFPA require direct interactions with consumers, the court’s opinion is a mixed bag.  Intercept and the TPPPA both argued that payment processors are not “covered persons” within the meaning of the CFPA because they do not offer services directly to consumers.  The Court tacitly rejected the argument that payment processors can never be considered “covered persons” under the CFPA, finding that the CFPB alleged sufficient facts that if proven would support a finding that Intercept was a “covered person.”  But the Court’s holding demonstrates that the CFPB must do more than merely allege that a payment processor’s conduct harmed a consumer.  According to the Court, the CFPB must allege harm to an “identified consumer or group of consumers.”  The nature of payment processors’ business, which is inherently not consumer-facing, could render proving harm to particular consumers difficult.

The Court likewise did not definitively hold that the unfair acts or practices under the CFPA must be predicated on violations of underlying rules or regulations, but its holding does signal that the CFPB cannot merely allege the existence of industry rules and standards in order to state a claim.  Rather, the CFPB must allege facts showing that a defendant’s conduct violated those rules.  This requirement comports with the TPPPA’s concern that absent a requirement of a rule violation, payment processors could be liable for conduct that “was not unlawful or forbidden by the rules in place at the time of the alleged conduct.”

What’s next?  The Court dismissed the CFPB’s complaint without prejudice, meaning that the CFPB can attempt to re-plead its complaint with sufficient detail.  But the Court’s order teaches that sufficient detail in this case requires a showing that Intercept violated a particular rule that harmed an identifiable group of consumers.  If future courts follow the district court of North Dakota’s lead and find that payment processors can be liable under the FCPA, they should impose, at a bare minimum, the same standards exacted by the North Dakota court in dismissing the CFPB’s complaint against Intercept.  Otherwise, the CFPB could pull within its purview companies that have no direct contact with consumers, whose actions do not harm consumers, and whose actions did not violate any established standard or rule.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

President’s Proposed Budget Increases Healthcare Fraud Enforcement Funding

iStock_000004688619Medium-thumb-225x149-186.jpgMuch of the discussion surrounding President Trump’s 2018 budget blueprint has focused on cuts, but one proposed budget increase shows the new administration is likely to continue focusing on healthcare fraud enforcement.  Among cuts of approximately 18% to the budget of the Department of Health and Human Services (HHS), the president’s budget proposes $70 million in additional funding for the Health Care Fraud and Abuse Control program (HCFAC), a more than 10% increase.

HCFAC is jointly directed by the Secretary of HHS and the Attorney General and is supervised by the HHS Office of Inspector General.  The program coordinates federal, state, and local healthcare fraud enforcement efforts.  According to the president’s budget, the HCFAC program returns more than $5 in fraud recovery for every dollar spent.

The increase in HCFAC funds suggests that the new administration will not deemphasize healthcare fraud investigations and prosecutions, despite new HHS Secretary, and physician, Tom Price’s statement at his confirmation hearing that healthcare fraud enforcement should focus on truly bad actors and focus less on scrutinizing the medical necessity of treatments.  Compliance should thus remain a priority for all healthcare providers and fraud investigations are likely to continue to be a top concern.  Secretary Price also spoke in favor of using data analysis to scrutinize payments for red flags before they are made, as opposed to the government’s traditional practice of investigating suspicious cases long after payment has been made. Such analysis, already used by the government, may raise the immediacy and importance of compliance for providers.  Data analysis may also mean that more healthcare fraud is first identified by the government, decreasing the importance of whistleblowers bringing qui tam suits.

Although there is no prospect of the president’s budget blueprint becoming law in the immediate future and any enacted budget is likely to face significant changes, the funding increase for HCFAC shows that, despite the new administration, healthcare fraud is likely to continue to be a major priority of government regulators and prosecutors.