Where there is money, there is fraud. No corner is free from this specter—not even the hallowed halls of academia. Fraud investigations are on the rise in higher education institutions.
The False Claims Act (“FCA”) is a unique fraud-fighting statute, which lets ordinary citizens step into the shoes of the government to recover fraudulent gains. These whistleblowers are called “relators.” Armed with insider information, relators file fraud cases on the government’s behalf, leading to a recent uptick in government investigations of higher education institutions.
Any program, contract or grant involving government dollars can fall under the FCA. Though healthcare fraud is the largest type of FCA fraud, this article focuses on non-healthcare fraud in higher education: research and grant fraud, unlawful recruiting, failure to disclose ties to foreign governments, and cybersecurity failure fraud.
Research
In 2019, Duke University paid $112.5 million to settle an FCA case brought by a former employee-relator. The relator alleged that Duke knowingly falsified research, undermining the integrity of federal funding decisions. The relator was awarded $33.75 million from the recovery.
Grants
In 2020, the University of San Francisco paid $2.5 million to resolve allegations that it knowingly falsified over 1,500 timesheets and falsely certified approximately 61 education awards to qualify its Teacher Residency Program for receipt of more than $1.7 million in federal grant funds. This fraud was brought to light by an insider-turned-relator.
Recruiting fraud
In 2015, the government announced a “landmark settlement” with the second largest for-profit college company in the country, Education Management Corporation—arising from FCA lawsuits filed by four relators. The $95.5 million settlement resolved allegations that Education Management unlawfully recruited students by paying admissions personnel based purely on the number of students they enrolled. A concurrent investigation by state Attorneys General settled other allegations of deceptive and misleading recruiting practices. The relators were awarded, collectively, $11.5 million.
More from UB: What it takes for colleges to comply with recent ROI demands
Four years later, North Greenville University in South Carolina followed suit, paying $2.5 million to settle allegations that it unlawfully compensated its recruiting company based on the number of students recruited.
Ties to Foreign Nationals
In October 2023, Stanford University paid $1.9 million to resolve allegations related to its faculty’s ties with the Chinese Communist Party. In July 2024, the Justice Department announced that the University of Maryland paid $500,000 to resolve allegations that it violated the FCA by failing to disclose funding from Chinese companies.
While the Justice Department is already focused on this fraud, lawmakers weighed in too. This summer, a group of senators sent a letter to the Justice Department warning that “undisclosed and unmonitored financial relationships between U.S. academia and the Chinese Communist Party are glaring national security risks.” With two branches of the government so focused, higher education institutions should review and update their relevant policies immediately.
Cybersecurity fraud
There are two FCA cases pending against universities relating to cybersecurity. One is against Penn State, in which the whistleblower alleges that it knowingly failed to comply with numerous cybersecurity controls that are required for Department of Defense contractors.
The other is against Georgia Tech, alleging that it misrepresented compliance with several cybersecurity regulations governing what contractors must to do to protect government information on its systems. Ironically, the complaint focuses on allegedly lax cybersecurity standards at the Georgia Tech research lab focusing on cybersecurity and cyberattack attribution and which performs multiple U.S. defense contracts. While this case was initiated by a relator, it is the first FCA case the United States joined against a higher education institution for failing to comply with contractual cybersecurity requirements.
Prevention actions
What can higher education institutions do to avoid similar fates?
Real, transparent, and robust compliance programs are critical. Once meaningful policies are established and documented, mandatory, yearly training on the policies and the real cost of violations must follow.
Finally, there must be effective protections and anti-retaliation measures for whistleblowers, who almost always try to address suspected fraud internally before reporting to the government. By conducting meaningful and thorough investigations into fraud allegations and voluntarily disclosing potential wrongdoing, a costly and high-profile investigation and FCA litigation could be avoided.
The Justice Department has several programs incentivizing voluntary disclosure of fraud, including its 9-47.120 policy on corporate enforcement and voluntary self-disclosure available on the DOJ website, and the Criminal Division announced this year a Pilot Program on Voluntary Self-Disclosures for Individuals.
By following these proactive steps, universities can ensure that wrongdoing is timely reported, investigated and addressed. Higher education should be fertile ground for ideas, research, learning and discourse—not for fraud.