False Claims Act Poses Growing Risks for Nonprofit Organizations

Nonprofit organizations that receive government funding directly or indirectly are facing increased scrutiny under the False Claims Act (FCA), with potential penalties that could reach millions of dollars. The FCA allows federal authorities and whistleblowers to pursue significant penalties against organizations that knowingly submit false claims to the government.

Organizations found liable can face damages of three times the government’s losses plus penalties ranging from $14,308 to $28,619 per false claim. Since 1986, the government has reclaimed more than $85 billion through FCA enforcement, with $6.8 billion recovered in fiscal year 2025 alone.

Any nonprofit that contracts with the government or receives federal grants, loans, or other federal funding could be at risk if they fail to properly document compliance with contractual obligations when requesting federal funds. Traditional FCA enforcement against nonprofits has primarily focused on federal grants and healthcare claims, but recent developments signal an expanding scope.

In a significant shift, the Trump Administration announced in May 2025 the Civil Rights Fraud Initiative, which aims to use the FCA to investigate organizations with diversity, equity, and inclusion (DEI) programs that allegedly assign benefits or burdens based on race, ethnicity, or national origin.

Harvard University became an early target when the Department of Justice (DOJ) launched an investigation into whether its admissions process complies with the Supreme Court’s 2023 decision effectively ending affirmative action. The initiative extends beyond nonprofits, with companies including Google and Verizon Communications receiving civil investigative demands related to their DEI programs.

Federal grant management continues to be a major area of enforcement. The Cleveland Clinic Foundation paid $7.6 million in May 2024 to resolve allegations that it failed to disclose foreign funding sources in National Institutes of Health grant submissions over a seven-year period. Similarly, the University of Maryland agreed to pay $500,000 in July 2024 for failing to disclose foreign support for researchers on federally funded projects.

Cybersecurity has emerged as another critical enforcement area. In October 2021, the DOJ launched its Civil Cyber-Fraud Initiative, which has recovered over $52 million in fiscal year 2025 across nine settlements. The Georgia Tech Research Corporation, a 501(c)(3) organization, settled for $875,000 in September 2025 over allegations it failed to comply with cybersecurity requirements in Air Force and Defense Advanced Research Projects Agency contracts.

Penn State similarly paid $1,250,000 in October 2024 to resolve claims it neglected cybersecurity obligations across 15 government contracts and provided inaccurate assessment scores to the Department of Defense.

The Paycheck Protection Program (PPP) created during the COVID-19 pandemic has become another significant source of FCA liability for nonprofits. The DOJ’s pandemic fraud enforcement has yielded more than $820 million in civil recoveries to date, with nonprofit organizations facing particular scrutiny regarding eligibility certifications.

In September 2025, six nonprofit organizations settled for over $3 million to resolve allegations they falsely certified eligibility for PPP loans. Four additional nonprofits reached settlements exceeding $3 million in January 2026 for similar allegations, including Prosperity Now, National Bureau of Asian Research, National Conference on Public Employee Retirement Systems, and League of United Latin American Citizens.

For nonprofits seeking to mitigate these risks, experts recommend confirming internal controls over grant expenditures, auditing cybersecurity practices to ensure alignment with contractual requirements, verifying eligibility certifications for all funds, and reviewing DEI policies against current DOJ guidance.

Organizations that suspect potential FCA exposure or receive internal complaints, audit requests, subpoenas, or Civil Investigative Demands related to federal funding should contact legal counsel immediately. Tax-exempt status does not provide immunity from FCA liability, making proactive compliance essential for nonprofits operating in today’s increasingly complex regulatory environment.

As federal enforcement priorities continue to evolve, nonprofit organizations must remain vigilant in maintaining robust compliance programs to navigate the growing risks associated with government funding.