18/05/2023

the anatomy of whistleblower litigations

The Anatomy of Whistleblower Litigations

By Dr. Jim Castagnera, Esq.

Partner, Portum Group International

Last week I introduced the topic of whistleblowers to this blog.  At the end of that column, I promised a close look at a recent whistleblower litigation.  This week I’m going to exceed my promise and provide several recent examples.  Let me begin with a case brought pursuant to the Sarbanes-Oxley (SOX) Act.

In Williams v. JPMorgan Chase & Co. [2022 WL 2967881 (S.D.N.Y. July 26, 2022)], the plaintiff Williams filed a complaint with the Occupational Health and Safety Administration on April 27, 2020, alleging that JPMorgan's conduct during and subsequent to her employment violated the Sarbanes-Oxley Act. [ECF No. 21-5] OSHA issued the Secretary's Findings on April 30, 2020. The agency found that “[Williams's] claims [that JPMorgan] limited her responsibilities, gave her an unfavorable performance evaluation in or about January 2019, and issued her a written warning on October 24, 2019…were issued beyond the 180 [day] filing period and were not timely filed.” The Findings also stated that Williams's complaint about her termination was timely filed and that the parties are covered under the Sarbanes-Oxley Act. The decision concluded that “[JPMorgan] has shown by clear and convincing evidence, absent [Williams's] alleged protected activities, they would have taken the same adverse action” and found “no reasonable cause to believe [JPMorgan] violated SOX.” OSHA therefore dismissed Williams's complaint.

Williams subsequently filed suit and the district judge denied the defendant's motion for summary judgment, holding, “Drawing all inferences in Williams's favor, there is thus a genuine dispute of material fact as to whether the record clearly and convincingly shows that JPMorgan would have terminated Williams notwithstanding her protected activity.”

An example in the qui tam arena is U.S. ex rel. Sanchez v. Lymphatx, Inc. [2010 WL 547499 (11th Cir. Feb. 18, 2010)]

In this case, Plaintiff Laika Sanchez appealed from the district court's order dismissing her qui tam complaint on behalf of the United States against Lymphatx and its owners for violations of the False Claims Act. [31 U.S.C. §§3729-30] The district court concluded that Sanchez had failed to plead her allegations of fraud with the particularity required by Federal Rule of Civil Procedure 9(b) and that she had failed to state a claim for retaliation under 31 U.S.C. §3730(h). Sanchez argues that the district court erred in dismissing her complaint for failure to state a claim, and in closing her case without granting her leave to amend. [See Fed. R. Civ. P. 12(b)(6).]

To state a claim premised on fraud, Sanchez needed to “state with particularity the circumstances constituting [the] fraud.” [Fed. R. Civ. P. 9(b); see also United States ex rel. Clausen v. Lab. Corp. of Am., 290 F.3d 1301, 1308 (11th Cir. 2002) (“Rule 9(b) does apply to actions under the False Claims Act.”)] In her complaint, Sanchez alleged that the defendants had knowingly submitted false claims to Medicare for lymphedema treatments performed by massage therapists. She further alleged that the defendants had intentionally billed Medicare for services they did not provide and that she had gained personal knowledge of these billing practices through her employment as Lymphatx's office manager.

The appellate court explained that,

in addition to her general accusations of false billing, Sanchez needed to plead “facts as to time, place, and substance of the defendants' alleged fraud, specifically, the details of the defendants' allegedly fraudulent acts, when they occurred, and who engaged in them.” Despite her assertion that she had direct knowledge of the defendants' billing and patient records, Sanchez failed to provide any specific details regarding either the dates on or the frequency with which the defendants submitted false claims, the amounts of those claims, or the patients whose treatment served as the basis for the claims. Without these or similar details, Sanchez's complaint lacks the “indicia of reliability” necessary under Rule 9(b) to support her conclusory allegations of wrongdoing. In other words, because she failed “to allege at least some examples of actual false claims,” Sanchez could not “lay a complete foundation for the rest of [her] allegations.” The district court therefore appropriately dismissed the four claims alleging fraudulent billing.

The appeals panel went on to examine the plaintiff's claim that she had been punished by her employer for raising the red flag. As to this count of her complaint, the judges said,

Sanchez's allegations that she complained about the defendants' “unlawful actions” and warned them that they were “incurring significant criminal and civil liability” would have been sufficient, if proven, to support a reasonable conclusion that the defendants were aware of the possibility of litigation under the False Claims Act. Because her retaliation claim did not depend on allegations of fraud, Sanchez's complaint only needed “a short and plain statement of the claim showing that [she was] entitled to relief.” [Fed. R. Civ. P. 8(a)] We conclude that she satisfied this requirement and that the district court therefore erred in dismissing her claim for retaliatory discharge.

Another recent case worth noting in 2023 is United States ex rel. Markus v. Aerojet Rocketdyne Holdings & Aerojet Rocketdyne, Inc.

Relator Brian Markus was a resident of the State of California. He worked for the defendants as the senior director of Cyber Security, Compliance, and Controls from June 2014 to September 2015. The defendants develop and manufacture products for the aerospace and defense industry. Their primary aerospace and defense customers include the Department of Defense and the National Aeronautics & Space Administration (NASA), who purchase defendants' products pursuant to various government contracts.

On November 18, 2013, the DoD issued a final rule, which imposed requirements on defense contractors to safeguard unclassified controlled technical information from cybersecurity threats. 48 C.F.R. §252.204-7012 (2013). The rule required defense contractors to implement specific controls covering many different areas of cybersecurity, though it did allow contractors to submit an explanation to federal officers explaining how the company had alternative methods for achieving adequate cybersecurity protection, or why the standards were inapplicable.

In August 2015, the DoD issued an interim rule, modifying the government's cybersecurity requirements for contractor and subcontractor information systems. 48 C.F.R. §252.204-7012 (Aug. 2015). The interim rule incorporated more cybersecurity controls and required that any alternative measures be “approved in writing prior by an authorized representative of the DoD Chief Information Officer prior to contract award.” Id. at 252.204-7012(b)(1)(ii)(B).

The DoD amended the interim rule in December 2015 to allow contractors until December 31, 2017 to have compliant or equally effective alternative controls in place. See 48 C.F.R. §252.204-7012(b)(1)(ii)(A) (Dec. 2015).

Each version of this regulation defined adequate security as “protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.” 48 C.F.R. §252.204-7012(a).

Contractors awarded contracts from NASA must comply with relevant NASA acquisition regulations. 48 C.F.R. §1852.204-76 lists the relevant security requirements when a contractor stores sensitive but unclassified information belonging to the federal government. Unlike the relevant DoD regulation, this NASA regulation makes no allowance for the contractor to use alternative controls or protective measures. A NASA contractor is required to “protect the confidentiality, integrity, and availability of NASA Electronic Information and IT resources and protect NASA Electronic Information from unauthorized disclosure.” 48 C.F.R. §1852.204-76(a).

The relator alleged that the defendants fraudulently entered into contracts with the federal government despite knowing that they did not meet the minimum standards required to be awarded a government contract. He further alleged that when he started working for the defendants in 2014, he found that the defendants' computer systems failed to meet the minimum cybersecurity requirements to be awarded contracts funded by the DoD or NASA. He claimed that the defendants knew they were not compliant with the relevant standards as early as 2014, when they engaged Emagined Security, Inc. to audit the company's compliance. He averred that the defendants repeatedly misrepresented compliance with the technical standards in communications with government officials. He also alleged that the government awarded a contract based on these allegedly false and misleading statements.

In July 2015, the relator refused to sign documents that the defendants were now compliant with the cybersecurity requirements, contacted the company's ethics hotline, and filed an internal report. The defendants terminated his employment on September 14, 2015.

Markus sued under the False Claims Act and the defendants moved to dismiss for failure to state a cognizable claims, and also to stay the proceedings and compel arbitration under the relator's employment contract. Federal Judge William B. Shubb held that Markus has stated a valid cause of action for promissory fraud in violation of the FCA and that the arbitration clause in his contract would not be stretched to cover this cause of action. As to this second holding, His Honor observed, “The court will not expand the stay to encompass the nonarbitrable FCA claims. The issues involved in the FCA claims differ from those involved in relator's employment-based claims. Relator's FCA claims concern fraud that defendants allegedly perpetrated on the government, while relator's employment-based claims concern the alleged violation of his own rights during his employment. Resolution of relator's employment-based claims will not narrow the factual and legal issues underlying the FCA claims.”

In 2022 the court granted the defendant's motion for summary judgment on the relator's false-certification claim and allowed the remainder of the case to move forward. [See United States ex rel Markus v. Aerojet Rocketdyne Holdings, Inc., 2022 WL 297093 (E.D. Cal., Feb. 1, 2022).]