DOJ False Claims Act Settlement Highlights Risks for Private Equity Sponsors in Portfolio Companies with Government Contracts
Client Alert | August 14, 2025
The case provides valuable insights into how PE sponsors and their portfolio companies can mitigate the risks associated with FCA exposure at the portfolio company-level through a careful delineation between sponsor and management involvement in these situations.
A recent settlement among the Department of Justice, a private equity firm, and its portfolio company illustrates DOJ’s continuing False Claims Act enforcement priorities of pursuing liability against third parties that—either directly or indirectly—engage in conduct that results in FCA violations, and using the FCA to pursue cybersecurity-related fraud.[1] In this instance, DOJ alleged that an employee of the PE sponsor shared restricted information with unauthorized foreign employees of a software company in violation of the terms of the portfolio company’s contract. As discussed below, the sponsor and portfolio company received credit in the settlement for their voluntary disclosure of the issue and their cooperation and remediation.
The case demonstrates the risks of PE sponsor involvement in regulated portfolio company conduct and provides valuable insights into how sponsors and their portfolio companies can mitigate the risks associated with FCA exposure at the portfolio company-level through a careful delineation between sponsor and management involvement in these situations.
The FCA in Brief
The FCA, 31 U.S.C. §§ 3729–3733, is the federal government’s primary tool to redress fraud against government agencies and programs. The FCA provides for recovery of civil penalties and treble damages from any person who knowingly submits or causes the submission of false or fraudulent claims to the United States for money or property. DOJ devotes substantial resources to pursuing FCA cases, and to considering whether qui tam cases brought by relators merit parallel criminal investigations.
DOJ has previously expressed interest in pursuing FCA enforcement actions against a “wide collection of actors that may influence the claims that are ultimately submitted to the government.”[2] This includes pursuing private equity sponsors that, “provid[e] express direction for how a provider should conduct their business, or more indirectly by providing revenue targets or other indirect benchmarks intended to prioritize reimbursement.”[3]
Overview of the Allegations
On July 31, 2025, DOJ announced a $1.75 million settlement with Gallant Capital Partners LLC (Gallant), a private equity firm, and Aero Turbine, Inc. (ATI), its portfolio company that serves as a provider of maintenance, repair and overhaul (MRO) services and consultative repair solutions, to resolve false claims allegations against the two companies.[4]
As alleged in the settlement, ATI’s contractual cybersecurity requirements included full implementation of 110 cybersecurity controls reflected in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”[5] Gallant was identified as a co-defendant for “causing the submission of claims” that were false or fraudulent.[6] Specifically, DOJ alleged that:
- ATI and Gallant failed to control the flow of Controlled Unclassified Information (CUI);
- a Gallant employee shared CUI with unauthorized foreign employees of a software company in violation of the terms of ATI’s contract;
- ATI failed to fully implement all required cybersecurity controls; and
- Neither ATI nor Gallant had verified whether ATI met its contractual cybersecurity controls to safeguard the covered defense information contained in ATI’s information systems.[7]
Settlement Credit for Self-Disclosure and Remedial Actions
ATI submitted two written disclosures to the government regarding its non-compliance with contractual cybersecurity requirements.[8] According to the settlement and press release, ATI and Gallant cooperated with the government’s investigation by identifying responsible individuals, disclosing facts gathered during their independent investigation, and attributing facts to specific sources.[9] ATI and Gallant also implemented remedial measures to resolve the issues and prevent similar issues from arising in the future.[10]
DOJ “commend[ed] Aero Turbine and Gallant for disclosing the issue and promptly cooperating to address it,”[11] and ATI and Gallant received credit in the settlement under the Justice Manual for their disclosure, cooperation and remediation.[12]
Key Takeaways for Private Equity Firms Investing in Portfolio Companies with Government Contracts
The allegations regarding the sponsor’s direct participation in the covered conduct are unusual in the context of private equity-related FCA settlements, where prior cases and settlements have focused more on the PE firms’ ratification of their portfolio companies’ submissions of allegedly false claims. For example, in July 2021, DOJ entered into a settlement with Anchor Capital Partners for its violation of the False Claims Act based on its alleged failure to stop wrongdoings of a portfolio company that it had discovered during its due diligence process.[13] And in United States ex. rel. Martino-Fleming v. South Bay Mental Health Centers, relators filed suit against South Bay’s private equity investor, HIG Capital, alleging that it was aware of the false claims violations stemming from its due diligence and that HIG Capital was knowingly ratifying the alleged misconduct by rejecting recommendations to bring South Bay into compliance.[14] Here, DOJ alleged direct involvement of the PE firm’s personnel in the misconduct, as opposed to an application of the ratification theory reflected in prior cases and resolutions.
While the allegations here do not expressly rely on issues identified in diligence, part of the alleged conduct occurred before the sponsor’s acquisition of the portfolio company. The allegations of a pre-existing noncompliance serve as a reminder that careful diligence can be a first line of defense in government contracts transactions given the potential for successor liability.
PE investors must also consider risks associated with the portfolio company’s post-acquisition operations, and ensure that their principals and employees are apprised of those risks. Sponsors should consider appropriate compliance training for their personnel participating in government contracts transactions, particularly for the deal teams involved in oversight of portfolio company operations. Given cybersecurity requirements and restrictions on information sharing, sponsors should generally avoid participating in the administration of a portfolio company’s government contract. If it is necessary that sponsor employees get involved (for example, where the sponsor is seeking to sell the portfolio company, there may be a desire to limit the involvement of portfolio company personnel, but may nevertheless need to share sensitive contract information with third parties as part of the auction), the sponsor should consult with counsel to understand the risks and mitigation strategies.
The recent Gallant/Aero Turbine settlement serves as a compelling example of the increasing liability risks for private equity firms and the continued enforcement focus on cybersecurity compliance. The resolution underscores the growing need for early interdisciplinary legal expertise and careful coordination among corporate and government contracts counsel to identify and mitigate risks in aerospace and defense transactions.
[1] See e.g. Statement of Brian Boynton, Principal Deputy Assistant Attorney General, Civil Division, DOJ(Feb. 2024) (“I would like to emphasize the department’s commitment to holding accountable third parties that cause the submission of false claims. These third parties can include private equity firms, among others.”) (available at https://www.justice.gov/archives/opa/speech/principal-deputy-assistant-attorney-general-brian-m-boynton-delivers-remarks-2024) [hereinafter Boynton Remarks]; DOJ Press Release, Deputy Attorney General Lisa O. Monaco Announces New Civil Cyber-Fraud Initiative (October 6, 2021) (available at https://www.justice.gov/archives/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative).
[2] See Boynton Remarks.
[3] See id.
[4] See DOJ Press Release, California Defense Contractor and Private Equity Firm Agree to Pay $1.75M to Resolve False Claims Act Liability Relating to Voluntary Self-Disclosure of Cybersecurity Violations (July 31, 2025) (available at https://www.justice.gov/opa/pr/california-defense-contractor-and-private-equity-firm-agree-pay-175m-resolve-false-claims) [hereinafter Press Release DOJ Private Equity ].
[5] See Settlement Agreement by and among DOJ, Aero Turbine, Inc., and Gallant Capital Partners, LLC (July 31, 2025) (available at https://www.justice.gov/opa/media/1409651/dl) [hereinafter Gallant Settlement].
[6] See id.
[7] See id.
[8] See id.
[9] See id.; Press Release DOJ Private Equity.
[10] See Gallant Settlement.
[11] See Press Release DOJ Private Equity.
[12] See Gallant Settlement.
[13] See Martino-Fleming, 2021 WL 2003016.
[14] See DOJ Press Release, EEG Testing and Private Investment Companies Pay $15.3 Million to Resolve Kickback and False Billing Allegations (July 21, 2021) (available at https://www.justice.gov/archives/opa/pr/eeg-testing-and-private-investment-companies-pay-153-million-resolve-kickback-and-false).
Gibson Dunn will continue to closely monitor enforcement trends in False Claims Act enforcement, and our attorneys are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Government Contracts, False Claims Act/Qui Tam Defense, or Private Equity practice groups:
Government Contracts:
Lindsay M. Paulin – Washington, D.C. (+1 202.887.3701, lpaulin@gibsondunn.com)
Dhananjay S. Manthripragada – Los Angeles/Washington, D.C. (+1 213.229.7366, dmanthripragada@gibsondunn.com)
Joseph D. West – Washington, D.C. (+1 202.955.8658, jwest@gibsondunn.com)
False Claims Act/Qui Tam Defense:
Jonathan M. Phillips – Washington, D.C. (+1 202.887.3546, jphillips@gibsondunn.com)
Winston Y. Chan – San Francisco (+1 415.393.8362, wchan@gibsondunn.com)
Jake M. Shields – Washington, D.C. (+1 202.955.8201, jmshields@gibsondunn.com)
Private Equity:
Richard J. Birns – New York (+1 212.351.4032, rbirns@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310.552.8581, alanin@gibsondunn.com)
Michael Piazza – Houston (+1 346.718.6670, mpiazza@gibsondunn.com)
John M. Pollack – New York (+1 212.351.3903, jpollack@gibsondunn.com)
© 2025 Gibson, Dunn & Crutcher LLP. All rights reserved. For contact and other information, please visit us at www.gibsondunn.com.
Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.