If you’re a general counsel, chief legal officer, or C-suite executive at a company that does business with the federal government, the enforcement landscape in 2025 demands your attention now more than ever. The Department of Justice under the Trump administration has significantly recalibrated its approach to white-collar crime, with a renewed focus on domestic fraud, national security, and accountability at the highest levels of corporate leadership. These changes are already reverberating across key sectors—healthcare, defense contracting, tech, and infrastructure.
The stakes became even clearer following The Wall Street Journal‘s report on May 15 that the DOJ has opened a criminal investigation of UnitedHealthcare’s Medicare billing practices.[1] The probe, still developing, underscores the administration’s intention to pursue large, publicly traded companies for perceived failures in internal controls and regulatory obligations. It also signals to the entire healthcare and government contractor sectors that no institution is too large to undergo scrutiny.
A Strategic Shift: DOJ’s May 12 Memo
The DOJ’s new policy memo issued on May 12, 2025, entitled “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime,” marks a defining moment in the administration’s federal enforcement strategy.[2] The policy focuses on high-impact prosecutions that protect taxpayer dollars, advance national security, and hold individuals accountable, without the burdens of excessive corporate oversight mechanisms. This offers clear benefits to companies that promptly self-disclose wrongdoing, cooperate fully with investigations, and remediate quickly. In such cases, the DOJ has pledged to consider declinations or non-prosecution agreements, even when companies self-disclose violations. The strategy reflects a belief that voluntary transparency and swift remediation are more effective than protracted adversarial litigation. However, for companies that delay, withhold information, or fail to demonstrate strong internal controls, the consequences are likely to be severe.
The policy also signals a pullback from the routine use of corporate monitors. Instead, the DOJ will now rely more on a company’s ability to self-govern through an effective compliance infrastructure. While the administration has moved away from certain global enforcement priorities—such as robust prosecution of FCPA violations—domestic accountability will be pursued with renewed vigor. The goal isn’t less enforcement; it’s more focused enforcement. This approach should not be mistaken for leniency. In fact, by making cooperation and self-disclosure the centerpiece of its enforcement framework, the DOJ is creating an environment where well-run companies can thrive—and where companies that fail to invest in compliance will face swifter, more decisive consequences.
Current Trends: Enforcement in Action
Since January 2025, both the DOJ and the SEC have taken visible steps to reassert their corporate enforcement authority. The DOJ has accelerated its pursuit of fraud involving federal contracts, pandemic relief funds, and cybersecurity compliance. For example, in March 2025, MORSECORP Inc.[3] agreed to pay $4.6 million to settle allegations that it falsely certified its compliance with cybersecurity obligations in military contracts.[4] In April, DynCorp International paid $21 million to resolve allegations of overbilling tied to State Department training contracts funded by COVID-19 emergency programs.[5] These settlements underscore the DOJ’s intention to impose significant financial penalties for regulatory noncompliance—even where the misconduct involves administrative or technical violations. They also illustrate how the DOJ is using the False Claims Act to enforce accountability in areas beyond traditional billing fraud. Particularly for government contractors, these developments point to a broader strategy: DOJ will aggressively protect federal dollars across programs and expects contractors to do the same internally.
The Securities and Exchange Commission, similarly reinvigorated under new Trump-appointed leadership, has opened investigations into public companies that may have misled investors about material risks tied to government contract performance, cybersecurity readiness, or ESG-related financial exposures. While newly appointed Commission Chair, Paul Atkins, speaking about the crypto markets and the need for flexible thinking by regulators, noted that the SEC “should not fear innovation . . . it should embrace and champion it,”[6] he is unlikely to view purposeful violative conduct leniently. In his prior stint as SEC Commissioner, Atkins conveyed his firm view that those responsible for unethical and illegal behavior should be punished. For example, commenting on an investment company rule proposal in 2004, he stated,
As for those firms and individuals whose conduct was clearly reprehensible, we have demonstrated that our agency has the power to punish them. In the most egregious cases, we have permanently barred individuals from the industry. I applaud our enforcement efforts and believe that they will serve to deter future unethical, immoral, and illegal behavior.
However, as we discharge our regulatory responsibilities, we need to be mindful that morality and ethics cannot be legislated into existence, and criminal conduct cannot be legislated out of existence. Government controls alone will never be a solution if individuals and individual firms are not upholding their own end of simple business ethics through their own effective compliance.[7]
We foresee that under its new chair, the SEC will innovate on the regulatory side but also return to its bread-and-butter enforcement roots when it comes to investigations and litigation involving fraud and bad actors.
Looking ahead, we expect the Trump administration’s enforcement activities to concentrate heavily on sectors that intersect with federal funding. Government contractors are likely to face greater scrutiny for bid rigging, cost mischarging, cybersecurity certification fraud, and export control violations. Executives and legal officers involved in regulatory certifications or internal audit functions will be under the microscope—particularly where failures to act on internal warnings or audit flags can be construed as willful blindness or deliberate indifference.
In healthcare, the examination of claims submitted to Medicare and Medicaid will intensify, with a renewed focus on identifying executive-level accountability for patterns of improper billing, insufficient supervision, or compensation arrangements that may violate federal law. With the CHIPS Act and other infrastructure spending rolling out at scale, companies in the semiconductor, AI, and advanced manufacturing sectors should also anticipate rigorous enforcement around grant disbursement compliance and performance reporting.
These trends suggest that companies must not only ensure formal compliance structures are in place, but that those systems should be integrated into everyday operations, auditable, and sufficiently empowered to detect and report misconduct before it becomes systemic. Timely, documented internal responses to known risks will be viewed as mitigating factors. Organizations lacking such systems will face the full weight of federal enforcement.
Increased whistleblower activity is another trend to watch. The DOJ plans to expand its corporate whistleblower awards pilot program to reflect the administration’s priorities.[8] The DOJ is receiving a growing number of qui tam filings from insiders reporting irregularities in CHIPS Act funding, cybersecurity practices, and contract performance. Weak internal compliance systems make companies especially vulnerable, even if the underlying issue stems from negligence rather than intent.
Congressional Oversight and Investigations
At the same time, congressional oversight has intensified. With Republican majorities leading key committees in both chambers, companies can expect parallel investigations from Congress, often on the same subjects as probes conducted by the DOJ. Defense pricing, ESG reporting, data security, and relationships with foreign entities are at the top of Congress’ list.
Corporate legal teams must now prepare for the possibility that testimony before Congress could be dissected for inconsistencies with other disclosures. Congressional investigations do not carry the immediate threat of prosecution, but their reputational impact—especially in high-profile hearings—can be equally damaging.
Getting Ahead of the Curve
The clearest takeaway from the DOJ’s May 12 memo is that preparation matters. Effective compliance programs and strong internal controls are not just check-the-box exercises—they are the most effective way to reduce or mitigate risk. Companies that take proactive steps now to audit vulnerable areas, remediate known gaps, and invest in scalable compliance frameworks will be better positioned to withstand scrutiny by regulators.
In our experience, successful companies treat compliance as a continuous discipline, not a static function. Internal audit and legal departments should work closely with leadership to create an enterprise-wide culture that values integrity, transparency, and rapid response. This means embedding compliance into operations, documenting decision-making processes, and ensuring that any whistleblower concerns are handled promptly and thoroughly.
The DOJ’s new enforcement policy and the investigation of UnitedHealthcare mark a decisive turn in corporate accountability. Whether your company’s business is healthcare, defense, or tech the administration’s efforts will be robust and unforgiving of internal failures. But companies that invest in compliance, address issues early, and foster a culture of integrity, can mitigate the most serious risks.
The question is not whether scrutiny is coming: it is. Is your company equipped to respond when it does?
About the Authors:
John P. Rowley III is a former federal prosecutor with decades of experience representing clients in high-stakes trials and investigations. Adriaen M. Morse is a former SEC enforcement attorney who also served as chief litigation counsel for a publicly listed government contractor. Together, they help lead SECIL Law’s white-collar practice which is grounded in discretion, strategic insight, and proven results.
By John P. Rowley III and Adriaen M. Morse, Partners, SECIL Law PLLC | Washington, D.C. John and Adriaen can be reached at jrowley@secillaw.com and amorse@secillaw.com respectively.
[2] https://www.justice.gov/opa/media/1400141/dl?inline
[3] “MORSE” is an acronym for: Mission Oriented Rapid Support Engineering.
[6] Paul Atkins, Prepared Remarks Before SEC Speaks (May 19, 2025), https://www.sec.gov/newsroom/speeches-statements/atkins-prepared-remarks-sec-speaks-051925#_ftnref4.
[7] Paul Atkins, Statement by SEC Commissioner: Regarding Investment Company Governance Proposal (June 23, 2004), https://www.sec.gov/news/speech/spch062304psa.htm.
