Network security company Fortinet has agreed to pay $545,000 to resolve allegations that it violated the US's False Claims Act.
According to the settlement agreement made public on April 12, 2019, "Fortinet acknowledged that during the more than seven years between January of 2009 and the fall of 2016, a Fortinet employee responsible for supply chain management arranged to have labels on certain products altered to make the products appear to be compliant with the Trade Agreement Act (TAA). A portion of the products was resold through distributors and subsequent resellers to U.S. government end users."
“Today’s announcement illustrates the continuing commitment of the US Attorney’s Office and our law enforcement partners to identify and prosecute fraudulent schemes relating to the sale of goods to the United States,” said US Attorney David L. Anderson.
“Contractors that supply the US government with Chinese-made technology will be pursued and held accountable when violating the Trade Agreement Act,” said Defense Criminal Investigative Service (DCIS) Special Agent in Charge Bryan D. Denny. “The DCIS and its law enforcement partners are committed to combating procurement fraud and cyber-risk within US Department of Defense programs.”
The TAA prohibits certain government contractors from purchasing products that are not entirely from, or “substantially transformed” in, the United States or certain designated countries. According to the public announcement, in this case Fortinet acknowledged that the "Responsible Employee" directed certain employees and contractors to change product labels so that no country of origin was listed or to include the phrases “Designed in the United States and Canada,” or “Assembled in the United States.”
According to Fortinet's website, the company serves government organization customers. Some of these include Alamance County in North Carolina and Salt Lake County in Utah.
The company has agreed to pay $400,000 and to provide the United States Marine Corps with additional equipment valued at $145,000.
The lawsuit was filed by former Fortinet employee Yuxin “Jay” Fang under the qui tam provisions of the False Claims Act. It was then investigated by the U.S. Attorney’s Office of the Northern District of California, along with other government organizations.
“This settlement displays the steadfast commitment of our agents and our federal law enforcement partners,” said the U.S. Army Criminal Investigation Command’s (USACIDC's) director of major procurement fraud unit, Marion "Frank" Robey. “This settlement is a clear signal to the supply community doing business with the Department of the Army; fraud will not be tolerated in any way, shape or form.”
Commenting on the isuue, Fortinet said: “We hold ourselves to the highest ethical standards of trust and integrity. This was an isolated incident that involved events from more than two years ago in which a rogue former employee acted against our policies. When we were made aware of the incident, we took immediate action, including thoroughly investigating the matter, terminating the employee and implementing additional safeguards to prevent an issue like this from happening again. The nominal settlement amount of $545,000 reflects in part our cooperation to promptly and thoroughly address this matter.”