The year the numbers changed
Fiscal year 2025 produced three figures a compliance officer should be able to recite: $6.8 billion in False Claims Act recoveries, 1,297 qui tam whistleblower filings, and an HHS Office of Inspector General budget request north of $450 million aimed at roughly $50 billion in recoveries. Each is a record or near it. Together they describe an enforcement apparatus operating at historic capacity.
The argument of this post is narrow. The compliance program standard has quietly moved — through the April 2026 OIG guidance, the February 2026 Medicare Advantage guidance, and the steady expansion of Corporate Integrity Agreement requirements — and it has moved in the direction the enforcement numbers were already pointing. A program built for the previous decade's enforcement footprint is not wrong so much as out of date. The numbers below are why.
The $6.8 billion number
False Claims Act recoveries reached approximately $6.8 billion in fiscal year 2025 — the highest single-year total in the statute's history. The False Claims Act (31 U.S.C. § 3729) is the government's principal civil instrument for recovering fraud losses, and healthcare has for years been its largest source.
The composition matters as much as the total. Medicare Advantage–related matters were a substantial driver, consistent with the government's stated focus on risk-adjustment and MA arrangements. This is not a one-year spike on a flat line; it is the continuation of a multi-year trend in which government resourcing translates, with a lag, into higher recovery.
For a compliance officer, $6.8 billion is a number that travels upward — it is the figure a board asks about. The relevant question it raises is not whether enforcement is active. It is whether the program can demonstrate, arrangement by arrangement, that it would survive the kind of scrutiny that produced that total. The enforcement library catalogs what the programs that did not could not show.
The whistleblower signal
Whistleblowers filed 1,297 qui tam suits in fiscal year 2025, a new record. A 2025 that produces 1,297 qui tam filings is not a policy signal; it is a workforce. That is roughly 25 new suits every week, sustained across the year.
Who files them is the part worth sitting with. Qui tam relators are typically current or former employees, business partners, or competitors — people with direct access to internal documentation. The reader a compliance program has to satisfy is no longer only an external auditor working from what the organization chooses to produce. It is an adversarial insider who already knows where the records are thin.
That is a different threat model, and it rewards a different kind of program. It favors records that are honest by construction — timestamped, attributable, and hard to revise after the fact — and it penalizes programs that have quietly depended on nobody looking too closely.
That changes the standard for documentation. Evidence that looks adequate in a self-directed review can look very different when assembled by someone motivated to show it was created after the fact. Contemporaneous documentation — records demonstrably made while an arrangement was active, not reconstructed for the inquiry — is the property that holds up, a point developed in The Spreadsheet Gap.
The money behind it
Enforcement volume follows enforcement resourcing. HHS-OIG requested more than $450 million for fiscal year 2026 and identified approximately $50 billion in potential savings through payment recovery and program improvements.
The $50 billion recovery target is the number worth staring at. It describes what regulators plan to bring in, not merely what they plan to spend. A government that resources roughly $450 million against a $50 billion target is not signaling a temporary posture; it is describing a program with a return on investment it intends to realize. Enforcement intensity, on these figures, is a structural feature of the environment rather than a passing emphasis.
That structural commitment shows up in the instruments regulators use. Corporate Integrity Agreements — the settlement terms imposed on organizations that resolve fraud matters — have grown broader, and it is worth being specific about how.
What CIAs now look like
Corporate Integrity Agreements increasingly require focused arrangements reviews: targeted examination of high-risk arrangements, and specifically those with referral sources, alongside claims analyses and health-information-technology oversight. The referral- source arrangement — the medical directorship, the professional services agreement, the lease — is named as a focus area, not left implied.
The consequence reaches past the organizations actually under a CIA. Because CIA terms increasingly define what regulators regard as a robust compliance program, those requirements set the bar during audits and investigations of organizations that have never signed one. The CIA has become the compliance program standard, not just the punishment.
The February 2, 2026 Medicare Advantage Industry Segment-Specific Compliance Program Guidance — the first MA-specific guidance since 1999 — codifies the same direction at the guidance level. The underlying legal framework, the interaction of the Stark Law and the Anti-Kickback Statute that these reviews turn on, is set out in Stark Law vs Anti-Kickback Statute.
The common thread
Read together — $6.8 billion, 1,297 filings, $450 million against $50 billion, and focused arrangements review — the four signals converge on a single expectation: documented, dual-statute analysis of arrangements, at scale. None of the four numbers stands alone; the point is their alignment. Record recoveries tell a program the government is collecting; a record whistleblower year tells it who is supplying the cases; the budget math tells it the pace is not slowing; and the CIA terms tell it exactly which records will be pulled.
The OIG made the dual-statute point explicit on April 23, 2026, when it updated its fraud-and-abuse FAQs (revised FAQ 4 and new FAQ 17) to restate that Stark Law compliance and fair market value do not, by themselves, shield an arrangement from the Anti-Kickback Statute, and that AKS exposure turns on intent. Fair market value and a satisfied Stark exception are necessary; they are not sufficient. The intent analysis is separate and has to be documented on its own terms — the subject of FMV Alone Won't Save You.
A program that tracks FMV opinions and Stark exception boxes in a spreadsheet, and treats that as the file, is demonstrably behind the standard the numbers describe.
What modern programs look like now
The modern physician-arrangement program is built around contemporaneous, dual-statute evidence on every arrangement, not around a document folder assembled when an inquiry arrives.
On the Stark side, that means the defensibility inputs kept current and scored: FMV opinion currency, element-by-element safe-harbor completeness, and exclusion screening. On the Anti-Kickback side, it means an explicit intent posture — documented answers to the questions an investigator asks: whether compensation is independent of referral volume or value, whether any remuneration travels outside the written agreement, whether conduct matches the agreement. One articulation of how those inputs combine into a defensibility score is published in the methodology.
The operational test is whether that evidence can be produced, arrangement by arrangement, at the standard a focused arrangements review applies. Matters like Tuomey Healthcare and Community Health Network are, in the end, examples of programs that could not.
The cohort building for it
This is the environment the ArrowISE Design Partner Cohort is built for. Five hospital compliance programs, over six months, using purpose-built infrastructure — a Defensibility Index and an AKS Exposure score on every arrangement, with evidence packets and workflow designed to meet the focused-arrangements-review standard rather than scramble to it.
Applications open July 15, 2026, and the cohort begins August 15. Partners receive free access for the cohort and direct founder access; conversion at cohort end is at a locked rate of $99 per month for 24 months — 50% off the standard $198 per month enterprise rate — in exchange for structured feedback and a reference commitment. It is a working partnership, not a beta. The full criteria and the application are on the design partner program page.
The numbers already made the argument. The design partner cohort is where compliance programs get built to match them.