CMS FWA Certificate Explained: Who Needs It, Documentation, and Renewal

The CMS FWA certificate verifies completion of Fraud, Waste, and Abuse training that Medicare Advantage (Part C) and Part D plan sponsors require for their workforce and contracted entities. This guide explains who needs the certificate, what documentation to keep, how deemed status and training attestation work, acceptable training methods, and how to renew and update your records.

By following these sections in order, you can confidently meet payer expectations, streamline audits, and maintain uninterrupted participation in Medicare-related programs.

FWA Training Requirements

FWA training applies to plan sponsors and their first tier, downstream, and related entities (FDRs)—including providers, pharmacies, PBMs, delegated vendors, and support functions that interact with Medicare business. You should train new hires who touch Medicare work within 90 days of hire and retrain at least annually thereafter. Individuals who do not support Medicare activities are typically out of scope.

Training may be satisfied through the Medicare Learning Network (MLN) FWA module or an equivalent internal program that covers the same core topics and assessments. Keep scope decisions documented and defensible to demonstrate a risk-based approach.

Terminology note: not the Federalwide Assurance

“FWA” in CMS compliance refers to Fraud, Waste, and Abuse training—distinct from the Federalwide Assurance used in human subjects research oversight. Roles such as Human Protections Administrator and Signatory Official belong to the research Federalwide Assurance process and do not apply to the CMS FWA certificate.

Training Documentation and Record Retention

Maintaining complete, retrievable records is essential for compliance record retention and audit readiness. Your file should clearly show that required staff completed FWA training on time and understood the content.

What to retain

• Certificate of completion (e.g., MLN FWA certificate) for each learner, with name, date, score (if applicable), and course identifier.
• Training rosters and logs mapping roles to training requirements, completion dates, and due dates.
• Content artifacts: slide decks, curricula, knowledge checks, and updates showing alignment to current CMS expectations.
• Signed training attestation forms where required by plan sponsors or contracts.
• Policies and procedures describing your training program, escalation, and non-compliance remediation.
• System reports from your learning management system (LMS) that corroborate completions and reminders.

How long to retain

Keep training records for a period consistent with your contracts and audit obligations—commonly up to 10 years. Apply the same retention to vendor evidence you collect from FDRs and ensure records are secure, backed up, and quickly retrievable.

Deemed Status and Attestation

Certain organizations are “deemed” to have met the FWA training requirement because of their Medicare enrollment or accreditation status. When deemed, you typically do not need to assign additional CMS FWA training, but you must be able to prove your status and still comply with sponsor requests.

Who is commonly deemed

• Medicare Part A/B enrolled providers and suppliers in good standing.
• Suppliers with DMEPOS supplier accreditation when that accreditation underpins their Medicare enrollment.

Even when deemed, sponsors may require an annual training attestation confirming your organization—and applicable downstream entities—meet FWA expectations. Keep evidence such as Medicare enrollment letters, accreditation proof, and written attestations on file.

What to include in attestation

• Statement that your organization meets FWA training and education requirements (via deemed status or equivalent training).
• Confirmation that employees and relevant contractors with Medicare responsibilities were trained on schedule.
• Assurance that reporting mechanisms, non-retaliation, and exclusion screening processes are in place.

Training Methods and Content

You can meet requirements through the Medicare Learning Network FWA module or an equivalent internal program mapped to the same learning objectives. Deliver training via an LMS, live sessions, or microlearning, provided you track attendance and comprehension.

Core topics to cover

• Definitions and differences: fraud, waste, and abuse; why they matter to Medicare beneficiaries and the Trust Funds.
• Red flags and examples in claims, enrollment, marketing, pharmacy, and DMEPOS operations.
• Employee responsibilities: duty to report, confidentiality, and non-retaliation protections.
• Key risk areas: improper billing, kickbacks and inducements, medically unnecessary services, upcoding, documentation gaps.
• Controls and reporting channels: hotlines, compliance officer access, and escalation paths.
• Consequences of noncompliance for individuals and organizations, including potential administrative and financial remedies.

Assessment and certification

Include a knowledge check or post-test to confirm understanding. Issue a CMS FWA certificate (e.g., MLN certificate) on successful completion, and store it with the learner’s record.

Renewal of FWA Certificate

Renew your CMS FWA certificate annually to align with sponsor expectations. For new staff, complete training within 90 days of hire, then annually thereafter on either a hire-date or calendar-year cycle. Deemed entities should renew their attestation and evidence of enrollment or DMEPOS supplier accreditation on the same cadence.

Use automated reminders from your LMS or compliance calendar so certificates never lapse. Sponsors may treat lapses as a contract compliance issue, so build a short grace period and follow-up workflow into your process.

FWA Renewal Process

• Confirm scope: identify who performs Medicare-related work, including temps and contractors under your supervision.
• Determine status: verify whether you are deemed or require training; document the determination.
• Select training: use the Medicare Learning Network module or validated internal content mapped to CMS objectives.
• Deliver training: assign courses, monitor progress, and provide accommodations for role-specific needs.
• Assess and certify: administer knowledge checks, issue certificates, and capture electronic signatures.
• Collect training attestation: obtain organizational attestations required by plan sponsors or delegate agreements.
• Archive records: update rosters, logs, and content files to meet compliance record retention expectations.
• Report completion: provide evidence to sponsors or auditors upon request and track submissions.
• Schedule next cycle: set renewal due dates and automated reminders for individuals and vendors.

FWA Renewal Documentation Updates

Each renewal cycle is an opportunity to tighten your documentation and controls so audits go smoothly and findings are minimized.

Documents to review and refresh

• Training policy and procedures: reflect current CMS expectations and your chosen cycle (hire-date vs. calendar-year).
• Course content: update examples, risk areas, and reporting channels; revalidate answer keys and scoring thresholds.
• Attestation templates: ensure language covers FDR oversight, exclusion checks, non-retaliation, and record retention.
• Vendor/FDR files: collect certificates or deemed evidence, plus any DMEPOS supplier accreditation updates.
• LMS reports and dashboards: verify accuracy of completion data, late training flags, and exception handling.
• Compliance plan references: align FWA sections with hotline procedures, investigative protocols, and disciplinary standards.
• Terminology alignment: if your organization also holds a research-related Federalwide Assurance, keep those files separate and managed by the Human Protections Administrator and Signatory Official to avoid confusion with CMS FWA training records.

Conclusion

The CMS FWA certificate is a practical control that demonstrates your organization’s commitment to preventing fraud, waste, and abuse in Medicare programs. By scoping correctly, leveraging MLN or equivalent training, documenting thoroughly, honoring deemed status and attestation rules, and renewing on time, you protect beneficiaries, satisfy plan sponsor requirements, and strengthen your compliance posture.

FAQs.

Who is required to obtain the CMS FWA certificate?

Anyone working on Medicare Advantage or Part D activities for a plan sponsor or its FDRs generally needs the CMS FWA certificate—this includes employees, contracted clinicians, pharmacies, PBMs, and support vendors. Medicare-enrolled providers and suppliers, including those with DMEPOS supplier accreditation, may be deemed to have met the requirement but can still be asked for attestation and evidence.

What documentation must be retained for FWA training compliance?

Retain individual certificates (e.g., MLN FWA certificates), rosters and LMS reports, training content and updates, signed training attestations, relevant policies and procedures, and any deemed-status evidence. Keep these records secure and retrievable for the duration specified by your contracts—often up to 10 years.

How often must the FWA certificate be renewed?

Renew annually. New personnel who support Medicare work should complete training within 90 days of hire and then every year thereafter. Deemed entities should refresh their organizational attestation and maintain current Medicare enrollment or DMEPOS accreditation evidence on the same cadence.

What are the steps to renew the FWA certificate?

Confirm scope and deemed status, assign MLN or equivalent training, deliver and track completion, administer a knowledge check, issue certificates, collect any required training attestation, archive records for compliance record retention, report completion to sponsors upon request, and schedule the next renewal cycle.