CMS FWA Compliance Checklist: Training, Attestations, and Certificate Management

CMS Training Options

You can satisfy CMS Fraud Waste and Abuse (FWA) and general compliance requirements using one of three approaches: complete the Medicare Learning Network (MLN) web-based training, deploy equivalent organization-developed modules, or follow your plan sponsor’s training program. Select the path that best fits your workforce and documentation needs while ensuring full topic coverage.

Plan sponsor employees must complete general compliance and FWA training. For First Tier, Downstream, and Related Entities (FDRs), sponsors may accept MLN modules or equivalent internal training that covers required content. Providers “deemed” through Medicare Parts A or B enrollment or DMEPOS accreditation meet the FWA training requirement, but still need general compliance training.

Before rollout, confirm the current-year modules, align content with job roles, and set up tracking for Training Completion Verification. Ensure your method scales to contractors, temporary staff, volunteers, and governing body members who support Parts C and D activities.

Training Completion Timeline

Establish timelines that meet CMS expectations: complete training within 90 days of initial hire or contract and at least annually thereafter. Apply the same cadence to role changes, system implementations, and policy updates that materially affect compliance risk.

Operationalize due dates with automated reminders, supervisor dashboards, and exception reporting. Treat missed deadlines as compliance events that require prompt follow‑up and documented remediation to support audit readiness.

Attestation Requirements

Many sponsors require an Attestation Form from FDRs confirming completion of general compliance and, when applicable, FWA training. The attestation should identify the entity (legal name and TIN), training types and dates, covered workforce (employees, contractors, downstream entities), and a statement that content met CMS Parts C and D requirements.

Where FWA is “deemed,” document Medicare enrollment or DMEPOS accreditation and attest to completion of general compliance training. Retain signed attestations annually and whenever there is a material change in ownership, scope, or risk profile.

Record Maintenance

Maintain training records for at least 10 years. Your Training Certificate Retention file should include rosters, dates, topics, completion status, certificates, test scores (if used), and signed Attestation Forms. Keep “deemed” documentation (for example, Medicare enrollment verification) alongside training records.

Store records in a secure, searchable repository with access controls and version history. During a Compliance Audit, you must be able to quickly produce evidence by plan, contract, location, and individual to demonstrate timely and complete training.

Sponsor Responsibilities

Sponsors are accountable for setting expectations, communicating standards, and overseeing FDRs. This includes distributing a Code of Conduct, defining training scope, and verifying completion through sampling, audits, or centralized reporting. Build these requirements into contracts and delegation agreements.

Implement ongoing monitoring and Training Completion Verification, escalate noncompliance, and document corrective actions. Ensure audit trails show requests, responses, exceptions, and remediation outcomes to demonstrate effective oversight of FDRs.

Training Content Integrity

If you deliver the MLN modules, do not alter the core training content; you may add organization‑specific policies, procedures, reporting channels, and examples relevant to your operations. If you develop your own training, ensure it covers the same core subject matter and competencies.

Content should clearly address: elements of an effective compliance program; reporting mechanisms and non‑retaliation; key FWA laws (for example, False Claims Act and Anti‑Kickback Statute); prevention, detection, reporting, and correction steps; and role‑specific risks. Refresh content when regulations or internal policies change.

Training Documentation

Acceptable documentation includes MLN certificates, LMS completion reports, signed attendance sheets, employee attestations, and quiz results where applicable. Align HR rosters with training records to prove complete coverage of eligible roles and maintain traceability from requirement to learner to evidence.

Before each audit cycle, perform an internal Compliance Audit of your training files: reconcile rosters, resolve gaps, validate timestamps, and confirm that Attestation Forms, certificates, and “deemed” proofs are present and current. This closes evidence gaps and streamlines regulator and sponsor reviews.

In summary, use the MLN or equivalent training, meet the 90‑day and annual cadence, collect and retain attestations, and keep comprehensive records for 10 years. Effective oversight, strong documentation, and proactive verification are the foundation of a reliable CMS FWA Compliance Checklist.

FAQs

What are the CMS training completion deadlines?

Complete general compliance and FWA training within 90 days of hire or contracting and at least annually thereafter. Apply the same cadence when duties change or policies materially shift. Sponsors may set stricter timelines in contracts; follow the most stringent requirement in effect.

How long must training records be maintained?

Keep training records—including rosters, dates, topics, certificates, test scores (if used), and Attestation Forms—for a minimum of 10 years. Retain proof of any “deemed” status for FWA alongside training documentation.

Can CMS training content be modified?

If you use Medicare Learning Network modules, don’t alter the core content; you may add organization‑specific information. If you create your own modules, ensure the material fully covers required CMS Parts C and D compliance and Fraud Waste and Abuse (FWA) topics and aligns with sponsor expectations.

What documentation is acceptable for training verification?

Acceptable evidence includes MLN certificates of completion, LMS reports, signed attendance logs, employee attestations, and quiz results where applicable. For entities deemed for FWA, maintain Medicare enrollment or DMEPOS accreditation documentation plus proof of completed general compliance training.