As scientists around the globe team up to discover and develop treatments and vaccine candidates for COVID-19, we are also seeing unprecedented speed and coordination in the effort to quell a different kind of virus — the myriad fraud schemes stemming from the COVID-19 crisis. This article describes the novel, coordinated approach that the government is taking to investigating and prosecuting COVID-19-related fraud, and provides actionable guidance that companies should follow to prevent fraud and possible government scrutiny.
As of July 7, the Federal Trade Commission (FTC) reported that U.S. consumers had already lost more than $77 million due to COVID-19 fraud schemes. Since May, with the first criminal prosecution for Paycheck Protection Program (PPP) fraud, we have anticipated, and seen, an increase in COVID-19-related enforcement actions — from actions involving PPP loans and unemployment benefits, to COVID-19 testing and treatment, to price gouging. With that increase, noteworthy developments have emerged regarding how federal and state enforcement agencies are teaming up to investigate and prosecute these cases.
The CARES Act created three new entities to oversee and investigate the distribution of relief funds: the Special Inspector General for Pandemic Recovery (SIGPR), the Pandemic Response Accountability Committee, and a congressional oversight commission. Since the early stages of the pandemic, federal, state, and local authorities around the country have announced partnerships to form COVID-19 task forces to investigate, prosecute, and protect the public from fraudulent schemes. But, as the pandemic rages on, we are seeing an even higher level of coordination among other enforcement agencies.
In the first COVID-19 prosecution involving allegations of securities and health care fraud, the government charged the president of Arrayit Corporation, a California-based medical technology company, with participating in a scheme to mislead investors, manipulating the company’s stock price, and conspiring to commit health care fraud in connection with submitting $69 million of false claims for allergy and COVID-19 testing. While this case was the first criminal securities fraud prosecution related to the COVID-19 pandemic, it also demonstrated the partnership between federal agencies seeking to combat COVID-19 fraud. In addition to the DOJ and the SEC, which partnered together in the prosecution, the case was investigated by the Health and Human Services Office of Inspector General (HHS-OIG), the FBI, the Veterans Affairs Office of Inspector General, the Defense Criminal Investigative Service (DCIS), and the U.S. Postal Inspection Service, which authored the affidavit supporting the complaint.
Similarly, on July 28, the U.S. Attorney for the Eastern District of Pennsylvania, William M. McSwain, announced that federal and state law enforcement collaborated with the Pennsylvania Department of Labor and Industry to prevent the theft of more than $44 million in pandemic unemployment assistance funds in Pennsylvania.
On the same day, the U.S. Attorney for the District of Massachusetts, Andrew E. Lelling, announced a Memorandum of Understanding (MOU) with Special Investigator General Brian D. Miller of the Office of SIGPR to investigate CARES Act fraud. The collaboration will focus on organized crime and criminal and civil fraud impacting federal money, vulnerable victims, and repeat fraudsters; speeding up the intake and prosecution of CARES Act fraud; linking CARES Act-related complaints to larger schemes; and deterring future fraud.
While it is not unusual for federal agencies to partner to investigate fraud, the level of collaboration we are now seeing — including the formal MOU between the District of Massachusetts and the Office of SIGPR — demonstrates a deeper commitment and dedication of resources to combating fraud, protecting the public, and recovering funds. These recent events come on the heels of an announcement by the DOJ, HHS, and the FTC of a joint effort to educate and inform the public of an emerging scheme intended to steal money and sensitive information through fraudulent contact tracing programs.
In this environment, companies that have either received funding under the CARES Act or that are in the COVID-19 treatment continuum must be more prepared than ever to prevent and detect fraudulent conduct that would give rise to a government investigation. Below are some actionable steps companies can take now to mitigate the risk of COVID-19-related investigations.
- Prioritize and properly resource compliance programs. An ounce of prevention is worth a pound of cure, and this is especially true in the current environment. A well-functioning compliance program is critical to preventing and detecting fraud and abuse, and it may also help to minimize liability or criminal enforcement for companies faced with government investigations. Indeed, the DOJ’s June 2020 guidance on corporate compliance programs made clear that the DOJ’s predicate question for evaluating corporate compliance programs will no longer be “is the program being implemented effectively?” Rather, the DOJ will focus on whether the program is “adequately resourced and empowered to function effectively.” From a practical standpoint, the DOJ wants to know whether compliance programs have sufficient resources within the company to effectively prevent, detect, and deter fraud and abuse and whether leadership — the “tone at the top” — is sufficiently empowering the compliance function.
- Closely monitor transactions that stem from CARES Act funding. The government has wasted no time in employing data analytics to identify cases for investigation. Companies should likewise closely monitor their transactions and investigate outliers or transactions that otherwise raise compliance questions.
- Provide, or enhance, avenues to report misconduct. One month after the CARES Act was passed, the DOJ announced that the National Center for Disaster Fraud had received more than 9,000 reports of potential COVID-19-related fraud. Companies that provide avenues for internal, anonymous reporting of compliance issues are better positioned to learn of, and promptly respond to, misconduct. And, employees who are able to report their concerns internally are likely to do so before reporting them externally.
- Promptly investigate allegations of wrongdoing. Though widespread telecommuting poses challenges to internal investigations, once a company learns of potential fraud, it is imperative that the company investigates promptly. This positions companies to understand the issues, take corrective action, and develop a strategy for engaging with the government, if necessary.