When Depression-era bank robber Willie Sutton was asked why he robbed banks, he infamously responded, “Because that’s where the money is.” Similarly, anytime you see large amounts of government money devoted to any given industry or economic issue, such as healthcare or economic stimulus legislation, one should expect a corresponding increase in government oversight and enforcement because they anticipate fraud and false statement claims to flourish. That’s why we expect a vigorous government enforcement effort to follow the COVID-19 “Pandemic Recovery” efforts set forth in the Coronavirus Aid, Relief, and Economic Security Act, or the “CARES Act.”
Enforcement Will Look Like TARP, Except Much Bigger
Recall the 2008 financial crisis (a/k/a the Great Recession). To respond to that crisis, the federal government set up the $700 billion Troubled Asset Relief Program, or TARP. As part of that program, a law enforcement task force was created and specifically devoted to monitoring, auditing, and investigating the use of those funds. The Special Inspector General for the program (or SIGTARP) received over 33,000 whistleblower complaints and over 170 individuals were criminally charged. Another important part of the SIGTARP effort was the frequent use of audits and civil investigative demands (CIDs) for federal False Claims Act investigations, which largely sprouted from qui tam whistleblower complaints.
The TARP program appears to serve as the blueprint for the enforcement model to which U.S. agencies will turn for abuses of the COVID-19 “Pandemic Recovery” legislation. The CARES Act establishes the Special Inspector General for Pandemic Recovery (SIGPR), which will have significant funding to investigate waste, fraud, and abuse, and to pursue criminal and civil enforcement. At approximately $2.3 trillion, the Pandemic Recovery funds available under the CARES Act (“Recovery Funds”) are over three times larger than the TARP program. Accordingly, we expect the SIGPR to launch a robust oversight effort using the full range of investigative tools.
In addition to the SIGPR, Attorney General Barr has directed the DOJ, federal law enforcement agencies, and the U.S. Attorney’s Offices to organize COVID-19 fraud prevention teams. AG Barr said these federal law enforcement agencies will work together with state law enforcement agencies to ensure that offenders receive the proper level of attention quickly. In the short-run, law enforcement’s primary focus will be on misconduct that disrupts the country’s response to the pandemic and victimizes vulnerable organizations and individuals. (We have already seen the first prosecutions announced for “miracle cures,” hoarding of personal protection equipment, and price-gouging.) In the long-run, the government will be scrutinizing the ends to which Recovery Funds are put to use, and the certifications made to obtain them.
For its part, the Securities and Exchange Commission (SEC) is focused on “actively monitoring our markets for frauds, illicit schemes and other misconduct affecting U.S. investors relating to COVID-19.” The Commission has already undertaken an enforcement action against a Florida company and its CEO for allegedly attempting to profit from the national emergency. On April 28, the Commission filed an action charging the company and its CEO with fraud for issuing false and misleading press releases. The press releases touted the company’s ability to source and supply large quantities of the in-demand protective N95 mask. In announcing the action, the Enforcement Division stated that it “is committed to swiftly shutting down COVID-19 investment scams.” Apart from enforcement actions, expect the Commission to issue trading suspensions of stock in companies it suspects of such misconduct.
The Long-Term Enforcement Model
As with the SIGTARP enforcement efforts, we expect that the government will review all certifications made to obtain Recovery Funds, such as under the Paycheck Protection Program (PPP). Law enforcement will actively elicit whistleblower reports (especially from competitors and disgruntled former employees) who believe that a company may have submitted questionable certifications. The government will also utilize data analytics, subpoenas and CIDs, and other methods to independently verify a company’s certifications. Finally, we expect the government to aggressively audit company uses of Recovery Funds.
On April 28, 2020, Treasury Secretary Steven Mnuchin stated that every PPP loan over $2 million will be audited. He also stated, “Anybody that took the money that they shouldn’t have taken — one, it won’t be forgiven, and two, they may be subject to criminal liability, which is a big deal.”
Worth special mention here is the Federal False Claims Act, and the qui tam whistleblower provisions which permit a whistleblower to file a sealed lawsuit against a company alleging that it submitted false claims to wrongfully obtain government money. The government may either investigate the case itself or allow qui tam counsel to investigate the claims. A successful qui tam whistleblower can receive between 15-30% of the recovery, so the financial incentive for an individual to file such a claim (and for lawyers to assist them) is compelling. In 2019 alone, the DOJ brought in more than $3 billion in civil judgments using these cases. We expect the DOJ’s Civil Division, which runs the government’s Federal False Claims Act and qui tam enforcement program to be a much larger part of the effort than it was under TARP.
The SEC, too, operates a whistleblower program. Its program rewards company insiders for reporting violations of the securities laws. Complaints of Recovery Funds abuses from company insiders may well make their way to the SEC’s door on failure-to-disclose or books-and-records grounds under the securities laws. In March, the Division of Corporate Finance announced that is is “monitoring how companies are reporting the effects and risks of COVID-19 on their businesses, financial condition, and results of operations.”
But wait, there’s more. The U.S. House of Representatives has established a select Committee to also oversee the federal response to the pandemic. What was buried in the legislation was important. This select Committee will operate as a subcommittee under the Committee on Oversight and Reform (O&R). The O&R Committee has a significant number of seasoned investigators and legal staff who are experienced in how to make the most out of hearings. They too can issue requests for information and the Committee has subpoena power. What they lack for in prosecutorial authority, they more than make up for in an ability to hold hearings and expose documents.
What Can You Do to Minimize Government Enforcement Risk
1. Carefully Consider Whether You Need the Money
The federal government never gives away money free-and-clear—strings are always attached. If you perceive that your receipt of the funds will reflect poorly on you or the government, or if you have alternative sources of capital, you may want to consider whether to apply for the funds. If you conclude that you genuinely need the government money, then prepare for the government’s 20/20 hindsight review of your application for (and uses of) the funds. For guidance, please see “CARES Act Update – Important Considerations for Paycheck Protection Program Participants (Enforcement Actions, FAQ 31 and FAQ 37, and Fourth Interim Final Rule).”
2. Consult with Counsel Concerning the Program’s Requirements
To obtain Pandemic Recovery Funds, you must meet various requirements (some certain, some not so certain) and you will be required to make certifications. Gather documents supporting your certifications and consider having counsel review and opine on the risks associated with your certifications. For guidance, please see this article.
False, incomplete, or misleading certifications will be scrutinized. As with any filing with the federal government, any false statement submitted to obtain Recovery Funds will be actionable criminally and/or civilly. The government may also red-flag some certifications for vigorous follow-up.
3. Have a Plan to Address Audits
Have a reliable mechanism in place to track your receipt and use of Recovery Funds. Consider segregating the funds in a different account. Appoint one point person to handle all uses of the funds and to keep track of those uses. Minimize any chances that the funds will be misused or not accurately accounted. For guidance, please see this article.
4. Maintain Laser Focus on Compliance
The COVID-19 pandemic has upset everyone’s usual processes and procedures. Employees and executives who work remotely will have less physical presence and less access to paper memos, checks, invoices, and orders, so traditional processes and collaboration could be hindered. Such circumstances may lead to cutting corners. A simple example is where employees fail to obtain required approvals for expenditures over a certain amount. In this example, when such expenditures are cleared without the required approvals, a company can lose control of its processes and may lose money. Similarly, the distance and isolation associated with telecommuting could present similar challenges to legal compliance policies, which often require touchpoints, collaborations, and approvals. Now is the time to adapt your new remote working environment in a way to maintain focus on compliance policies.
What Should You Do If the Government Contacts You?
Government investigations can be very disruptive and intimidating. Some government inquiries are simple and focused on obtaining evidence about someone else. Some government inquiries are complex and may not clearly indicate who they are targeting. Some government inquiries reflect a misunderstanding of a client’s business that may explain red-flagged certifications. And, some government inquiries are narrowly focused on allegations obtained from a whistleblower.
We expect the government actors, DOJ and Congress, to deploy every tool in their respective arsenals to scrutinize what they perceive (rightly or wrongly) to be problematic applications for, or uses of, Pandemic Recovery Funds.
In any event, you should not engage with the government by yourself. You should always insist on speaking with counsel before making any statements to (or answering any questions by) law enforcement. Additionally, in certain, critical cases, a company should consider an internal investigation to determine potential liabilities or opportunities to advocate to the government that nothing improper occurred.