Leading up to a webinar on July 15, 2020, we are publishing a blog series covering the risks of enforcement against companies that received COVID-19 relief funds under the CARES Act and strategies for mitigating these risks. This second installment of our series discusses our predictions related to litigation and enforcement activities. We expect a substantial number of False Claims Act (FCA) investigations and lawsuits initiated mainly by whistleblowers (also known as “relators”). The FCA remains the government’s primary enforcement tool for pursuing alleged fraud by recipients of government funds, and FCA claims present substantial risk because the statute permits treble damages and significant per-claim penalties. For example, an erroneous $100,000 loan under the Paycheck Protection Program (PPP) can result in $300,000 in FCA damages or more.
The CARES Act also created several oversight agencies modeled in part on strategies to eliminate fraud, waste, and abuse under the Troubled Asset Relief Program (TARP) passed in 2008 during the country’s last financial crisis. Ongoing enforcement activity related to prior relief programs offers lessons regarding how these new oversight entities may approach COVID-19 relief enforcement. History demonstrates that when the government dispenses substantial relief funding, it seeks to recoup funds through oversight and enforcement.
FCA Enforcement Involving COVID-19 Relief Fund Recipients and Their Investors
Given the distribution of trillions of COVID-19 relief dollars through CARES Act programs, we expect a substantial number of FCA investigations and lawsuits against companies that received relief funds. The FCA imposes liability on companies that, among other things, knowingly submit a false claim to the government, make a false record or statement to the government, or retain an overpayment. Companies that received COVID-19 relief funds under certain CARES Act programs had to make various representations and certifications (which vary by program) to obtain these funds (e.g., for PPP), or retain automatically distributed funds (e.g., for the Provider Relief Fund). They must also comply with program terms and conditions. A company may be subject to FCA claims, if, for example, it made inaccurate certifications, failed to comply with terms and conditions, or retained funds to which it was not entitled.
FCA enforcement will arise in several ways. The Department of Justice (DOJ) will undoubtedly enforce alleged civil fraud involving COVID-19 relief funds through the FCA. In a recent speech to the U.S. Chamber of Commerce’s Institute for Legal Reform, Ethan Davis, Principal Deputy Assistant Attorney General for DOJ’s Civil Division, confirmed that the Civil Division will “energetically use every enforcement tool available to prevent wrongdoers from exploiting the COVID-19 crisis.” He cited the FCA as one of the most effective “weapons” in the Civil Division’s arsenal, which he stated will be deployed against those who commit fraud related to the various coronavirus relief programs.
Davis advised that DOJ’s FCA enforcement efforts may extend beyond recipients of COVID-19 relief funds to “include, in appropriate cases, private equity firms that sometimes invest in companies receiving CARES Act funds.” Davis cited, as an example, a pre-pandemic FCA case against a private equity investor that we discussed in a previous post.
In addition, relators, who are often current or former employees, will undoubtedly bring qui tam FCA claims alleging, among other things, fraudulent use, receipt, and certification of eligibility for COVID-19 relief funds. Relator-filed FCA cases have for years driven the large majority of FCA enforcement. In 2019, whistleblowers brought 636 of 782 FCA lawsuits, and the government recovered over $3 billion from FCA cases. We expect the number of FCA cases will be at least as high, if not higher, in 2020 and beyond given the amount and manner in which the government has distributed COVID-19 relief funds. The massive displacement of employees resulting from the current financial crisis may increase that risk because relators are frequently disgruntled employees. Further, publicity around CARES Act funding risk and liability may generate questions and concerns from current employees, who also may bring qui tam cases. In addition, we expect investigative reporting and public disclosure of certain relief fund recipients to generate FCA enforcement.
Potential FCA Claims Against Companies that Received COVID-19 Relief Funds and Lines of Defense
Relators likely will base FCA claims on assertions that companies fraudulently obtained or retained COVID-19 relief funds because the certifications they had to make under each relief program were false. As with all FCA claims, the FCA elements of “materiality” and “knowledge” will thus remain at the forefront of FCA allegations and defenses, as will the scope and content of these certifications, and questions about what companies knew or understood about the accuracy of their certifications.
Relators will also likely base fraud allegations on, among other things, alleged departures from the considerable agency guidance related to COVID-19 relief funds. The agencies administering the various CARES Act programs (discussed in our prior post) have issued a variety of administrate rules, FAQs, and sub-regulatory guidance. For example, detailed, lengthy FAQs exist for the PPP, the CARES Act Provider Relief Fund, and other programs. The guidance is constantly evolving and at times has been unclear, inconsistent, or contradictory. We anticipate that relators will contend that companies failed to comply with evolving rules, FAQs, and other guidance documents, and fraudulently obtained or retained relief funds as a result.
There are several potential FCA defenses to FCA claims based on alleged departures from agency guidance. Companies may be able to rely on a recent U.S. Supreme Court case, Azar v. Alina Health Services, holding that departures from sub-regulatory guidance that establish or change a “substantive legal standard” cannot be the sole basis for enforcement, unless the guidance was the product of notice and comment rulemaking. Companies targeted by FCA claims based on alleged departures from the complex and evolving agency FAQs, for example, may be able to use this defense.
In addition, defendants may be able to argue, based on court precedent, that no FCA violation occurred where the law is vague or guidance is inconsistent, and the defendant’s interpretation of the rules was objectively reasonable. This FCA defense will become important because the evolving regulations and agency guidance presents some interpretive challenges, and companies trying in good faith to comply should not be subject to FCA liability where their interpretation of program requirement and guidance was reasonable.
In light of these defenses, companies should consider ways to position themselves now to establish these defenses later by building a record. For example, companies should consider documenting their contemporaneous assessment of agency guidance and how it applies to their receipt, retention, or use of relief funds. They might need to rely on this documentation in defense of an FCA investigation later. Companies should carefully consider whether such documentation should be protected by the attorney-client privilege.
New Enforcement Entities under the CARES Act May Follow the TARP Enforcement Model
As discussed in our prior post, the CARES Act established three new entities to address COVID-19 relief fund fraud – the Office of the Special Inspector General for Pandemic Recovery (SIGPR), Pandemic Response Accountability Committee (PRAC), and the Congressional Oversight Commission (COC). These entities will oversee the administration of COVID-19 relief funds and will investigate and bring enforcement actions.
These oversight and enforcement entities are largely modeled on similar tools used to investigate fraud under TARP. Enforcement actions against TARP recipients therefore provide some insight into how these entities may bring their oversight authority to bear against COVID-19 relief fund recipients—both civil and criminal.
In October 2008, Congress passed TARP “to combat the worst financial crisis since the Great Depression.” The law creating TARP implemented oversight authority in the Special Inspector General for TARP (SIGTARP) and the Congressional Oversight Panel (COP), among others. As with the corresponding entities established by the CARES Act (SIGPR and COC), both SIGTARP and the COP had broad investigative authority, and, SIGTARP in particular used its authority to bring a substantial number of enforcement cases.
SIGTARP claims a 31-fold return on investment: it recovered $11 billion using a budget of about $350 million. Since 2009, SIGTARP reports its investigations have yielded 384 criminal convictions, including 94 bankers and 79 of their co-conspirators, and recovery of more than $11 billion in purportedly misappropriated funds. SIGTARP remains active, long after the last financial crisis passed. In fact, over ten years after SIGTARP began its work, recoveries continue. In fiscal year 2020, SIGTARP claims recoveries of $81.6 million and nine criminal charges, on top of the $900 million recovered in FY 2019. With another $2.4 billion in TARP funds obligated or committed to home mortgage modification assistance in the future, SIGTARP will continue its work for the foreseeable future. While its jurisdiction was and is ostensibly limited to targeting financial institution crime and other fraud, waste, and abuse related to TARP, history has shown that SIGTARP used the receipt of TARP funds as a vehicle for wide-ranging investigations into alleged wrongdoing.
We anticipate that SIGPR, which is similar to SIGTARP, will use its similar authority to police the use of CARES Act funds in an even more wide-ranging fashion and for years to come. Whereas TARP funds went largely to financial institutions, CARES Act relief has touched nearly every sector of the U.S. economy. Given the breadth of businesses and industries that have received COVID-19 related relief, SIGPR’s investigations have the potential to reach into far more corners of the American economy than SIGTARP could under TARP.
SIGPR will not be alone in its efforts. We expect that numerous Inspectors General will investigate potential COVID-19 relief fraud. The CARES Act provides $80 million for PRAC and $148 million for established inspectors general—$253 million in total. In a June 17th report, PRAC highlighted the top challenges facing federal agencies in their COVID-19 emergency relief and response efforts based on input from the OIGs at 37 different federal agencies receiving emergency funds or involved in the pandemic response. The report recognized that “[g]iven the amount of money at issue, the need to distribute aid quickly, and the use of grants and loans to disburse funds,” many executive branch agencies would face “a significant challenge” in “effectively managing” these programs. Past experience has shown that mistakes in disbursing funds can lead to investigations and enforcement actions, even of innocent recipients. Businesses should monitor PRAC’s reports and should also be prepared to justify any government money received in the event of an audit or investigation and promptly report any mistakes that are discovered to the agency involved.
We can also garner insight into potential COVID-19 relief fund enforcement based on aggressive government investigation and enforcement attention that has followed the distribution of disaster relief funding. For example, DOJ’s National Center for Disaster Fraud (NCDF) established a hotline for fraud-related complaints following the federal government’s response to Hurricane Katrina in 2005. NCDF has encouraged whistleblowers to use that same hotline to report COVID-19-related fraud complaints. Along the same lines, the Department of Defense (DoD) OIG recently issued a report and recommendations for minimizing fraud, waste, and abuse in responding to the COVID-19 pandemic based on audits of DoD’s response to earlier natural disasters.
Despite the virtually unprecedented magnitude of the COVID-19 crisis, the enforcement activity following prior government efforts to alleviate the impact of financial crises and natural disasters offer guideposts to predict how enforcement agencies may apply similar techniques to COVID-19 relief funds. Many companies receiving COVID-19 relief funds can undoubtedly expect careful scrutiny from Inspectors General and enforcement agencies, as well as FCA investigations and lawsuits, among other things. Because the government has distributed trillions of dollars of COVID-19 relief funds, we expect that oversight and enforcement will continue long after the pandemic has passed.
In the next post in our blog series, we will discuss emerging and anticipated criminal enforcement involving COVID-19 relief funds.