Last month, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) in response to the economic crisis that has been created by the COVID-19 pandemic. The CARES Act established the Paycheck Participation Program (“PPP”), pursuant to which the Small Business Administration (“SBA”) will provide up to $349 billion in loans to small businesses. On April 21, 2020, the Senate voted to guarantee an additional $310 billion in loans under the PPP. Under the CARES Act, the PPP allows small businesses to borrow up to $10 million from lenders, which will be completely forgiven if the businesses use the loan for payroll expenses and to maintain employee and compensation levels during the COVID-19 crisis. The intent of the PPP is to provide “relief to America’s small businesses expeditiously.”
However, the urgency of providing financial assistance now is putting strains on normal business and government vetting processes. For small businesses, this may increase the risk that after the pandemic has passed, the government, sometimes at the behest of whistleblowers, will turn around and investigate many of the same distressed companies applying for government funds under the CARES Act. For that reason, an ounce of compliance protection now may well be worth a pound of enforcement cure later.
Lenders and businesses could face future criminal and civil liability if they fail to strictly comply with the CARES Act. For example, the United States Department of Justice (DOJ) can prosecute any person who makes “any claim upon or against the United States … knowing such claim to be false, fictitious, or fraudulent,” which is punishable by fines and up to five years in prison. 18 U.S.C. § 287. Additionally, the False Claims Act (“FCA”) provides that both the government and whistleblowers, or relators, can bring claims against any party that “knowingly presents or causes to present a false claim for payment or approval” or that “knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim” to the government for payment. 31 U.S.C. § 3729. Exposure under the FCA may be significant, including monetary penalties, treble damages, and the payment of attorney’s fees, and this exposure may exist for years – sometimes up to a decade – after the alleged violation. 31 U.S.C. § 3731(b). For example, an employee (or former employee) of a lender or an employee of a small business applying for a loan could file a qui tam lawsuit under the FCA, alleging that the lender or the small business knowingly failed to comply with the CARES Act or otherwise broke often-complicated government regulations in approving or applying for a loan under the PPP. And of course, the government’s go-to statutes, the mail fraud and wire fraud statutes (18 U.S.C. §§ 1341 and 1343), have proven to be flexible and expansive tools in the government’s hands even when the technical elements of more specific statutes are not satisfied.
With respect to lenders, the SBA has stated that PPP lenders “will be held harmless for borrowers’ failure to comply with program criteria” and the SBA “will hold harmless any lender that relies on such borrower documents and attestation from a borrower.” However, to be held harmless by the SBA, lenders must have or put into place a Bank Secrecy Act or anti-money laundering compliance program commensurate with a program of a comparable federally regulated institution. This in turn may require a customer identification program. The SBA’s guidance, however, is not codified in the CARES Act itself, raising the question of whether it will protect lenders from future enforcement actions or claims brought by other government agencies, like the DOJ, let alone private relators under the FCA. For that reason, failure to strictly adhere to the mandates of the CARES Act, including the requirement that lenders have certain compliance programs in place to participate in the PPP, might carry significant future risks.
In light of the uncertainties in these unprecedented times, both lenders and businesses should take steps to minimize future risks. Lenders should ensure that they have put in place significant compliance measures, including anti-money laundering compliance programs. Those programs should include robust controls that meet the standards outlined in the CARES Act. Lenders should also carefully document all steps in their provision of PPP loans to small businesses and, in particular, document what information was received from applicants supporting the decision to issue a loan in a certain amount. Additionally, businesses applying for PPP loans should take great care when determining that they qualify for a loan under the CARES Act and that all statements submitted to lenders are true and accurate. Clients should remember that what is a mad scramble for survival now may be meticulously dissected by federal investigators playing All-Pro armchair quarterbacks years from now.
It is uncertain at this time what actions the government and qui tam litigants may pursue down the road. But there are critical steps that businesses can take now to minimize future risks.