CARES Act Enforcement Risks and Compliance Best Practices
On March 27, 2020, the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) was signed into law, making available $2.2 trillion in relief funds. This Alert identifies the potential enforcement risks for recipients of CARES Act funds, as well as some compliance best practices to follow in the application of and use of these funds. For a more comprehensive discussion of these issues, follow this link.
Consistent with activity following other large stimulus initiatives or government loans, including the 2009 Troubled Asset Relief Program (“TARP”), the U.S. government has indicated that it intends to be aggressive in pursuing misconduct or fraud by recipients of CARES Act funds. Entities contemplating applying for and ultimately receiving CARES Act funds, directly or indirectly, should be cognizant of all applicable laws and regulations, and should consider taking steps to address potential risks, including assessing the adequacy of — and fortifying where necessary — internal policies, procedures and controls, and staying current on guidance issued by government enforcement authorities.
New CARES Act Enforcement Mechanisms
The CARES Act creates a broad oversight and enforcement regime charged with ensuring that the federal government’s CARES Act loans are obtained and used consistent with the specified eligibility requirements of each loan. The specific new enforcement mechanisms in the CARES Act include:
Special Inspector General for Pandemic Recovery ("SIGPR")
- Established within the Treasury Department, and is responsible for conducting, supervising and coordinating “audits and investigations of the making, purchase, management and sale of loans, loan guarantees, and other investments" by the secretary of the Treasury under any program established under the CARES Act.1
- Has authority to conduct audits and investigations, including the authority to issue subpoenas.
- On April 6, 2020, President Trump nominated Brian Miller, current White House lawyer and previous Inspector General of the General Services Administration, to be SIGPR.
- This is analogous to the appointment of an SIG under TARP (“SIGTARP”), who was appointed to identify and prosecute fraud, waste and abuse related to TARP, similar to SIGPR's mandate. SIGTARP has brought numerous investigations and recovered $11 billion through the end of 2019, including $900 million in 2019 alone.
Pandemic Response Accountability Committee (“PRAC”)
- Tasked with conducting, coordinating and supporting inspectors general in the oversight of funds from all three phases of the coronavirus legislative relief in order to “(1) detect and prevent fraud, waste, abuse, and mismanagement; and (2) mitigate major risks that cut across programs and agency boundaries.”2
- Has authority to conduct investigations, including holding public hearings, and can refer matters to the Department of Justice (“DOJ”) for criminal or civil investigation.
- May issue and enforce subpoenas to compel testimony.
Congressional Oversight Commission
- Has authority to oversee the implementation of the stimulus package by the Treasury and the Federal Reserve, hold hearings, take testimony and receive necessary evidence from relevant federal departments or agencies.
Existing Enforcement Avenues
In addition to the newly established enforcement regime, other enforcement mechanisms apply.
- DOJ — The DOJ has indicated in numerous public statements its intention to investigate misconduct associated with the CARES Act and COVID-19.
- State Attorneys General (“AGs”) — Following TARP, state AGs worked with SIGTARP to investigate misuse of TARP funds. Similar collaborations will likely result from the CARES Act. As states roll out their own aid packages, additional sources of potential liability enforceable by the State AGs will likely arise.
- Securities and Exchange Commission (“SEC”) — The SEC has publicly conveyed that it will continue actively monitoring the “markets for frauds, illicit schemes and other misconduct affecting U.S. investors relating to COVID-19.” Further, it will investigate individuals and entities that trade on material nonpublic information due to COVID-19 vulnerabilities.
- Internal Revenue Service (“IRS”) — The IRS has a dedicated public website concerning Coronavirus Tax Relief and economic impact payments. Since CARES Act recipients will be receiving government funds, they will be required to reflect this information on any tax filings and relevant disclosures, and thus will be subject to IRS oversight and investigations.
Compliance Best Practices and Recommendations
Loan recipients should take care in the application and use of the funds received under the CARES Act, and should consider enhancing Compliance and Finance resources to appropriately monitor compliance with all applicable requirements. Some best practices include:
- Throughout the Entire Process:
- Memorialize and maintain steps taken throughout the process, ideally in a central repository. This includes all steps taken to ensure compliance; the bases for any required certifications; the rationale for making any modifications to existing processes; layers of review, including individuals (or functions) involved with reviews; and other internal controls designed to ensure robust, good-faith submissions and execution.
- Ensure applicable personnel understand the importance of accuracy and transparency with respect to their individual roles and welcome feedback.
- Consider trainings or other communications to underscore the importance of careful adherence to rules.
- Loan Application:
- Honestly and accurately complete CARES Act loan applications, including sections establishing eligibility. Knowingly or intentionally submitting inaccurate or false information in a CARES Act loan application could create potential enforcement liability, including under the False Claims Act.
- Do not include any information that is false in furtherance of CARES Act loan applications; to that end, verify assertions with personnel most knowledgeable on the subject matter and be mindful of statements made in previous filings.
- Be mindful of statements made in previous filings and ensure that representations made in the loan application are consistent with the same (e.g., regarding a sponsor’s control rights).
- Consider appointing an individual or a sub-group to be responsible for a complete review of the submission to identify any inconsistencies or errors.
- Loan applications are likely subject to FOIA requests, so assume that they will be made public.
- In Anticipation of Funds:
- Continue to monitor government guidance for additional information and/or regulations to ensure compliance with any new requirements.
- In consultation with legal and compliance personnel, (i) identify all compliance requirements related to the loan, and (ii) establish policies, procedures and controls to ensure compliance with all loan conditions.
- Ensure that any governmental modifications or waivers of requirements are documented in writing.
- Upon Receipt of Funds:
- Implement policies, procedures and controls designed to ensure compliance with loan conditions, and actively monitor adherence to the same. Consider appointing a resource dedicated to monitoring compliance.
- Maintain an effective reporting system to identify and investigate compliance concerns, preferably in consultation with legal and compliance personnel.
- Corporate Governance:
- Ensure that the board of directors vets decisions on all types of disclosures and filings (regulatory, investor, etc.).
- Compliance Program:
- Assess and amend, if needed, relevant compliance policies, procedures and controls to prevent employee theft of, or other fraud related to, incoming CARES Act funds.
- Evaluate potential heightened risk areas in the context of the COVID-19 crisis, and the adequacy of corresponding policies, procedures, systems, controls and employee training.
- Closely follow, review and adhere to evolving government guidance related to the CARES Act and the COVID-19 crisis.
1. CARES Act, § 4018(c)(1).↩
2. CARES Act, § 15010(d)(1).↩
