We live in unprecedented times. Never before in modern history has the United States voluntarily shut-down its entire national economy in order to stop a virus pandemic. Payrolls have dropped by more than 21 million workers, wiping-out a decade of job gains. New orders, production, hiring, and new exports all fell again in May. As businesses begin opening-up, governments at every level (national, state and local) are struggling to help revive the economy and get people back to work.
In passing the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the federal government created enormous incentives for companies to apply for economic stimulus funding and grants in order to offset the devastating economic impacts caused by the worldwide pandemic. Congress recently added another $460 billion in relief to the already-passed $2 trillion in government aid in the CARES Act and is considering approving an additional aid package.
With a total of $3.3 trillion in new spending and tax breaks, law enforcement agencies already are investigating companies and business owners in connection with their receipt of stimulus funding and grants. Since the CARES Act was signed into law on March 27, the U.S. Department of Justice has filed numerous criminal actions against individuals for allegedly committing fraud and making false statements in connection with the Paycheck Protection Program. And that is just the beginning of what will likely become many years of government investigations.
In addition to oversight investigations by the U.S. Treasury’s new Special Inspector General, financial services institutions will face audits and reviews by their regulators regarding their acceptance of CARES Act assistance. Also, companies not typically part of the regulated financial system will face increased scrutiny through government investigations and audits. In addition to facing possible criminal investigations, companies receiving pandemic stimulus assistance could face civil investigations and litigation (including investigations brought under the False Claims Act and the Financial Institutions Reform, Recovery, and Enforcement Act) in connection with various certifications and reports required by the government as part of the loan application process.
This COVID-19 fraud enforcement alert provides an overview of the government oversight provisions included in CARES Act programs. It also summarizes current trends in COVID-19 anti-fraud enforcement by federal, state, and local law enforcement agencies, and highlights why companies receiving federal aid should take defensive action and position themselves to demonstrate compliance and manage enforcement and litigation risk.
CARES Act Oversight
The CARES Act created a number of programs to help businesses that have been most impacted by COVID-19, including the following:
- Paycheck Protection Program (PPP): Designed to encourage employers to keep workers on payroll and to help cover expenses (e.g., payroll, mortgage, rent, utilities). Companies have an obligation to certify in good faith that they need the money, and should be prepared to demonstrate that need upon request from the SBA. On June 5, the President signed the Paycheck Protection Flexibility Act into law. This new law is intended to make it easier for PPP recipients to qualify for forgiveness, including changing the requirement that 75 percent of the amount forgiven must be on payroll costs to 60 percent.
- Economic Injury Disaster Loan Emergency Advance: Provides up to $10,000 to small businesses (under 500 employees) currently experiencing temporary difficulties.
- SBA Express Bridge Loans: Enables small businesses who currently have a business relationship with an SBA Express Lender to access up to $25,000 quickly.
- Debt Relief: SBA automatically pays principal, interest, and fees of certain current 7(a), 504, and microloans for a period of time.
- Main Street Lending Program: Small and mid-sized businesses can obtain funding needed due to revenue shortfalls caused by COVID-19. This is a Federal Reserve program, and the Federal Reserve will be purchasing up to $600 billion in loans.
In addition, the CARES Act provides approximately $175 billion in relief funds to hospitals and other healthcare providers on the front lines of the coronavirus response. This funding supports healthcare-related expenses or lost revenue attributable to COVID-19 and ensures uninsured Americans can get testing and treatment for COVID-19.
There is no shortage of oversight and enforcement built into the CARES Act itself, which established several new enforcement bodies discussed below. These new oversight bodies will partner with established law enforcement agencies including the Department of Justice (DOJ), FBI, and state attorneys general, who have also pledged to police potential fraud and abuse associated with COVID-19.
- Inspector General for Pandemic Recovery: On June 2, the Senate confirmed Special Inspector General (SIG) Brian Miller, who is tasked with coordinating audits and investigations related to loans and other investments made by the Treasury Secretary.
- Congressional Oversight Commission: Conducts oversight of various agencies’ implementation of the CARES Act. The Commission has the power to hold hearings, compel the production of documents and witness testimony, and is required to furnish regular reports to Congress, addressing the effectiveness of the stimulus programs.
- Pandemic Response Accountability Committee (PRAC): The PRAC has the broadest oversight and enforcement powers of the three bodies established by the CARES Act. It is tasked with helping inspectors general safeguard CARES Act funds in order to “detect and prevent fraud, waste, abuse, and mismanagement” and “determine whether wasteful spending, poor contract or grant management, or other abuses are occurring,” and with referring matters to the inspectors general or DOJ as appropriate.
Members of Congress have already warned the Treasury and the Federal Reserve that they “will be watching carefully as you hand out these funds.” Thus, we can expect oversight investigations not only from traditional law enforcement agencies, but also from political branches of federal and state governments not typically associated with anti-fraud enforcement. For example, members of Congress asked the SBA Investigator General to investigate PPP implementation after reports that larger companies received preferential treatment at the expense of smaller businesses.
Trends and Examples of COVID-19 Fraud Enforcement Actions
Enforcement actions related to the receipt of stimulus funds has already begun. Businesses should expect significant oversight and enforcement activity involving CARES Act funds for years after the COVID-19 pandemic ends. Understanding what law enforcement is doing today is critical. Companies receiving aid can use current law enforcement trends to help forecast their potential enforcement risk.
Hundreds of federal civil and criminal actions have already been filed related to COVID-19. In fact, the U.S. Attorney General directed all U.S. Attorneys to prioritize investigation and prosecution of coronavirus-related fraud schemes, and each U.S. Attorney was directed to appoint a coordinator to serve as legal counsel on coronavirus matters, direct prosecution of coronavirus-related crimes, and to conduct outreach and awareness. Deputy Attorney General Jeffrey Rosen issued a follow-up memorandum highlighting different types of schemes stemming from the COVID-19 pandemic and discussing various enforcement remedies available to government investigators to address potential criminal schemes.
Charlatans and Snake Oil: Consumer Fraud
The first wave of enforcement primarily focused on fake COVID-19 treatments and other consumer frauds. The Financial Crimes Enforcement Network (FinCEN) is a bureau of the U.S. Treasury tasked with collecting and analyzing information about financial transactions in order to combat money laundering, terrorist financing, and other financial crimes. On May 18, FinCEN released an advisory providing helpful tips for identifying scams, case studies on certain scams, and instructions for banks filing Suspicious Activity Reports in order to assist in identifying and preventing financial crimes related to the crisis.
Recent consumer protection enforcement actions include:
- A restraining order against the operators of the website coronavirusmedicalkit.com, allegedly selling fake vaccine kits;
- A complaint against a man claiming to have developed a cure and treatment that prevents infection;
- A man was arrested for orchestrating a scheme to defraud health care benefit programs related to COVID-19 testing;
- Several prosecutions involving the marketing and sale of unproven, fraudulent, and dangerous COVID-19 “cures;”
- The attempted fraudulent sale of nonexistent respirator masks.
The FBI’s Internet Crime Complaint Center has received more than 3,600 complaints related to COVID-19 scams, many of which operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams. The FBI has disrupted:
- An illicit website pretending to solicit and collect donations to the American Red Cross.
- Fraudulent websites that spoofed government programs and organizations to trick citizens into entering personally identifiable information, including banking details.
- Websites of legitimate companies and services that were used to facilitate the distribution or control of malicious software.
On June 12, a federal grand jury in the Central District of California indicted a Huntington Beach man on fraud charges alleging he solicited people around the nation to invest in companies that would market pills he claimed would prevent coronavirus infections and produce an injectable cure for those already suffering from COVID-19. The defendant was charged with 11 counts of wire fraud stemming from solicitations he allegedly made to potential investors in Nevada, New York, Texas and Colorado. The FBI first arrested the man on March 25 after he delivered pills – purportedly the treatment that prevents coronavirus infection – to an undercover agent who was posing as an investor. Two of the charges in the indictment relate to communications with the undercover agent.
Price Gouging Enforcement Actions
Price gouging and hoarding has been rampant throughout these unprecedented times. To combat these concerns, the President signed an Executive Order on March 23 which prohibits the hoarding of designated items, including face masks and personal protective equipment (“PPE”), which have been deemed scarce materials. It is unlawful to accumulate such goods at levels “in excess of the reasonable demands of business, personal, or home consumption” or “for the purpose of resale at prices in excess of prevailing market prices.” In response, DOJ has created a COVID-19 Hoarding and Price Gouging Task Force. Similarly, California and other states have taken steps against sellers engaged in price gouging.
There have been many federal and state enforcement actions related to price gouging. Some examples include:
- Eight individuals arrested for price-gouging after allegedly charging exorbitant prices for scarce products such as toilet paper and hand sanitizer;
- Charges were brought against two individuals for seeking to profit off of a deal for masks;
- A pharmacist was arrested for allegedly engaging in 1) hoarding and price gouging of thousands of N95 masks; 2) lying to the DEA; and 3) billing for prescriptions based on false representations, and 4) using pharmacy patients’ identifying information without authorization.
Financial Frauds and Fraud on the Government
In May and June, we started to see a shift to enforcement relating to financial fraud in connection with applications for CARES Act stimulus funds. In the past six weeks, DOJ filed charges in at least nine different criminal cases against people accused of PPP loan fraud. Some examples include:
- May 5, 2020: Two businessmen were charged with filing bank loan applications fraudulently seeking more than a half-million dollars in forgivable SBA loans. They claimed to have employees earning wages at four different businesses, and sought over $500,000 to pay them. However, three of the four businesses were not even in operation prior to COVID-19.
- May 13, 2020: An engineer was charged with fraudulently seeking over $10 million in CARES Act SBA PPP loans, after claiming to have over 250 employees in two companies. However, there were no records of revenues or payment of employee wages in 2020 by the business.
- June 2, 2020: A large retailer allegedly filed fraudulent loan applications seeking over $8 million in PPP loans. The complaint alleges fraudulent payroll documentation for non-existent expenses. The partnership for which relief was sought was established only days before loan applications were submitted.
- June 16, 2020: The owner and operator of several information technology companies based in the Chicago area was charged in a complaint in the Northern District of Illinois with allegedly filing a bank loan application fraudulently seeking more than $400,000 in a forgivable PPP loan. The loan application significantly overstated the payroll expenses of a company the defendant controlled and he is accused of submitting to the lender false IRS Forms 1099-MISC representing that the company made payments to several individuals who stated to investigators that they had not received the payments.
DOJ is using the federal aggravated identity theft statute (18 U.S.C. § 1028A) in some CARES Act prosecutions, a law that imposes a mandatory minimum two-year sentence enhancement if a defendant “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person” during and in relation to certain felony offenses. In the May 5 case above, in addition to conspiracy and bank fraud charges, the government charged one of the defendants with aggravated identity theft.
Consumer and Investor Class Actions
There has also been an uptick in consumer and investor class actions. Companies can expect a robust number of upcoming class actions ranging from consumer fraud claims to employment claims based on layoffs and financial losses. Some examples include:
- Investor actions have been brought against Inovio Pharmaceuticals, related to claims that the company made involving the development of a COVID-19 vaccine.
- Proposed securities class actions have been brought against Zoom Video Communications, involving scrutiny of data privacy and security measures, and insider trading.
- Proposed class action has been brought against Carnival Corp. on behalf of cruise passengers regarding negligence in its response to the COVID-19 outbreak.
- Proposed class action against Liberty University over the school’s response to the Coronavirus crisis, seeking refunds of tuition paid for the Spring semester.
- Proposed class action has been brought against Amazon.com for charging “grossly unconscionable” prices for toilet paper and hand sanitizer.
- On May 4, 2020 eBay was sued in a price-gouging class action accusing it of encouraging sellers to increase the prices of masks, hand sanitizers, and other high demand products.
Other Types of Enforcement Actions
There have been many other federal and state enforcement actions relating to the COVID-19 pandemic that do not fall under the categories described above. Some examples include:
- A man was charged with terrorist threats after allegedly coughing on a grocery store worker and claiming he had COVID-19;
- A man was arrested and charged with making a terroristic threat after he allegedly coughed on the customers of a local business, breathed on merchandise, and wrote “COVID” in the condensation inside of a cooler;
- A former employee of a medical device company was criminally charged for computer intrusion that disrupted the company’s shipments of PPE;
- A complaint charged two defendants with committing robbery affecting interstate commerce in connection with a scheme to steal merchandise from a Walgreens while claiming to have COVID-19;
- U.S. Senator Richard Burr, R-NC, stepped down as chair of the Intelligence Committee in response to an investigation into his stock trading in the run-up to the COVID-19 pandemic.
The Securities & Exchange Commission (SEC) has also seen a spike in COVID-19 whistleblower tips, complaints and referrals, which have led to new investigations and 50 federal securities cases. The SEC has issued more than 30 trading suspensions based on questionable coronavirus claims.
The Coming Wave of CARES Act Enforcement, Investigations, and Litigation
The COVID-19 pandemic is unprecedented in recent history, but “past is prologue.” Government financial fraud enforcement in the wake of the 2008 financial crisis is a likely indicator of the approach we can expect under the CARES Act.
After the 2008 financial crisis, Congress established the Special Inspector General for the Troubled Asset Relief Program (SIGTARP), which was meant to deter fraud and abuse relating to the Troubled Asset Relief Program (TARP). TARP was smaller in scale than CARES, in that it made $700 billion available to stabilize the U.S. economy. SIGTARP’s investigations have led to the recovery of $11 billion, and prison sentences for hundreds of defendants through enforcement actions. 12 years later, enforcement work as to these TARP programs continues today. We can expect similar rigorous scrutiny as to CARES Act funds for many years after the pandemic ends (and plenty of it, given the unprecedented scale of federal stimulus).
Areas of Enforcement
Parallel Proceedings: In planning for potential CARES Act-related audits and investigations, companies should be mindful of interagency cooperation in the form of parallel proceedings. Parallel proceedings refer to government investigations that move forward both civilly and criminally at the same time, or federal and state investigations proceeding at same time. Such investigations are typically not just parallel (happening at the same time), but also joint investigations insofar as the different agencies are actively sharing leads and information. It is often more efficient for agencies such as the FBI, SEC, and SBA OIG to proceed simultaneously from the outset and share information in furtherance of their joint investigation. In United States v. Stringer, 535 F.3d 929 (9th Cir. 2008), the Ninth Circuit endorsed the practice of parallel proceedings so long as government investigators do not make affirmative misrepresentations and do not use a civil investigation as a pretext for a criminal inquiry.
Paycheck Protection Program: The PPP presents serious compliance risks for applicants. Applications for SBA loans are submitted under penalty of perjury, with representations regarding full truth and accuracy. PPP loans will be audited and borrowers may face enforcement scrutiny. The main areas of compliance risk include: 1) necessity for the loan, 2) size eligibility, 3) amount of loan requested and 4) use of loan proceeds. Need-based certification in PPP loan applications is an area with multiple potential pitfalls, particularly where companies apply to forgive loans (turning the loans into grants). The newly-passed Flexibility Act extended the period for loan forgiveness from 8 weeks to 24 weeks and lowered the amount of loan funds that must be spent on payroll costs to 60%. The SBA PPP loan forgiveness application can be found here. Lenders have 60 days from the time they receive a completed loan forgiveness application to issue loan forgiveness decisions to the SBA. The SBA then has an additional 90 days to review the loan application and remit the loan forgiveness amount to the lender.
Recent government guidance has warned that the SBA may review PPP loans “of any size at any time in SBA’s discretion.” Guidance from May 22 explains that PPP loan documentation must be kept for at least six years after the date the loan is forgiven or repaid in full, and, if the SBA determines a borrower was ineligible the SBA may seek repayment of the outstanding PPP loan balance or pursue other available remedies. There are a number of items on loan applications (total number of employees, payroll expenses, etc.) that if filled out incorrectly (both due to mistake/inadvertence, and intentional misrepresentations), could lead to federal criminal investigations or, perhaps at best, time-consuming and expensive SBA inquiries. Most applicants will not outright lie on these applications. The problem is that mistakes – even if made in good faith – can lead to time-consuming and expensive investigations.
SEC: In addition, the SEC is ramping-up enforcement related to the volatility in the market surrounding the COVID-19 crisis. The SEC already has suspended trading of some stocks for making COVID-19 claims. There are likely to be a surge in SEC investigations relating to fraud and disclosure requirements (including the possibility of future private shareholder lawsuits). On June 9, the SEC filed a complaint in which the government alleges that five Canadian citizens orchestrated a $25 million “pump-and-dump” stock fraud scheme intending to defraud investors with false claims that purported shell companies could make face masks or produce automated vending machines during the COVID-19 pandemic. The government also brought parallel criminal charges against one of the defendants.
Video Conferencing: Also, beware of recording online meetings on WebEx, Zoom, and other comparable online meeting platforms. Companies need to act now to develop policies around when (if at all) to record online meetings.
Healthcare Providers: To date, the U.S. Department of Health & Human Services (HHS) has issued payments through four separate distributions. For each payment under the HHS Relief Fund, a recipient must accept or reject the funding. Healthcare providers should be mindful that money received under the CARES Act is not a just windfall from the government. The money comes with “strings attached” in the form of attestation and certification requirements regarding receipt and use of funds.
Commercial Lenders: Federal agencies originally agreed to hold banks harmless if they relied in good faith on borrower certifications and supporting documents to determine an applicant’s eligibility for a PPP loan. Thus, it seems less likely that DOJ will investigate banks simply because an applicant committed fraud. But lenders could be subject to investigation and prosecution if their employees conspire with applicants to fraudulently secure CARES Act loans. Public reports that DOJ have sent PPP-related subpoenas to major banks likely reflect DOJ’s efforts to build cases against loan applicants. Commercial lenders could come under scrutiny if government investigators uncover a significant amount of fraud associated with a single lending institution. Furthermore, if an applicant is found to be ineligible for a loan, the lender will not receive processing fees, or will have to repay the fees if they were already received.
Civil False Claims Act (FCA): This is another powerful tool in the government’s enforcement arsenal. Under the FCA, the government can bring an enforcement action against any party who, among other things, “knowingly presents or causes to present a false claim for payment or approval” or “knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.” Many companies receiving CARES Act aid have never done business with the government before. These “first timers” may not know that FCA violations can lead to treble damages and statutory penalties for each payment. Further, the FCA’s “reverse false claims” provision could be used to civilly prosecute companies that improperly took advantage of loan forgiveness. Note also that the FCA provides a right of action not only for law enforcement, but also private whistleblowers (called “relators”), often (but not always) insiders who witness fraudulent conduct. Employees can turn violators in for a share of the government’s recovery.
Financial Institutions Reform, Recovery and Enforcement Act (FIRREA): FIRREA provides the government with a potential alternative to the FCA in civil CARES Act enforcement. FIRREA imposes civil penalties if the government can prove violations of 14 specified criminal statutes, including bank fraud and mail/wire fraud affecting a federally insured financial institution. DOJ can seek statutory penalties for violations up to $1 million per violation (today, $1,963,870 which includes mandated inflation adjustments) or up to $5 million for a continuing violation. FIRREA has a lower burden of proof than criminal statutes. DOJ must prove only that a defendant committed one of FIRREA’s predicate offenses by a preponderance of the evidence. Thus, FIRREA makes it easier for DOJ to bring an enforcement action based upon conduct that is already actionable under the criminal code. Like the FCA, FIRREA permits whistleblowers to report potential violations in a confidential declaration, which the DOJ may then investigate to determine whether to pursue FIRREA charges.
FDA, FCC, FTC: COVID-19 enforcement activity raises the specter that companies facilitating the sale of exorbitantly priced products, or providing the means or mechanism for others to engage in fraudulent activity, may be exposed to potential civil and criminal liability. In April, the FTC and FCC took a first-of-its-kind step to warn three VoIP providers — providing the equivalent of digital phone services — that if they did not implement immediate changes to stop COVID-19 phone scams against consumers, the agencies would tell U.S.-based phone carriers to block certain calls routed from these VoIP providers. Also in April, the U.S. FDA and FTC issued warning letters to several companies for selling fraudulent COVID-19 products, including unapproved drugs that could pose significant risks to patient health.
Law Enforcement Virtual Town Hall
Representatives from DOJ, SEC, and FBI participated in a virtual town hall on May 20 to discuss the Foreign Corrupt Practices Act and healthcare fraud enforcement in light of the COVID-19 pandemic. They acknowledged that the lack of access to the courts (including grand juries) and the limited ability to conduct in-person interviews have somewhat hampered their enforcement efforts. Panelists emphasized that government investigations continue despite the pandemic. For example, the FBI is obtaining search and arrest warrants through remote conferences with judges, and investigators are conducting interviews and proffers via phone and teleconference. DOJ’s Healthcare Fraud Unit is focused on COVID-19-related fraud schemes where persons seeking to exploit the pandemic offer free testing in order to obtain personal identifying information, billing beneficiaries for unnecessary services, and payments for referrals. The SEC has developed a COVID-19 steering committee and is coordinating their efforts with other federal and state agencies. The current environment is “ripe” for securities violations and market manipulation, and panelists emphasized that companies still must fulfill their legal compliance obligations despite business interruptions stemming from the pandemic.
Companies Should Manage Enforcement and Litigation Risk By Adopting Good Compliance Practices
Fraud, waste, and abuse are inevitable consequences of hastily-dispersed federal stimulus funding. We have seen this in the past and we will see it again. DOJ prosecutions to date have exposed egregious conduct rising to the level of obvious “lying, cheating, and stealing”. But such egregious conduct stands in stark contrast to situations in which applicants try in good faith to comply with program requirements, but unintentionally or unknowingly make a false statement without any intent to defraud, such as where an eligibility requirement may be vague or ambiguous and/or the subject of evolving guidance.
Business owners need to navigate complicated government guidance that seems to change every day. This will make it hard for future auditors and investigators to distinguish intentional misconduct from honest mistakes. One commentator has noted that nearly 75% of the loans in the first PPP wave involved less than $150,000, as were 90% in the second wave, suggesting that most applicants were small businesses without extensive compliance teams and resources. Given this potential exposure, companies should be particularly diligent and meticulous when applying for these aid programs. Companies receiving CARES Act money should carefully document how the money was spent and provide a detailed accounting if they are seeking loan forgiveness.
Companies should be proactive by adopting good compliance programs including the following practices:
- Get a firm grasp on the specific criteria to qualify for eligibility for the at-issue government program, and understand the specific conditions for receiving the federal funds.
- Carefully document the decision to apply for government relief. Document how the company’s “current business activity” has been negatively impacted by the COVID-19 pandemic (downturn in business).
- Keep track of the business projections made in deciding to apply for a loan (i.e. projected payroll needs, no alternative source of liquidity, etc.).
- Carefully document how the government money was spent (i.e. employee counts, compensation levels) and keep contemporaneous receipts and logs (after-the-fact records are viewed suspiciously by investigators).
- The PPP loan forgiveness application posted on May 15 provides a detailed schedule for borrowers to document their use of the funds, and the Flexibility Act extended the period for loan forgiveness from 8 weeks to 24 weeks. Borrowers must retain their PPP documentation for six years after the loan is forgiven or paid in full.
- If you do not already have them, develop written standards for company employees to follow that will promote compliance with applicable eligibility and use criteria, and train relevant employees on the written standards for compliance.
- Create an internal monitoring system that regularly tests whether the company is complying with the rules and regulations for the government programs you have accepted money from.
Although it has been said that money is fungible, government investigators “follow the money” in a straight line into the business. So, following good compliance practices now will help in any audits or enforcement actions in the future. After all, as the old adage goes: “an ounce of prevention is worth a pound of cure.”
About JMBM’s White Collar Defense & Investigations Group
JMBM’s White Collar Defense & Investigations Group is keenly focused on our clients’ business objectives and is committed to minimizing the disruption, anxiety, and public scrutiny that can arise from criminal and civil investigations and litigation. We are leaders in the representation of companies, boards of directors, management, and individuals in connection with a broad range of government investigations, enforcement actions, remediation and compliance, administrative proceedings, internal investigations and white collar criminal investigations and prosecutions.
About JMBM’s Corporate Department
JMBM’s Corporate lawyers bring a practical business emphasis to clients’ issues. We represent businesses in a full range of commercial contracts; represent buyers and sellers in a wide variety of mergers, acquisitions and divestitures; and represent small, medium and large public and private companies in securities and venture capital matters. Our lawyers are adept at constructing commercial finance deals for middle market companies. We are committed to helping our clients maximize their advantages and make deals more profitable.
This update is provided to our clients, business associates and friends for informational purposes only. Legal advice should be based on your specific situation and provided by a qualified attorney.