Borrower Beware Series - Part II: Avoiding False Claims Act Liability Associated With CARES Act Funding

For additional guidance, please refer to Steptoe's COVID-19 Resource Center.

The CARES Act provides for an unprecedented $2 trillion worth of government loans and investment in an attempt to soften the economic blow from the COVID-19 pandemic. It also provides for a robust, multi-faceted enforcement system, designed to catch anyone engaged in fraud, waste, or mismanagement in connection with the distribution and use of these vast sums of money.    

As explained in an earlier advisory in this series, that oversight will come from multiple sources, including Congress, a Special Inspector General (SIG), and a newly created Pandemic Response Accountability Unit Committee (PRAC). Oversight and enforcement will also come from the Justice Department (DOJ), both in coordination with the SIG and PRAC, and through independent investigations. These investigators will look closely at whether participants are complying with a flurry of new regulations and requirements that define (i) who can participate in the economic stimulation package, (ii) what reports those participants will need to provide to the program administrators, and (iii) under what circumstances some of the economic aid can be forgiven. We will report on many of those regulations in an upcoming advisory in this series. 

This advisory will focus on the DOJ’s civil investigatory and enforcement role – specifically its likely use of the False Claims Act (FCA) to investigate entities that may run afoul of the CARES Act's rules and regulations. 

FCA Overview 

The FCA is a Civil War-era law that, in recent decades (and particularly after amendments in 1986 and 2009), has developed into a prominent civil enforcement tool.^[1] The FCA provides one of the DOJ's key avenues for policing compliance with government programs.^[2] For example, in 2019, the DOJ recovered more than $3 billion from FCA investigations, through both judgments and settlements, and it has recovered nearly $30 billion since 2010.^[3] 

The FCA creates liability for knowingly or recklessly submitting a false claim to the government, causing another to submit a false claim to the government, or knowingly providing false information material to a claim. The definition of "claim" under the FCA is far-reaching (and is usually interpreted broadly by courts), and includes demands for money or property made "directly to the Federal Government or to a contractor, grantee, or other recipient if the money is to [be] spent on the government’s behalf."^[4]  

The FCA also penalizes those who submit a "reverse false claim" by making a false claim to avoid paying money to the government that they would otherwise owe. Importantly, because the standard of proof in a civil FCA suit is lower than in a criminal action,^[5] the government can prevail if it proves its case by a preponderance of the evidence. Similarly, the FCA does not require proof that the defendant was actually intending to defraud the government. 

Financial penalties under the FCA include per-violation fines of $5,500-$11,000, plus mandatory treble damages for losses suffered by the government as a result of the false claims (though parties are free to, and often do, negotiate for less than treble damages in settlement agreements). FCA-violators also can be subject to suspensions and debarment, precluding them from participating in and billing to federal programs and agencies. 

The combination of the per-violation penalties (even for minor violations), the specter of treble damages, and the relatively low standard of proof, make the FCA an extremely potent tool in the DOJ's civil-enforcement arsenal.

Whistleblower-Initiated Suits and the Qui Tam Process

While the DOJ often initiates FCA investigations on its own (or by referral from other investigatory entities, like the oversight bodies created in the CARES Act), many FCA suits are initiated by private whistleblowers. Of the $3 billion recovered through FCA actions in 2019, more than $2.1 billion came from whistleblower-initiated suits. 

Whistleblowers are typically individuals within an organization who believe they have witnessed (or even participated in) wrongdoing. The FCA incentivizes those individuals to report their concerns through qui tam suits, which are brought on behalf of the government, and initially filed under seal. In a qui tam case, the whistleblower is called the "relator," and relators in successful FCA suits are awarded anywhere from 10% to 30% of the final recovery, plus attorneys' fees. From 2010-2018, relator awards were in excess of $300 million every year, and in excess of $500 million five times. 

Notably, because a qui tam case is filed under seal initially, the company subject to investigation may not even be aware of the suit for a period of time. Under the FCA, a qui tam action is automatically sealed for 60 days, during which time the government begins its investigation of the relator’s allegations. That initial sealing period is routinely extended multiple times over the course of months or years while the government pursues its investigation. Of course, if the investigation proceeds past the initial stages, the subject company would soon become aware that it was under some kind of investigation, as the government will begin issuing civil investigative demands (CIDs) and subpoenas. But even then, the company may not know the full scope of the allegations until the qui tam complaint is unsealed – which does not happen until the government decides whether or not to "intervene" in the suit. 

If the government intervenes, it takes over the case and pursues the civil action against the company. If the government declines to intervene, the relator can nonetheless pursue the case on its own, and then reap a greater portion of the recovery if successful. 

FCA Enforcement Arising From the 2008 Financial Crisis 

The DOJ commonly uses the FCA to target alleged healthcare and procurement fraud. Of the $3 billion recovered in 2019, $2.6 billion came from healthcare-related investigations, "including [investigations of] drug and medical device manufacturers, managed care providers, hospitals, pharmacies, hospice organizations, laboratories, and physicians."^[6]  

FCA actions are not limited to healthcare and procurement fraud. In the last decade, the DOJ has used the law to pursue scores of investigations related to the 2008 financial crisis, leading to billions of dollars in recoveries. Those investigations have targeted individuals and corporate entities that allegedly precipitated the crisis (e.g., the marketing of mortgage-backed securities, FHA loan underwriting, and accounting fraud), as well as the recipients of the government stimulus offered through the Trouble Asset Relief Program (TARP) and the American Recovery and Reinvestment Act (ARRA). 

TARP and ARRA cases are particularly instructive when forecasting the types of investigations and enforcement actions that may arise out of the CARES Act. Following the 2008 stimulus bills the DOJ has targeted recipients for, among other things, (i) misrepresentation of financial need in applying for stimulus funds, (ii) non-compliance with the stimulus terms and obligations, (iii) fraudulent billing of vendors who had obtained TARP funding, and (iv) making misrepresentations affecting TARP funds distributed to or through private third-parties. 

All told, these investigations have led to billions of dollars' worth of settlements and judgments against TARP and ARRA recipients, as well as the imposition of corporate-governance restrictions and requirements for certain companies (to say nothing of the related criminal prosecutions – which will be the subject of a forthcoming advisory in this series). These investigations and civil prosecutions are still occurring, more than 10 years after the stimulus was enacted during the last financial crisis. 

Though the CARES Act will bring different regulations and requirements than TARP and ARRA (many of the CARES Act regulations are still being finalized, and we will highlight those in an upcoming advisory), it is a safe bet that – whatever the scope of the final regulations – the DOJ and other oversight bodies (including the new SIG) will devote significant resources to ensure CARES Act recipients abide by them for years to come. 

Best Practices to Avoid FCA Liability From the CARES Act

As the cautionary tales from TARP and ARRA show, it is vital that companies planning to seek relief from the CARES Act establish sufficient safeguards and oversight, and involve counsel before applying for funds, if at all possible (and if not before, then immediately thereafter, and before spending any monies received). Moreover, those safeguards should be maintained throughout the life of the CARES Act stimulus. Ideally, a company should institute safeguards at every step of the process, including: 

1. During the application process, to ensure the accuracy of representations in the application made through employee certifications. At this stage, a borrowing-company should also ensure that its compliance infrastructure is in place. In addition to periodic internal auditing, compliance infrastructure should include employee training and regular updates to ensure all relevant employees are aware of the unique requirements associated with CARES Act funds.
2. After receiving the funds, a company should engage in post-loan monitoring and oversight, which should include (i) tracking the use of CARES Act funding to ensure it is being properly spent in compliance with the Act, and (ii) ensuring the accuracy of any post-loan periodic certifications that may be required by the CARES Act. If, in the course of self-monitoring, a company determines that it has failed to comply with any aspect of the CARES Act, it should consult with counsel and possibly consider voluntarily disclosing and correcting the misrepresentation or non-compliance to the government (which may lead to significantly reduced penalties under certain DOJ policies).
3. Finally, the oversight and internal review procedures should continue until all CARES Act funds are paid back or forgiven, and all associated obligations have been extinguished. 

Such procedures may seem onerous in the middle of the current pandemic, but advanced planning and close monitoring can avoid long-term pain and liabilities. 

[1] https://www.justice.gov/sites/default/files/civil/legacy/2011/04/22/C-FRAUDS_FCA_Primer.pdf

[2] https://www.justice.gov/opa/pr/justice-department-recovers-over-3-billion-false-claims-act-cases-fiscal-year-2019

[3] https://www.justice.gov/civil/page/file/1080696/download

[4] https://www.justice.gov/sites/default/files/civil/legacy/2011/04/22/C-FRAUDS_FCA_Primer.pdf

[5] There is also a criminal false claims statute, 18 U.S.C. § 287, with similar reach that requires proof beyond a reasonable doubt and a mens rea involving intentional fraud. This criminal provision, among others, will be discussed in a subsequent advisory in this "Borrower Beware" series.

[6] https://www.justice.gov/opa/pr/justice-department-recovers-over-3-billion-false-claims-act-cases-fiscal-year-2019