The $1.4 trillion set aside for loans to small, medium and large businesses under the CARES Act stimulus package is a double-edged sword. It provides relief to businesses struggling in the current pandemic environment. It also, however, increases the risk of government investigations, FCA (“False Claims Act”) actions and private lawsuits. As explained below, Gordon & Rees recommends that all businesses accepting CARES Act funds implement or update a compliance program designed to prevent fraud and ensure accurate accounting of CARES Act funds. There are also certain steps businesses can take to mitigate their risk in the event of an investigation or suit.
The FCA is one of the government’s most effective tools for investigating and bringing lawsuits related to alleged corporate misuse of government funds. 31 U.S.C. §§ 3729-3733. The law also imposes multiples of damages (up to three times the violation) and statutory fines. FCA investigations are costly, time consuming and invasive. Businesses that accept CARES Act funds should be prepared to be investigated for possible FCA violations. The government assistance of today is the grist for the government investigations of tomorrow. The government also can use Civil Investigation Demands (essentially subpoenas) and other means to obtain information prior to initiating an FCA lawsuit.
In addition, businesses should be aware of the possibility of “qui tam” lawsuits, whistleblowers, competitors, former employees and others may bring to enforce the FCA. These private “attorney general” lawsuits allow the plaintiff to recover up to 30% of any damages awarded. Investors may also file securities lawsuits under various provisions of the Securities Act of 1933 and the Securities and Exchange Act of 1934 if a publicly traded company is investigated and found to have violated the FCA or other federal law regarding the acceptance and use of government funds. In addition to FCA suits, the Securities and Exchange Commission and investors may also pursue actions. In short, the government is not the only party who may initiate legal action against businesses that accept CARES Act funds. The risks are real and the financial stakes are high.
The Department of Justice and other agencies, however, have expressed a willingness to consider that a business has a strong compliance program in making decisions whether to settle and/or reduce penalties for violations. In other words, the government is likely to work with a company if it is convinced that the company’s anti-fraud compliance program, and efforts, are robust and bona fide (e.g., such efforts tend to negate the inference of intentional wrongdoing). A fraud prevention program coupled with the following precautionary measures are generally prudent business practices as well as the best preparation for a government investigation related to acceptance and use of CARES Act funds:
- Obtain advice about the current law and regulations governing acceptance of CARES Act funds;
- Adopt or revise an anti-fraud compliance program to insure it is current and effective;
- Implement auditing, management and control procedures which demonstrate CARES Act compliance and insure accurate financial reporting;
- Strict compliance with all representations and warranties made for acceptance of CARES Act funds;
- Perform periodic internal audits concerning the receipt, use, and reporting relating to CARES Act funds;
- Implement an internal fraud reporting procedure (anonymous is best);
- Adopt strong anti-retaliation procedures against anyone reporting potential wrongful conduct; and
- Obtain advice before deciding whether to forgo compliance with any CARES Act or government requirement.