Photo of Laura J. Mitchell Baker

In signing the Coronavirus Aid, Relief, and Economic Security Act (“CARES” Act) into law, President Trump injected more than $2 trillion into the economy.  In the coming days, weeks, and months, businesses and individuals across the country will apply for and receive aid from the federal government.  The Administration promises that funds will be released quickly to provide desperately needed liquidity.  Although the funds are designed to aid the economy in a bleak time, there are strings attached.  There are reporting requirements and other obligations imposed upon aid recipients, including the possibility of future government audits and investigations.  This article reviews past government efforts to regulate spending associated with national disasters, offers a timeline and sequence of audit and enforcement risks, and suggests compliance advice for applicants for CARES Act funding and other governmental relief.

CARES Act Funds Enforcement Organizations

Recipients of CARES Act stimulus funds are already on notice that the government will roll out aggressive oversight measures.  In addition to extensive government and recipient reporting requirements, the CARES Act establishes the following enforcement organizations:

  • Pandemic Response Accountability Committee (“PRAC”):  PRAC will be led by Glenn Fine, currently the Principal Deputy Inspector General for the Department of Defense, performing the duties of the Inspector General.  Joining Mr. Fine on PRAC are Inspectors General from the Departments of Education, Health and Human Services, Homeland Security, Justice, Labor, and Treasury, as well as the Inspector General of the Small Business Administration and the Treasury Inspector General for Tax Administration.  PRAC is funded with an $80 million appropriation and empowered to “detect and prevent waste, fraud, abuse, and mismanagement” that “cut across programs and agency boundaries.”  These powers are consistent with those afforded by The Inspector General Act of 1978.  As with any traditional Inspector General, PRAC will have the ability to coordinate investigations and audits and refer matters to the Department of Justice for civil and/or criminal enforcement.
  • Special Inspector General for Pandemic Recovery:  This Special Inspector General will be nominated by the President and confirmed by the Senate.  The role will reside within the Department of the Treasury.  The Special Inspector General will be responsible for conducting, supervising, and coordinating audits and investigations of “the making, purchase, management and sale of loans, loan guarantees, and other investments” by the Department of the Treasury under the CARES Act.  The Special Inspector General is funded with a $25 million appropriation with a five year term (which is likely to be extended based on the lifespans of past inspectors general).  As with PRAC, the Special Inspector General will have the ability to both coordinate investigations and audits and refer matters to the Department of Justice for civil and/or criminal enforcement.
    • As of this writing, the President has indicated his intent to nominate Brian Miller to the Special Inspector General position.  Mr. Miller is well known to those of us who worked in the government oversight and integrity communities.  Mr. Miller is a former federal prosecutor, a former Inspector General of the General Services Administration, a mainstay of the oversight community, and a former government colleague and friend.  He is fair in approach, and reasonable.  If nominated and confirmed, he will be an excellent choice for this important role.
  • Congressional Oversight Commission:  The Congressional Oversight Commission will consist of five members selected by the majority and minority leaderships from both the House and Senate.  This body will have the authority to hold hearings, take testimony, receive evidence, and issue reports.  The Oversight Commission expires at the end of Fiscal Year 2025.

When and How Will These Oversight Bodies Bring Enforcement Matters?

We have examined recovery efforts following past national disasters to determine when and how these organizations will function, and when they might begin to bring substantial numbers of enforcement actions.  While the coordinated efforts of the Special Inspector General for the Troubled Asset Relief Program (“SIGTARP”) provide a natural comparison to the CARES Act oversight, due to the size and scope of the effort as well as the central involvement of the Department of the Treasury, an examination of the SIGTARP reports to Congress suggests that there may be other more apt comparators.

In the words of the SIGTARP:

At the core of the [2008 financial] crisis was a pervasive culture at institutions of rampant risk taking and greed combined with significant unchecked power.  SIGTARP has uncovered, stopped, and investigated TARP-related crimes that serve as an important lesson to be learned from the crisis:  that toxic corporate cultures can serve as a breeding ground for criminal activity.  SIGTARP will continue to change corporate culture the way we do it best, by removing those who corrupt culture, through arrests, convictions, and jail time.

Letter to Congress from Special Inspector General Christy L. Romero, Special Inspector General for the Troubled Asset Relief Program Quarterly Report to Congress, Oct. 29, 2013, at 3, available at  Unlike the 2008 financial crisis, which resulted from economic instability, the current pandemic is biological.  The pandemic may cause economic instability, but did not result from economic instability.  This distinction is important.  Substantial SIGTARP efforts focused on prosecuting financial institutions (and executives) that received TARP benefits but also, in the eyes of the government, contributed to the crisis.  That will not be the case with CARES Act stimulus funds.

Instead, our belief is that oversight of CARES Act stimulus funds will be more like the oversight after natural disasters such as Hurricanes Katrina and Rita.  These natural disasters hit without warning, and indiscriminately (albeit over a smaller geographical area than currently impacted by COVID-19).  As such, we look to oversight reports and enforcement efforts following natural disasters to gather insight into how CARES Act oversight is likely to proceed.

Audits First, Then Investigations, And Finally Enforcement Efforts

In the immediate aftermath of Hurricanes Katrina and Rita, the Department of Homeland Security (“DHS”) asked for the Defense Contract Management Agency’s (“DCMA”) assistance in auditing disaster relief contracts.  Publicly available reports indicate that DCMA’s focus was on evaluating the costs associated with recovery efforts.  In doing so, DHS announced that “[t]he department will compare the invoice amount and what was received to what was ordered and to price reasonableness.”  “DHS Getting Support from DCMA In Awarding Katrina Relief Contracts,” Homeland Security Briefing, Bloomberg BNA Oct. 6, 2005.

A year later, after the government ramped up its audit capability, a multi-agency task force brought charges against 261 defendants in 218 cases across 24 judicial districts.  The government obtained 44 convictions.  465 government auditors reviewed 6,665 government contracts covering $10 billion in contract value.  The government also conducted 219 investigations.  “Report Examines Inspectors General Work After Katrina to Audit Contracts, Fight Fraud,” Homeland Security Briefing, Bloomberg BNA, Sept. 5, 2006.  Numbers increased from there, sometimes dramatically so.

Civil False Claims Act cases, many brought by relators, also worked their way through the judicial system over the intervening months and years.  A sampling of the allegations raised in those cases includes, but is not limited to:

  • Lack of eligibility for contract awards because of failure to meet gating criteria (e.g., not local services as required by The Stafford Act)
  • Provision of faulty goods or services, including for goods or services provided quickly in the immediate aftermath of the hurricanes and where defects were discovered after the fact
  • Insufficient contract oversight/incomplete contract administration
  • Lack of qualified personnel performing on contracts

It is not difficult to envision similar allegations being raised against CARES Act recipients in the future.

Government-led enforcement efforts, including substantial monetary recoveries as well as suspensions and debarments from government contracting and eligibility for government assistance, followed for years and lasted well over a decade.

Meanwhile, the Government Accountability Office (“GAO”) issued reports in 2015 and 2018, where GAO was highly critical of the government’s contract formation and administration skills in the aftermath of the hurricanes.  GAO faulted DHS and FEMA for failing to prioritize work, issuing large numbers of no-bid contracts with minimal oversight, permitting multiple tiers of subrecipients that offered relatively little value and drove up costs, and failing to rebid ongoing contracts after the immediate crisis ended.  Notably, GAO also faulted the government for failing to award contracts to local business as required by statute and failing to keep adequate contracting records.  See GAO-19-93, 2017 Disaster Contracting: Action Needed to Better Ensure More Effective Use and Management of Advance Contracting (Dec. 6, 2018); GAO-15-783, Disaster Contracting: FEMA Needs to Cohesively Manage Its Workforce and Full Address Post-Katrina Reforms (Sept. 29, 2015).

There is irony in these GAO reports.  Attorneys who have regularly defended recipients of government funds after national disasters will remember the government’s efforts to either prosecute or bring civil fraud cases against disaster recovery contractors for failing to involve enough local businesses as required by disaster recovery statutes.  They will also recall the government’s indignation directed against potential defendants for failing to keep proper records.

The abiding lessons here are: (1) pay attention to eligibility and compliance requirements even in the immediate aftermath of a disaster; and (2) keep adequate records showing good faith efforts to understand and comply with those requirements.  Recipients cannot rely on the government to “get it right” for them.  Stated differently, receipt of federal funds does not mean the application was properly made, the goods and services were properly qualified, or the funds will be used in a compliant manner.

Compliance Tips for Recipients of CARES Act Federal Funds

In light of this, how can recipients of federal funds protect themselves when applying for and using CARES Act funds?  The advice boils down to four elements:  (1) pay attention to compliance requirements; (2) keep adequate records; (3) be candid with the government; and (4) engage capable legal counsel to assist with any audits or investigations.

1. Pay Attention to Compliance Requirements

Government contractors know that delivering the correct goods or services, on time and on budget, is an important but incomplete measure of success.  Government contracts also have myriad compliance requirements built into them.  And the government has substantial audit and enforcement capabilities to investigate and punish noncompliance.  Recipients of CARES Act funds are well-advised to create a compliance matrix of reporting and related compliance obligations to ensure these requirements are fulfilled.  Specifically, for first time recipients of federal funds, these requirements become an afterthought once the money is received.

Additionally, recipients should consider reviewing their application periodically to make sure the statements and representations they certified continue to be accurate.  It is possible that, as time passes, new facts may arise that cause the government to view the recipient’s statement as less than accurate.  Accordingly, recipients are encouraged to promptly advise the government funding official of any changes in their application to reduce enforcement risk.

2. Keep Adequate Records

Recipients of CARES Act and other stimulus funds should consider maintaining a file that contains, at a minimum, the following:

  • The application
  • Evidence of the applicant’s diligence that the statements made in the application were truthful, accurate, and appropriately complete
  • Award documents (if any) from the government
  • Evidence of the use of federal funds for proper and approved purposes
  • Compliance matrix
  • Evidence compliance matrix is followed
  • Communications with the award official about award performance—especially if  any difficulties arise during performance and how those difficulties were resolved
  • Evidence of any modifications of performance or other funding requirements
  • Close out documentation from the government (if applicable)

History has shown that recipients cannot rely on the government to keep adequate records.  These records are vital to passing future audits and demonstrating good faith efforts to comply with government funding requirements amidst the fog of responding to a global pandemic.

3. Be Candid with the Government

The economy is under tremendous stress.  Healthcare providers are in danger.  The population is afraid.  We are writing this article from our homes, ordered to remain in place.  At present, everyone understands this dynamic.  But, as stay-at-home orders recede, and the economy begins to recover (may it be soon), these sentiments will fade.  Audits and investigations by federal and state regulators are inevitable.

A successful strategy for answering government questions in audits and investigations is showing candor in any interactions with the government.  If circumstances change, if a company’s understanding of the facts change, or if compliance steps are missed, failing to communicate any of this to the government can cause auditors or investigators to escalate their concerns, including to prosecutors.  On the contrary, explaining the issues, how they were discovered, and what is being done to address the issues can help the government decide to focus its enforcement efforts elsewhere.

4. Engage Competent Legal Counsel

Companies facing a government audit or investigation can struggle to understand the government’s concerns and respond to them appropriately.  This is especially true for first time recipients of federal funds that may not fully understand the risks.  The civil False Claims Act, multiple fraud statutes, and the False Statements Act are among the many statutes at the government’s disposal to punish what the government views as misconduct in the receipt and use of federal funds.  Engaging experienced counsel, who are capable of anticipating the government’s concerns, appropriately investigating, and explaining the recipient’s conduct to the government, is essential to reducing enforcement risk.