Managing Risks That Come with Federal Funds

On March 27, 2020, the President signed into law the Coronavirus, Aid, Relief, and Economic Security Act (the CARES Act), a bipartisan stimulus bill that provides approximately $2 trillion in relief to address the widespread economic harm caused by the COVID-19 (coronavirus) pandemic. The CARES Act, which alone is the largest economic stimulus package in American history, follows the enactment of two prior coronavirus relief bills: (1) an $8.3 billion measure for health agencies; and (2) a roughly $100 billion bill aimed at, among other things, providing free coronavirus testing, some paid leave and unemployment benefits and additional Medicaid funding and food assistance.

Passage of the CARES Act and the prior COVID-19-related relief bills means that an unprecedented amount of federal loans and grants will be issued in the weeks and months ahead to virtually all segments of the economy. As with the availability of any federal funding, however, CARES Act recipients are bound by certain obligations that create potential criminal and civil liability if not properly followed.

Given the incredible size and scope of the funding the CARES Act contemplates — and the speed with which funds are to be distributed — this particular legislation carries with it unparalleled potential for widespread fraud and abuse. Recognizing this, the CARES Act provides for special oversight functions modeled after the Troubled Asset Relief Program (TARP) — the signature oversight mechanism created in response to the 2008 financial crisis. The many lessons learned from TARP provide important guidance to those who receive CARES Act funds and important insights into mitigating risk.

With the lessons from TARP in mind, this article discusses proactive steps prospective CARES Act applicants — large companies and small businesses alike — can take to limit potential problems with government enforcement agencies down the road. Specifically, set forth below is an overview of the CARES Act oversight provisions, followed by a discussion of 10 best practices businesses and lenders should consider implementing as they begin the process of seeking CARES Act funding.

An Overview of the CARES Act

The Oversight Provisions of the CARES Act

One of the key components of the CARES Act is the availability of $500 billion that the U.S. Department of Treasury can provide in the form of loans, loan guarantees and investments. That portion of the bill — called the Coronavirus Economic Stabilization Act (CESA) — specifically allocates $25 billion in assistance for passenger air carriers, $4 billion for cargo air carriers and $17 billion for companies that work in the national security industry. The Treasury Department is afforded wide discretion to distribute the rest of the roughly $454 billion as loans to businesses, states and municipalities.

As expected, however, Congress has not allowed the Treasury Department to loan all of this money without providing for a significant amount of oversight — both by Congress and a new executive office with a $25 million budget. Specifically, the new law mandates the appointment of an independent Special Inspector General for Pandemic Recovery (SIGPR) within the Treasury Department, who will be appointed by the President and confirmed by the Senate. (On April 3, 2020, the President announced his intent to nominate Brian D. Miller, currently Special Assistant to the President and Senior Associate Counsel in the Office of White House Counsel to the position.)

Under the CARES Act, the Special Inspector General is tasked with conducting, supervising and coordinating audits and investigations of loans, loan guarantees and other investments made by the Treasury Secretary. Additionally, the SIGPR is required to file quarterly reports with Congress that provide the details of all loans, loan guarantees and other investments. In addition to the creation of this new special inspector general, the act also establishes a five-person congressional commission responsible for conducting oversight of the Treasury Department, the Federal Reserve and the agencies’ implementation of the CARES Act, as well as a Pandemic Response Accountability Committee made up of inspectors general and acting inspectors general who oversee various government agencies.

Lessons Learned from TARP

Like the CARES Act, TARP had a Special Inspector General (SIGTARP) who monitored, audited and investigated TARP-related activities involving the $700 billion in aid to the financial services sector.

SIGTARP has been very active taking its oversight and investigatory mandate seriously. To date (yes, SIGTARP is still up and running almost 12 years after it was authorized), SIGTARP has conducted hundreds of audits and investigations and initiated criminal proceedings that have resulted in charges brought against 438 individuals and the recovery of over $11 billion in fines and penalties. The Treasury Department has referred other matters to the Department of Justice, including those implicating the False Claims Act. In 2015, for example, the Department of Justice settled a False Claims Act lawsuit alleging that a bank holding company and its president made false claims about the financial condition of the bank to induce the Treasury Department to invest over $17 million in TARP funds.

TARP turned out to be a great investment for the federal government and the American taxpayer. The program’s success was ensured, in significant part, by the rigorous oversight of SIGTARP. If the CARES Act is to be similarly successful — and we hope that it is — the SIGPR will also be an active watchdog wielding its audit and enforcement functions to identify fraud and abuse.

Best Practices for CARES Act Funding Compliance

Because of the obligations and oversight that come with CARES Act funds, companies seeking these loans or grants should consider adopting best practices to ensure compliance and minimize risk. Understanding these risks and establishing practices and procedures to avoid them is an important step to ensure compliance.

1. Assess Creditworthiness of Business

Before a company thinks about pursuing CARES Act funding, it would be advisable to do a top-to-bottom assessment of its financial health to ensure its viability and ability to withstand future financial challenges. COVID-19 is, of course, an unprecedented global health emergency that has forced companies around the country to face near-unimaginable financial circumstances. But every company planning on applying for CARES Act funding should ask itself whether its current financial challenges can be attributed primarily to COVID-19-related causes, or whether there are pre-existing issues with the company’s finances that still need to be remedied.

If the company’s financial challenges pre-date the pandemic, those concerns are likely to be exacerbated under the scrutiny that comes with the receipt of government funds. Therefore, companies should attempt to address any creditworthiness issues prior to seeking funding, and they should at all times be forthcoming about any financial issues with their prospective lender(s). Anytime a company offers anything less than full transparency about their financial condition, the specter of regulatory scrutiny — and an eventual enforcement action — looms large.

2. Ensure Accuracy and Reliability of Financial Records

In connection with the financial assessment discussed above, businesses must ensure the accuracy and reliability of their financial records. In submitting financial records to government-backed lenders or to the government directly, companies will be representing that the records accurately reflect the company’s true financial position and its eligibility for CARES Act funding. The representations made in these records, therefore, must be precise and, of course, truthful. To ensure reliability and completeness, businesses should continue to have their records independently audited.

3. Take Care When Communicating with Treasury and Government-Backed Lenders

A company’s obligation to convey accurate and reliable information to the government is not limited to only documentation. Statements of any kind — and through any medium — may later be the subject of additional scrutiny from the government. Therefore, companies must take care to ensure that any representations made through oral, electronic or any other means do not contradict the paperwork submitted in connection with the application for CARES Act funding. Generally, it is prudent to involve the company’s accountant or auditor on communications with lenders or government agencies that involve financial records. Similarly, calls or meetings with government officials — particularly where interpretations of CARES Act funding eligibility provisions or other legal or regulatory questions are at issue — should include in-house or outside counsel.

4. Institute a Robust Compliance Function Within the Company for CARES Act Compliance

Companies pursuing CARES Act funding must ensure compliance with all Treasury Department regulations issued in connection with the CARES Act loan program. Identifying at the outset one compliance officer or dedicated internal resource (or more than one depending on the size of the company or the size of the anticipated loan) who will have direct and specific compliance responsibility over funds arising from this program is very important. This CARES Act compliance professional or team should be immediately brought up to speed on the provisions of the act and the appropriate regulations as soon as they are promulgated by the various agencies overseeing distribution of the funds (e.g., Treasury, Small Business Association (“SBA”)). The compliance team also should be responsible, with assistance from outside counsel, for preparing the applications and accompanying schedules and then overseeing the proper use of the money once it actually arrives.

As we learned from TARP, the regulations that are promulgated in connection with the CARES Act are likely to be complex. Therefore, it will be extremely important for the company to develop capable internal expertise to ensure it does not run afoul of these requirements and provoke investigations from the Treasury, the SIGPR or the Department of Justice.

5. Carefully Vet Certifications and Statements Made in Applications

As with TARP, applicants for CESA financial relief must be prepared to make a host of certifications to the Treasury Department that will be material to their receipt of federal assistance. Depending on the type of applicant and nature of the financial relief sought, required certifications may include, among other things, that a majority of the applicant’s employees are based in the United States, that certain elected officials and their immediate relatives lack controlling interests in the applicant’s business and that uncertain economic conditions make the requested loans necessary for the applicant’s ongoing operations. Such certifications, and records provided in support of them, should be closely scrutinized before submission. After all, these certifications constitute statements to the government that, if knowingly false, could expose the submitting company to criminal charges or civil liability under the federal False Claims Act.

The Treasury Department will also require certifications about an applicant’s future intentions. These may include, for example, that the recipient of a government-backed loan or investment will:

• retain at least 90 percent of its workforces at full compensation and benefits through September 30, 2020;
• refrain from outsourcing or offshoring jobs for the term of the loan and two years thereafter;
• not pay dividends on its common stock or repurchase public equity securities of eligible businesses or any parent company;
• not abrogate existing collective bargaining agreements during the term of the loan and for two years thereafter;
• and remain neutral in any union organizing effort for the term of the loan.

Such statements about an applicant’s present intent to perform (or refrain from performing) future acts can be false for purposes of the False Claims Act. Accordingly, applicants for CARES Act relief should consider involving counsel to ensure they have carefully considered all of the conditions attached to CESA loans, loan guarantees and investments and truthfully certified their present intention and ability to comply with all of them.

6. Lenders: Conduct Appropriate Due Diligence

With respect to CARES Act funding made by private lenders for which the government is backing the loan, those financial institutions should ensure that they continue to employ appropriate due diligence procedures as provided by the relevant regulations that are promulgated in connection with the loan program. For example, while the SBA indicated on April 2, 2020, that it will “hold harmless” Paycheck Protection Program (PPP) lenders who rely on borrower documents and attestations, the lender still must take steps to ensure that the borrower has submitted documentation supporting its request for loan forgiveness in order to be cleared from typical verification requirements. For its part, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a notice on April 3, 2020 clarifying that PPP loans for existing customers will not require re-verification under applicable Bank Security Act requirements unless the banks and credit unions already established risk-based compliance protocols requiring such a verification to take place.

Lenders should continue to pay close attention to additional regulations and guidance issued by federal agencies and should contact counsel if questions arise.

7. Have a Plan (and a Separate Account Set Up) for When Funds are Received

Federal fund recipients should ensure that all funds received through the CARES Act are carefully accounted for in an account that is segregated from all other company funds. This step may sound rudimentary — and it is — but it is crucial to ensuring that a company will be able to demonstrate clearly to relevant government agencies in the future that funds were used responsibly and in line with the stated policy objectives of the CARES Act. If federal funds are comingled with other company money, that showing may be much harder, if not impossible.

8. Ensure Proper Use of Funds

Perhaps the most important step a company can take to foreclose the possibility of an enforcement action down the road is to make sure that the company’s compliance program (as established, or strengthened through #4, above) is equipped with the knowledge and authority to ensure the proper use of funds. Specifically, compliance officers need to make sure that the funds received through the CARES Act are used exclusively for purposes contemplated by the Act (e.g., maintain staff, pay, benefits) and must not be used for any improper purpose (e.g., to abrogate collective bargaining arrangements or to lobby for industry-specific concessions). Compliance officers can take proactive measures to aid in this oversight by, for example, training employees in relevant business functions about the controlling statutory and regulatory spending requirements.

9. Have a Plan for Achieving Loan Forgiveness or Repayment

Some CARES Act loans will qualify for forgiveness if certain criteria are met. The baseline forgiveness amount for PPP loans, for example, will be the amount the business spends on payroll costs, rent, utilities and certain interest over the eight-week period following the date of the loan up to the principal amount of the loan. However, this is subject to a reduction depending on the extent to which a company has reduced its workforce or salaries. As of the date of this publication, the SBA has not clarified its loan forgiveness reduction calculation, but SBA’s April 2, 2020 rule implementing the PPP promised that “SBA will issue additional guidance on loan forgiveness.”

However, even without the final rule, businesses can begin to take steps today to maximize their potential to achieve loan forgiveness or to avoid default. As an initial step, businesses should continue to collect relevant documentation regarding its employees and their salaries, so there is a baseline against which the business can compare its future employee count and salary expense.

To the extent loan forgiveness is not an option and circumstances arise that impact a business’s ability to repay the loan, the business should allow for sufficient time to make alternative arrangements to avoid default. Many default issues can be worked out with lenders with sufficient lead time.

10. Consult with Counsel

Whenever questions arise (and oftentimes before), companies should consult with experienced counsel well-versed in compliance protocols arising from the CARES Act. These attorneys should have not only specific experience in mitigating risk associated with receipt of federal funds, but also the capability to assess the company as a whole in order to evaluate whether there are business functions that may be particularly susceptible to investigatory oversight in the wake of the pandemic recovery.