Skip Repeated Content

Continuing our series of brief COVID-19 teleconferences, BCLP's Mark Srere, Ben Saul andJennifer Mammen discuss the importance of compliance for any company planning to apply for funds under the new relief legislation. In particular, clients should note that the legislation creates several new oversight bodies, each with investigative authority and the ability to refer cases to DOJ for prosecution. This is similar to the SIGTARP set up to investigate financial institution crime and other fraud, waste and abuse related to TARP. 

Below is an overview of key considerations for companies to consider as well as the recording of the program.

The Coronavirus Aid, Relief and Economic Security Act (CARES Act or the Act) provides more than $2 trillion in economic stimulus and will offer hundreds of billions of dollars in relief to small businesses nationwide.  To ensure that money is disbursed and administered fairly and without preference and that the funds are used for the purposes the CARES Act intends, the Act contains several noteworthy oversight provisions.  Based on past precedent, it is reasonable to think that the oversight provisions of the CARES Act could result in a significant volume of investigations and enforcement actions. 

The Act provides for the creation of the following oversight bodies:

  • Special Inspector General for Pandemic Recovery. The Special Inspector General for Pandemic Recovery (“SIGPR”), presidentially appointed within the Treasury Department, will be responsible for conducting, supervising and coordinating audits and investigations concerning the “making, purchase, management and sale of loans, loan guarantees, and other investments” by the Treasury Department.  In addition to granting the SIGPR investigative powers, the Act directs federal agencies to provide all requested information and assistance to the extent practicable.  If, however, the SIGPR thinks information or assistance is unreasonably refused then the Act directs the SIGPR to report this to Congress without delay.  The SIGPR is authorized for five years, has a $25 million appropriation, and will be able to refer both civil and criminal matters to the U.S. Department of Justice (“DOJ”).
  • Pandemic Response Accountability Committee. The Act appropriates $80 million to establish a committee that will be comprised of existing, independent Inspectors General (“IGs”).  The Committee will coordinate with IGs and will conduct audits and investigations into “fraud, waste, abuse, and mismanagement.”  The Committee will also work to “mitigate major risks that cut across programs and agency boundaries.”  The Committee is responsible for ensuring IGs in relevant agencies have authorities and funding needed to conduct their oversight activities.  The Committee has independent investigative authority, the power to hold public hearings, issue subpoenas for documents and testimony, and refer civil and criminal matters to the DOJ.
  • Congressional Oversight Commission. This Commission, consisting of five members selected from majority and minority leadership in the House and Senate, will have oversight of stimulus implementation, including how loans, loan guarantees and other investments made under the CARES Act are impacting U.S. markets, financial institutions and citizens.  The Commission has the authority to hold hearings, take testimony, receive evidence and issue reports.  It must submit reports to Congress every 30 days, and will operate until September 30, 2025. 

The CARES Act also allocates $20 million to the Government Accountability Office to enable it to issue reports on related federal spending.  It further directs additional monies to existing IGs so they can increase oversight of any programs comprised of CARES Act funds.

Beyond the oversight measures discussed above, Congress is already exercising COVID-19 oversight.  Several Congressional committees have sent oversight letters to companies on COVID-19 related issues in recent weeks.  The House of Representatives has formed a Select Committee on the Coronavirus Crisis to be chaired by House Majority Whip Jim Clyburn.  Speaker Pelosi has indicated that the Select Committee would be “empowered to examine all aspects” of the federal COVID-19 response.  If Congress passes additional stimulus measures, it is likely oversight bodies would receive additional appropriations and resources and maybe expanded authorities. This is something for all of us to watch closely.

The obvious historical parallel, particularly with respect to the newly created SIGPR, is to the creation of the Office of Special Inspector General for the Troubled Asset Relief Program (SIGTARP) following the 2008 financial crisis.  SIGTARP is an independent oversight body that was created to investigate financial institution crime and other fraud, waste and abuse related to TARP.  Over a decade since its creation, SIGTARP continues to operate and has reaped hundreds of criminal convictions and billions in penalties. 

The funds being made available now under the CARES Act are vastly more than those included in the TARP.  There is, therefore, every reason to think that CARES Act oversight will be equally, if not more, aggressive than SIGTARP and will continue long after the COVID-19 public health crisis ends and the economy recovers.  Given the recent history of legislation-specific oversight bodies, companies looking to obtain benefits under the CARES Act should be on notice that the federal government will be reviewing and auditing fund applicants and recipients and pursuing significant recoveries from any companies and individuals found to have failed to comply with program requirements.

There are steps a company can take now to ensure that it has access to money that will help it survive these trying times, yet mitigate the chance that it will be investigated and prosecuted in the aftermath.

  • First, and perhaps the most important, is to ensure that legal/compliance has an oversight role in requesting available funds – ensure that your compliance mechanism has a seat at the table before the requests for funds are made. This will allow you to put in place the processes and procedures to make sure everything is done correctly and documented properly. It will also help set up appropriate reporting lines and ensure that everyone in the company knows that compliance is an integral part of the process and program.
  • Second, ensure that any back-up documentation that is created is accurate and truthful. There will be requirements to qualify for funds on the front end as well as requirements to qualify for forgiveness of loans on the back-end. Those requirements will need to be backed up by appropriate and accurate documentation, including corporate governance documents such as board meeting minutes and appropriate resolutions.  Consider assigning responsibility to an individual to ride herd over the process and to make sure that appropriate records are kept to demonstrate that the company is complying with all the rules and recordkeeping requirements.  
  • Third, ensure that the documentation is maintained. Follow good document retention practices. For electronic documents, make sure that they are retrievable through back-ups in case of system failure.  For paper documents, make sure you make electronic copies or have several copies in different locations.  In addition, maintain all communications with the government agencies and financial institutions that provided the funds.  Such communications can be helpful in explaining actions that the company took or did not take during the program. 
  • Fourth, monitor and audit compliance with receipt of CARES Act funds and compliance with documentation procedures. Make this part of your regular audit program and consider making it part of your regular report to your audit committee.  Regular monitoring and auditing will allow for the correction of any missteps that may occur along the way.  Keeping records of this monitoring and auditing process will demonstrate that the company took its obligations seriously.
  • Finally, take seriously and investigate appropriately any whistleblower complaints or hotline allegations about the use of CARES Act funds. This is important for two reasons. One, it gives you a chance to correct a problem when it first arises. It is an early warning system that allows you to act swiftly to nip any problems in the bud.  Two, if the problem is more serious, it gives the company a chance to avoid harsher penalties by investigating thoroughly any fraud and making a voluntary disclosure if appropriate and warranted.  This fits with the Department of Justice’s corporate leniency programs.

Following these steps will help mitigate the risk to your company of receiving funds provided by the CARES Act.

We are experiencing what we hope is a once in a generation public health and economic crisis.  The government is trying to meet that moment with historic levels of stimulus and economic support for businesses across the country.  But it is mindful of the risk of fraud and abuse and has put in place the above oversight systems to police those risks.  We expect this oversight to be aggressive, persistent and enduring.  That is why it is critical to ensure your compliance management system, internal audit function and whistleblower and other complaint response processes are updated to reflect these risks. 


This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.