With great crises comes great compliance risk. The COVID-19 pandemic is no exception. Signed into law just recently, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) will make available an initial $2.2 trillion worth of government funds to mitigate the economic effects of COVID-19.

Former crises, such as Hurricane Katrina, teach us that when the dust begins to settle, and probably sooner, government enforcement actors will aggressively search for fraud in the form of any misrepresentations made to the government to receive these funds, invoking the federal False Claims Act (FCA) and seeking treble damages, fines, and criminal referrals where appropriate. Private lawyers and bounty hunters will be watching closely as well, with many of them seeking opportunities to cash in on a bounty as a whistleblower. In particular, all companies and individuals submitting information to the government in connection with getting any type of claim paid (from a government contract to a Paycheck Protection Program (PPP) loan to a bill for medical services) will face enhanced compliance risk in connection with FCA claims.

Background: The False Claims Act in Times of Crisis and Emergency Government Spending

The FCA[1] is the federal government’s primary tool for combating fraud on the public purse. It presents substantial compliance risk from two directions. First, it provides government enforcement officials with a remedy for treble damages and civil penalties against businesses and individuals who submit materially false claims for payment to the government — whether they do so knowingly or act in deliberate ignorance or reckless disregard of the falsity of the claims. Liability may even follow where a claim for payment is rendered false by a general certification of compliance with a government program’s conditions for payment. Second, it deputizes private plaintiffs to bring qui tam suits as “relators” (whistleblowers) standing in the government’s shoes, incentivized by the allure of a substantial share of the government’s recovery if they prevail.

Crises typically beget heightened government spending, with increased FCA enforcement activity following closely on its heels. Such has been the case with emergency government spending in wartime (e.g., the wars in Iraq and Afghanistan), economic shocks (e.g., the 2008 financial crisis and Troubled Asset Relief Program), public-health emergencies (e.g., the ongoing national opioid epidemic), and natural disasters (which New Orleans-based Jones Walker knows all too well from handling the defense of significant False Claims Act investigations and litigation following Hurricane Katrina).

The COVID-19 crisis is already on track to follow the same pattern on a larger scale. With the enactment of the CARES Act, $2.2 trillion in government funds is being injected into the economy. As detailed in prior Jones Walker client alerts,[2] this spending will impact a wide array of industries, and businesses of all sizes. Hundreds of billions of dollars are being devoted to funding the healthcare, financial, education, and defense sectors, with hundreds of billions more going toward business loans and other relief. And the Department of Justice has already begun “urging the public to report suspected fraud schemes related to COVID-19” and has “directed all US Attorneys to prioritize the investigation and prosecution of Coronavirus-related fraud schemes.”[3] Plaintiffs’ law firms that represent whistleblowers can be expected to follow suit on the qui tam front.[4] In short, the COVID-19 crisis and CARES Act provide fertile ground for FCA enforcement actions and heighten businesses’ associated compliance risk.

Measures to Minimize FCA Exposure amid the COVID-19 Crisis

Given the substantial economic disruption occasioned by the COVID-19 pandemic, many businesses and individuals will understandably be interested in participating in one or more of the relief programs established by the CARES Act. These programs, however, are conditioned on various eligibility requirements and approved uses of program funds. Compliance with those and other requirements is critical for minimizing exposure to FCA enforcement actions by the government and qui tam suits by private whistleblowers. By all current accounts, the CARES Act is very long, very complicated, and in many specific areas subject to numerous interpretations. And down the road, with the benefit of hindsight, the government will decide which interpretations were reasonable and which were not. So how do you make safe decisions?

Review Program Rules Carefully, and Develop Reasonable and Defensible Interpretations.

Generally speaking, a company or individual cannot be held liable under the FCA unless there has been a violation of a material “statutory, regulatory, or contractual requirement.”[5] So the first step in FCA compliance is reviewing all applicable statutory, regulatory, and contractual requirements in connection with a claim for payment from the government to ensure that one’s certifications of compliance are accurate. That task, however, is often complicated by ambiguity of a given provision or tension between competing requirements.

Fortunately, the FCA provides a defense for such cases: where a fund recipient’s conduct is based upon a reasonable interpretation of an ambiguous requirement, and the government has not provided any contrary official alternative interpretation, there is no FCA “knowledge” of falsity as a matter of law.[6] It is not uncommon for the government to provide such official guidance. For instance, the government has already compiled resources for compliance with the Federal Acquisition Regulation (FAR) (which applies to CARES Act applications),[7] which itself is a potential FCA minefield because its requirements persist even in emergency situations. Accordingly, companies seeking government funds amid the COVID-19 crisis can reduce their FCA exposure by actively reviewing all program rules, monitoring official government guidance, and developing a reasonable rationale for their interpretation of any ambiguous requirements.

But make no mistake — seemingly straightforward representations and certifications can be surprisingly complicated. As one example, certifying in the FAR that a business is a Woman-Owned Small Business eligible for a set-aside is not merely stating that the company is majority owned by a woman and qualifies under the SBA as a small business. And some representations specific to the COVID-19 crisis remain unclear. For instance, the SBA’s PPP application form contains numerous questions and certifications that must be answered by the applicant. The form further requires that each of the signatories thereto certifies as follows:

I further certify that the information provided in this application and the information that I have provided in all supporting documents and forms is true and accurate. I understand that knowingly making a false statement to obtain a guaranteed loan from SBA is punishable under 18 USC 1001 and 3751 by imprisonment of not more than five years and/or a fine of up to $250,000; under 15 USC 645 by imprisonment of not more than two years and/or a fine of not more than $5,000; and, if submitted to a federally insured institution, under 18 USC 1014 by imprisonment of not more than thirty years and/or a fine of not more than $1,000,000.

If any of the answers to the questions or certifications on the form are false in any respect, the signatories (as well as the applicant business and potentially others who did not sign the application but directed or participated in a false claim) could be subject to FCA liability. Likewise, it is not yet entirely clear what the government might ultimately determine constitutes a false certification in an application for PPP loan funds asserting that “[c]urrent economic uncertainty makes this loan request necessary to support the ongoing operations of the Applicant.”

Keep a Record.

Companies can further reduce their exposure to FCA liability by documenting their understanding of the underlying rules and communicating that understanding to the government. This includes ensuring that any specific directions from the government are committed to writing, as well as documenting any government modification or waiver of requirements (especially if the government deviation is informal, such as an oral representation). Documenting such things is valuable because they record, in real time, the fund recipient’s and the government’s respective knowledge — issues that go toward the FCA’s elements of “materiality” and “scienter” (i.e., knowledge). For a misrepresentation to create FCA liability, the misrepresentation must be material to the government’s payment decision. Courts have held that if the government continues to pay notwithstanding alleged breach of a requirement, the breach is not likely material to the government’s payment decision.[8] In addition, keeping a record as to the government’s knowledge could negate the knowledge element, especially if the government communicates its own knowledge and approval back to the contractor.[9]

Evaluate Compliance and Reporting Programs, and Adopt Best Practices.

Throughout the COVID-19 crisis and recovery from it, companies should continue to review existing compliance programs and risk-management procedures and should adopt supplemental compliance practices where appropriate to shore up heightened risks posed by the pandemic.

The Department of Justice and other federal enforcement agencies have given significant guidance as to what is considered an effective compliance program,[10] and the exercise of prosecutorial discretion takes into account these preventative measures. An effective compliance program ensures that necessary policies are in place, needed training on those policies occurs, and compliance with those policies is monitored and audited.

As to the current situation, and as a starting point, companies should catalog all statutory, regulatory, and contractual requirements governing their claims for government funds and implement policies and controls around any certifications of compliance with such requirements made to the government. Separately, companies should intensify their efforts to maintain effective internal reporting and compliance certification systems, which are especially important here for two reasons. First, they help the company discover and address potential compliance issues internally. Second, given that many FCA whistleblowers are former employees, expect a rise in whistleblower activity in light of layoffs caused by the pandemic. Committing to an effective internal reporting system on the front end, especially when that system is coupled with internal compliance certifications, mitigates this risk.

Finally, economic stress is unfortunately often associated with bad decisions. Efforts to survive COVID-19’s effects on your business operations should include obtaining whatever federal financial assistance is available, but not at the cost of being saddled with an expensive investigation into avoidable decisions or representations.

Jones Walker is working with clients in a wide range of capacities to help them shift from reacting to COVID-19 to getting out ahead of it. We have been in the trenches and successfully navigated similar problems before, including in large-scale, complex cases during and following the Hurricane Katrina disaster.

If you have questions, we would love to help. Contact the Jones Walker attorney with whom you usually work or any member of the firm’s Corporate Compliance & White Collar Defense Practice Group.

The information in this advisory is provided to our clients for general information purposes and is not intended as legal advice. Always seek counsel before taking any action related to compliance risk.