This article is the first in a series addressing what companies can do now to protect themselves during later government investigations and enforcement actions related to COVID-19 relief funding. In this article, we provide general practice tips applicable to all industries. Future articles will target compliance issues related to specific areas and industries—health care, finance, government contracting, and labor and employment—and what companies can do to reduce the risk when accepting government aid.

Unprecedented Funding

The government has distributed an unprecedented amount of money in response to the COVID-19 pandemic. Under the Coronavirus Aid, Relief and Economic Security (CARES) Act, for example, the government is providing over $1 trillion through loans, grants and tax credits. Companies in the health care and financial industries, government contractors and many other businesses have all received government help.

The government, to its credit, has moved quickly to make funding available to companies in need. As a result, many government agencies have shifted their focus to responding to the pandemic and distributing allocated funds—with all requests and distributions of money completed as quickly as possible.

Later Scrutiny Guaranteed

Inevitably, though, the government will turn its attention to scrutinizing how companies obtained and used relief funds. Consider the government's response to the 2008 financial crisis. After authorizing $475 billion in disbursements under the Troubled Asset Relief Program, Congress created a Special Inspector General (SIGTARP) to monitor relief funding. As a result of SIGTARP investigations, the government brought 24 enforcement actions against corporations, convicted over 380 people of crimes and returned more than $11 billion to the government and other victims. SIGTARP investigations continue today, more than a decade after the crisis began.

The government also established the multi-agency Financial Fraud Enforcement Task Force to pursue actions under the federal False Claims Act (FCA), the government's primary enforcement tool against government fraud. FCA investigations and actions relating to the 2008 financial crisis brought by the government and private whistleblowers have resulted in billions of dollars of recoveries, including a $16.65 billion settlement in 2014 with Bank of America.

Already the government has positioned itself to take similar actions in response to the COVID-19 pandemic. Congress created a Special Inspector General for Pandemic Recovery (SIGPR) to oversee CARES Act funding distribution. And U.S. Attorney General William Barr instructed the Department of Justice to "remain vigilant in detecting, investigating, and prosecuting wrongdoing related to the crisis." Potential whistleblowers and the plaintiffs bar will likewise hunt for potential actions to bring.

What to Do Now

There are several primary sources of risk tied to coronavirus relief funding, including:

• Eligibility requirements.
• Representations in applications.
• Use of funds.
• Follow-on certifications.

There are steps prudent companies can take now, while still in crisis, to move forward with needed funding while reducing their risk in later government investigations and enforcement actions. An important consideration is that significant time may elapse between now and when any government investigation occurs. Companies should focus on documenting why they made particular decisions so they can explain their actions later when potentially faced with allegations of nefarious intent. This is especially important in the context of COVID-19 when, not only are companies having to act fast, but the government is changing its guidance even as it disburses funds.

Within this framework, here are key steps companies can take to reduce risk and be prepared for a future investigation:

• Leverage compliance resources. Use existing compliance resources to assess government requirements and take account of any new/changing requirements. Create documentation now that explains the known requirements for applicants at the time of funding, demonstrates what guidance the company relied on when applying for funding and using funds and establishes the efforts to monitor changing requirements and use of funds.
• Document the application/funding process. Before you receive any money, maintain documentation used to support your application for funding. Keep copies of all documents submitted to the government, including follow-up emails or questions related to the submission, and amendments or modifications to any submission. Also, keep other documentation supporting the decision to apply for funding. This may be published government guidance, communications with government employees or industry resources. If your company relied on it at that time, keep a record of it.
• Document how money is ultimately used. Create clear documentation showing how your company used the funding. These documents should show who was involved in the decision-making and why they decided to use the money for each purpose. Keep all correspondence with the government, lender or dispersing agent. If the money is used differently than initially planned, document why that changed, the support or basis for making the change and the understanding for any eligibility to do so.
• Schedule an interim internal review. Most importantly, plan now to perform an internal review once the crisis begins to abate and before too much time has passed to reliably do so. Designate from the beginning the individuals or team responsible for the review and a reasonable timeline for the review to be performed. After completion, confirm and describe the review and compliance efforts to senior management. Be the first to identify any potential problems so you can proactively address them on your terms. Review the process for obtaining funding. Did your company meet all the requirements? Was the application accurate and complete? Do you have all supporting documentation? Review any changes or updates to government guidance for any inconsistencies with your previous understanding. Review how your company used the funding it received and any subsequent representations made to the government. Discuss with counsel any corrections or disclosures that need to be made.
• Respond to complaints. Be responsive to issues raised by employees (or others), who may feel dissatisfied due to changes caused by the pandemic. Take these opportunities to double-check your process and address any concerns. Again, maintain documentation of any complaints, the company's response, and its rationale. Hopefully, companies already have informed processes for handling matters raised by potential whistleblowers, which should be applied to these fast moving issues.
• Preservation. Be intentional about preserving the document trail that supports your decision-making or you may be limited to documents in the government's files or that a whistleblower has taken from the company. Coordinate with your team to identify all relevant documents and ensure they are stored and backed-up in a format that eliminates the risk of loss. Common preservation issues concern automatic purging of files and emails, offsite storage of hard-copy documents, loss of laptops or files not stored on a shared drive and controlled solely by an employee, and crashed or replaced systems.

Following these steps, and especially scheduling an interim internal review, will help your company reduce its risk by demonstrating its compliance and heading off any government or whistleblower-generated investigation into COVID-19 relief funding.

Please stay tuned for future articles discussing specific compliance issues and steps to take in health care, finance, government contracting, and labor and employment.

Lisa Rivera is a member in the Nashville, Tennessee, office of Bass, Berry & Sims. She advises companies related to internal and government investigations, compliance issues, and enforcement matters. She previously served as an assistant U.S. attorney (AUSA) for more than a decade in the U.S. Attorney's Office for Puerto Rico and the Middle District of Tennessee, where she served as civil and criminal health care fraud coordinator. As an AUSA, Rivera handled numerous civil and criminal investigations and trials related to government funding and reimbursement, including disaster relief funding, government subsidized loans and grants. Rivera can be reached at [email protected].

Brian Irving is an associate in the Nashville office of the firm. He counsels clients in civil litigation and government investigations, focusing on health care fraud, securities fraud, and business disputes. Irving can be reached at [email protected].