By Michael Kendall, Tai Park, Kevin Bolan and Karen Eisenstadt

Law360 (April 28, 2020, 5:52 PM EDT) --

Michael Kendall

Tai Park

Kevin Bolan

Karen Eisenstadt

Amid the understandable rush to seek economic relief under the Coronavirus Aid, Relief and Economic Security, or CARES, Act, which Congress has just voted to further expand,[1] companies should pause to consider how this new law might intersect with a very old law: the False Claims Act.[2]

The FCA should be familiar to any business that regularly sells to, contracts with, or receives reimbursements from the government. Enacted during the Civil War to combat widespread defense contractor fraud, the FCA targets and penalizes frauds against the government.

A substantial portion of the CARES Act stimulus will benefit two industry sectors that are the most common targets of FCA enforcement and are already intimate with the FCA: businesses critical to maintaining national security (i.e., almost certainly defense contractors)[3] and health care.[4]

The act also provides hundreds of billions of dollars in benefits for other industries with less exposure to the FCA — the commercial airline industry,[5] midsized businesses,[6] and any other businesses eligible for financial aid that the CARES Act does not already target more specifically.[7]

What some applicants for CARES Act funds may not realize is that requesting loans or loan guarantees from the government can subject any company — even one that otherwise does no business with the government — to FCA enforcement.

Why The FCA and Regulatory Details Matter

Dealing with the government is not quite like dealing with any other business partner.

First, the CARES Act imposes varying qualifications on beneficiaries that demand rigorous compliance — e.g., restrictions on executive pay, dividends, stock buybacks of varying durations; the maintenance of employment levels through Sept. 30; and various application disclosures, including applicants' debt, employment statistics, financial statements, etc.[8]

The CARES Act itself exceeds 850 pages. And the act authorizes various agencies to issue corresponding regulations, which is an ongoing process.[9] There are a lot of rules. Staying abreast of these rules, and figuring out how to comply with them, will be critical.

As just one example, consider recent comments by U.S. Department of the Treasury Secretary Steven Mnuchin interpreting the Paycheck Protection Plan, which requires borrowers to certify that "current economic uncertainty makes this loan request necessary."

According to Mnuchin, public companies with substantial market value probably would not satisfy this requirement, and he warned of "severe consequences for people who don't attest properly to this certification." Mnuchin added that companies that return their loans by May 7 would be presumed to have made their certifications seeking the loans "in good faith." Several public company borrowers have responded by paying back their loans.[10]

Second, the government will enforce its rules, and the FCA is an important toll that the government uses to root out fraud and abuse in federally funded programs. The sheer amount of funds available under the CARES Act means that the government and public scrutiny under the law will be immense.

In fact, this is exactly what happened with the Troubled Asset Relief Program. During the Great Recession of the 2000s, Congress created TARP, as well as a special inspector general to investigate alleged TARP waste, fraud and abuse.

The special inspector general still operates today. In its last quarterly report to Congress, the special inspector general noted that its investigations had recovered $11 billion, and had resulted in 381 criminal convictions — at a 96% conviction rate.[11]

The CARES Act creates a similar special inspector general position,[12] which is widely expected to pursue similar enforcement objectives concerning CARES Act beneficiaries. There are also three other monitoring authorities created by the CARES Act to ensure the funds are being allocated appropriately.

And, unlike its treatment of TARP beneficiaries, the Federal Reserve has committed to publicly disclosing the names of borrowers under its CARES Act lending facilities.[13]

Third, the FCA is different from other fraud laws. It enables the U.S. Department of Justice to pursue civil remedies, and thus, the burden of proof is much lower than for criminal fraud. At the same time, damages and penalties under the FCA are potentially much higher than what a business might face in a garden-variety commercial dispute.

In our experience, the expense necessary for careful planning and ongoing FCA compliance can cost a fraction of the expenses — as well as damages and statutory penalties — in the event of government FCA scrutiny. Accordingly, for businesses that have not historically done business with the government, a critical investment during this time of crisis is to understand how the FCA works, and what makes it a uniquely powerful enforcement tool.

FCA Basics

The FCA targets fraud by individuals and entities that seek payment for goods and services paid in part by the U.S. government or that seek money from federally funded programs. Several features of the FCA differ significantly from other fraud laws.

First, the act creates liability for specific conduct.

• Claims can be false for both explicit and implicit reasons. Claims can be expressly false on the facts, e.g., billing for something you did not provide, or falsely certifying compliance with a law or condition. Claims also can be false implicitly, as when an entity submits claims for payment, thereby implicitly certifying its compliance with various applicable regulations, but the entity has not complied with those regulations.[14]
  
  
• The government does not need to have provided the payment or approval for the entity submitting the claim to be held liable.[15] In other words, submitting a false application for CARES Act assistance can create liability, even if applicants get no aid.
  
  
• Making or using false records or statements material to a false claim can create liability, even if it is another entity that submits such false records or statements to the government.[16] As a result, an entity (e.g., a loan applicant) can be liable even if it is not the entity submitting the request for government funding (e.g., a bank). This is one of the ways Congress amended the FCA in 2009 in response to the last economic crisis to expand the FCA's reach.
  
  
• Concealing or improperly avoiding an obligation to transmit money to the government can create liability.[17] That is, if an entity has received money from a federal program — and later learns that it was not qualified to receive or retain that money — it can be liable if it does not return the money to the government. Such reverse false claim liability is another result of the 2009 amendments to the FCA.

For CARES Act beneficiaries, the most likely sources of potential liability may arise from material misstatements of fact in loan/loan guarantee applications — which will vary widely by program — or the failure to satisfy loan qualifications tied to longer-term deadlines (e.g., the maintenance of certain employment levels, the avoidance of stock buybacks, etc.).

That pattern would be consistent with recent FCA enforcement actions[18] and settlements[19] in which federal loan applicants and related entities engaged in questionable conduct — or made allegedly false statements — to qualify for those loan programs.

Second, CARES Act beneficiaries need not specifically intend or even knowingly make false claims to be liable under the FCA.[20] Instead, the FCA remains a constant compliance concern because of the broad definition it applies to the word "knowingly" — which is the intent standard for each category of conduct that can create FCA liability.[21]

The FCA defines "knowing" and "knowingly" to include both "actual knowledge," as well as "deliberate ignorance" and "reckless disregard."[22] Though these latter two standards require more than mere negligence, they do not require the government to prove actual knowledge of fraud.

Moreover, under FCA precedent, as in many other contexts, companies are deemed to know what their employees know.[23] The systems that CARES Act financial aid applicants put in place (or choose not to put in place) to ensure compliance can, therefore, be a critical aspect of determining their knowledge.

Third, the FCA has powerful remedy provisions that are unlike ordinary civil lawsuits. Liable defendants must pay actual damages times three,[24] plus civil penalties ranging from $11,181 to $22,363 for each false statement or claim.[25]

In 2019 alone, the DOJ collected settlements and judgments in FCA cases that exceeded $3 billion.[26] What this means here is that, for defendants that were not entitled to CARES Act loans but claimed them anyway, liability could total the full value of the loans times three.

We expect oversight authorities to scrutinize eligibility claims particularly closely because the CARES Act relaxes loan qualifications for some programs precisely to make their benefits available to entities that could not have qualified for any federally funded, pre-CARES Act loan programs.

Fourth, the FCA empowers whistleblowers to pursue FCA claims on the government's behalf[27] and incentivizes them to do so by entitling them to between 15% and 30% of any FCA settlements or judgments arising from their claims.[28]

Whistleblowers can come in many guises — current and former employees, contractors, sometimes even competitors. The purpose of the FCA's whistleblower, or qui tam, provisions is to allow the government to find out about fraud that might otherwise remain hidden.

The FCA also protects whistleblowers from retaliation by their employers due to their lawful acts to stop FCA violations.[29] Of the $3 billion that the DOJ recovered in settlements and judgments in 2019, about two-thirds derived from cases initiated by whistleblowers,[30] with the whistleblowers collectively claiming $265 million from these settlements and judgments.[31]

The FCA also amplifies the power of whistleblowers in another way. The DOJ, once alerted that a person or company might possess information relevant to a FCA investigation, has the power to seek information, including the production of documents, from those targets.[32] However, the targets do not have similar rights to take discovery, or even the right to learn the whistleblower's identity, until they become defendants in active FCA litigation.

How to Minimize FCA Compliance Risks

There is a common saying that it is easier to ask for forgiveness than permission. The economic distress caused by the coronavirus pandemic will present unprecedented pressures on individuals, companies and other institutions — and may mislead some of them to believe that those are words to live by.

That would be a mistake when it comes to the FCA.

To cite only one example, in U.S. ex rel. Kraus v. Wells Fargo & Co., two whistleblowers alleged that financial institutions acquired by Wells Fargo falsely certified that they qualified for a loan program that the Federal Reserve Board created in December 2007 "to increase liquidity in financial markets at the outset of the financial crisis."[33]

The district court had originally dismissed the whistleblowers' complaint. But as the U.S. Court of Appeals for the Second Circuit observed in its November 2019 decision vacating the district court's decision: "Fraud during a national emergency against entities established by the government to address that emergency by lending or spending billions of dollars is precisely the sort of fraud that Congress meant to deter when it enacted the FCA."[34]

Promote a culture of compliance.

The DOJ has offered guidance on corporate compliance programs, and these factors often inform enforcement and settlement discussions. One key factor is tone at the top.[35] The extent to which senior leadership promotes a culture of compliance will be of special interest in the event of an FCA investigation.

Preserve compliance resources.

In times of economic crisis, many businesses will justifiably focus on how to improve financial results, and scrutinize the value of cost centers, such as compliance. Companies should not scrimp on compliance. The best way to minimize FCA risk — and to counter the contention that any regulatory error resulted from the company's recklessness or deliberate ignorance — is to focus on compliance.

Compliance personnel can serve as a centralized source of regulatory knowledge — to educate business partners on regulatory requirements; to reinforce policies, procedures, monitoring and reporting processes that promote compliance; and to follow up on reports of alleged compliance missteps, failures or outright fraud.

Centralizing these efforts should be a constant priority in complex organizations to minimize inevitable problems that arise when the left hand doesn't know what the right hand is doing. With so many organizations working remotely, such centralized compliance efforts are even more critical.

Be vigilant.

Inevitably, businesses will need to confirm, over time:

• Is the information that was submitted to obtain public funding still accurate?
• Does the business still qualify for the aid — for the entire term of the aid?
• Is the business using money from federal programs for its intended purpose?

Some of the ways that CARES Act beneficiaries could run afoul of the FCA are fairly obvious, e.g., beneficiaries could improperly increase executive pay, engage in a prohibited stock buyback, or fall short of employment totals.

Compliance personnel are often critical because they can help businesses manage the less obvious, more technical risks. The original CARES Act, as we already have seen, will not be the last word on federal stimulus and its regulatory requirements, rules, and conditions.

When in doubt, disclosure is often the best option.

The scrutiny applied in FCA cases tends to be higher than in private litigation, and whistleblowers looking to collect a large judgment may take facts out of context. Thus, if there is uncertainty about what should be disclosed, a company may want to view the issue with a more demanding lens.

Government knowledge can be a crucial FCA defense, because it rebuts both the inference of knowledge and of materiality. As one court has put it: "Since the crux of an FCA violation is intentionally deceiving the government, no violation exists where the government has not been deceived."[36]

Take reports of potential compliance deficiencies — and the people who make them — seriously.

Many whistleblowers identify legitimate, meritorious issues; and many of them also try to elevate compliance risks internally before filing an FCA lawsuit.

Ideally — as a result of applying the preceding recommendations — an organization with a compliance-oriented culture will have the advantage of discovering potential problems and the benefit of addressing them internally before having to do that same work while simultaneously responding to inquiries from regulators and law-enforcement personnel.

But the incentives for whistleblowers to initiate internal reports inevitably diminishes if whistleblowers perceive that the organization does not take them or their allegations seriously. Those incentives can dissolve further when potential whistleblowers leave an organization on bad terms.

Businesses will have to make tough choices in the coming months. How they make those choices, communicate their decisions, and treat employees as they depart can dramatically affect perceptions of compliance issues as mistakes versus fraud.

Document good faith conduct and decision-making.

The effort to produce the CARES Act was admirable, but rushed. Rule-making by federal agencies typically takes months, if not years, not just days as in the case of the CARES Act. As actual and potential beneficiaries continue to scrutinize the CARE Act's federally funded benefits, ambiguities in the act and its implementing regulations are sure to arise.

It is critical that businesses, when interpreting these ambiguities, form objectively reasonable interpretations, document those interpretations, and ensure that there is no interpretive guidance from agencies that conflicts with the company's interpretation.

The reason is simple, as the U.S. Court of Appeals for the D.C. Circuit reaffirmed in U.S. ex rel. Purcell v. MWI Corp.: "[T]he FCA does not reach an innocent, good faith mistake about the applicable meaning of an applicable rule or regulation."[37]

Finally, in addition to the fraud and abuse oversight that the CARES Act provides for,[38] the U.S. House of Representatives announced likely overlapping scrutiny through a new House Select Committee on the Coronavirus Crisis.[39]

Efforts to ensure accountability of such unprecedented federal financial support is surely necessary. But where that authority is decentralized and overlapping, the risks of inconsistent standards and politically charged scrutiny will only increase — reinforcing the need for beneficiaries of federally funded programs to always act in good faith.

---

Michael Kendall, Tai Park and Kevin Bolan are partners, and Karen Eisenstadt is counsel at White & Case LLP.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

[1] See, e.g., Andrew Kragie, $484B COVID-19 relief bill headed to Trump's desk, Law360 (Apr. 23, 2020); Aaron Gregg and Renae Merle, Thousands flood banks as federal small-business loan program begins with bankers expressing worries, Wash. Post (Apr. 3, 2020), https://www.washingtonpost.com/business/2020/04/02/federal-small-business-loan-program-faces-rocky-start-bankers-pump-breaks/.

[2] 31 U.S.C. §§3729-3733.

[3] CARES Act §4003(b)(3).

[4] E.g., CARES Act §§ 3001-3404.

[5] E.g., CARES Act §4003(b)(1).

[6] E.g., CARES Act §4003(c)(3)(D).

[7] E.g., CARES Act §4003(b)(4).

[8] E.g., CARES Act §4004.

[9] E.g., CARES Act §§1006, 1009, 1114, 4003.

[10] Bryan Pietsch, Publicly traded companies have 2 weeks to give back loans intended for small businesses or face 'severe consequences,' Treasury Department says, Business Insider (Apr. 23, 2020), available at https://www.businessinsider.com/treasury-department-public-companies-give-back-small-business-loans-report-2020-4.

[11] Letter from Christy Goldsmith Romero, SIGTARP, for Oct. 1 through Dec. 31, 2019, to U.S. Congress, https://www.sigtarp.gov/Quarterly%20Reports/SIGTARP_First_Quarter_Report_Letter.pdf.

[12] CARES Act §4018.

[13] See Catarina Saraiva and Craig Torres, Fed to name participants in CARES Act-backed loan programs, Wash. Post (Apr. 24, 2020), available at https://www.washingtonpost.com/business/on-small-business/fed-to-name-participants-in-cares-act-backed-loan-programs/2020/04/23/631a3110-8593-11ea-81a3-9690c9881111_story.html.

[14] See, e.g., United States ex rel. Escobar v. Universal Health Servs. , 136 S. Ct. 1989, 1995 (2016).

[15] 31 U.S.C. §3729(a)(1)(A).

[16] 31 U.S.C. §3729(a)(1)(B).

[17] 31 U.S.C. §3729(a)(1)(G).

[18] See generally, e.g., United States v. Hodge, 933 F.3d 468 (5th Cir. 2019) (affirming FCA judgment resulting in $300M in damages and penalties against loan correspondent, lender, and their owner arising from concealment of origination of Federal Housing Authority loans from unregistered branches and reckless underwriting); U.S. Dep't of Justice, Participants in Hospital Development Project Resolve Alleged Liability for Improperly Obtaining Government-Insured Loan (June 12, 2019), https://www.justice.gov/opa/pr/participants-hospital-development-project-resolve-alleged-liability-improperly-obtaining (settlement of allegedly similar scheme).

[19] See, e.g., U.S. Dep't of Justice, United States Files False Claims Act Complaint against Participants in Hospital Development Project for Improperly Obtaining Government-Insured Loan and Misusing Loan Funds (Sept. 25, 2019), https://www.justice.gov/opa/pr/united-states-files-false-claims-act-complaint-against-participants-hospital-development (alleged "scheme to improperly obtain an FHA-insured loan to build the Lakeway hospital by delaying refunds to investors who had cancelled their investments to make it appear as if the project satisfied mortgage covenants regarding the cash on hand required to close the loan").

[20] 31 U.S.C. §3729(b)(1)(B).

[21] 31 U.S.C. §3729(a)(1).

[22] 31 U.S.C. §3729(b)(1)(A).

[23] See, e.g., United States v. Anchor Mortgage Corp., 711 F.3d 745, 747-48 (7th Cir. 2013) (affirming FCA liability against a mortgage company and its CEO arising from their false statements when applying for federal loan guarantees).

[24] 31 USC §3729(a)(1).

[25] 31 USC §3729(a)(3). These are inflation-adjusted penalties.

[26] See generally U.S. Dep't of Justice, Justice Department Recovers over $3 Billion from False Claims Act Cases in Fiscal Year 2019 (Jan. 9, 2020), https://www.justice.gov/opa/pr/justice-department-recovers-over-3-billion-false-claims-act-cases-fiscal-year-2019.

[27] 31 U.S.C. §3730(b).

[28] 31 U.S.C. §§3730(d)(1) & (2).

[29]  31 U.S.C. §§3730(h)(1).

 Whistleblowers need not prove an actual FCA violation to prove an FCA retaliation claim. See, e.g., Graham County Soil & Water Conservation Dist. v. United States ex rel. Wilson , 545 U.S. 409, 416 n.1 (2005). Instead, as the First Circuit reaffirmed last year in Guilfoile v. Shields , "[A] a plaintiff must sufficiently plead that he or she was retaliated against based on conduct that reasonably could lead to a viable FCA action." 913 F.3d 178, 188 (1st Cir. 2019).

[30] U.S. Dep't of Justice, Justice Department Recovers over $3 Billion from False Claims Act Cases in Fiscal Year 2019, at 1 (Jan. 9, 2020), https://www.justice.gov/opa/pr/justice-department-recovers-over-3-billion-false-claims-act-cases-fiscal-year-2019.

[31] Id. at 4.

[32] 31 U.S.C. §3733.

[33] No. 18‑1746, slip op. at 9 (2d Cir. Nov.21, 2019).

[34] Id. at 29.

[35] See, e.g., Criminal Division, U.S. Dep't of Justice, Evaluation of Corporate Compliance Programs, at 1, 9 (Apr. 2019), https://www.justice.gov/criminal-fraud/page/file/937501/download; id. at 9 ("Prosecutors should examine the extent to which senior management have clearly articulated the company's ethical standards, conveyed and disseminated them in clear and unambiguous terms, and demonstrated rigorous adherence by example.").          

[36] United States ex rel. Lamers v. City of Green Bay, 998 F. Supp. 971, 987 (E.D. Wis. 1998), aff'd, 168 F.3d 1013 (7th Cir. 1999); see also, e.g., United States ex rel. Becker v. Westinghouse Savannah River Co. , 305 F.3d 284, 289 (4th Cir. 2002) ("Today, we join with our sister circuits and hold that the government's knowledge of the facts underlying an allegedly false record or statement can negate the scienter required for an FCA violation.").

[37] 807 F.3d 281, 287 (D.C. Cir. 2015).

[38] See n.17 supra.

[39] Letter from U.S. House of Representatives Pelosi (Apr. 2, 2020), https://www.speaker.gov/newsroom/4220.

For a reprint of this article, please contact reprints@law360.com.