Don't Let Money Cost Too Much: Safeguarding Against Enforcement Actions Related to COVID-19 Stimulus Funds

Footnotes for this article are available at the end of this page.

Criminal Willie Sutton was once asked why he robbed banks. 

His response:  “Because that’s where the money is.”


With the enactment of the CARES Act on March 25, 2020, the U.S. government appropriated $2.2 trillion to counteract the havoc wrecked on the American economy by COVID-19 – the largest economic stimulus package in history. Since then, more legislation has been passed to provide hundreds of billions of dollars in additional funding to support the American economy.  History teaches that a rapid influx of funding – this time in an unprecedented amount – inevitably leads to an increase of fraudulent activity.  To be sure, with trillions of dollars deployed by the government in such a short time frame, the temptation may very well be overwhelming for intentional bad actors.  However, the new and hastily drafted regulations that accompany these funds also increase the risk of compliance missteps and mistakes that can just as easily give rise to law enforcement knocking on the door of legitimate companies conscientiously trying to follow the law.

Given the size and scope of the government aid here, front-end oversight will necessarily be limited.  Such limited front-end oversight, coupled with huge sums of money being quickly distributed, will likely lead to increased enforcement activity and a desire to seek out and mete out punishment against wrongdoers as examples to deter others.  With past disasters and their stimulus responses as a guide, state and federal governments announced COVID-19/CARES Act fraud task forces shortly after funds began to flow.  Officers and directors making decisions today should expect to be scrutinized by both government regulators and whistleblowers in the years to come.

Companies and individuals applying for and receiving stimulus funding must take special care with compliance and proper stewardship of those funds.  The government has an arsenal of both criminal and civil enforcement powers to prosecute suspected malfeasance.  The costs of defending against an investigation – both financial and reputational – can be devastating even if no wrongdoing is found.  Once an investigation starts, it can sometimes be hard to stop as the investigators may fall prey to confirmation bias. 1  The risk of confirmation bias will only become higher in the emotionally-charged environment caused by the global pandemic.  Moreover, increased enforcement activity can lead to the collateral consequences of innocent companies and individuals being investigated.

This article first covers some historical fraud task force investigations in the wake of previous disasters and stimulus responses.  Next, it explores the potential charges and enforcement powers the government will be able to deploy in investigating fraud related to COVID-19 relief, including a discussion of the oversight measures already created by the CARES Act.  Finally, it provides some considerations to keep in mind as companies and individuals navigate stimulus relief and attempt to protect themselves in already difficult circumstances.

Prior Disaster/Stimulus Fraud Task Force Investigations

There is an established history of increased government scrutiny and investigations in the wake of national disasters.  This is due, at least in part, to the uniquely intense public pressure to prevent abuse of government relief programs.  Two notable task forces worth examining were implemented after Hurricane Katrina and as part of the stimulus programs formulated to mitigate the 2008 financial crisis.  Both situations share key similarities with the economic stimulus responses to COVID-19, making a review of these past enforcement efforts particularly helpful in anticipating the potential investigatory risks in the current environment.

Hurricane Katrina:

On September 8, 2005, in response to the natural disaster Hurricane Katrina, the Department of Justice (DOJ) established the Hurricane Katrina Task Force (later renamed the Disaster Fraud Task Force), assigned to the mission of “combating all types of fraud relating to private-sector and government efforts to help victims of natural and manmade disasters to rebuild their lives and their communities.”2   Ultimately the initiative became the National Center for Disaster Fraud (NCDF), the national coordinating agency within the Criminal Division of DOJ devoted to the investigation and prosecution of fraud related to relief funding in the wake of such disasters as Katrina, Hurricane Rita, the Deep Water Horizon oil spill, the earthquake in Haiti, Superstorm Sandy, and Hurricane Matthew.  The NCDF is operational to this day, and the DOJ has directed the public to use the NCDF hotline to report any COVID-19 related fraud.3

In connection with the billions of dollars in relief issued in the wake of Hurricane Katrina (and Hurricane Rita that same year), federal prosecutors charged over 1,400 companies and individuals with fraud.  Among the types of fraud identified, the Task Force highlighted charity scams, government and private-sector benefit fraud, identity theft, contract and procurement fraud, and public corruption.  It attributed its success in recovering over $500 million through these prosecutions to “the extraordinary level of continuing cooperation between federal, state, and local law enforcement agencies, including the Inspectors General community.”4

Congress also took action to complement the intensified enforcement activity in response to Katrina-related fraud.  In 2007, it passed the Emergency and Disaster Assistance Fraud Penalty Enhancement Act, codified at 18 U.S.C. § 1040.  The law created a new offense whereby it became a separate crime to knowingly engage in fraud or make a false statement involving a benefit paid out for disaster relief.  The term “benefit” is defined in the statute as “any record, voucher, payment, money or thing of value, good, service, right, or privilege provided by the United States, a State or local government, or other entity.”  The law also enhances the penalty for wire or mail fraud in connection with disaster relief to a potential term of imprisonment of up to 30 years.

The varied investigations and prosecutions illustrated the extent of the greed and the potential for misdeeds created by an influx of so much money.  In one highly publicized case from 2007, which did not even involve federal funds, two brothers were sentenced to 111 months and 105 months in prison, respectively, for their roles in fraudulently operating a Web site that purported to raise money on behalf of the Salvation Army for Hurricane Katrina victims. The defendants registered on September 3, 2005, less than a week after Hurricane Katrina struck New Orleans. The website stated that it was “The Salvation Army International Home Page” and falsely purported to solicit charitable donations for Hurricane Katrina, and later Hurricane Rita, relief. A link on the website directed contributors to donate via PayPal. The defendants created numerous accounts with the service and registered those accounts using the names and identification information, including Social Security numbers, of other individuals not involved in the fraudulent scheme. The accounts, however, were linked by the brothers to bank accounts belonging to one or both of them. The fraudulent website collected more than $48,000 before all the accounts were frozen.

In 2008, the minister of Pilgrim Missionary Baptist Church was sentenced to 17 months in prison for mail fraud in connection with Katrina disaster-relief funds. The congregation’s building was devastated by flood water from the storm.  The church did not have flood insurance, so the congregation applied for a Small Business Administration (SBA) loan and additional grants to offset the cost of rebuilding. The church was awarded a $252,000 disaster loan from the SBA and a $35,000 grant, the disbursement of which the minister redirected to his own personal bank accounts and did not use for rebuilding the church.

In 2010, the government brought a civil case under the False Claims Act against C. Henderson Consulting, Inc. (CHCI) and its owner and executive vice president for falsely holding themselves out as an ambulance company in order to win a contract with FEMA ultimately worth nearly $19 million.  According to the complaint, despite lacking any experience, Henderson represented himself to federal agencies as the owner of an ambulance company able to provide properly equipped ambulances and qualified staff to operate them.  After winning the FEMA contract, Henderson and his company quickly cobbled together relationships with subcontractors who were able to provide some ambulances and personnel, but not enough of either. However, CHCI proceeded to bill FEMA for ambulances it never provided. On September 4, 2005 – six days after Katrina struck New Orleans – CHCI billed for 19 ambulances when it actually provided 11. On September 10, CHCI charged FEMA for 66 ambulances but only provided 27.  FEMA took them at their word and overpaid.  Henderson ultimately settled the case with the government for a $2.9 million penalty.

2008 Financial Crisis:

During the 2008 financial crisis, Congress established emergency government stimulus programs analogous to the CARES Act, including the Troubled Asset Relief Program (TARP) “to implement programs to stabilize the financial system.”5  Regulatory oversight was included in the legislation establishing TARP, specifically, the Office of the Special Investigator General for the Troubled Asset Relief Program (SIGTARP).  SIGTARP, which remains active to date, “is a federal law enforcement agency and an independent audit watchdog that targets financial institution crime and other fraud, waste, and abuse related to TARP.”6  According to its own reporting, the Office’s investigations of individuals, banks, and corporations for fraud have led to 438 criminal charges and $11 billion recovered.

In 2013, the former CEO and Chairman of the Bank of the Commonwealth was convicted of bank fraud, false statements, and related offenses after a ten-week jury trial and sentenced to 23 years in prison in connection with attempts to use $28 million in TARP relief funds to account for and conceal losses due to faulty loans and other criminal banking activity.  SIGTARP’s investigations into potential waste and abuse by TARP recipients uncovered the wider criminal conduct.

In 2015, General Motors entered into a Deferred Prosecution Agreement (DPA) with the government to resolve highly publicized criminal charges related to the concealment of a potentially deadly ignition switch safety defect in certain lines of vehicles the company produced.  SIGTARP was involved in the investigation of the misconduct due to the fact, that during the relevant period, General Motors received $50 billion in TARP relief.

Goldman Sachs, Ally Bank, and Morgan Stanley were investigated by DOJ when these investment banks traded securities through a TARP program that resulted in losses to investors.  Moreover, they had received TARP relief after knowingly making fraudulent misrepresentations to investors.  Each bank ultimately settled with the government in 2016, whereby Goldman Sachs paid a $5.06 billion penalty, Ally Bank discontinued operations and paid a $52 million penalty, and Morgan Stanley paid a $2.06 billion penalty.  Again, SIGTARP had investigated the activity due to the fact that the entities had received TARP funds.

What Can Be Learned from Past Investigations?

As seen with the Hurricane Katrina and Financial Crisis fraud task forces, the government has a number of statutes available to prosecute potential wrongdoers.  On the criminal side, there are the traditional fraud statues (mail fraud, wire fraud, bank fraud).  Also, as noted above, 18 U.S.C.  1040 provides additional penalties if the fraud is related to disaster relief.  Other applicable criminal laws include 18 U.S.C.  1001, which prohibits making false statements to the government, for example, on applications for disaster relief and certifications as to the use of disbursed funds.

The False Claims Act (FCA), codified at 31 U.S.C. § 3729, is the primary civil enforcement tool for the government.  It penalizes those who knowingly present or cause to be presented a false claim for payment to the government.  It also imposes liability on anyone who knowingly avoids or conceals an obligation to return money to the government, which is known as a “reverse false claim.”  31 U.S.C. § 3729(a)(1)(G).  Thus, while traditional FCA cases involve a “claim” for payment, a reverse false claim requires that a provider retains money that it is obligated to return to the government due to a false statement or certification of compliance.  Both traditional and reverse FCA liability are subject to treble damages plus additional penalties.

COVID-19 Response Initiatives and CARES Act Oversight:

DOJ took care early on to establish its aggressive stance on COVID-19 related fraud.  On March 16, 2020, Attorney General William Barr issued a memorandum to all U.S. Attorneys to prioritize detection, investigation, and prosecution of all criminal conduct related to the COVID-19 pandemic, which was followed by Deputy Attorney General Jeffrey Rosen’s further directive to “each U.S. Attorney to appoint a Coronavirus Fraud Coordinator to serve as the legal counsel for the federal judicial district on matters relating to the Coronavirus, direct the prosecution of Coronavirus-related crimes, and to conduct outreach and awareness.”  Other federal authorities followed suit in focusing on keeping the public safe during the COVID-19 emergency.  The Co-Directors of the Securities and Exchange Commission (SEC) Division of Enforcement issued a rare public statement regarding “the importance of maintaining market integrity and following corporate controls and procedures” at this time.  Similarly, the Chairman of the Federal Trade Commission (FTC) issued a statement regarding its continuing work to protect consumers from deceptive and unfair commercial practices.

Since that time, there have already been a number of investigations publicized.  The FBI announced that it had received and reviewed more than 3,600 complaints related to COVID-19 scams as of April 21, 2020, many of which operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams.  Decisions to prosecute criminally and to pursue civil remedies have been equally swift.

On April 24, DOJ filed a criminal complaint against Amardeep Singh alleging violations of the Defense Production Act of 1950 by hoarding personal protective equipment (“PPE”) at a warehouse in Brentwood, New York and price-gouging customers of his retail store in Plainview, New York.  If convicted, Singh faces up to one year in prison.

Again on April 24, a Federal District Court in Texas issued a permanent injunction against a purported “ozone therapy” center in Dallas prohibiting it from offering unproven treatments for coronavirus disease.  According to court filings, the proprietor told a caller posing as a potential customer that although ozone could be dangerous, the center’s treatment was safe, would sanitize anything, and would eradicate viral or bacterial infections.  The proprietor further claimed to individuals and through social media that the treatments were 95% effective for someone who had tested positive for COVID-19 and were recommended by “doctors.”

On April 27, a federal court unsealed a criminal complaint whereby the DOJ charged Donald Allen and Manuel Revolorio with conspiracy to commit wire fraud by seeking more than $4 million from a purported purchaser of PPE that the defendants did not own nor otherwise have authorization to sell.  The defendants were arrested that same day in California.

In addition to federal law enforcement efforts to combat fraud, the CARES Act creates specific oversight for stimulus money.  The Act established a Special Inspector General for Pandemic Recovery (SIGPR) to operate within the Treasury Department to be responsible for conducting, supervising and coordinating “audits and investigations of the making, purchase, management and sale of loans, loan guarantees, and other investments” under any program established under the Act.  The SIGPR is slated to operate for the next five years.

The Act also created the Pandemic Response Accountability Committee, tasked with conducting, coordinating and supporting inspectors general in the oversight of covered funds in order to “detect and prevent fraud, waste, abuse, and mismanagement; and mitigate major risks that cut across programs and agency boundaries.”  The Committee includes the Inspectors General of the Departments of Defense, Education, Health and Human Services, Homeland Security, Justice, Labor, and Treasury, as well as the IGs for the Small Business Administration and Tax Administration.  In addition, the newly created Congressional Oversight Commission, comprised of five members selected by majority and minority leadership from the House and Senate, is authorized to conduct oversight of the implementation of the stimulus package by Treasury and the Federal Reserve by holding hearings, taking testimony, receiving evidence, and issuing reports through September 30, 2025.

Given the fact that the rounds of relief funding made available by the passage of CARES have now been applied for and are being dispersed, it should be expected that the investigatory tasks of these new oversight bodies will begin in the near future.  At present, the question of eligibility for the fully forgivable loans under the Payroll Protection Program (PPP) for small businesses has garnered a great deal of attention as the first wave of funds have already run out.  In response to the consternation that has arisen over the approval of loans for publicly traded companies, the SBA clarified its stance on the rules a governing the necessity certification, and has continued to issue guidance on requirements to participate in the PPP.  On April 26, 2020, Secretary of the Treasury Steve Mnuchin stated that companies obtaining more than $2 million under the PPP would be audited and that large corporations wrongfully claiming PPP funds could be subject to “criminal liability.”  That said, the government also provided a safe harbor for businesses that have already applied for a PPP loan by stating that “any borrower that applied for a PPP loan prior to the issuance of this guidance and repays the loan in full by May 7, 2020 will be deemed by SBA to have made the required certification in good faith.”

What Can You Do to Protect Yourself and Your Company from Investigation?

While many companies are scrambling to stay afloat and remain in need of government support and relief, now is not the time to minimize or circumvent compliance obligations: a culture of compliance remains as relevant as ever.  As seen in prior large-scale relief programs, the government focuses first on providing the relief and then initiates (and publicizes) investigations into whether recipients of the relief were appropriately entitled to it and used it in accordance with all applicable rules and regulations.  Accordingly, it is imperative to maintain compliance initiatives and take steps to minimize the risk of investigation and, should an investigation occur, maximize the chance of getting it resolved quickly and quietly.

1. Accurate and Truthful Applications

One of the most common allegations made in government stimulus relief program oversight prosecutions is that the recipient of funds made a false statement to the government – a felony under 18 U.S.C. § 1001. Whoever signs or submits a business’ application for CARES Act assistance is certifying to its accuracy.  This process requires careful consideration of the various listed certifications and potentially applicable regulations including certification of the good faith need requirement for PPP funds and the SBA’s regulations regarding size and affiliation rules.  Separately, on April 10, 2020, the Department of Health and Human Services started distributing relief funds to health care providers.  These funds are considered grants and can be kept provided certain conditions are met and appropriate certifications provided.  It is essential that all certifications be accurate and truthful.

2. Strong Controls Governing Use of the Funds

Once funds are disbursed, the administration of any company’s spending program needs policies and active controls to ensure it is clear about what kind of spending is permissible and what is not. The CARES Act implements specific requirements for how stimulus dollars can be used.  Violations of these requirements could give rise to criminal charges or civil suits under the False Claims Act.

3. Accurate Record-Keeping on Use of the Funds

It is imperative that any company in receipt of stimulus funds centrally and safely maintain records demonstrating appropriate due diligence and compliance, including both of the application process and the uses to which funds are put. Such records should include underlying support for all representations made to the government and a record of how government-disbursed funds were spent.  The company should also be ready to respond to government inquiries, including requests for accounting records, requests for related documents and emails, and (possibly) requests for access to any interpretations or guidance by counsel regarding applications for funds and uses to which funds could be put (consider obtaining independent legal advice regarding addressing such requests in a format that does not destroy legal privilege).

4. Careful Protection of Material Nonpublic Information

In reality, the guidance issued by the SEC with respect to the heightened risk of insider trading in the environment created by COVID-19 is an amplification of the agency’s increased scrutiny of the crime generally.  Given the need for more and wider dissemination of information during the crisis (and the ensuing market volatility), companies and their officers and directors should be especially careful of the risks of using or selectively disclosing material nonpublic information.7


There can be no doubt of the need for and widespread importance of the stimulus relief provided by the government in this time of crisis.  But inevitably, some people will follow the money and abuse (or attempt to abuse) the system.  The government will investigate and publicize prosecutions and other enforcement actions against those who devise to improperly receive or to improperly spend stimulus funds.  These same enforcement efforts will likely also be employed against those who are simply careless.  Therefore, in the midst of the upcoming wave of investigations, it will be critical for all companies to maintain a strong compliance posture, seek legal guidance where necessary, remain vigilant, and respond appropriately to allegations or suspicions of wrongdoing.


[1] Confirmation bias occurs when a person believes in or searches for evidence to support his or her favored theory while ignoring or excusing disconfirmatory evidence and is disinclined to change his or her belief once he or she arrives at a conclusion.




[5]  It is worth noting that TARP is currently projected to cost approximately $34.5 billion, significantly less than the $700 billion originally authorized by Congress in the Emergency Economic Stabilization Act of 2008 (EESA).  This amount is also, of course, significantly less than the $2.2 trillion already appropriated during the COVID-19 crisis under the CARES Act.


[7] See AGG Client Alert, SEC Disclosure Guidance Amid the Unprecedented and Rapidly Changing Financial Landscape Due to COVID-19,