Law360 (March 11, 2021, 6:01 PM EST) --
The mission of SIGPR is to prevent and detect fraud, waste and abuse in — among other things — certain loans and investments made by the U.S. Department of the Treasury under the Coronavirus Aid, Relief and Economic Security, or CARES, Act.
With its multitrillion-dollar price tag, the CARES Act is the most expensive stimulus package in American history. Congress protected this unprecedented investment with unprecedented oversight.
Here is an overview of what companies and attorneys need to know about CARES Act oversight, how my team approaches the critical task of protecting taxpayer money, and some of the challenges we have faced and successes we have had while building an agency from the ground up during the most deadly and disruptive public health crisis since the 1918 Spanish flu.
What should companies and attorneys know about CARES Act oversight?
The CARES Act is a $2.2 trillion emergency investment in the nation's response to the COVID-19 pandemic. To protect that investment, Congress created three new sources of additional oversight.
First, Congress created a coronavirus-response committee within the Council of the Inspectors General on Integrity and Efficiency, an independent entity comprised of federal inspectors general. The committee, called the Pandemic Response Accountability Committee, or PRAC, is comprised of 22 inspectors general, including SIGPR and those representing the U.S. Department of Defense, U.S. Department of Justice, U.S. Department of Labor, U.S. Department of Health and Human Services and the Treasury. PRAC has broad jurisdiction over any funds spent for the coronavirus response.
Second, Congress established the Congressional Oversight Commission to oversee Treasury loans and loan guarantees to businesses under Title IV, Subtitle A, of the CARES Act.
Congress completed the CARES Act oversight triumvirate by establishing SIGPR. Under Section 4018 of the CARES Act, SIGPR has the duty to conduct, supervise, and coordinate audits and investigations of the making, purchase, management, and sale of certain loans, loan guarantees, and other investments made by the secretary of the Treasury under the CARES Act, and other specified CARES Act programs managed by the secretary, including:
- Loans and loan guarantees made by the secretary of the Treasury to passenger air carriers, cargo air carriers and businesses critical to maintaining national security, as well as the management of those Section 13(3) liquidity facilities in which the secretary has invested under the CARES Act, Division A, Title IV, Subtitle A;
- Assistance to aviation industry workers pursuant to the Payroll Support Program under the CARES Act, Division A, Title IV, Subtitle B;
- Aid to states, municipalities and tribal governments under the Coronavirus Relief Fund pursuant to CARES Act, Division A, Title V; and
- Loans by the secretary of the Treasury to the U.S. Postal Service under the CARES Act, Division A, Title VI.
SIGPR continues to delve into the programs it oversees, build partnerships with other inspectors general and law enforcement agencies, and develop proactive audits and investigations.
What should companies and attorneys know about CARES Act fraud?
One issue to be aware of is that certain programs established by the CARES Act preclude multiple dipping. No entity or individual may receive money from the federal government twice for the same purpose.
For instance, as the Office of Management and Budget recently explained, "payroll costs paid with the Paycheck Protection Program loans or any other federal CARES Act programs must not be also charged to current federal awards as it would result in the Federal Government paying for the same expenditures twice."
Similarly, participants in the Main Street Lending Program are precluded from other Federal Reserve programs like the primary and secondary market corporate credit facilities and Section 4003 loans.
For a fuller list of rules relating to multiple streams of funds under the CARES Act, companies should review Appendix A of our most recent quarterly report to Congress for the reporting period Oct. 1 to Dec. 31, 2020.
We will also closely scrutinize direct loans — and loan guarantees — to private companies. To date, the Treasury Department has obligated nearly $22 billion in loans or guarantees to airlines, related businesses and businesses critical to maintaining U.S. national security. These loans are not a handout, they are a hand up.
The CARES Act requires, among other things, that borrowers retain all or nearly all of their employees, and it prohibits stock buybacks and substantial increases to executive compensation. These restrictions last for the duration of the loan plus one to two years, depending on the borrower. Businesses that spend direct Treasury loans on corporate bonuses instead of retaining their employees commit fraud — period, full stop.
SIGPR investigations can result in criminal, civil and administrative remedies, such as restitution and recoupment of the CARES Act funds given to a company, individual or bank. Among the civil remedies that SIGPR is focusing on is liability under the False Claims Act, which permits treble damages and civil penalties of between $11,665 to $23,331 per false claim.
Obvious frauds and false statements include false identities, fake companies with no employees and spending pandemic relief money on personal luxury items. More subtle false statements include claiming that the information in an application and supporting documents are accurate when there is reason to know they are not; misstating the number of employees, assets and liabilities of the company; and exaggerating the necessity of the loan request.
Misstatements on quarterly reports regarding bonuses, executive compensation, as well as dividends may also provide a basis for a False Claims Act suit under certain CARES Act programs, such as the Payroll Support Program.
Companies can avoid or mitigate liability risk by observing the following maxims:
1. Know the rules.
Companies should recognize that they will receive scrutiny from SIGPR. SIGPR is looking at whether companies are double-dipping, abiding by loan terms and conditions, and generally following all the rules. So, companies need to know specifically what programs they are taking advantage of and what the rules are for those programs.
The CARES Act establishes many different relief programs with differing rules. A company may receive money under Economic Injury Disaster Loan, the PPP and Payroll Support Program — or Main Street Lending Programs. You should know what these rules are, what the conditions are for receiving CARES Act monies. Again, Appendix A of our most recent report may be helpful.
2. Know and record how the money is being used.
Companies should keep track of the CARES Act monies. Robust tracking programs can trace the funds and demonstrate a clear audit trail showing compliance. Internal audits should also confirm that the funds are properly used. Of course, the company must also retain those records for inspection by SIGPR and other federal entities.
3. Know your risks and vulnerabilities.
Companies should do an internal risk assessment to determine where their vulnerabilities are and tailor the compliance program to ensure protection in those areas.
4. Know your compliance.
Effective compliance programs are a necessity for companies receiving CARES Act funds. Internal controls and preventative measures can help protect the company from corruption, bribery and conflicts of interest. CEOs should know how well the company is doing in its compliance.
Finally, when "mistakes are made," the company should:
5. Know how to self-report.
Companies should document how the company tried to stay out of trouble, what it did when trouble was discovered, and the trouble was dealt with. Inspectors general and the Justice Department may provide leniency to those that are transparent and cooperative.
What should companies and attorneys know about SIGPR?
Part of the job of an inspector general is to find those who defraud the taxpayer when they think no one else is watching.
For example, while serving as the inspector general at the U.S. General Services Administration, my team uncovered excessive and wasteful spending for a 2010 conference in Las Vegas. With eight off-site planning visits and significant food and beverage costs, the GSA spent more than $820,000 on the conference.
During a dinner event at the conference, the GSA gave an award to an employee who created a music video boasting about lavish agency spending and avoiding being under OIG investigation. Ironically, the conference at which he was recognized was under investigation.
Our subsequent report caused such a public firestorm that Congress asked me to testify six times and the agency's waste was lampooned on Comedy Central's "The Daily Show with Jon Stewart."
It's a humorous example, but it illustrates a serious point. We conduct this job objectively and independently, without fear or favoritism. And we follow the evidence wherever it leads.
SIGPR is still less than one year old. What have been the biggest challenges? What has been successful?
Hiring staff, leasing office space, acquiring information technology services, drafting subpoena templates, obtaining data analytics software, and writing policies and manuals are among the dozens of tasks necessary to build an agency from the ground up.
And some tasks are almost mutually exclusive: We needed a budget specialist to develop a budget but needed a human resources specialist to find a budget specialist and ensure that individual was paid. But without a budget specialist, how were we realistically to budget for an HR specialist? It is a problem not unlike building an airplane in midflight.
What's more, we had to launch SIGPR during a pandemic that restricted in-person contact. SIGPR could not even produce a color copy of its initial report because the office would need a contracting officer to purchase color printers and color copiers.
Many of these challenges are to be expected when starting up a new office and are not unique to SIGPR. But they are challenges and we continue to surmount them as we diligently pursue our mission.
Nine months later, SIGPR is now an established agency. We have submitted three reports to Congress and we are staffed by an elite group of committed public servants. SIGPR's senior staff alone boast more than 200 years' experience serving in the U.S. federal government, and more than 100 years' experience serving in the federal inspector general community.
Our early successes include:
- Uncovering and developing new investigative leads relating to suspected fraud under various CARES Act programs through our internal proactive efforts, and referring 69 of those leads to law enforcement partners, including fellow inspectors general;
- Initiating five new preliminary investigations, four of which were generated internally by our proactive efforts, with three of the five currently being worked with U.S. Attorneys' Offices;
- Receiving and vetting 27 complaints, two of which were referred to law enforcement partners and one of which was opened internally; and
- Developing risk scores for a Main Street Lending Program dataset, which identified potential leads for further review or referral.
What are some of the agencies and inspectors general that SIGPR works with?
As a brand-new agency, one key to SIGPR's success has been building partnerships with other agencies and law enforcement entities. To strategically leverage resources and capabilities in support of lead development, audits, investigations and case referrals, SIGPR has built partnerships with fraud-fighting agencies like the Financial Crimes Enforcement Network, the U.S. Securities and Exchange Commission, and fellow inspectors general.
We are working with the Treasury's Do Not Pay Business Center to identify potential transactions at high risk of fraud, waste and abuse, including eligibility and improper payment issues. And we have memoranda of understanding with 11 U.S. Attorneys' Offices. To date, SIGPR has referred more than 76 investigative leads to its law enforcement partners, including fellow inspectors general.
One specific example of a productive partnership is SIGPR's relationship with the Federal Reserve System Board of Governors' Office of Inspector General and the Federal Reserve Board's Office of General Counsel.
As SIGPR identifies and reviews suspicious transactions involving loans obtained through the programs established by the Federal Reserve and the Treasury under the CARES Act, the offices have developed a process for obtaining documents and information relating to such transactions through formal requests.
This process has proven effective. SIGPR is often able to obtain critical information at a faster rate than would be the case with issuing subpoenas.
Under the CARES Act, SIGPR's oversight jurisdiction is entirely concurrent with many other organizations, including the Treasury's permanent inspector general, PRAC, the Congressional Oversight Commission and the Federal Reserve Inspector General. Overlapping jurisdiction can pose challenges but it also has benefits.
For example, whenever a permanent inspector general assists the agency with program design to ensure funds will be used efficiently and transparently, the organization must be cognizant of threats to its independence.
The auditors must avoid situations that could lead others to the conclusion that they are not independent or capable of making impartial judgements on associated issues. Otherwise, the auditors may create the appearance of a management participation threat — the threat that results from the auditor taking on the role of management or otherwise performing management functions on behalf of the audited entity, which can lead an auditor to take a position that is not objective.
In this instance, it may be preferable for a special inspector general to audit and investigate that program as a truly independent and objective entity.
Amid the hurdles, what keeps the SIGPR team motivated?
We are very aware of the weightiness and urgency of our task. Americans have lost a great deal this last year, and their dollars — resources meant to be invested, enjoyed and shared — should not be needlessly lost as well.
As COVID-19 cases begin to decline and we reach the one-year mark of the pandemic, many may, and should, begin to turn the page. But that is not the task of the SIGPR team.
Every day we do our work to find the fraud that sadly, but inevitably, has been below the surface amid a global crisis. We are going bring to justice those who have sought to wrongfully profit from the pandemic.
If you uncover potential fraud, waste, abuse, mismanagement, or misrepresentations related to CARES Act loans made by the Department of the Treasury, please contact us. To place a tip, call (202) 927-7899, email firstname.lastname@example.org, or submit confidential information through our hotline form.
Brian Miller is the special inspector general for pandemic recovery. He has 30 years of experience in government, including 15 years at the Department of Justice and nearly nine as inspector general for the GSA.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
 For more on this, see the Generally Accepted Government Auditing Standards Yellow Book sections 3.18-.22, 3.26, 3.30(f), and 3.66-67.
For a reprint of this article, please contact email@example.com.