Law360 (July 30, 2020, 7:51 PM EDT) --
It consists of the 21 offices of inspector general, or OIGs, that oversee the agencies that received the bulk of the emergency funding, and it sits within the Council of Inspectors General on Integrity and Efficiency. The purpose of committee is to lead the efforts of CIGIE to promote transparency and conduct oversight of the funds disbursed under the CARES Act and related legislation, which currently totals $2.4 trillion.
The report provides a summary, by agency, of identified challenges in disbursing the emergency funding, especially the potential for fraud, abuse and misuse of those funds, which will likely lead to audits, investigations and qui tam lawsuits under the federal False Claims Act in the months and years to come.
Under the CARES Act, the committee is required to issue periodic reports, including alerts to the president and congress on "management, risk, and funding issues that require immediate attention." The $2.4 trillion in emergency funding, over which the committee has oversight responsibilities, has been disbursed via programs under four pieces of legislation to date: (1) the CARES Act; (2) the Coronavirus Preparedness and Response Supplemental Appropriations Act; (3) the Families First Coronavirus Response Act; and (4) the Paycheck Protection Program and Health Care Enhancement Act.
While not specifically required by the CARES Act, the committee undertook this particular report in an effort to raise awareness about the most frequently reported challenges for agencies implementing programs under these pieces of legislation and methods of addressing them. The report consolidates and summarizes the top challenges reported by the 37 OIGs that submitted responses.
The report identifies four overarching challenges in disbursing the emergency funding:
1. Financial management: This includes ensuring that funds are used effectively and to prevent and detect fraud, waste and abuse via accurate information regarding spending, improving financial reporting and systems, and preventing and reducing improper payments, such as payments to ineligible recipients, duplicate payments and payments that are not supported by required documentation;
2. Grant and Guaranteed Loan Management: This includes overseeing the use of grant funds, obtaining accurate information from grantees, and assessing performance to ensure intended results;
3. Information Technology Security and Management: This includes managing federal systems to promote maximum telework capabilities and protecting government systems against cyberattack; and
4. Protecting Health and Safety: This includes protecting the health of federal employees, those in federal custody and the workers in industries regulated by the federal government while maintaining effective operations.
In identifying financial management challenges, the report describes the OIGs' particular focus on fraud, waste and abuse of the emergency funding, and the related oversight challenges. Indeed, the term "fraud" appears more than 80 times throughout the report, leaving little doubt that the government intends to use the FCA to investigate and litigate alleged misrepresentations and misuses of COVID-19 emergency funds, to recover damages and punish those responsible.
Representative Agency Concerns
The report describes several representative examples of specific concerns and actions already taken by OIGs at various agencies including the following.
Department of Defense
According to the U.S. Department of Defense OIG, the department "must ensure that it gets what it pays for in its acquisitions and contracts funded with COVID-19 response funding, as well as guard against fraud and improper payments."
The department says it is poised to focus on identifying and evaluating requirements, and robustly vetting contractors and vendors before awarding contracts. It establishes and follows well-documented contract oversight and surveillance plans, and maintains complete, consistent and accurate contracting documentation and accounting records.
As of the report date, the department's OIG had already received 225 hotline complaints related to emergency COVID-19 funding and begun taking action in response to some of those complaints. The DOD's investigative branch has also started to conduct criminal investigations targeting fraud and corruption.
Department of Homeland Security
The U.S. Department of Homeland Security has already identified a number of challenges and potential avenues for fraudulent conduct based on its "prior, planned, and ongoing audits, inspections, special reviews, and investigations." According to the DHS, one of the primary challenges it faces is ensuring that proper oversight and controls are in place, particularly with respect to the Federal Emergency Management Agency's disaster assistance programs, which the department's OIG notes are highly susceptible to fraud, waste and abuse.
The Department of Homeland Security OIG is working to prevent the lack of controls from impairing its ability to take action related to misspent and misused funding, and against contractors that do not comply with the requirements of procurements involving emergency COVID-19 funding.
Department of Health and Human Services
As the lead federal agency responsible for medical support and coordination during public health emergencies, with a substantial portion of COVID-19 related funding, the top challenges reported by the U.S. Department of Health and Human Services OIG are particularly noteworthy.
With respect to its $251 billion dollars in funding, consisting in large part of the Provider Relief Fund, Centers for Disease Control and Prevention testing and grants, the HHS OIG identified as of particular concern the risk of fraud by those seeking to exploit the emergency, which is consistent with the office's prior statements that there will be significant anti-fraud monitoring and auditing of COVID-19 distributed funds.
The HHS OIG noted the importance of effective internal controls among both Provider Relief Fund recipients, which include hospitals and other health care providers, and suppliers on the front lines of the coronavirus response, as well as grant recipients.
With respect to protecting health and safety, the agency noted, unsurprisingly, concerns with preventing further outbreaks in health care facilities, highlighting particular concerns with nursing homes as well as Indian Health Service hospitals and outpatient centers.
Lastly, with respect to infrastructure, the agency indicated there is a serious threat of cyberattacks on HHS partners, grantees and the health care system at large that could have "significant potential negative effects on the health and welfare of the nation."
Department of the Treasury
While the U.S. Department of the Treasury is still working to identify potential avenues for fraud, its OIG notes that it is currently coordinating anti-fraud investigations across agencies with other OIGs, law enforcement agencies, and the U.S. Department of Justice.
Department of Veterans Affairs
Like the DOD, the U.S. Department of Veterans Affairs has already referred so-called suspicious activity to the OIG. It has collaborated with other law enforcement authorities to arrest an individual for attempting to sell millions of nonexistent personal protective equipment totaling over $750 million. The VA is focused on "quick handoffs" to the OIG and plans to use predictive analytics of procurement and claims data, which VA states will help address misconduct related to the pandemic funding.
Environmental Protection Agency
The U.S. Environmental Protection Agency's office of inspector general is one of the few that specifically refer to potentially fraudulent certifications of approvals and compliance in their discussion of concerns related to fraud, such as with respect to products marketed with unsubstantiated claims of protection against SARS-CoV-2.
The EPA also notes that it expects companies will continue identifying new fraudulent avenues as the pandemic continues and more funding is disbursed.
In short, the report makes clear that, while the government is moving rapidly to mitigate the financial effects of the COVID-19 pandemic, the OIGs have not abdicated their oversight authority and do not intend to so in the future. Consequently, audits and investigations have occurred and will be forthcoming.
Health care providers and suppliers, government contractors, and particularly grantees, should be aware that OIGs are focused on detection of fraud, waste and abuse. In addition to the risk of criminal investigations, funding recipients, contractors and grantees receiving COVID-19 funding will likely face civil investigations and suits brought pursuant to the FCA by relators and/or the government.
Funding recipients should, therefore, take proactive steps now to ensure they are in compliance with their agreements, and the terms and conditions applicable to the particular funds received. They should ensure the proper use of all funding, and that they are maintaining accurate and complete records to support such use for the inevitable future audits and investigations.
Proactive measures now will help mitigate against risk of liability, damages and possible suspension and debarment. Here are some examples of guidance specific to the Department of Veterans Affairs, the Department of Health and Human Services-administered Provider Relief Fund, and the Department of Defense.
Department of Veterans Affairs
While contractors have some strong bargaining tools during this unprecedented time in contracting with the VA, including potential indemnity under Public Law 85-804, and potential immunity under the Public Readiness and Emergency Preparedness Act, many of the same overarching requirements remain, particularly surrounding eligibility for contract awards.
As many VA contractors know, pursuant to the so-called rule of two, the VA "shall award contracts on the basis of competition restricted to small business concerns owned and controlled by veterans if the contracting officer has a reasonable expectation that two or more small business concerns owned and controlled by veterans will submit offers and that the award can be made at a fair and reasonable price that offers best value to the United States."
There has been no indication that those eligibility rules have been relaxed for procurements funded by the emergency funding, and as a result they will be ripe for potential audits and investigations in the future. Contractors who work with the VA need to understand all the requirements of each procurement, particularly those that are set aside for certain groups, and ensure that all eligibility requirements are fulfilled, and that their certifications and representations of eligibility are clear.
VA contractors and grantees must be alert to and wary of waivers of procurement requirements offered by VA personnel, particularly when related to the VA's stated veteran-owned and service-disabled veteran-owned small business contracting goals. Although the VA, like many other agencies, is under tremendous time pressure to issue contracts quickly, it must still follow the requirements of the procurement, particularly when a procurement is set aside for a veteran-owned small business of any type.
VA contractors that self-certify compliance with the relevant rules and regulations in order to be awarded those set asides must ensure that they comply with all rules and regulations. During the pandemic, the risk of immediate protests of those awards may be lower, but the risk of audit or investigation remains high, and issues related to eligibility for set asides can often translate into allegations of fraud.
Department of Health and Human Services
Provider Relief Fund
Recipients of Provider Relief Fund disbursements, such as hospitals and other providers and suppliers, should take care that the funds are being used "to prevent, prepare for, or respond to coronavirus." This requirement applies to all Provider Relief Funds whether disbursed from the general allocation or from any of the targeted allocations, whether used to reimburse necessary health care-related expenses or lost revenues attributable to coronavirus.
Health and Human Services has enumerated a nonexclusive list of examples of expenses that fit within the scope of this overarching limitation on the use of Provider Relief Funding in its FAQ document, which is frequently being updated.
Department of Defense
Additional DOD COVID-19 Funding When Unable to Work
DOD contractors who have taken advantage of DOD's additional funding for increased coronavirus costs — especially those receiving funds when they could not return to work due to pandemic health and safety measures or state and local restrictions — should ensure they have documented all efforts to return to work.
Contractors should maintain documentation or a timeline indicating when COVID-19 measures were put into place restricting work, and when portions of the workforce could return or the efforts that were made to accomplish tasks through remote work.
Finally, such documentation should track the composition of the workforce, particularly highly-skilled employees that resigned, retired or otherwise left the contractor's employment.
Listed below are several straightforward, but important, tasks that companies and grantees can take now to avoid painful and expensive litigation in the future.
Record-Keeping For Five Years
Keep accurate and organized records of funding, spending and communications about the same. One of the most common ways to audit a contract or grant is to seek records about how the funding has been spent to ensure that there is no suggestion of fraud or waste.
It will be significantly more difficult to try to retroactively create those records than to create contemporaneous documentation. Contractors, grantees and Provider Relief Fund recipients should centralize files that include significant correspondence and emails.
Government entities that receive coronavirus relief fund monies are required to report information about expenditures and management to the Treasury's OIG. This includes copies of contracts, subcontracts, grants, grant subaward agreements, reports/audits/monitoring of contractors, documentation supporting performance outcomes for contracts and grants, and all related documentation.
These records are to be maintained for a period of five years after the final coronavirus relief fund payment is made, and thus all contractors receiving such monies will likely see the same record retention requirement in their contracts. Five years exceeds the standard three-year record retention requirement in government contracts.
Documenting Government Approvals
A typical pitfall for government contractors and grantees occurs in contract or grant modifications, particularly when funding must be quickly disbursed. Contractors and grantees should ensure that any instructions from the government regarding the use of funding are documented, and that the instructions are coming from the proper government officials with the requisite authority to issue them.
For example, a company could avoid a lot of aggravation later by ensuring that changes to contracts and grants are properly approved by the relevant official — typically the contracting officer.
With various types of new funding made available so rapidly, the OIGs will be focused on evaluating whether recipients were eligible for that funding and whether they made misrepresentations to obtain or retain funds.
Material misrepresentations can subject recipients to treble damages under the FCA, measured by the full value of the payments by the government. Contractors, grantees and Provider Relief Fund recipients should carefully evaluate eligibility requirements and certification language internally, and also consider how the content of their proposals, communications and/or attestations to the government related to those requirements may impact their likelihood of being subject to later allegations of fraudulent inducement, among other things.
Avoiding Speed Traps
As is clear from the report, although the government is under pressure to disburse the funding as quickly as possible to address the multitude of issues that have arisen as a result of the COVID-19 emergency, the OIGs have a duty to determine which audits, investigations and inspections are necessary to ensure that the federal monies spent are not misused.
As a result, contractors, grantees and Provider Relief Fund recipients cannot allow the speed of the funding to lead to sloppy internal record-keeping, or hasty actions without the necessary government approvals. Again, accurate and complete records will assist in supporting future defenses to investigations, audits and lawsuits.
Overall, the report confirms what many government contractors, grantees and health care providers and suppliers already know — contracting with or otherwise receiving funds from the government has many benefits, but is also fraught with pitfalls, in the form of audits, investigations, and FCA suits. The tips and suggestions above will better position contractors, grantees and Provider Relief Fund recipients to ensure compliance and demonstrate such compliance in response to any ensuing audits, investigations or litigation.
Lorraine M. Campos, Jacinta Alves, Brian Tully McLaughlin and Gail D. Zirkelbach are partners at Crowell & Moring LLP.
Crowell & Moring associate Stephanie L. Crawford and counsel Lyndsay A. Gorton contributed to this article.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
 38 U.S.C. § 8127(d).
 The FAQ document is at https://www.hhs.gov/coronavirus/cares-act-provider-relief-fund/faqs/index.html.
For a reprint of this article, please contact firstname.lastname@example.org.