Liability Dangers for Recipients of CARES Act Funds: Lessons from Past and Present Enforcement Actions


By Alexander R. Bilus, Kelsey Marron, and Christie R. McGuinness of Saul Ewing Arnstein & Lehr LLP
Published August 27, 2020

As the country struggles with COVID-19, many companies have applied for and received funds under the CARES Act and its Payment Protection Program (“PPP”). Those companies must understand there are significant risks tied to their receipt of federal money. Indeed, in June the United States Senate confirmed Brian D. Miller as the Special Inspector General of Pandemic Recovery (the “SIGPR”). As Saul Ewing Arnstein & Lehr attorneys have previously explained, the SIGPR’s primary duty is to audit and investigate the distribution of funds under the CARES Act. Although the SIGPR is new, recipients of PPP funds can look to the past actions of a similar entity—the Special Inspector General for the Troubled Asset Relief Program, or “SIGTARP”—to better understand what to expect from the SIGPR’s audits and investigations. This alert addresses the potential liability that arises from the receipt of CARES Act funds, analyzes key takeaways from the SIGTARP’s history of enforcement in connection with the 2008 financial crisis, and draws out lessons from current enforcement actions so that companies can best prepare for and respond to any government investigations of their receipt of CARES Act funds.

False Claims Act Exposure for CARES Act Recipients

There are a number of laws that pose hazards for recipients of loans under the CARES Act (including criminal charges for wire fraud), but one statute is particularly noteworthy: the False Claims Act (“FCA”), 31 U.S.C. §§ 3729-3733. Under the FCA, any person who knowingly submits false statements to the government in connection with a claim for payment can be liable for treble the government’s damages plus a penalty. The federal government frequently uses the FCA as a tool to prosecute fraud, and in particular the SIGTARP brought FCA claims in connection with frauds tied to the recovery from the financial crisis of 2008. Significantly, in addition to the government, private citizens can bring FCA lawsuits on behalf of the government and be rewarded for their efforts.

FCA liability could arise in two ways in connection with PPP loans under the CARES Act: (1) if an applicant makes misstatements or misrepresentations in the procurement of the PPP loans; and (2) if a recipient makes misstatements or misrepresentations in certifying compliance for forgiveness of the loan. Both procurement and forgiveness applications under the PPP require the applicant to certify that the applicant meets the relevant criteria. These certifications, if falsely made, provide the type of statements that are ripe for FCA claims and/or criminal enforcement.

Lessons from SIGTARP and the 2008 Financial Crisis

To help understand the potential dangers tied to the receipt of federal money, recipients of CARES Act funds can look to a similar situation from our country’s past. In the midst of the 2008 recession, Congress created the Troubled Asset Relief Program (“TARP”) to stabilize the country’s financial system and administer recovery funds to struggling financial institutions. At the same time, the SIGTARP was created to monitor and investigate financial institution crime and other fraud, waste, and abuse related to the TARP Program. The SIGTARP’s efforts were wildly successful, resulting in over 350 criminal convictions and $11 billion of funds recovered.

Given the similar duties and goals of the SIGTARP and the new SIGPR, the past actions of the SIGTARP provide a few key takeaways regarding what CARES Act recipients can expect from future government enforcement actions:

  • First, the SIGTARP moved quickly to begin its investigations. Specifically, first Special Inspector General for TARP was confirmed on December 8th, 2008, and by February 6, 2009, SIGTARP sent a letter to every institution that had received TARP funds requesting that they provide a “narrative explaining their actual or anticipated use of TARP funds,” including supporting documentation, and a certification from a “duly authorized senior executive officer of your company” that all information provided was accurate. Thus, CARES Act recipients should be prepared for requests for information from the government in the very near term—even within the next few months. Given the confirmation of Brian D. Miller on June 2nd as the SIGPR, it would be unsurprising to see a similar letter go out to CARES Act recipients very shortly.
  • Second, in addition to investigating TARP-related fraud, the SIGTARP’s investigations delved deeply into conduct that was unrelated to the TARP. Indeed, many prominent SIGTARP enforcement actions were the result of uncovering past fraud by TARP applicants, some of which never even received TARP funds. One prominent example of this was the General Motors ignition switch defect, which was uncovered after GM received an $11 billion bailout from TARP—GM ended up admitting to criminal conduct and paying a $900 million penalty. Accordingly, CARES Act recipients should prepare for increased government scrutiny that may uncover fraud or other issues completely unrelated to the use of CARES funds.
  • Finally, SIGTARP enforcement is still ongoing today—in 2019 alone, nearly $900 million was recovered as a result of SIGTARP’s work. This suggests that CARES Act recipients should expect potential audits and investigations by the SIGPR into their use of CARES Act funds for many years to come, particularly for loans greater than $2 million. While the SIGPR is currently set to dissolve in 2025, this date could easily be extended. Thus, CARES Act recipients should maintain detailed records regarding their application for and use of CARES funds for many years into the future, and continually update these records as those funds are used.

Current CARES Act Enforcement Activity

To date, the SIGPR’s efforts are following a similar pattern to what happened with the SIGTARP. Specifically, on August 3, 2020, SIGPR released its initial report to Congress, noting that its role and mission is to “root out” fraud, waste and abuse. The report explains that SIGPR has created an Office of Investigation that is partnering with United States Attorneys’ Offices to investigate fraud related to the CARES Act. SIGPR also asked Congress whether too many of the CARES Act relief programs overlap, enabling companies to improperly “double dip.”

And although the CARES Act was passed only recently, there already have been some government enforcement actions taken with respect to applications for PPP loans. For example, federal prosecutors in New York brought charges over a purported scheme to get more than $20 million in federal loans under the CARES Act. The prosecutors allege that the defendant falsely claimed that his companies had hundreds of employees and a multimillion-dollar payroll, submitted false business records and financial statements, and falsely claimed to be a medical equipment supplier. Similarly, in Rhode Island, two men were charged with criminal violations stemming from their applications for more than half a million dollars in PPP loans. Prosecutors allege that one defendant falsely claimed in loan applications that he had dozen of employees at three restaurants even though the restaurants were not even open for business. Enforcement actions like these are only starting to begin to percolate through the courts, and the number of enforcement actions will certainly increase as time passes.

Recipients of PPP loans must prepare for government scrutiny of their loan applications and use of their PPP funds. Proper documentation and preservation of key evidence, such as financial records supporting the business’ valuation and identity of the business’ employees, will be critical for responding to regulator’s inquiries later on down the road. Businesses also should consult early with counsel regarding their applications for federal funds, and put in place mechanisms to implement any new guidance issued by the government (such as the SBA’s guidance related to the forgiveness of PPP loans related to payroll and non-payroll expenses). By way of example, as recently as August 4, 2020, the SBA issued additional guidance to businesses who received PPP loans. A robust compliance program is a crucial and necessary part of preparing for and responding to any sort of government scrutiny of the receipt and use of government funds.

Sandy BilusAlexander (Sandy) R. Bilus is a Partner with Saul Ewing Arnstein & Lehr LLP. He assists clients who are facing complex commercial litigation or who need legal advice on issues involving cybersecurity and data privacy, particularly in the higher education and financial services industries. He can be reached at or 215.972.7177.


Kelsey MarronKelsey Marron is an Associate with Saul Ewing Arnstein & Lehr LLP. She is a member of the Litigation Department and maintains a general litigation practice, handling a variety of f matters involving complex commercial disputes. She can be reached at or 617.912.0909.


Christie McGuinnessChristie R. McGuinness is an Associate with Saul Ewing Arnstein & Lehr LLP. She assists with complex litigation, focusing on managing day-to-day developments for matters, taking and defending depositions, and overseeing the discovery process. She can be reached at or 212.980.7205.