CARES Act enforcement risks and compliance best practices
IFLR is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

CARES Act enforcement risks and compliance best practices

Sponsored by

kirkland-ellis-400px.png
34346202030-477d82540f-m.jpg

Lawyers from Kirkland & Ellis take a closer look at the CARES Act and the federal government's response to the Covid-19 crisis

On March 27 2020, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) was signed into law, making available $2.2 trillion in relief funds. This alert identifies the potential enforcement risks for recipients of CARES Act funds as well as some compliance best practices to follow in the application of and use of these funds. 

Consistent with activity following other large stimulus initiatives or government loans, including the 2009 Troubled Asset Relief Program (TARP), the US government has indicated that it intends to be aggressive in pursuing misconduct or fraud by recipients of CARES Act funds. Entities contemplating applying for and ultimately receiving CARES Act funds, directly or indirectly, should be cognizant of all applicable laws and regulations and should consider taking steps to address potential risks, including assessing the adequacy of—and fortifying where necessary—internal policies, procedures, and controls as well as staying current on guidance issued by government enforcement authorities.


New CARES Act enforcement mechanisms



The CARES Act creates a broad oversight and enforcement regime charged with ensuring that the federal government’s CARES Act loans are obtained and used consistent with the specified eligibility requirements of each loan. The specific new enforcement mechanisms in the CARES Act include:



 Special Inspector General (SIG)

  • Established within the Treasury Department and is responsible for conducting, supervising, and coordinating 'audits and investigations of the making, purchase, management and sale of loans, loan guarantees, and other investments' by the secretary of the Treasury under any programme established under the CARES Act';

  • Has authority to conduct audits and investigations, including the authority to issue subpoenas;

  • On April 6 Trump nominated Brian Miller, current White House lawyer and previous Inspector General of the General Services Administration, to be the SIG;

  • This is analogous to the appointment of a Special Inspector General under TARP (SIGTARP), who was appointed to identify and prosecute fraud, waste, and abuse related to TARP, similar to the mandate of the SIG for the CARES Act. SIGTARP has brought numerous investigations and recovered $11 billion through the end of 2019, including $900 million in 2019 alone.

Pandemic Response Accountability Committee (PRAC)

Tasked with conducting, coordinating, and supporting inspectors general in the oversight of funds from all three phases of the coronavirus legislative relief in order to '(1) detect and prevent fraud, waste, abuse, and mismanagement; and (2) mitigate major risks that cut across programs and agency boundaries';

  • Has authority to conduct investigations, including holding public hearings, and can refer matters to the DoJ for criminal or civil investigation;

  • May issue and enforce subpoenas to compel testimony;

  • On March 30, Glenn Fine, the acting Inspector General of the Department of Defense, was appointed as PRAC’s Chair.  On April 7, President Trump removed Fine from this position and instead named Sean O’Donnell, the EPA Inspector General, to serve as the temporary PRAC chair.

Congressional Oversight Commission

  • Has authority to oversee the implementation of the stimulus package by the Treasury and the Federal Reserve, hold hearings, take testimony, and receive necessary evidence from relevant federal departments or agencies.

Existing enforcement avenues

In addition to the newly established enforcement regime, other enforcement mechanisms apply:

  • Department of Justice (DoJ) The DoJ has indicated in numerous public statements its intention to investigate misconduct associated with the CARES Act and Covid-19;

  • State Attorney General (AGs) Following TARP, state AGs worked with SIGTARP to investigate misuse of TARP funds. Similar collaborations will likely result from the CARES Act. As states roll out their own aid packages, additional sources of potential liability enforceable by the State AGs will likely arise;

  • Securities and Exchange Commission (SEC) The SEC has publicly conveyed it will continue actively monitoring the 'markets for frauds, illicit schemes and other misconduct affecting US investors relating to Covid-19'. Further, it will investigate individuals and entities that trade on material nonpublic information due to Covid-19 vulnerabilities;

  • Internal Revenue Service (IRS) The IRS has a dedicated public website concerning coronavirus tax relief and economic impact payments. Since CARES Act recipients will be receiving government funds, they will be required to reflect this information on any tax filings and relevant disclosures, and thus subject to IRS oversight and investigations.


Loan recipients should take care in the application and use of the funds received under the CARES Act, and should consider enhancing compliance and finance resources to appropriately monitor compliance with all applicable requirements. Some best practices include: 


Throughout the entire process

  • Memorialise and maintain steps taken throughout the process, ideally in a central repository. This includes all steps taken to ensure compliance; the bases for any required certifications; the rationale for making any modifications to existing processes; layers of review, including individuals (or functions) involved with reviews, and other internal controls designed to ensure robust, good-faith submissions and execution;

  • Ensure applicable personnel understand the importance of accuracy and transparency with respect to their individual roles and welcome feedback;

  • Consider training or other communications to underscore the importance of careful adherence to rules.



Loan application

  • Honestly and accurately complete CARES Act loan applications, including sections establishing eligibility. Knowingly or intentionally submitting inaccurate or false information in a CARES Act loan application could create potential enforcement liability, including under the False Claims Act;   

  • Do not include any information that is false in furtherance of CARES Act loan applications; to that end, verify assertions with personnel most knowledgeable on the subject matter and be mindful of statements made in previous filings;

  • Be mindful of statements made in previous filings and ensure that representations made in the loan application are consistent with the same (e.g., regarding a sponsor’s control rights);

  • Consider appointing an individual or a sub-group to be responsible for a complete review of the submission to identify any inconsistencies or errors;

  • Loan applications are likely subject to Freedom of Information Act (FOIA) requests, so assume that they will be made public.

In anticipation of funds

  • Continue to monitor government guidance for additional information and/or regulations to ensure compliance with any new requirements;

  • In consultation with legal and compliance personnel, (i) identify all compliance requirements related to the loan, and (ii) establish policies, procedures, and controls to ensure compliance with all loan conditions;

  • Ensure any governmental modifications or waivers of requirements are documented in writing.

Upon receipt of funds

  • Implement policies, procedures, and controls designed to ensure compliance with loan conditions, and actively monitor adherence to same. Consider appointing a resource dedicated to monitoring compliance;

  • Maintain an effective reporting system to identify and investigate compliance concerns, preferably in consultation with legal and compliance personnel.

Corporate governance

  • Ensure the board of directors vets decisions on all types of disclosures and filings (regulatory, investor, etc.).

Compliance programme

  • Assess and amend, if needed, relevant compliance policies, procedures, and controls to prevent employee theft of or other fraud related to incoming CARES Act funds;

  • Evaluate potential heightened risk areas in the context of the Covid-19 crisis, and the adequacy of corresponding policies, procedures, systems, controls, and employee training;

  • Closely follow, review, and adhere to evolving government guidance related to the CARES Act and Covid-19 crisis.

The authors would like to thank Kirkland & Ellis associates Giselle Sedano and Megan Richardson for their assistance.



Gift this article