Advisories April 6, 2020

White Collar, Government & Internal Investigations Advisory: CARES Act Follows Familiar Blueprint for Oversight and Enforcement

Executive Summary
Minute Read

Businesses big and small across an array of industries are being offered historic financial assistance by the $2 trillion-plus CARES Act. But with those funds comes a sweeping oversight and enforcement regime that foreshadows significant enforcement activity. Our White Collar, Government & Internal Investigations Team summarizes this new enforcement regime and offers advice on what businesses can do to reduce their risk of exposure. 

  • The enforcement and oversight regime created by the CARES Act
  • The potential for increased civil, administrative, and criminal enforcement, including in novel areas
  • What fund recipients can do to ensure compliance with the Act and reduce enforcement-related risk

On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security (CARES) Act into law. The CARES Act is the largest stimulus package in U.S. history, offering over $2 trillion in economic aid to individuals, businesses, and government entities. Notably, it allocates $500 billion to large businesses, with specific funds designated to the airline industry. The Act also provides $350 billion worth of loan guarantees to small businesses. 

These unprecedented relief figures are accompanied by a multifaceted CARES Act oversight and enforcement structure that raises traditional and novel compliance concerns. 

The Act’s Three-Pronged Oversight Structure

The CARES Act establishes three new bodies charged with oversight and accountability of the disbursement of stimulus funds: (1) the Office of the Special Inspector General for Pandemic Recovery (SIGPR); (2) the Congressional Oversight Commission; and (3) the Pandemic Response Accountability Committee (“PR Committee”). The first two were designed specifically to oversee loans made by the Treasury Secretary—namely the $500 billion fund for distressed businesses. The PR Committee has investigative oversight over all funds covered by the Act and serves as the primary coordinating body for related investigations and enforcement actions.

The Office of the Special Inspector General for Pandemic Recovery

With a budget of $25 million, the SIGPR’s main responsibilities are to audit and investigate the making, purchase, management, and sale of loans made by the Treasury Secretary under the Act and the management by the Treasury Secretary of any program established under the Act, specifically including the $500 billion distressed business fund. SIGPR staff will work closely with and refer matters to the Department of Justice (DOJ) and local U.S. Attorneys’ Offices for civil and criminal prosecution. The SIGPR has the same powers as other inspectors general under the Inspector General Act of 1978, including subpoena power. The SIGPR is further responsible for providing Congress with a quarterly report detailing “all loans, loan guarantees, other transactions, obligations, expenditures, and revenues associated with any program established by” the Treasury Secretary.

The Congressional Oversight Commission

Congress has reserved for itself overlapping oversight of Treasury’s and the Federal Reserve’s disbursement of funds from the $500 billion distressed companies fund. It is composed of five members selected by majority and minority leadership from both the House and Senate and slated to operate until September 30, 2025. It has the power to hold hearings, take testimony, and receive evidence. It must submit regular reports to Congress detailing, among other things, how the Treasury Secretary and the Board of Governors of the Federal Reserve have dispersed and used the funds, the impact of the loans on the U.S. economy, and the effectiveness of the loans to taxpayers.

Pandemic Response Accountability Committee 

The CARES Act also establishes a Pandemic Response Accountability Committee, which has the broadest oversight and enforcement authority granted by the Act. The PR Committee is composed of the inspectors general of nine federal agencies. Acting defense department inspector general Glenn Fine was recently appointed to lead the PR Committee. It has the authority to conduct its own comprehensive audits and investigations of federal contracts, to issue subpoenas for documents and testimony, and to refer matters to other inspectors general for enforcement and to the Attorney General for criminal and civil prosecution. The PR Committee must build a public website to foster transparency of expenditure of CARES Act funds and to disclose various information about CARES Act projects.

Additionally, the Act provides millions of dollars in additional appropriations to existing inspectors general to assist their investigative and enforcement activities relating to the Act. It also provides $20 million to the Government Accountability Office (GAO) with a mandate that the GAO issue reports on all expenditures of funds under the CARES Act.

Sound Familiar? SIGTARP and Past Inspectors General

The CARES Act’s trio of oversight bodies is reminiscent of a similar structure found in the Emergency Economic Stabilization Act of 2008 (EESA), which incorporated the Troubled Asset Relief Program (TARP)—a $700 billion relief fund established in response to the 2008 recession. Indeed, it is plain that the CARES Act drafters modeled its oversight and enforcement structure on the predecessor EESA structure. Within the EESA, Congress established the Office of the Special Inspector General for the Troubled Asset Relief Program (SIGTARP), a Congressional Oversight Panel, and a Financial Stability Oversight Board. 

Since its inception, SIGTARP’s activities, which are now mirrored in the SIGPR’s congressional mandate and authority, have led to over 300 criminal convictions and more than $11 billion in recoveries. Twelve years after its creation, SIGTARP remains active. In 2019 alone, SIGTARP’s work resulted in multiple enforcement actions, 18 criminal convictions, and recoveries totaling $900 million. 

What to Expect 

With an unprecedented $2 trillion price tag and over $100 million appropriated for oversight, businesses that receive CARES Act funds should expect scrutiny to surpass that of the EESA. Misuse of these funds is an issue firmly planted in the public dialogue and has already attracted attention from the Trump Administration and the news media. This may be especially true for recipients of the $500 billion in funds administered by the Treasury Department, which was the subject of substantial contention among lawmakers. As CARES Act funds are distributed and used, we expect the following enforcement trends: 

  • Traditional areas of civil and administrative oversight will see increased enforcement. Industries such as health care, defense contracting, banking, and financial services traditionally receive substantial oversight from related inspectors general and their federal agencies. With the direction of significant funds to those industries and the OIGs that oversee their federal counterparts, along with accompanying policy changes, these industries can expect to see increased monitoring and enforcement activity. 
  • New industries will experience federal oversight and enforcement. COVID-19’s impact on nearly every business sector and industry in the economy has resulted in the widest range of government relief in U.S. history. The CARES Act’s enforcement scheme invites scrutiny across many industries and gives new and existing bodies the funds to pursue those investigations. 
  • The DOJ will have a vested interest in oversight and enforcement of CARES Act loans. Like SIGTARP, SIGPR and the PR Committee will likely refer matters to the DOJ for civil and criminal enforcement. Following the Attorney General’s instruction to local U.S. Attorneys’ Offices to “prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic” and to appoint a designated coronavirus fraud coordinator, businesses should expect the DOJ not only to accept these referrals but also to initiate independent investigations. 
  • CARES Act assistance will spur False Claims Act and whistleblower activity. History has shown that major federal aid programs are often followed by whistleblower activity and False Claims Act (FCA) actions. Indeed, the FCA is already a powerful tool in the DOJ’s toolbox—the DOJ recovered over $3 billion in 2019 from civil FCA cases alone. Additionally, federal agencies have shown increased interest in targeting individuals in these actions.

Best Practices

Given the extraordinary nature of the coronavirus pandemic and the hefty price tag of the stimulus, companies should expect the oversight bodies created by the CARES Act to be active in auditing, investigating, and referring matters for civil, administrative, or criminal enforcement. But various best practices can guide companies in mitigating the risks associated with accepting and allocating these funds:

  • Review corporate compliance policies and identify areas for enhancement. Federal aid is generally tied to assurances of corporate accountability, legal compliance, and proper recordkeeping. CARES Act aid recipients should revisit their policies in these areas and consider possible areas for enhancement to ensure compliance with aid requirements. 
  • Note CARES Act restrictions on share buybacks and executive pay. Larger businesses should be aware that acceptance of these funds comes with significant restrictions that go beyond the use of the funds. Larger businesses must, for example, refrain from stock buybacks, absent a contractual obligation, until one year after the loan is no longer outstanding and refrain from compensating officers and employees whose 2019 compensation was greater than $3 million more than the sum of $3 million plus 50 percent of the amount that officer or employee received over $3 million in 2019. 
  • Allocate CARES Act loans for the uses specified. Businesses should carefully review what expenses CARES Act loans may be used for. The Act, for example, restricts the use of certain loans to business essentials, such as payroll and rent. Segregating funds from the CARES Act loan and preventing commingling of other funds will greatly mitigate the risk of audit or investigation. 
  • Complete applications for loans with care. Not every business can obtain relief from the CARES Act by default. Large businesses must show that they meet certain criteria such as the employment of a majority of their employees in the U.S. and that other avenues of credit are not reasonably available. Businesses will undoubtedly have to make various certifications of compliance to the government to receive relief, as well. Care must be taken to ensure accurate certifications of compliance are made. 
  • Document compliance with requirements, certifications, and restrictions associated with funds. Follow the mantra that if it’s not documented, it didn’t happen. Consider creating and employing a compliance documentation checklist that should assist in documenting compliance.
  • Bolster internal whistleblower programs and thoroughly investigate any potential whistleblower report related to receipt of these funds. 


Alston & Bird has formed a multidisciplinary task force to advise clients on the business and legal implications of the coronavirus (COVID-19). You can view all our work on the coronavirus across industries and subscribe to our future webinars and advisories.

Media Contact
Alex Wolfe
Communications Director
Phone: 212.210.9442

This website uses cookies to improve functionality and performance. For more information, see our Privacy Statement. Additional details for California consumers can be found here.