by Lee Richards, Daniel Zinman, Rachel Mechanic and David Daniels
The financial institutions, thrust as emergency lenders into the middle of loan programs under the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), will necessarily also be in the middle of government fraud investigations that Congress has made clear will follow. Even given the laudably urgent nature of the program and the apparently limited duties of lenders under the Act, how those lenders handle loan applications and certifications will have profound implications for their efforts to navigate the investigations to come.
In passing the CARES Act, Congress has sent a clear message: Fraud in the procurement and use of CARES Act loans and grants will be aggressively investigated and prosecuted. To that end, it created the Office of the Special Inspector General for Pandemic Recovery (“SIGPR”), modeled after the Office of the Special Inspector General for the Troubled Asset Relief Program (“SIGTARP”), which was created to investigate fraud after the Great Recession.
For his part, the Attorney General urged DOJ prosecutors in a March 16 memorandum to “prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic.”[1]
Banks and borrowers would do well to heed the clear messages from both branches of the federal government: To avoid criminal and regulatory exposure, transparency and accuracy should be at a special premium in the execution of applications for loans under the CARES Act. And, given the similarities between the oversight and enforcement structures under the CARES Act and the Emergency Economic Stabilization Act of 2009, those banks and borrowers should look to the experience financial institutions have had with SIGTARP, as well as the DOJ, following the Great Recession.
SIGPR has been given a broad mandate to “conduct, supervise, and coordinate audits and investigations of the making, purchase, management, and sale of loans, loan guarantees, and other investments made by the Secretary of the Treasury” under the CARES Act.[2] Moreover, like SIGTARP, it is being housed within the Department of Treasury, rather than the DOJ.[3] This means that, as with SIGTARP, the aggressive law enforcement efforts of SIGPR staff lawyers and investigators, who have been encouraged by Congress, may not be subject to the same kind of review process during the pendency of investigations that is typically available in other federal fraud investigations.
That SIGTARP has taken an extraordinarily aggressive approach to investigate and prosecute allegations of fraud in connection with the use of TARP funds is beyond doubt. SIGTARP – which remains active to this day – has conducted a broad range of investigations of recipients of TARP funds, including investigations of conduct going beyond the administration and receipt of those funds to include conduct post-dating the financial crisis and seemingly unrelated to the receipt of TARP money. These investigations have resulted in 380 defendants being convicted of crimes or receiving fines for violations of civil laws; 24 separate enforcement actions brought by the DOJ, SEC and other regulators against financial institutions and other organizations; and the recovery of over $11 billion.[4] These facts strongly suggest that SIGPR will be actively churning out subpoenas and referring cases to the DOJ for at least the five years provided by the Act.
Given the lessons learned from the example of SIGTARP, the role of banks in the CARES Act loan procurement process puts them in a potentially tricky position when it comes to the prospect of future SIGPR investigations. For example, although the Small Business Administration (“SBA”) has declared that lenders’ underwriting obligations under the Paycheck Protection Program (“PPP”) are limited and that they may rely on borrowers’ representations and certifications,[5] it is uncertain whether such lender protections extend to all of the many potential ways in which lenders may be held accountable in hindsight for misrepresentations made in those applications. The hindsight risk here is significant. Even though the program is less than a month old, borrowers such as Shake Shack and Ruth’s Chris Steak House are already facing immense public criticism for applying for PPP funds in a manner that appears contrary to the spirit of the CARES Act, even though they may well have complied with its statutory and regulatory requirements.
Lenders as Witnesses
Plainly, lenders will be in the middle of False Claims Act and criminal CARES Act fraud inquiries, if not themselves targets or defendants. During such inquiries, SIGPR lawyers and borrowers alike will necessarily be focused on the conduct of lenders. Bank documents will be subpoenaed. Bankers will be interviewed. Questions about the bank’s role in the application and certification processes and the nature of its review of borrowers’ information and certifications – which it must receive under the CARES Act – will be asked.
The Urge to Cooperate
This potential focus on banks and their employees will create powerful incentives for them to cooperate with SIGPR lawyers and, when in doubt, turn over information that may be damaging to the borrowers. In addition to the threat of criminal prosecution, the possibility of paying treble damages under the False Claims Act (which punishes reckless as well as intentional misconduct) will reinforce those incentives. Indeed, a provision of the False Claims Act provides reduced penalties when the target of an investigation voluntarily turns over information to the government.
Lenders’ Protocols
Regulatory focus on lender protocols is also likely. With respect to PPP loans for example, the SBA’s Interim Final Rule requires only limited due diligence on the part of lenders, but it nevertheless requires that lenders “follow their existing BSA protocols when making PPP loans.”[6] SIGPR lawyers may thus also inquire about whether banks followed their own BSA protocols, as well as regulatory or statutory requirements for such loans. There is little guidance on whether the answers to those questions could provide a possible basis for exposure criminally or civilly.
Secondary Market Loan Trading
In addition, the CARES Act includes in the SIGPR mandate a requirement that it investigate fraud in the “sale of loans” in the secondary markets.[7] Presumably this could include inquiries into representations made as part of securitizations or the sale of loan participations, for example. It is far from clear that the limitations on lenders’ obligations under the CARES Act would provide a complete defense for false statements made as part of such market trading.
Is It Fair to Target Lenders?
That said, it does not follow from the example of SIGTARP that banks should be the principal focus of the work of SIGPR or the DOJ, and the language limiting lenders’ obligations under the CARES Act and accompanying guidance should in most cases provide powerful arguments for any lenders targeted by the DOJ, SIGPR or bank regulators. In the aftermath of the Great Recession, it was natural for prosecutors and regulators to investigate the banks’ roles in residential mortgage-backed securities trading and securitizations. Here, it is the borrowers – who are under enormous financial pressure – that have the principal incentives to commit fraud on the government. The banks, on the other hand, have been put into the middle of the government’s noble, but hurried, efforts to help those in distress. Indeed, it would seem unfair for the government, having thrust the banks into the middle of these rushed loan programs with limited guidance and little time to prepare, to second guess the banks’ diligence in either criminal or False Claims Act investigations.
A Few Takeaways
Nevertheless, banks and bankers must remain vigilant to do what they can in the shortened and urgent application process to identify questionable representations. To that end, we recommend, among other things, that banks where possible go beyond what the opaque language of the CARES Act may require and develop a lending program that will provide them with extra protection against hindsight second-guessing by government investigators. As part of such a program, banks should consider the following:
- Bank Processes: To the extent practicable given the emergency nature of these programs, create clear, documented processes for assessing the truthfulness of representations in CARES Act loan applications. Such processes should include some review by compliance personnel or bank employees other than the relationship bankers.
- Consulting KYC Information: Compare borrowers’ assertions about payroll, rent and other expenses with the Know Your Customer information (if any) in the bank’s files.
- Borrower Affiliates: Compare any information in the bank’s files about borrowers’ affiliates with the list of affiliates borrowers are obligated to include in their applications.
- Borrower Use of Proceeds Certifications: Diligence (to the extent possible) the certifications borrowers will be required to submit attesting to the use of the loan proceeds in order to obtain loan forgiveness. Problems may arise if activity in borrowers’ bank accounts belies the representations in the certifications or is inconsistent with the business purposes for the loan listed in the application.
Footnotes
[1] Memorandum from the Attorney Gen. to All U.S. Attorneys 2 (Mar. 16, 2020), https://www.justice.gov/ag/page/file/1258676/download (PDF: 510 KB).
[2] Coronavirus Aid, Relief, and Economic Security Act, H.R. 748, 116th Cong. § 4018(c)(1) (2020).
[3] Id. § 4018(a).
[4] Financial Institution Crimes & Fines Database, SIGTARP, https://www.sigtarp.gov/Pages/wd9er7g.aspx (last visited Apr. 24, 2020).
[5] Business Loan Program Temporary Changes; Paycheck Protection Program, 13 C.F.R. pt. 120 (2020) (“SBA will allow lenders to rely on certifications of the borrower in order to determine eligibility of the borrower and use of loan proceeds and to rely on specified documents provided by the borrower to determine qualifying loan amount and eligibility for loan forgiveness.”).
[6] Id.
[7] H.R. 748 § 4018(c)(1).
Lee Richards and Daniel Zinman are partners, and Rachel Mechanic is counsel at Perkins Coie. David Daniels is a partner at Richards Kibbe & Orbe LLP.
Disclaimer
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.