Lessons from the Past, Planning for the Future: Effective Compliance Considerations and Risk Mitigation Strategies for Government Funds Recipients in the Age of COVID-19

Date: May 18, 2020
Good afternoon, or in some cases, good morning. Thank you all for joining us on what we hope will be an informative and timely webinar on the topic of compliance in the era of COVID 19 relief in stimulus efforts. We have quite a bit of ground to cover today, so, I’m going to be quick with introductions, but before we dive in, I’d like to just introduce some of my colleagues and fellow panelists, myself first, I’m Laura McLane. I am the head of the litigation practice group in McDermott’s Boston office and I’m also the co-chair of the health litigation team for the firm. I focus my practice on primarily healthcare fraud enforcement defense under the False Claims Act, including both government investigations and Qui Tam litigation. With me is my partner, Sarah Walters. She is a former federal prosecutor and she is a partner in McDermott’s white-collar group in the Boston office. She counsels clients on compliance matters and defends clients in government investigations and enforcement litigation across a variety of topic areas. Also with us is James Commons, he’s a partner in our Washington DC office and he is the only non-Boston guy in the group. So, so welcome James. He helps clients implement and develop compliance programs. He conducts internal investigations for clients and also defends clients in enforcement investigations and litigation. And finally, we have Dave Gacioch, another partner in Boston. He focuses also on healthcare enforcement defense matters and counseling clients in connection with the same, and he has been working very closely with our health regulatory group at the firm in advising clients who have received relief funding in the week of the CARES Act, and he’ll talk about some of that a little bit later. Just a couple housekeeping points relating to CLE Credit, which I know some of you are going to be getting as a result of this. You need to be reviewing, or viewing, the webinar on your computer or laptop, not on a phone, for example, in order to get credit. You’ll be, you’ll be prompted to fill out a survey at the end, and during that, you should input the state for which you’re seeking CLE credit. For those in New York, we will be providing the code towards the end of the webinar that you can input into the survey in order to get credit. Finally, as most people know, in the age of Zoom, there is the Q&A function at the bottom of your screen, most likely, and we encourage you to use that throughout the day, if you have questions, or throughout the hour, if you have questions because we have reserved some time, hopefully, at the end and we’ll try to respond to those that we can. If we can’t, or run out of time, we will absolutely be available to answer any questions offline, subsequent to the webinar. So again, thanks for joining us and let’s dive in. Tyler, could you move to side three, please?

So the, no big secret, but just to set the table, most are probably aware the CARES Act in the COVID 19 Pandemic has given rise to the largest stimulus package in the history of our country, and the major components of it are set forth, as you can see on this slide. Congress acted very fast to respond to the crisis, it, which, which was great, but that speed also set up a situation where some of the rules of the game have been evolving and continue to evolve to this day in connection with funds, even after they have been just first and programs have been ruled out. At the same time there is and will continue to be, and it will probably increase, a lot of public pressure to scrutinize both those who received the funds and to ensure that those who maintain them and use them are doing so properly and appropriately. And so, we expect to see a fair amount of government and other scrutiny in this area in the years to come. So because of that, it’s important to be thinking proactively about measures that your organization can take if you’ve received any stimulus money, to promote compliance and to, you know, ensure, do the best that you can to ensure that you’re in good shape in the event of future government governments scrutiny . One thing to note here, and I think it’s important to note, which is, I mean, many organizations are still in the midst of triage mode, both economically operationally, and in a variety of other ways, and so, kind of, thinking about your future enforcement and compliance and things like that. We get it, sort of, you know, it may not be top of mind and it made you have other things to be worrying about, but we do think that based on lessons that we’ve learned from history, that thinking about this stuff now is really worthwhile, and it’s something that we encourage you to do. And that’s really the purpose of this webinar. To just, sort of, make sure people are starting to think about compliance measures they can take for the future. And to the history point, I’m going to turn it over now to Sarah Walters, who’s going to be talking about some historical lessons we’ve learned from the last big financial crisis.

Thanks, Laura. Now, as Laura mentioned, this is not the first time, in the relatively recent history, that the government has widely distributed relief funds and also established a significant enforcement structure to ensure the proper receipt and use of the funds. The Troubled Asset Relief Program, or TARP, was enacted in October 2008 when the economy, a lot of us remember, was in free fall. TARP, like the CARES funding, was intended to stabilize the economy, and it was particularly focused on improving liquidity in the financial markets. Now the $700 billion in funding, which frankly, of course, pales now in comparison to the CARES Act funding, was used to purchase stocks and banks, insurance companies, and, and automakers, and also to provide loans to financial institutions and homeowners. So again, like the CARES Act, the funding was intended to reach a wide range of recipients. The funds were distributed starting in 2008 and distribution continued through October of 2010. Now, as we’ll get into a little bit later, and as is already clear with the CARES Act, there were significant pressure for government enforcement agencies to pursue and punish recipients of funding who are either not eligible for the funding, made misrepresentations in connection with their receipt or use of funding, or simply misused the funds. As you see here on this slide with, with regard to TARP, a special investigator general was created, known as SIGTARP, and SIGTARP was provided with significant resources to investigate loan recipients and bring cases to recoup funds. Now I can tell you from personal experience in working with SIGTARP because I was a financial fraud prosecutor beginning in 2007 and the great majority of my career was working with SIGTARP, that SIGTARP was well funded when they brought a whole host of resources to federal prosecutors. And there was incredible pressure on federal prosecutors and US attorney’s offices throughout the department to partner with SIGTARP and bring cases, both criminal prosecutions and civil recruitment actions alike. And they were quite successful. As set forth in this slide, to date, SIGTARP investigations have led to convictions and/or civil penalties assessed against 380 individuals. 24 enforcement actions were brought against financial institutions and other organizations. And there’s been recovery of more than $8 billion in TARP funds with, with substantial recoveries under False Claims Act cases. As you know, I mentioned these are the recoveries to date because SIGTARP investigations almost a decade later continue with additional enforcement actions that were brought just last month. So, now we’re going to go ahead and switch to the next slide, slide five.

And, and I want to just lay out a few examples of enforcement actions that were brought swallowing SIGTARP investigations because I think there’s some lessons learned for what we can expect going forward. Now, this former United Commercial Bank officer is an example of a criminal investigation of an individual who is the former COO and Chief Credit Officer of United Commercial Bank. Shabudin was convicted of securities fraud, among other things, arising out of a falsification of the bank’s financial statements and was sentenced to 8 years in prison, obviously an incredibly significant punishment. Now, there are few takeaways from this case. UCB came under SIGTARP scrutiny because it had received $298 million in TARP funds. But the basis of these charges were the falsification of financial statements that actually occurred before the receipt of funds. And frankly, it was like they served that desperate act to save the bank before they even received the funds. So while the TARP funds may have been the precursor for the investigation, as is clear from the prosecution, once a person or organization comes under review as a result of the federal funds, there is virtually no limit on how that investigation might expand into other conduct that is not directly related to the receipt of the use of funds. And now another takeaway here is the resources that were poured into this prosecution. You know, as set forth on this slide, this particular case was prosecuted, prosecuted by the US Attorney’s Office for the Northern District of California. It was investigated by SIGTARP along with the FDIC and the FBI. Again, I can tell you from personal experience that these cases were a very high priority for all our law enforcement agencies, and they were worked collaboratively to, and they worked collaboratively to investigate and to bring them. And as we’ll discuss a little bit, we certainly expect to see the same level of collaboration in CARES Act enforcement. So, I’d like to move to the next slide and talk about the civil enforcement that we saw during the TARP years.

As what, as we did with criminal prosecutions, we saw a huge uptake in civil enforcement actions arising out of the distribution of TARP funds. Now as many listening in are likely very familiar, the False Claims Act is one of the government’s most powerful tools in bringing civil enforcement actions to recover government funds. Very briefly, the FCA provides reliability for those who submit false or fraudulent claims for reimbursement to the government. And in the context of federal loan or grant money, that means, that is going to relate to the representations in the applications or follow up certifications about the use of the money. The false or fraudulent rep or representation or claim doesn’t need to be blatantly false. It could be implicitly false, meaning a failure to disclose something that was material or necessary to make the statement truthful in context, and the penalties under, under the FCA could be severe. Fund, fund recipients subject to FCA liability can be subject to treble damages or triple the amount of the funds received, and then additional penalties on top of that. And again, very briefly, examples of some FCA actions brought in connection with SIGTARP investigations are laid out here. An $85 million settlement paid by a bank based on previous certifications about its loan portfolio, and again, this case was actually based on the banks failure to essentially update the certifications after it later learned that it’s, later that its representations were not accurate. Also, a $10 million settlement paid by the owner of a bank, as we often see in these law enforcement actions. There were also criminal prosecutions of individuals associated with the bank. So, now that’s a little bit of a look back to the past, the not so distant past, with regard to enforcement regarding government stimulus funding. And now Laura’s going to spend another, a moment as we start looking towards the future here, on what enforcement mechanisms have been put in place with regard to the CARES Act funding, more specifically, and I, and you’re going to see a lot of similarities as to what was in place with TARP.

Yeah. Thanks, Sarah. That was great. So, as with TARP, there are a number of newly created bodies with oversight authorities relating to COVID 19 relief funding, and some of them are listed here. Some of them have subpoena power and will be, probably, central players, as SIGTARP, was in connection with monitoring, fraud and other it misuse of, of relief funds and stimulus. In addition to those, the Department of Justice is on the present, obviously, for enforcement of, you know, any type of fraud, but has specifically announced, that it will be very vigilant in monitoring and scrutinizing potential misuse of relief funds. The AG has made that clear in a number of memos and in, in instituting in US Attorney’s Offices throughout the country, coordinators who will be specifically assigned to deal with COVID 19 related crimes and other, other types of fraud. And there will be both a civil and criminal focus. I think that that has been made clear. So, you know, much like what occurred over a decade ago, you know, in connection with what Sarah just discussed, I think we can see sort of a playbook unfolding here that may be quite similar. And, you know, hindsight, I think, will become 2020, I’ve said that before, and I think that will be true. And so, as the immediate crisis becomes less acute in the coming months and years, I think that the oversight will ratchet up. In addition to DOJ, there are other oversight agencies and authorities, such as HHS-OIG, the Office of Inspector General for HHS, which will obviously be focused on sort of healthcare related aspects of the Cares Act. And then, obviously, given that these public nature of this, this entire bill, congressional oversight, scrutiny and of course, inquiry will occur. And then finally, I think we can anticipate an increase in whistleblower activity. From my perspective, whistleblowers are called relators under the False Claims Act, because that’s what I do. And relators, for those who don’t know, are individuals or they can also be entities who bring lawsuits for fraud on government programs in the name of the government and on behalf of the government. And so, the reason this is important is because, among other things, given the size of the, sort of, penalties and damages, this can be a significant, a significant enforcement mechanism. But also whistleblowers/relators under the FCA stand to receive a substantial share of any successful judgment or settlement. And so they’re incentivized, and so, because of that I think we can expect to see that that will be another avenue of inquiry and focus in terms of how these funds have been dispensed and capped. I think we can go to the next slide, please.

And so, what this all means is how do we protect against kind of future, future issues and what can be done now? And the focus of the remainder of this webinar is going to be on, sort of, compliance specific steps that can be taken in light of some of the specific programs. But we do recognize that some organizations will have much more sophisticated compliance programs and mechanisms than others. So for some, this may be the first time that they received any kind of federal aid and thus, you know, the compliance structure may be either different than an entity that is used to receiving such aid, or just may not exist. Others may have much more sophisticated types of programs because they are routine recipients of federal funds such as Medicare or Medicaid recipients. And then others may fall somewhere in between. So, you know, whether you’re a first timer or somebody who is, sort of, regularly receiving these funds, you know, there are new compliance considerations based on the way the funds have been rolled out in the various programs, that we think it’s important for everybody to take a look at and either evaluate or reevaluate their compliance situation as a rehearsal. And with that, I’m going to turn it over to Dave Gacioch to talk about some of the specific programs like this.

Next slide, please. So I want to thank you for that set up, Laura. So, that’s a natural Segway into where the specifics lie in the COVID relief programs. And so we’ve chosen to highlight four of the key stimulus and relief funding programs here, two of which apply specifically to healthcare providers. The Provider Relief Fund that was created originally by the CARES Act and then the Medicare Accelerated/Advance Payment Program, which was created in part by the CARES Act and also expanded regulatorily by HHS. And then the Paycheck Protection Program and the Federal Reserve Main Street Loan Program, out, you know, nonspecific to healthcare, but bring some many of the same issues and probably for, you know, maybe more problematic in this sense for many because those programs are designed to aid entities that may not be as familiar, not as likely, on average, to be as familiar with the ins and outs of federal appropriations and funding compliance, as healthcare providers are. So, we’ve listed some examples of potential stumbling blocks or potential areas of focus later on that are going to be worthwhile for compliance programs to focus on now. And they generally fall into four broad, thematic categories. One of which, the first of which would be eligibility for the program in the first place, right? There’s going to be a lot of scrutiny looking backwards as to, did everyone who received funds under a given program actually meet the eligibility criteria that were set out for that program? And unfortunately, in some cases that evolved over time for that program. Second one, broad category would be funds use restrictions. So, some of these of these relief programs have very specific restrictions and boundaries on what funds can and can’t be used for. Others don’t. But, for those that do there, expect there to be scrutiny from an audit and accounting perspective, as well as beyond, in terms of how the funds that were received by each entity actually were used. Beyond that, additional restrictions that are taken on as a condition of accepting the funds beyond the use of those funds. So the most notable example that comes to mind would be in the Provider Relief Fund, all recipients of the, of the basic tranche one and tranche two funding programs, agreeing or attest to as part of those programs, that they will take certain steps to avoid balance billing or out of network billing of presumptive and actual COVID patients. But that’s something that doesn’t impact, it’s not how you use the funds itself. It’s a separate restriction that one has taken on as a result of, or what will be assumed by the government and alleged by the government to have taken on as a result of accepting the funds. And then fourth, reporting requirements. So many of these programs will have periodic reporting requirements, which will be opportunities that investigators and whistleblowers and relators, like Laura mentioned, down the road will scrutinize to see if they turned out to be true. Next slide, please.

So jumping to the Provider Relief Fund for some more specific examples. Quoted here, just four among several of the many, many pages of terms and conditions that go along with acceptance of funds under that program. All recipients are directed to affirmatively attest that they will comply with, that they do meet these eligibility criteria, and they will comply with the terms and conditions, and HHS has said that those that do not affirmatively attest will be deemed to have done so anyway if they keep the funds past 45 days in the case of the general distributions. And so, these are all obligations that any recipient of these funds that doesn’t take affirmative steps to return them will have to be aware of, and monitor compliance with, and be prepared to answer for down the road in various contexts. So, just to pull out a couple of examples, for instance. Numbers one and two in this, in the main bullet, first main bullets, sub bullets, both talk about use of the funds, and they’ll be only used to prevent, prepare for respond to Coronavirus and reimburse the recipient only for expenses or lost revenues that are attributable to Coronavirus. And so, those raise a whole number of questions, right? What makes an expense attributable to Coronavirus? Obviously, if you had to buy extra PPE specific to Coronavirus, that’s probably pretty safe. But what about if you were shut down and continue to pay your office staff? Is that an expense attributable Coronavirus? That’s going to be a matter of interpretation that doesn’t have a clear answer yet. Lost revenues, HRSA, the arm of HHS, which is administering these programs, has provided some guidance, but we’re still not rock solid as to all of the different methods that will be approved for quote reasonable end quote estimates of lost revenue. HRSA suggested, for example, that if you have a pre COVID pandemic budget, comparing actual to that budget would be a reasonable way. Or alternatively, comparing year over year. So your performance this year versus the same period last year. But obviously the devil will be in the details as to what, how those budgets or how those year over year comparisons are apples to apples or not. Notably, and you can see two other examples here, that we could get into more detail and maybe in the Q&A or in follow ups, but notably HHS states, right in those terms and conditions that full compliance is quote material end quote to the secretary’s decision to disperse these funds to you. Now we don’t necessarily agree that just because they, that we don’t agree that just because they say it makes it so. And Laura, when she was personally involved in litigating the seminal case that decided what the materiality standard under the False Claims Act is. But this is a signal that the government and whistleblowers and relators will be looking at these terms and conditions and strict compliance with the, in a False Claims act perspective and lens, and folks should be ready for that. Next slide, please.

So just to use another set of examples, the Medicare Payment Advance/Acceleration Program, which is largely those funds have been distributed already. Those are advances on future payments so far as opposed to grants. But there’s some, there’s still some talk and speculation about whether, down the road that, those, in effect, loans will be forgiven. The focus here, really, we think is likely to be on eligibility criteria as well as payback period. And so as payback becomes actually required, as it currently is stated to be, whether providers pay it back within the time allotted. So here the eligibility criteria included statements such as that applicants not be in bankruptcy and not be under active medical review or program integrity investigation. CMS, the Centers for Medicare and Medicaid Services, which administers Medicare and administers this program, didn’t provide any more detail out front as to what these meant. What was enough of an audit or investigation or another oversight measure, fraud prevention measure, qualify as being under active medical review or program integrity investigation that would disqualify an applicant from participating in this fund advanced program. The various Medicare administrative contractors across the country interpreted this differently from one another in their forms and also differently over time in their forms. And so, a single contractor could have an application form on week one of this program that said something different than it said in week two and week three because of how quickly this was rolled out. There is going to be scrutiny looking backward at this, we expect, by both government investigators and the private whistleblowers, relators, plaintiffs for whether applicants who received these funds actually met these criteria, and then later on whether they repaid the advances that they, that they did receive within the time period allotted, which varies by provider type. But all of these are items, both here and in the Provider Relief Fund, that compliance programs will want to become attuned to now, if they’re not already, and track and monitor and be prepared to report on down the road. With that, I’ll turn it over to James to talk about two of the non-healthcare specific programs.

Thanks, Dave and good afternoon, everyone. We next turn to the Paycheck Protection Program, a highly publicized program that provided forgivable loans to small businesses to assist them with payroll cost. The program contains a number of eligibility requirements, including the general requirement that loan recipients have fewer than 500 employees or meet the definition of a small business concern, as that term is defined in the Small Business Act. And as you may know, the SBA has established industry specific size standards for classification as a small business, typically based on the number of employees within the organization or the organization’s annual revenues. A business could also qualify for a loan under the PPP program under the SPAs alternative size standard. In addition to certifying eligibility as a small business concern, loan applicants were required to certify that quote current economic uncertainty makes this loan request necessary to support the ongoing operations of the applicant. This language is, in my judgment, ambiguous and certainly open to interpretation. And frankly, the government’s guidance to date has been unclear and inconsistent. As a result, if you are loan applicant and a loan recipient, it’s unclear exactly what constitutes necessity. For example, if a loan recipient had access to alternative sources of liquidity at the time of its application, what kind of supporting information would the recipient have to produce to the SBA to demonstrate that it made the application in good faith? Given these types of uncertainties, loan recipients should consider papering their analyses of these issues. What were the bases for our determination that we satisfied the eligibility criteria at the time of application and, as importantly, that we operated in good faith in our submission of our application? In addition to the issue of eligibility, there are also compliance considering, excuse me, compliance considerations associated with the use of and accounting for loan funds. As you all may know, funds under the PPP are only eligible for forgiveness if used within the first 8 weeks of receipt for specific expenses. Those expenses are principally payroll costs but can also include mortgage, interest, rent and utility cost. The program requirements are complicated in many respects. There’s a number of terms and conditions, and those terms and conditions involve matters of interpretation and require the exercise of judgment. Those features of the program make it right for government scrutiny, whistleblower scrutiny, congressional scrutiny and second guessing. And we already know that the SBA has announced that it was review all PPP loans in excess of $2 million for compliance with program requirements. As a result, now is the time to get ahead of the curve and start preparing for the scrutiny that we know is coming. Let’s move to the next slide.

So, the next topic is the Main Street Loan Program, and that’s really a supplement to the PPP. So the Federal Reserve is establishing this new program to support lending to small and medium sized businesses. It hasn’t been, officially rolled out yet, it’s not operational as of yet. But based on what the Federal Reserve has announced, we understand that the program will operate through three loan facilities, and those loan facilities will purchase the majority of full-recourse loans that are issued to eligible borrowers pursuant to the program. While each facility will have its own term sheet, eligible borrowers generally must have 15,000 or fewer employees, or, 2019 annual revenues of $5 billion or less. Eligible borrowers must provide certifications, including regarding eligibility, ability to meet financial obligations for at least the next 90 days, and, they have to certify their commitment to follow compensation, stock repurchase, and capital distribution restrictions. Participation in the program raises a number of compliance considerations, including whether participation will require an organization to modify its existing credit and financing agreements. Whether or not the company has compliance policies and procedures in place to ensure that the company is making commercially reasonable efforts to maintain its payroll and retain its employees during the time that any eligible loans are outstanding, and compliance with program restrictions relating to compensation, stock repurchases, and capital distributions. And so, there’s just a host of requirements that are attending to these programs and the receipt of program funds that you have to remain cognizant of as you are evaluating your compliance program. Next slide, please.

So, we’ve already discussed some of the ways that the stimulus program requirements give rise to compliance considerations. We’ve also discussed our expectation that these programs will be the focus and source of intense scrutiny. We can anticipate that perceived violations of program requirements could, and likely will, form the basis for various theories of liability, including criminal fraud, false statement offenses, civil liability under the False Claims Act, overpayment recoupment, Sherman Act, anticompetitive conduct, and/or securities violations. And as Laura alluded to earlier, the sources of scrutiny are numerous. We know there will be audits, and we know there will be other administrative program integrity measures. We know there will be a OIG activities. We know there will be False Claims Act cases and other civil investigations by DOJ. We can anticipate criminal investigations. We know there will be whistleblower activity, and there will likely be shareholder activity and litigation as well. And so, again, now is really a great time to start preparing for what we believe is an oncoming onslaught of review, audit and scrutiny. I’ll now turn it over to Sarah to walk through some of the steps we could take to prepare.

Thanks, James. So, we’ve been talking a lot about the scrutiny that’s going to happen. Getting ready for, for all this scrutiny and enforcement. And now we’d like to talk to you about being a little bit more proactive, and how do we go about putting together the compliance function, so that we’re prepared for the audits that would, that will come? And how do we put in place the right compliance, compliance measures that, to deal with the, sort of, ever evolving terms and conditions that are coming along with this, this stimulus, federal stimulus, money. And again, as I think both Laura and Dave have alluded to, we realized that abroad swath of organizations are receiving this money. Many organizations are used to receiving federal funds and have compliance programs in place, but, you know, as we’ll get into a little bit more detail, all organizations are receiving different types of federal funding with different terms and conditions. It’s a high pressure and frankly, a high profile environment that this money is being distributed in, and it really makes sense to take a moment to reevaluate what you’re doing currently, even if it’s a robust compliance program, to make sure that your current processes are effective and insurance ensuring compliance with these new, new terms and conditions that are tied to this money. Take a look to make sure you, you’ve got processes in place to track the initial receipt of the money, they way the money is being spent, and then any follow up reporting that may be new but is nonetheless required. We also want to say, also want to reiterate something that Laura said at the outset, that we also realized that this is an incredibly difficult time to be adding something else to your plate. Management obviously needs to focus on keeping organizations afloat and operational and obviously, incredibly importantly, keeping everyone’s workforce safe and healthy. So suggesting that you pause to reevaluate and strengthen your compliance program at this point is a big ask and we realize that, but it’s also incredibly important for the safety and the health of every organization going forward that you try and make this as much of a priority as you can. Given that we’re focused here on compliance with receipt of federal funds and, among other things, preparation for an audit, and scrutiny associated with those funds, the best road map for developing a compliance program comes from the Department of Justice itself. The DOJ has issued guidance on effective compliance program. And when we’re working with our clients to develop compliance programs related to the receipt of federal funding, among other things, we look to that guidance as a real blueprint for what a good compliance program looks like. Now, as an initial matter, the guidance, and we certainly recognize that there’s no one size fits all formula for any company, for their compliance program. But there are four key areas of a program that we want to focus on today and walk through with you. First of all, the importance of, it’s important to conduct a risk assessment at the outset. Second, the import of developing appropriate policies and procedures. Third, development and implementation of a targeted and effective training program. And then, lastly, you want to talk to you about establishing mechanisms for reporting and investigating possible violations of the compliance program itself. So we’re going to switch to the next slide, which, and talk a little bit more about the risk assessment.

A risk assessment is always an important starting place for any compliance program. And it’s simply a review of the compliance risks that are most significant to your organization. Because the rest are going to vary, depending on the nature of the organization, industry, the locations you operate on and, obviously, the regulatory environment in which you operate. Conducting a risk assessment allows you to tailor your compliance program to address the most significant risks that your organization faces. And even after you have a robust compliance program in place, it’s important to periodically reassess those risks, because, as we know now better than ever, the evolving nature of every business and the evolving nature of the regulatory environment that we all live in, those risks are going to change, those risks are going to change over, over time. And obviously, this is especially true now, in the light that everybody’s lives have been turned upside down, everyone’s organizations have been turned, turned upside down. And especially where you, where there’s new stimulus money that brings with it opportunity, but also brings with it new terms and conditions and, quite frankly, as we’ve been discussing, significant new risks. So, one thing to keep in mind as well when conducting this periodic risk assessment is whether you want to conduct the review, at least in the first instance, with the assistance of counsel and under, under attorney client privilege. Now Dave’s going to spend a little bit more time in a few minutes discussing the pros and cons of privileged communications around the design of a compliance program. But especially when you’re setting out to identify the risks that you’re, that are applicable to your organization, it’s something you at least want to think about, whether you want to bring in lawyers to be involved in this early, early assessment. Now we’re going to actually move onto the next slide, and James is going to talk a little bit more specifically, after you’ve conducted a risk assessment, about your design of the program policies and procedures and training.

Thanks, Sarah. So once you’ve performed a risk assessment, and that risk assessment really should be targeted to whichever loan program or relief program under which you’ve received funding in the terms and conditions of those programs, once you perform that risk assessment, you can then use the assessment to inform the design of your compliance program, which includes implementing policies and procedures designed to reduce the risk of misconduct, detect potential misconduct, and remediate any identified misconduct. In terms of the stimulus programs, we recommend that you assess or reassess whether your current policies and procedures address the areas of highest risk. For example, accounting for use of funds and billing practices. To the extent that there are gaps in your policies or procedures, consider implementing new policies and procedures, or, updating old ones to address the new concerns. Consider whether there is a clear chain of command and clear assignment of responsibilities with respect to use of stimulus funds and any related reporting, including certifications provided to government agencies. In addition, you might consider having a formal review process to confirm the accuracy and completeness of any certifications regarding stimulus funds and their use. Consider performing internal audits to detect potential fraud, accounting irregularities or misuse of funds, and document the audit procedures performed and the results obtained. It’s also a good idea to keep abreast of government announcements relating to the programs under which the company has obtained funds. As we mentioned earlier, Congress instituted these programs within a short period of time, and the guidance on program requirements continues to evolve. We know that there will be government audits. We know that there will be government investigations. And planning for the prospect of a government inquiry can make a world of difference. It can also make the process go much smoother. Consider who within your organization will be principally responsible for responding to government enquiries relating to stimulus funding. Consider maintaining relevant documentation, which could include accounting and financial records, audit files, analytical memos, etcetera. Consider maintaining all that documentation in a manner such that it is readily accessible, if and when necessary. In addition, consider whether you need to modify any of your organization’s document retention policies to ensure that pertinent records are preserved for as long as they are needed. The goal here is to craft policies and procedures that are both effective and efficient. Let’s move to the next slide.

So after crafting robust policies and procedures, you have to communicate those policies and procedures to employees. For policies to be effective, employees have to know about them. We commonly see a first round of training during the onboarding process and then additional training performed on a periodic basis. These periodic trainings can achieve a number of different objectives. They inform employees of new or updated policies, often using common language, which is particularly important when, when implementing new policies relating to novel or gray areas, like some of the complicated program requirements we’ve already discussed. Periodic trainings also advise employees on how to follow the procedures, and they remind employees of their duty to report suspected misconduct, which we’ll touch on again in a minute. Moreover, periodic training reduces the risk of misconduct and effectively creates a record of an organization’s consistent focus on compliance. Again, there’s no one size fits all approach for training, you know, the platform used to deliver the training, whether an online course, a live classroom, or some other method, the actual content of the training, the categories of employees who are involved, all of those facets of the training can be tailored around the subject matter and the sophistication of the audience. It’s a best practice to maintain records of the trainings, including the date on which the training took place, the subject matter of the training, and who participated it. In addition, it’s useful to have some tools in place to measure the effectiveness of the training, whether it be through testing, surveys, reports on compliance or other, some other form of audience participation. Again, the goal here is to be able to demonstrate a robust compliance program should the need arise. And I suspect that many of you who are participating in this webinar today plan to hold COVID 19 related trainings and/or make updates to your policies and procedures to comply with stimulus program requirements. So, it makes sense for you to fold in training on these new developments. Next slide, please.

As I touched upon briefly, an important component of a robust compliance program is a clear mechanism for reporting suspected misconduct. With all the media attention around the pandemic and the government relief efforts, employees will no doubt be inundated with information about the relief programs and how they should work. In this type of environment, it is helpful for employees to have a mechanism through which they can report concerns internally. Whether it’s a hotline number, an email inbox for concerns, an, excuse me, an internet intake form, or something else, it is important that employees know about their ability and duty, really, to report misconduct. And an easy way to remind them of that duty is to incorporate it into the periodic training. We often see companies allowing employees to submit reports anonymously and confidentially to encourage reporting. But again, you have to evaluate and assess what’s right for your organization under the specific circumstances at hand. No. It is critical, however, that employees understand that they will not be retaliated against for reporting suspected misconduct in good faith. So that’s the first component. How do we report misconduct? The second component of this is how do we handle reports of suspected misconduct? As we’ve said, sort of, throughout this program, we anticipate a significant increase in whistleblower activity in the near term as the economy reopens, as well as in the coming years as this crisis unfolds. In our experience, the manner in which a reported concern is handled internally can make a real difference in whether the whistleblower takes his or her concern outside of the organization. There are real benefits to assessing whistleblower concerns in a timely manner and conducting appropriate and thorough investigations. So as you consider the efficacy of your compliance program, we rec, we recommend you give thought to the processes and procedures that you’d have in place or could implement relating to whistleblower reports. Now I’m going to turn it back over to Dave to discuss some considerations around documentation.

Thanks, James. So we’re getting to the home stretch here, everyone. So let’s talk about documentation, which is a part of many of these compliance program features that Sarah and James have talked about, and also more broadly. Right, so thinking about documentation created in the normal course of business, whether that’s right when you applied for funds or whether that’s in the first weeks or months of applying for funds or otherwise, you know, the key here is documentation created that shows what you were thinking and how you were interpreting ambiguous terms and conditions in real time, as opposed to a once an investigation or piece of litigation hits. So it’s not too late, no matter where you are in the process, but documentation created now becomes what the evidence that gets reviewed and can be pointed to in later audits and investigation and litigation, and all of us, or anyone else in the role of defending your organization, against such scrutiny down the road, you know, wants as much helpful documentation to have been created before the litigation ever started, obviously assuming it’s truthful and accurate, as we can and also want the organization to appropriately look out for harmful documentation. So, what can help? Helpful documentation are either internal documents or government facing documents that layout what the organization, in good faith, after appropriate diligence, transparently is interpreting its eligibility in the program terms and conditions to meet. So, going back to that Medicare advanced payment example, organization decides, you know, it says you can’t be in bankruptcy. Given COVID 19, we’re, obviously, you know, it’s really hit our organization hard. We are seriously looking at bankruptcy and whether we need to get there, but we’re not there yet. And so, maybe that organization decides either an internal memo or even in a note that goes to CMS saying, we are not currently in bankruptcy, so we meet the eligibility criterion, but we just want to be transparent with you, this is where, you know, we are on this front. Or be transparent in our internal note. That’s not going to be right for all organizations, but that’s a way to document, if you’re think you’re in a gray area or you think you’re in an area of uncertainty because of where the agency guidance has evolved, documenting in real time, this is how we’ve interpreted it in good faith, and this is how we’re proceeding, shows your good faith down the road. Because ultimately, what we want here is, first, we want everybody to be able to keep all of these funds and use them appropriately, but we want the worst case outcome to be if you got something wrong in good faith, that the agency who is administering the program says no, that interpretation was wrong. We disagree with it. Maybe, you know, you need to change going forward or maybe need to refund some of those dollars to us. But we want it to stop there, right? None of the False Claims Act treble damages or penalties or criminal prosecution investigations that Sarah and Laura were talking about earlier. And documentation is key to that. Documentation can also hurt, though, and many of you will have seen in headlines of your favorite news source or have been through compliance and risk mitigation trainings before, where some pretty egregious examples of things people said flippantly, maybe trying to be funny, or moving too quickly in texts or emails or chats, gets, get used against them down the road and investigations and litigation, when memory, you know, hindsight has become 2020 as Laura said. And so, part of this is affirmatively going out to make sure that you’re documenting accurately in good faith your understandings, but also taking appropriate steps to remind your workforce that this is serious. And it’s not something to be joked about, and people need to be writing and speaking thoughtfully about it if they’re going to write and speak about it at all. And so, some key areas to consider documenting. We’ve talked about program eligibility requirements, like I said in the Medicare Advance Payment example, where the company’s reasonable interpretation of ambiguous program terms. So, come back to, for a while, the question of who was an actual or potential, at that point, now perspective COVID 19 patient for purposes of the balance billing restriction of the Provider Relief Fund was an open question. It’s been clarified since then, but many people got these funds not knowing where the boundaries of that of that regulation and that restriction would be. And so, they took steps to try to clarify with the agency or with its contractors and documented the responses they got to be put in files to be referred to later if needed, and also documented, in many cases internally, or can do so now, if they haven’t done so already, the, issue of this is how we’re interpreting the restriction moving forward to show that we are in good faith trying to comply with it. So those are examples. Companies uses of the funds received is a big example, right. Document from accounting purpose, for purposes of future audits, how the funds were used, and any waivers, exceptions or clarifications that one received from the government or its agents like… And like I said, the documentation could be internal or can be government facing, and each situation is going to differ as to which makes most sense. Next slide, please.

A quick refresher on privilege because some of this stuff is going to, you’re going to want to at least consider whether you want it to be under privilege, and other stuff might make a lot more sense to not be under privilege. And so, we’ve laid out here in the bullets and don’t need to go over them here in the voice over, just a quick refresher on the key points of privilege. But it really comes down to seeking and providing legal advice and a lawyer playing a central role in that. Not just being CCed on emails. But it’s meant to create a non-discoverable space for really open, honest, transparent communication, even communication that could be seen to be, you know, to hurt one down the road to ask questions like, I think we’ve got this legal risk factor, what should we appropriately do about it? Or, I’m not sure if we comply with this term. Lawyer, can you give me some advice on the, on the arguments pro and con so we can make an informed decision? Those are places where you want to consider, you know, whether privilege communications makes sense. Your documenting of your compliance decisions and final understandings, in many cases, it’s going to make sense not to have those under privilege because you want to be able to use them down the road. But again, every situation is going to be different. So with that, I’ll turn it over to Laura to wrap us up. But there’s going to be, this is going to be a long marathon, not a sprint, folks, as Sarah and Laura said at the beginning. This is going to take years and years to play out. So, good to be prepared now, and thanks for your time.

Thanks, Dave. Appreciate that. I appreciate everybody, everybody’s contribution. So basically, you know, here’s sort of a wrap up slide, but the bottom line is, well, organizations are still in the eye of the storm. If they received pandemic related relief funds, now’s a good time to evaluated what compliance mechanisms are in place going forward to ensure that compliance, compliance exists and his maintained. We do have a few questions and, and I’ll turn to those in a minute. But I’m going to give the code for the CLE credit in New York right now, and that is BLUE18. That’s B L U E 18. So that’s what you need for that. And I’m going to pose a couple of the questions. I don’t think we’ll have time to get to all of them, but we will follow up with you if we weren’t able to answer your question live. And we’ll respond as soon as possible on that because I don’t want anyone’s questions to go unanswered. The first question, I think, is for Sarah, and that is this, what is going on, if anything, in the nature of current enforcement efforts already underway relating to CARES Act relief? And, you know, we’ve heard a little bit in the news about an SEC suite, so is that among them? And what can you say about that?

Sure. So there’s, there’s a couple things. You know, we are aware of an SEC suite where members of the SECs enforcement division. So, not exam, not the sort of the auditors, but the enforcement division, are asking registrants for infirm—that have made disclosures about the receipt of PPP loans, in particular, for information and backup on those loans. So there’s already an effort from the from the SEC standpoint, at least, to take a look at disclosures across the board and PPP loans received across the board, as they often do. There’s also been criminal enforcement, already. In my neighboring state of Rhode Island, there was a criminal prosecution that was brought for, really, an egregious blatant fraud with regard to federal stimulus money, someone blatantly lying on their application about the business they were in. But I bring that up simply because it wasn’t a, it was investigation that took only three weeks. They brought in FBI, FBI undercover agents to conduct the investigation, and, US attorney’s Office brought the prosecution all at a time when enforcement agencies are also working remotely. USA is at home working remotely. The FBI’s working on reduced staff and rotating staff. So, the fact that we’ve already seen one criminal prosecution brought in the middle of the crisis, this was brought about almost a month ago now, maybe three weeks, I think, shows the fervor with regard, you know, we’re going to see these, these enforcement efforts continue.

Thanks, Sarah. I think we have time for at least one more, and I think Dave, you can probably answer this, and I think it’s a sort of a, you, well, I’m interested in your answer. But the question is, should beneficiaries refuse stimulus funding? It seems like the legal costs of participating might outweigh the benefits. So can you take that?

Sure. I think with any of these programs, that may well be true for some, for some beneficiaries. I think it’s going to depend on the amount of dollars that you’re eligible to receive under the program, versus your, you know, your underlying financial condition and your risk profile with respect to some of these factors. But it’s, we already know of clients here who have decided it’s just not worth it for some of these programs. We’re going to refuse, not apply. Or we’re going to return funds, you know, that have been provided to us automatically in order to avoid the reporting and downstream auditing and further scrutiny provisions. You know, it’s not going to be, there’s going to be opportunity to do so down the road. And so, don’t feel like just because you got funds, you’re stuck regardless of what your expense structure is. But many places are making the decision that, that it’s just not worth it in their particular circumstances. And it’s going to be specific to each organization as to whether that makes sense or not.

Okay, everybody, thanks Dave, thanks James, and thank you, Sarah. And thank you, everybody for joining us. And we have a few more questions that we didn’t get to, but we’re out of time. So we will follow up with you individually and look forward to speaking with you. And again, appreciate your time. Have a great afternoon. Thanks very much.


Related Site:     McDermott+ Consulting

Attorney Advertising ©2023 McDermott Will & Emery