Enforcement of the CARES ACT: How the Legislation and Lessons from TARP Should Inform The Actions of Corporate Participants in CARES

On March 27, 2020, President Donald Trump signed into law the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”).1  The CARES Act provides a $2 trillion stimulus package which includes, among other things, two large financial relief funds.  First, the Act includes $500 billion for the U.S. Department of the Treasury’s Economic Stabilization Fund to assist eligible businesses, states, and municipalities who have suffered losses incurred as a result of the coronavirus outbreak in the form of loans, loan guarantees, and other investments.  For a detailed description of the provisions of the CARES Act’s $500 billion large business provisions, click here.  Second, the CARES Act provides for up to $349 billion in small business loans, which we have previously discussed here.  With such large amounts of money being distributed to numerous businesses that must comply with new regulations, provide certifications, and complete required forms to obtain the economic relief also comes the possibility of fraud, waste, and abuse that the government is likely to seek out and target.  Drawing on similarities among the CARES Act and the Emergency Economic Stabilization Act of 2008, which established the Troubled Asset Relief Program (“TARP”), we will analyze how the lessons learned from TARP enforcement actions can inform best practices among CARES Act participants.

The Key Enforcement Related Provisions of the CARES Act That Are Modeled on TARP

Oversight and enforcement are primary features of the CARES Act, which establishes three oversight bodies that are likely to take an aggressive approach towards investigating and prosecuting individuals and entities who misuse CARES Act funds: (1) an inspector general; (2) a Congressional oversight commission; and (3) an accountability committee.  TARP included similar legislation aimed at investigating and overseeing financial institutions’ receipt of $700 billion in funds.2 

The first CARES Act oversight and enforcement mechanism is the appointment of a Special Inspector General for Pandemic Relief (“SIG-PR”),3 who the Act provides $25 million in funding to build out an investigative and oversight team.4  Similarly, in 2008, the government created the Office of the Special Inspector General of TARP (“SIG-TARP”).5  The SIG-PR, much like the SIG-TARP, is empowered by the CARES Act to “[c]onduct, supervise, and coordinate audits and investigations of the making, purchase, management, and sale of loans, loan guarantees, and other investments made by the Secretary of the Treasury” in connection with the CARES Act stimulus package.6  Further, just like the SIG-TARP, the SIG-PR has been granted the powers set forth in the Inspector General Act of 1978 (5 U.S.C. App).7  As a result, SIG-PR has robust civil and criminal enforcement power over CARES Act abuses, including the ability to subpoena the production of documents, enforce those subpoenas in any federal court, take testimony under oath, execute search and seizure warrants, and make arrests.8  Again, like the SIG-TARP, the SIG-PR shall provide Congress with quarterly reports documenting its investigative actions and enforcement results.9 

Second, the CARES Act establishes the Congressional Oversight Commission, which comprises five members appointed by the House and the Senate.10  This commission has several powers, including the power to hold hearings and issue reports to Congress on the efficacy of the funds distributed through the CARES Act.11  Congress granted similar powers to an oversight panel that reported on TARP.12  

Third, in a step beyond even TARP’s broad oversight, the CARES Act establishes the Pandemic Response Accountability Committee (the “PRAC”), comprising multiple inspectors general who will “promote transparency and conduct and support oversight” of funds made available under the Act.13  No analogous committee was established with TARP, signaling that the government intends CARES Act oversight to involve greater interagency coordination and resource mobilization.  Indeed, the PRAC has been granted broad powers, and an initial operating budget of $80 million, in support of its mission to “(1) prevent and detect fraud, waste, abuse, and mismanagement; and (2) mitigate major risks that cut across program and agency boundaries.”14  The PRAC has the authority to conduct investigations, issue and enforce subpoenas, and refer matters to the Department of Justice (“DOJ”) for prosecution.15   

TARP Enforcement Serves as an Example of Likely CARES Act Enforcement

TARP abuse was vigorously enforced, with 300 defendants – including 76 bankers and 92 bank borrowers – receiving prison sentences, and the recovery of more than $11 billion in funds that were distributed under TARP.16  Notably, the government’s enforcement and recovery efforts related to TARP continue to be robust, with the government recovering $900 million in 2019 alone.17  CARES Act enforcement is likely to be similarly robust given that the CARES Act oversight and enforcement provisions were modeled on TARP.  To adequately prepare and implement best practices, corporate participants should look to key TARP enforcement actions as a guide for the types of fraud, waste, and abuse that SIG-TARP targeted, and that SIG-PR is likely to target for CARES Act matters.

SIG-TARP enforcement actions have run the gamut from criminal prosecutions of individuals and indictments of financial institutions to major civil penalties against corporate participants in TARP bailouts. 

  • Lee Farkas, the former chairman and owner of Taylor, Bean & Whitaker (“TBW”), was convicted and sentenced to 30 years in prison in connection with a $2.9 billion fraud scheme that led to the failure of TBW and Colonial Bank.Colonial Bank’s application for TARP funding included materially false information related to mortgage loans and securities held by the bank.Farkas diverted millions from a mortgage lending facility into an escrow account in an attempt to convince the government that the Bank had sufficient investments to satisfy a capital contingency on the Bank’s receipt of TARP funds.18
  • Imperial Holdings paid $8 million to settle an enforcement action arising from its material misrepresentations in life insurance applications that ultimately defrauded TARP-recipient insurance carriers.Imperial Holdings life insurance agents made misrepresentations on applications where the carrier was likely to deny the policy and Imperial Holdings failed to institute adequate controls to prevent fraud by agents.19

Taken together, these SIG-TARP investigations show that individuals and entities applying for or receiving government stimulus packages, such as through TARP or the CARES Act, as well as entities that have more tangential relationships to the stimulus package funds, are subject to prosecution under a broad range of federal crimes that carry lengthy prison sentences and serious fines.  Notably, these examples show that SIG-TARP aggressively pursued individuals and entities, and targeted both small scale and large scale matters, proving that there is no minimum threshold amount that the government will simply ignore.  Rather, inspectors general, such as SIG-TARP, and likely SIG-PR, will pursue waste, fraud, and abuse regardless of the amount of money involved.  

Best Practices For Corporate Participants in CARES Act Funds

The range of companies touched by the CARES Act is quite broad.  As we saw with TARP enforcement, both applicants for stimulus package funds as well as financial institutions or asset management companies that do not receive CARES Act funds but who are nevertheless connected to such funds are still subject to oversight and possible investigation.  As a result, companies should act now to ensure they have robust compliance policies and internal controls in place, with a specific eye towards issues that are likely to arise in the stimulus package context.

For example, companies should designate an internal compliance officer to oversee compliance with all aspects of the CARES Act.  Specifically, the compliance officer should focus on the content of the company’s application for CARES Act funds and any other submissions the company makes, as false statements submitted to the government could result in liability.  Moreover, if a company receives CARES Act funds, it should ensure proper accounting mechanisms are in place to track the receipt and use of the stimulus package money. 

Compliance officers should also be wary of the limits the CARES Act places on participation in the Act’s small business loans based on “affiliation,” which we have previously discussed in detail here.  Under the Act, to be eligible for a loan as a small business that has less than 500 employees, a company may need to disclose the number of its own employees as well as the employees of its investors, if those investors qualify as affiliates.  In particular, compliance officers of venture-backed start-ups should carefully review the Act’s requirements and fully disclose their investor relationships when applying for a CARES Act small business loan.

Companies should also conduct trainings on the compliance and oversight aspects of the CARES Act.  Companies may also wish to consult with outside counsel to ensure the company’s controls and policies comply with industry standards.  Further, companies should establish hotlines or other complaint reporting mechanisms that will help them quickly identify any risks that arise.  Such reporting mechanisms are particularly important in the current times in which most employees are working from home, making in-person reporting unlikely.  If any risks are identified, or internal complaints are raised, companies should consider promptly contacting outside counsel to investigate and help the company respond and address the risk as well as implement additional protocols to mitigate future potential issues.

Click here to download this article.


1       CARES Act, Pub. L. No. 116-136 (2020).

2       U.S. Department of the Treasury: About TARP, here.

3      Brian Miller, who is currently senior associate counsel in the Office of White House Counsel, has been nominated as the SIG-PR.  Erica Werner, Trump’s choice for coronavirus inspector general wins praise from some oversight experts as Democrats slam pick, https://www.washingtonpost.com/us-policy/2020/04/04/brian-miller-trump-coronavirus-inspector-general/ Wash. Post (April 4, 2020).

4      Pub. L. No. 116-136 §§ 4018(b), (g)(1).

5      SIGTARP, About Us, here.

6      Pub. L. No. 116-136, § 4018(c).

7      See id. § 4018(d).

8      See 5 U.S.C. App, Inspector General Act of 1978 § 6(a)(2)-(5).

9      See id. § 4018(f)(1).

10    See id. § 4020.

11    See id. § 4020(b), (e).

12    See 12 U.S.C. § 5233.

13    See Pub. L. No. 116-136 § 15010.

14    See id. § 15010(b).

15    See id. § 15010(e).

16    See SIGTARP About Us; SIGTARP Crimes and Fines Database.

17    See SIGTARP About Us, here.

18    Former Chairman of Taylor, Bean & Whitaker Sentenced to 30 Years in Prison and Ordered to Forfeit $38.5 Million, here (June 30, 2011).

19    See SIGTARP Crimes and Fines Database, here.


You are currently offline.