When Congress passed the Coronavirus Aid, Relief and Economic Security Act in March 2020, it put more than $2 trillion into the economy almost overnight.
The money came in many forms: Paycheck Protection Program loans for small businesses, Economic Injury Disaster Loan program working capital loans, Provider Relief Fund payments to healthcare systems and payroll support for airlines. The goal was simple: Keep businesses afloat and workers employed during lockdowns.
The U.S. Department of Justice promised early on that it would protect those programs. Enforcement started almost immediately with criminal prosecutions of individuals who had used PPP funds for luxury cars, jewelry or vacations. Those early cases were straightforward and sent a public message: Fraudsters who abused emergency relief would be caught.
Five years later, the enforcement picture looks very different. The new administration has put fraud, waste and abuse at the center of its enforcement agenda. The DOJ’s Civil Division has doubled down on the False Claims Act as its tool of choice. That means the focus has shifted from individuals with obvious misuse of funds to companies accused of making technical mistakes in certifications or eligibility calculations.
The DOJ’s Expanding Net
The scale of enforcement is striking. According to IRS Criminal Investigation, as of March, there were more than 2,000 pandemic-related tax and money laundering cases involving $10 billion in attempted fraud. Over 1,000 people have been indicted and over 550 sentenced, with an average sentence of 31 months. IRS-CI reports a conviction rate of over 97%.[1]
In fiscal year 2024, the DOJ reported securing over 250 settlements and judgments under the FCA, yielding recoveries that surpassed $250 million in connection with alleged pandemic-related fraud.[2]
In August 2022, then-President Joe Biden enacted two statutes that extended the government’s ability to pursue PPP and EIDL fraud cases. The PPP and Bank Fraud Enforcement Harmonization Act and the COVID-19 EIDL Fraud Statute of Limitations Act lengthened the statute of limitations for fraud involving these programs from five to 10 years, aligning PPP and EIDL fraud with the 10-year period already applicable to federal bank fraud.
Passed with bipartisan support, the measures reflected Congress’ intent to keep pandemic relief fraud enforcement at the forefront of federal priorities. The expanded limitations period provides the DOJ and federal agencies additional time to investigate and prosecute larger, more complex schemes, which recent cases show increasingly involve higher-dollar amounts and multiple defendants. It also allows for potential scrutiny of lenders and insiders whose inadequate oversight or review may have enabled fraudulent loans.
Then, this March, the U.S. House of Representatives overwhelmingly passed the Pandemic Unemployment Fraud Enforcement Act, a bipartisan measure extending the statute of limitations for prosecuting pandemic-era unemployment insurance fraud from five to 10 years.[3]
Again, by aligning unemployment insurance fraud prosecutions with the 10-year window Congress previously granted for PPP and EIDL fraud, lawmakers signaled that pandemic relief enforcement remains a top priority, though the bill has not yet passed the Senate.
The FCA in particular is perfectly designed for this moment. Unlike criminal fraud, which requires proof beyond a reasonable doubt, FCA cases can be won on a preponderance of the evidence. Add in treble damages and statutory penalties, and a relatively modest dispute can quickly turn into a multimillion-dollar case. Even without evidence of bad faith, the threat of treble damages can force companies into settlement talks.
The FCA also harnesses whistleblowers. The DOJ reported record whistleblower payouts in fiscal year 2024, a clear signal that insiders are being incentivized to bring pandemic-related allegations forward.
The DOJ-HHS FCA Working Group
In July, the DOJ and U.S. Department of Health and Human Services announced the relaunch of their FCA working group.[4] It’s designed to coordinate enforcement across healthcare and related sectors. The group’s focus areas include Medicare Advantage risk adjustment, drug pricing, kickbacks in durable medical equipment and manipulation of electronic health records.
These priorities are not new, but now, they are explicitly tied to pandemic relief programs. Hospitals and health systems that received Provider Relief Fund dollars are squarely in the crosshairs, even if COVID-19 funds made up only a slice of their budgets. Pandemic enforcement is being baked into the broader FCA strategy.
SBA Affiliation and Ownership Structure: A Corporate Minefield
One of the government’s sharpest tools has been the U.S. Small Business Administration’s affiliation rules, clarified by the U.S. Department of the Treasury in its May 2020 interim final rule on the treatment of entities with foreign affiliates.[5] The rule required businesses to count the employees of their affiliates, both domestic and foreign, when applying for PPP loans. For second-draw loans, the cap of 300 employees applied across the corporate family.
That technical requirement has triggered multiple FCA cases. In March, for instance, Monofrax LLC paid nearly $2 million to settle allegations that it improperly obtained a second-draw PPP loan while exceeding the 300-employee cap.[6]
Earlier this month, Immco Diagnostics LLC and Primus Corp., subsidiaries of Irish parent company Trinity Biotech PLC, paid almost $2.4 million for similar allegations.[7]
And in July, Delta Air Lines Inc. paid $8.1 million to resolve claims that it violated compensation limits under the Payroll Support Program.[8]
These aren’t defendants buying fancy cars and watches. These are large corporations accused of misinterpreting affiliation rules or program caps. The DOJ is showing that technical errors can lead to FCA liability.
Ownership structure issues have also become a recurring theme in FCA enforcement, particularly in the PPP context, where eligibility restrictions turn on who ultimately owned or controlled the applicant.
In July 2024, GPS manufacturer Hemisphere GNSS USA Inc. agreed to pay $2.6 million to resolve allegations that it falsely certified it was not owned in part by a Chinese entity when applying for a second-draw PPP loan, rendering it ineligible for forgiveness.[9]
The case underscores the DOJ’s position that misrepresentations about foreign ownership or affiliate control are not mere technical oversights, but material falsehoods that can trigger FCA liability.
Beyond PPP: A Wide Net
PPP cases dominate the headlines, but they are not the only programs under scrutiny. The DOJ has brought cases tied to the EIDL program, involving fake businesses and misuse of funds. The Restaurant Revitalization Fund has produced FCA settlements against restaurants that inflated revenue losses. The Provider Relief Fund has led to cases against hospitals accused of overstating patient volumes. And even the Payroll Support Program for airlines has generated FCA settlements, as the Delta case shows.
The takeaway is simple: Any federal dollar received during COVID-19 is fair game for FCA scrutiny, no matter how small the program or how many years have passed.
What Lawyers Should Do
For the defense bar, the shift from individuals to corporations demands a recalibrated approach. Companies that took pandemic funds must be proactive. Retrospective audits are essential: reviewing PPP applications, forgiveness certifications and Provider Relief Fund reporting with an eye toward whether employee counts and affiliate disclosures were accurate under SBA rules. Documenting the methodology behind those calculations can be critical evidence if the DOJ questions the certifications years later.
Compliance programs should also be stress-tested and expanded. Weaknesses in one area can undermine credibility across all, and a compliance program is only as strong as its weakest link. Regulators increasingly view gaps in one area — whether eligibility determinations, documentation or reporting — as evidence that the broader framework is unreliable.
Many healthcare providers already maintain robust compliance frameworks for billing and reimbursement. Those frameworks must now be broadened to include pandemic certifications and fund usage. The DOJ and HHS have made clear through their FCA working group that they view pandemic relief enforcement as part of larger healthcare fraud priorities and expect companies to self-police across all priority areas.
Voluntary self-disclosure remains a difficult but important tool. The DOJ has long emphasized that companies that self-report, cooperate, and remediate can obtain reduced penalties and sometimes avoid qui tam suits. In the pandemic context, raising a headcount miscalculation or affiliate disclosure error before a whistleblower does may limit exposure.
Defense counsel should also prepare clients for the reality of parallel proceedings. An FCA case rarely exists in isolation. Medicare payment suspensions, debarment or exclusion from federal programs are often in play. Litigation strategy must account for both courtroom risks and business continuity.
Managing whistleblower risk internally is another priority. Employees are often the first to see discrepancies, and if internal reporting channels are not credible, they will go outside. Building strong internal hotlines, antiretaliation protections and escalation protocols can reduce qui tam filings and demonstrate good faith compliance to regulators.
Finally, boards and executives need to be educated on their personal exposure. Although the DOJ is prioritizing corporate recoveries, individuals who certified eligibility or forgiveness may be personally liable. Directors and officers should confirm that D&O insurance covers FCA investigations and settlements, and they should be prepared for interviews or depositions probing their roles.
Preparing for the Next Five Years
The enforcement horizon is long. Billions of dollars remain unaccounted for, and the DOJ has signaled that recovery of those funds is part of its broader mission to combat fraud and abuse. With the statute of limitations extended to 10 years, pandemic-related FCA cases will persist well into the next decade.
The government has pivoted from small-dollar individual prosecutions to high-value corporate cases. Employee counts, affiliate disclosures and ownership structures have emerged as key enforcement areas. Pandemic allegations are increasingly embedded in traditional healthcare and financial fraud prosecutions, raising the complexity and stakes.
Companies cannot afford to wait. They must conduct internal audits, preserve documentation, strengthen compliance programs and consider self-disclosure where warranted. They must prepare for multifront enforcement, including FCA suits, administrative suspensions and whistleblower actions.
David Tarras is the founding attorney at the Law Office of David Tarras PLLC.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of their employer, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] Internal Revenue Service, Five Years Post-CARES Act: IRS-CI Has Launched 2,039 COVID Fraud Investigations Totaling $10B in Attempted Fraud (Mar. 26, 2025).
[2] Press Release, U.S. Dep’t of Justice, False Claims Act Settlements and Judgments Exceed $2.9 Billion in Fiscal Year 2024 (Feb. 22, 2025).
[3] Press Release, U.S. House of Representatives, Comm. on Ways & Means, House Passes Overwhelmingly Bipartisan Legislation to Empower Law Enforcement to Continue Prosecuting Pandemic Unemployment Fraud and Recoup Hundreds of Billions in Tax Dollars (Mar. 12, 2025).
[4] DOJ–HHS Press Release, Reinvigoration of FCA Working Group (July 2, 2025).
[5] Treasury Department, Interim Final Rule on the Treatment of Entities with Foreign Affiliates (May 2020).
[6] DOJ Press Release, Monofrax LLC Settlement (Mar. 11, 2025).
[7] DOJ Press Release, Immco/Primus Settlement (2025).
[8] DOJ Press Release, Delta Airlines Payroll Support Program Settlement (July 2025).
[9] DOJ Press Release, GPS Manufacturer Agrees to Pay $2.6M to Settle False Claims Act Allegations Relating to Improper PPP Loan (July 9, 2024).