Mitigating Risk of Fraud During the COVID-19 Crisis

14 min read

For further information, please visit the White & Case Coronavirus Resource Center.

Any financial crisis, especially one as pronounced as that triggered by the coronavirus (COVID-19) pandemic, puts companies at heightened risk for fraud. With $2.2 trillion about to be made available for financial relief under the CARES Act,1 this risk is especially high. The US Securities and Exchange Commission (“SEC”) and the US Department of Justice (“DOJ”) have already given notice that they will be actively investigating and prosecuting COVID-19-related frauds.2 In this environment, companies will need to pay special attention to maintaining strong corporate controls and procedures. 

While there is no definitive roadmap for navigating the current unprecedented conditions, a review of the fraud prosecutions in the immediate aftermath of the 2008 financial crisis provides some insights into how companies can mitigate the risk of fraud and fraud-related enforcement proceedings.

There is every expectation that each of the areas that the SEC and DOJ focused on after the financial crisis will again draw their attention in the wake of the current crisis. Thus, while the top agenda item for corporate management may be to stabilize the business, corporate internal controls designed to ensure compliance with legal requirements must not be overlooked


Lessons Learned from the 2008 Financial Crisis 

In the wake of the 2008 financial crisis, the SEC brought civil lawsuits and administrative charges against over 200 entities and individuals, with Chief Executive Officers (“CEOs”), Chief Financial Officers (“CFOs”), and other senior corporate officers representing nearly half of that number. The SEC estimates that the prosecutions for misconduct that led to or arose from the 2008 crisis generated roughly $3.76 billion in disgorgement, penalties and other monetary relief.3  The DOJ’s Civil Division also utilized a seldom-used civil money penalty provision from the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (“FIRREA”) to prosecute financial fraud. In certain instances presenting more egregious fact patterns, the DOJ also instituted criminal prosecutions against individuals leading to lengthy prison terms.

The financial crisis also spurred years of private litigation, including a wave of federal securities fraud cases. Of the 210 federal securities class actions filed in 2008, 91 were related to the 2008 subprime/liquidity crisis.4  After that initial surge in 2008, filings related to the crisis declined steadily, with 53 new filings in 2009, 13 in 2010, 3 in 2011, and none in 2012.5  Most of these cases resulted in settlements, and the Stanford Law Securities Class Action Clearinghouse reveals that 2008 crisis-related cases have tended to be associated with larger “estimated damages” than other types of cases. 

The kinds of securities fraud or other misconduct alleged or proven fell into the following categories:  

  • Accounting and Financial Statement Fraud
  • Insider Trading
  • Regulation FD/Selective Disclosure Violations 
  • Proxy Solicitation Violations
  • US Department of the Treasury Loan Fraud


Accounting and Financial Statement Fraud 

Financial statement and accounting fraud constituted the single largest category of actions filed by the SEC in the immediate aftermath of the financial crisis.7 As business declines, the risk of accounting and other disclosure fraud may increase. Thus, for example, the SEC charged one financial services corporation for understating expenses and losses incurred during the months leading up to the financial crisis.8  The SEC also found that the company’s former Chief Risk Officer (“CRO”) took inadequate steps to communicate negative internal forecasting to the senior management committee. Similarly, the SEC charged the former Chief Accounting Officer (“CAO”) of a public company specializing in home construction with conducting an earnings management scheme.9  The CAO fraudulently decreased the company’s reported net income by recording improper accounting reserves during periods of strong growth in the early 2000s, and then reversed the improper reserves to increase net income when the company’s financial performance weakened in the lead up to the 2008 housing crash. The DOJ later indicted the CAO, and he was convicted of conspiracy to commit securities fraud, to make false and misleading statements to auditors and accountants, to circumvent the company’s internal accounting controls, and to falsify the books, records, and accounts of the company.10 He received a ten-year sentence.  

An example of costly settlements in private shareholder class action litigation was the case against a real estate investment trust (“REIT”), in which plaintiffs alleged, inter alia, that in SEC filings and investor conference calls and meetings, the REIT made material misrepresentations about its earnings, repurchase reserve and residual interest valuations, as well as its internal controls.11  The case ultimately settled for $125 million, with former directors and officers of the REIT paying $65.1 million, its auditor paying $44.75 million and its underwriters paying $15 million.12  

Insider Trading 

The SEC also directed its attention to executives at public companies engaged in insider trading. For example, in 2009, the SEC announced insider trading charges against the former CEO of the nation’s largest mortgage lender at that time.13 The CEO had initiated four executive stock sale plans from October to December 2006, even as he was aware of material nonpublic information (“MNPI”) regarding the company’s increasing credit risk and the expected poor performance of the company’s originated loans. The CEO ultimately settled the charges by agreeing to a $67.5 million settlement.14 At that time, this constituted the largest financial penalty ever leveled against a senior executive of a public company. Private shareholder litigation was also commenced against the company and CEO,15 pursuant to Section 20A of the Securities Exchange Act of 1934 (“Exchange Act”), which provides for a private right of action against insiders who commit an Exchange Act violation by trading while in possession of MNPI. The court found that the CEO sold the company’s stock through “unusual” 10b5-1 plan modifications before the company issued a corrective disclosure. The case ultimately settled for $500 million.16

Regulation FD/Selective Disclosure

Regulation FD or “Fair Disclosure” (“Reg FD”) prohibits individuals acting on behalf of public companies from selectively disclosing MNPI to certain persons outside of the company (such as securities analysts or institutional investors) without also disclosing the information to the public. In the aftermath of the 2008 financial crisis, the SEC began actively pursuing Reg FD enforcement actions against public companies. 

In the first of these cases, brought in September 2009, the SEC brought Reg FD charges against the former CFO of a marine transportation and manufacturing company, for selectively disclosing MNPI to several sell-side analysts regarding the company’s upcoming quarterly forecast without simultaneously making that information available to the public.17 The CFO settled the charges by paying a $25,000 penalty and consenting to the entry of an order in a follow-on administrative proceeding directing him to cease and desist from violating Reg FD and Section 13(a) of the Exchange Act. The SEC, however, did not bring charges against the company, finding that the company maintained an “environment of compliance” by providing Regulation FD training and adopting controls designed to prevent violations. Because Reg FD does not provide for a private right of action and is not considered a violation of Rule 10b-5,18 no private action followed.

Proxy Solicitation Fraud

In the wake of the financial crisis, the SEC also charged public companies with providing shareholders with false and misleading proxy statements before soliciting shareholder votes. For instance, in 2009, the SEC charged a major bank with submitting inaccurate proxy materials to shareholders when soliciting their consent to acquire another financial institution.19 The Bank allegedly circulated proxy materials stating that the target had agreed not to pay year-end performance bonuses prior to the closing of the merger without the Bank’s consent when, in fact, according to the SEC, the Bank had already authorized the target to pay discretionary bonuses to its executives. The SEC alleged that the Bank’s failure to disclose these performance bonuses prior to the vote deprived shareholders of material information prior to a corporate transaction that they were asked to approve. The Bank settled these charges by agreeing to pay $33 million in settlement. A private shareholder derivative action alleging similar conduct, brought pursuant to Sections 10(b), 14(a) and 20(a) of the Exchange Act, was settled for $2.43 billion.20

Treasury Loan Fraud

Finally, after the 2008 crisis, the SEC assisted in prosecuting fraud related to the Troubled Asset Relief Program (“TARP”). The Emergency Economic Stabilization Act of 2008 created the TARP program, an initiative to purchase or insure up to $700 billion of troubled assets, as well as a Special Inspector General position to investigate fraud and funding misuse related to TARP. 

In 2009, the SEC filed a complaint against a purported investment adviser and its founder alleging that they defrauded clients out of $6.5 million by falsely claiming that they had the ability to invest client funds in bank debts as part of TARP.21  They even created fraudulent account statements reflecting clients’ ownership of these non-existent securities. The DOJ also charged the founder and, after pleading guilty to wire and mail fraud, he was sentenced to ten years in prison and ordered to pay $6.1 million in restitution.22  

It should be noted that numerous courts found that TARP did not provide a private right of action, which prevented private citizens from bringing claims under the law.23


The Need for Corporate Focus on Internal Controls

The foregoing areas of focus are sure to be scrutinized by the SEC and, in the more egregious circumstances, the DOJ, as the agencies closely monitor the conduct of companies struggling with the effects of the pandemic. Thus, even as corporate management prioritize the action items necessary to stabilize the business, corporate internal controls designed to ensure compliance with legal requirements must be emphasized if companies are to mitigate the risks of fraud or fraud-related enforcement activity.

One challenging problem for public companies is accurate and timely reporting of financial performance as each day brings more news that affects business operations, costs and revenue. In recognition of these volatile circumstances, on March 4 and 25, 2020, the SEC extended financial reporting deadlines due to COVID-19.24 Companies should expect that the SEC, DOJ and private plaintiffs will closely analyze public companies’ and their senior executives’ accounting practices and public disclosures to determine if they made material misrepresentations. Similarly, to the extent corporate executives attempt to manage communications with major investors and the analyst community, it is likely the SEC will investigate whether they leaked MNPI to such investors without making the same information available more publicly, in violation of Reg FD.  

Moreover, even prior to the enactment of the CARES Act, as companies grappled with precipitous declines in business, the SEC Enforcement Division issued a statement on March 23, 2020, highlighting the need for public companies, broker-dealers, investment advisers and other registrants to follow internal financial controls, and policies and procedures designed to protect MNPI. Because of the “dynamic” nature of this current crisis, company insiders, consultants and others will have access to important nonpublic information about company performance and outlook. Such insiders may be tempted to trade in advance of that MNPI becoming public in order to avoid losses. The SEC’s statement is an indication that the Enforcement Division recognizes the risks of such misconduct in the current environment and will pursue any such conduct through enforcement actions.  

The key to mitigating these risks to a company is a focus on internal corporate controls and compliance with established processes. Companies should enforce their policies and procedures relating to trading windows and 10b5-1 plans, and ensure that each person who could have access to MNPI strictly follows company policies and avoids trading on the basis of such MNPI. Controls relating to accurate accounting and books and records requirements should also be reinforced within the financial reporting departments of the company. Moreover, the controls at a company relating to the substance and timing of public statements must be reinforced to ensure accuracy of disclosures. Similarly, Regulation FD policies about who may have communications with investors or analysts, and under what circumstances, should be reinforced to ensure that no MNPI is inadvertently disclosed, and if it is, to make timely public disclosure.     

Separately, as in TARP, the CARES Act provides for the creation of an Inspector General position to ensure that Government funds are being used properly, and we should expect that the SEC and the DOJ will again partner with the new Inspector General to prosecute fraud related to such funds. Any company that seeks relief under this program should institute corporate controls and processes to ensure that all communications with Government representatives are accurate, and that the company complies with the requirements of the relief program. 

These measures may not be sufficient to completely prevent misconduct by company employees or representatives, but they will be critical to mitigating corporate liability if and when misconduct comes to light. 


Click here to download 'Mitigating Risk of Fraud During the COVID-19 Crisis' PDF


1 On March 27, 2020, President Trump signed the bill titled Coronavirus Aid, Relief and Economic Security Act (“CARES Act”).
2 On March 16, 2020, Attorney General William P. Barr issued a memorandum directing the DOJ to “remain vigilant in detecting, investigating, and prosecuting wrongdoing related to the crisis.” Similarly, on March 23, 2020, the Co-Directors of the SEC’s Division of Enforcement released a statement emphasizing their commitment to “protecting investors and maintaining confidence in the fairness and integrity of our markets.”
3 SEC Enforcement Actions: Addressing Misconduct That Led To or Arose From the Financial Crisis, U.S. Securities and Exchange Commission (Oct. 7, 2016),
6 CORNERSTONE RESEARCH, SECURITIES CLASS ACTION SETTLEMENTS: 2014 YEAR IN REVIEW AND ANALYSIS (2014), For its yearly analysis of class action settlements, the Clearinghouse uses simplified calculations of potential shareholder losses, referred to as “estimated damages” in order to keep a consistent methodology for the identification and analysis of trends. Id. at 7.
11 In re New Century, 588 F. Supp. 2d 1206, 1226 (C.D. Cal. 2008).
12 New Century itself was not a defendant as it filed for bankruptcy in April 2007, two months after plaintiffs filed their initial complaint.  
15 In re Countrywide Fin. Corp. Sec. Litig., No. CV-07-05295-MRP (MANx), 588 F. Supp. 2d 1132 (C.D. Cal. Dec. 1, 2008); In re Countrywide Fin. Corp. Sec. Litig., No. CV-07-05295-MRP (MANx), 2009 U.S. Dist. LEXIS 32951 (C.D. Cal. Apr. 6, 2009).
18 (see notes 85-86 and accompanying text).
23   See, e.g., Letvin v. Lew, No. 13-12015, 2014 U.S. Dist. LEXIS 87343, at *19 n.9 (E.D. Mich. June 24, 2014); Brecker v. 1st Republic Mortg. Bankers, Inc., No. 13-5646, 2013 U.S. Dist. LEXIS 151214, at *13 (D.N.J. Oct. 21, 2013); Ruotolo v. Fannie Mae, 933 F. Supp. 2d 512, 524 (S.D.N.Y. 2013) (collecting cases); Ruvalcaba v. Citibank CitiMortgage, Inc., No. 12-4655-JFW (AJWx), 2012 U.S. Dist. LEXIS 196595, at * 8 (C.D. Cal. Aug. 1, 2012) (collecting cases). 
24 See additional guidance from the SEC Division of Corporation Finance in this alert from our Public Company Advisory Group 25


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.

© 2020 White & Case LLP