Getting Ahead of Increased Oversight of CARES Act and COVID Relief Funds

The Pandemic Unemployment Fraud Enforcement Act was recently passed by the U.S. House of Representatives—just as the statute of limitations for prosecuting pandemic-era unemployment insurance (UI) fraud was set to begin expiring. This bipartisan legislation extends the statute of limitations from five years to ten, allowing law enforcement to continue pursuing criminal investigations of suspected offenders and recovering taxpayer dollars well into the next decade.

While the legislation specifically targets unemployment insurance fraud, it sends a broader message: federal scrutiny of all pandemic-era funding—including CARES Act relief—is expected to intensify.

What We Know — and What We Don’t

Recent guidance from the Department of Health and Human Services (HHS) indicates that federal agencies will continue monitoring COVID-related funding programs, including CARES Act relief, for years to come. While the newly extended statute of limitations applies specifically to unemployment insurance (UI) fraud, it’s likely that audits, reviews, and enforcement actions for other pandemic-era programs will follow a similar path.

What remains unclear is whether CARES Act funding will receive a formal statute of limitations extension. Still, organizations shouldn’t assume they’re in the clear simply because CARES isn’t explicitly mentioned. Given the current enforcement climate, increased oversight is expected to continue for the near future.  In fact, HHS recently sent an email to recipients of CARES Act funding requesting that all records be retained through 2027.

What CARES Act Recipients Should Do Now

As federal oversight of pandemic-related funding continues to evolve, organizations that received CARES Act or other COVID-19 relief funds should take proactive steps to protect themselves from compliance issues or potential penalties. Whether your organization received a large or small allocation, the expectation is the same: maintain thorough documentation, meet all reporting obligations, and address any outstanding compliance concerns.

The following steps can help recipients strengthen their compliance posture and reduce risk.

1. Retain All Records Through 2027

Organizations that received CARES Act funding should retain all supporting documentation, including eligibility determinations and records of how funds were used, through at least the end of 2027. This includes internal policies, grant agreements, invoices, payroll records, audit reports, and any documentation related to the funding.

Maintaining a comprehensive paper trail is a crucial safeguard in the event of a future audit or inquiry—especially as federal oversight efforts continue—and can help protect your organization from potential penalties or repayment demands down the road.

2. Prioritize Audit Compliance and Proactive Review

If your organization has not yet completed a required audit for CARES Act or other COVID-related funding, acting without delay is important. Timely audits demonstrate your commitment to compliance and may help reduce penalties, repayment demands, or formal investigations.

This is not the time to wait and see. Taking a proactive approach—by reviewing documentation, addressing audit obligations, and regularly evaluating internal controls and compliance—can significantly lower your risk and help ensure readiness for any future inquiries.

3. Voluntary Repayment is Available

If your organization received more funding than it was eligible for—or later determined that it may not have qualified for some or all of its COVID-related aid—there are official channels for voluntarily returning those funds. You can initiate repayment through the U.S. Department of the Treasury’s Recipient Compliance and Reporting portal or by contacting the agency that issued the funds directly for guidance.

Be proactive in taking the proper steps to correct potential overpayments, as it may help reduce the risk of penalties or enforcement actions down the line.

Get the Support You Need

Whether you’re facing overdue audits, evaluating potential repayment obligations, or simply unclear as to your situation, seeking guidance is important. Our team is here to help. We’ll work with you to assess your situation, identify risks, and strengthen your compliance strategy. Contact a CRI advisor today to discuss your organization’s needs and ensure you’re prepared for any future scrutiny. Acting now can provide peace of mind—and help protect your organization’s reputation and resources.