54 Months for $98M ERC Fraud: The DOJ Sentencing That Should Trigger Your Internal Audit

TL;DR

• A Las Vegas business owner filed 1,227 fraudulent ERC returns seeking $98M in COVID-19 tax credits. The IRS paid out $33M before catching it.
• She was sentenced to 54 months in federal prison on April 7, 2026 — part of an active DOJ/IRS campaign targeting pandemic-era relief fraud.
• The IRS has a 5-year statute of limitations on ERC claims, meaning exposure runs to 2029. About 41,000 claims are still under audit.
• If your company used a third-party ERC firm or had aggressive claims, review your documentation now before the IRS finds you first.

Four and a half years in federal prison for filing 1,227 fake tax returns. That’s what happened to Candies Goode-McCoy, a Las Vegas business owner, when a U.S. district judge sentenced her on April 7, 2026 for masterminding a $98 million Employee Retention Credit fraud scheme.

This is not an isolated story. DOJ and IRS Criminal Investigation have been working through a pipeline of pandemic-era fraud cases, and the ERC is squarely in their crosshairs. If your organization claimed the ERC — especially through a third-party promoter — the question isn’t whether you might face scrutiny. It’s whether your documentation can survive it.

What Goode-McCoy Actually Did

From June 2022 through September 2023 — well after the peak of COVID-19 but while ERC refunds were still flowing — Goode-McCoy filed approximately 1,227 false tax returns for her own businesses and on behalf of clients. The returns fraudulently claimed two programs:

• Employee Retention Credit (ERC): A refundable payroll tax credit for employers who retained employees during COVID-19 disruptions or significant revenue declines.
• Paid sick and family leave credits: Reimbursement for wages paid to employees unable to work due to pandemic-related illness or family care obligations.

None of the businesses claiming these credits in Goode-McCoy’s scheme met the eligibility requirements. The returns were fabricated.

The scheme sought approximately $98 million in fraudulent refunds. The IRS paid out roughly $33 million before investigators intervened. Goode-McCoy personally pocketed more than $1.3 million in fraudulent refunds and collected approximately $800,000 in fees from clients whose fake returns she filed. The money went to luxury cars, casino gambling, and vacations.

She pleaded guilty in February 2025 to one count of conspiracy to defraud the United States by filing false claims. The April 7, 2026 sentencing — 54 months in prison plus three years of supervised release and $26,022,188 in restitution — was the conclusion of an IRS Criminal Investigation case coordinated under the President’s Task Force to Eliminate Fraud.

Why This Matters Beyond the Headlines

The enforcement wave isn’t slowing. As of early 2026, the IRS has approximately 41,000 ERC claims still under exam or appeal. The Goode-McCoy sentencing is part of a pattern: the DOJ and IRS Criminal Investigation have made COVID-era tax fraud one of the most active enforcement areas in their portfolios.

The critical compliance fact every organization needs to know: the IRS extended the statute of limitations for ERC claims from three years to five years. For Q3 and Q4 2021 claims, it’s six years. That means audit exposure runs to 2029 — longer for some claim periods. Pandemic-era decisions made hastily in 2021 are now fully reviewable in 2026, and the IRS has years of runway to pursue them.

Add the new 20% accuracy-related penalty for erroneous ERC claims — introduced in recently proposed legislation — and the stakes of getting caught have increased significantly.

The Control Failures This Case Exposes

Goode-McCoy’s scheme worked because no one was checking her work. She operated as a third-party preparer, and her clients — presumably small business owners looking for relief — trusted her to handle the filings correctly. Some probably didn’t review what was actually submitted on their behalf.

That’s the exposure pattern for legitimate businesses too. Three common control failures create the bulk of ERC audit risk:

1. Over-reliance on third-party promoters without independent review

The ERC promoter industry exploded between 2021 and 2023. Many firms promised large refunds in exchange for a percentage of the credit — often 10–25% of the refund. That incentive structure rewarded aggressive claims, not accurate ones.

If your organization used a promoter to file ERC claims, you are the taxpayer of record. The IRS will audit you, not the promoter, and the promoter’s error is your problem. Organizations that took large ERC refunds without internal review of the eligibility analysis face the most risk.

2. Incomplete eligibility documentation

ERC eligibility has two prongs: a government order test (were your operations fully or partially suspended by a government order?) and a revenue decline test (did you experience a significant decline in gross receipts?). Many companies claimed under the government order test — which is more subjective — without documenting which specific orders applied, how they affected operations, and why the business qualified as “partially suspended” rather than just inconvenienced.

The IRS’s Letter 6612 audit process asks for exactly this documentation: contemporaneous records, not reconstructions. Board minutes, internal memos, government order citations, operational impact analyses — if this wasn’t documented at the time of the claim, defending an audit gets significantly harder.

3. No ongoing tracking of ERC claims as open compliance items

Companies that filed ERC claims and moved on — treating the refund as closed once the check arrived — are the most exposed. The IRS treats ERC claims as open items for audit purposes throughout the statute of limitations window. Organizations with mature compliance programs should have ERC claims in their issues log or on their risk radar until the limitation period expires.

The Practitioner Checklist: What to Do Now

For CCOs and Compliance Teams

Immediate (this week):

• Pull every ERC return your organization filed. Note the claim periods (Q2/Q3/Q4 2020, Q1–Q3 2021), amounts claimed, and amounts received.
• Identify which firm or person prepared the returns. If a promoter was used, request copies of their eligibility analysis and supporting documentation.
• Confirm the claims are tracked as open compliance matters, not closed.

Within 30 days:

• Conduct an internal eligibility review against IRS guidance. For each claim period, document the basis: government order test or revenue decline test? What was the qualifying government order? What is the evidence of partial suspension?
• Assemble documentation in an audit-ready file: payroll records, Form 941 filings, gross receipts by quarter, government order citations, and contemporaneous records showing operational impact.
• Review whether wages claimed for ERC were also used for PPP loan forgiveness (double-counting is prohibited and a common audit trigger).

Within 60 days:

• Consult tax counsel on any claims that cannot be fully substantiated. If claims were aggressive or based on questionable promoter advice, discuss whether the IRS Voluntary Disclosure Program is appropriate.
• Assess third-party promoter exposure: could the promoter be subject to prosecution or civil penalties? If so, coordinate early with counsel.
• Log ERC exposure formally in your issues management system with a target close date tied to the applicable statute of limitations.

For Internal Audit

ERC claims should be on your next audit plan if they haven’t been reviewed. Key audit procedures:

For CFOs and Finance Teams

If your organization received a significant ERC refund and cannot fully document eligibility, the calculus has changed in 2026. The IRS Voluntary Disclosure Program — which allows businesses to return a portion of improperly claimed credits in exchange for reduced penalties and no criminal referral — remains available but may not be indefinitely. Proactive disclosure, while painful, is substantially better than a criminal referral.

The Broader Enforcement Picture

Goode-McCoy’s case wasn’t unique. DOJ and IRS Criminal Investigation have been systematically prosecuting ERC fraud cases across the country. The IRS Dirty Dozen list has included ERC schemes for the past several years running. The enforcement trend is toward larger targets and longer sentences as investigators work through the backlog of pandemic-era fraud cases.

The IRS has also issued a fact sheet updating ERC guidance and continues to process — and deny — claims that fail to meet eligibility requirements. Approximately 41,000 claims remain under examination as of early 2026, and that number will drive audit activity for years.

The precedent this sentencing sets: a four-year sentence with $26 million in restitution for a scheme that lasted 15 months. The IRS and DOJ are clearly treating this as a priority enforcement area, not a one-off prosecution.

The Bottom Line

The ERC created a compliance liability for a lot of organizations that thought they were just claiming relief they were entitled to. Some were — and those organizations should still have documentation ready. Others used aggressive promoters and may be sitting on significant audit exposure without knowing it.

The 54-month sentence in the Goode-McCoy case is the loudest signal yet that DOJ and IRS are not treating ERC fraud as a minor regulatory issue. This is a criminal enforcement priority, and the statute of limitations gives investigators years to keep working.

Treat your ERC claims as open compliance items. Build the documentation file now. Know where your exposure is before the IRS does.

Track your ERC audit exposure and documentation gaps in one place with the Issues Management Tracker & Template — built for compliance teams managing open regulatory risk items.

Related reading:

• How a National Insurance Broker’s Street Marketer Program Became a $160M ACA Fraud Machine — DOJ enforcement patterns when third-party compliance breaks down
• A.G. Morgan Financial Advisors Fraud: Vincent Camarda Pleads Guilty to $160M Investment Adviser Scheme — lessons from a long-running fraud that compliance controls should have caught earlier
• FinCEN’s Record $80M BSA Fine Against Canaccord Genuity — multi-agency coordination in financial services enforcement

Sources:

• DOJ Press Release: Business Owner Sentenced for $100M COVID-19 Tax Credit Scheme
• DOJ Plea Press Release: Nevada Woman Pleads Guilty to $98M in Fraudulent ERC Claims
• IRS: Employee Retention Credit Information
• IRS: ERC Voluntary Disclosure Program
• IRS and DOJ Continue to Target ERC Fraud in 2026