Recent reporting shows that $4 billion in PPP loans have already been red-flagged. The good news? Through the Paycheck Protection Program (“PPP”), the federal government approved approximately $525 billion in loans to over 5.2 million small businesses between April and early August 2020.
Over 5400 lenders processed these loans. As I discussed on a podcast with ACFCS back in April, the PPP is part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act and was designed to help small businesses survive the economic downturn caused by Covid-19. The program’s whole point was to get fast money to small businesses – meant mainly for preserving company employees on payroll, with the remainder meant to go towards rent, mortgages, and utilities. If funds were used as outlined in the PPP rules – a company could then apply to have the loan fully forgiven – making it a “grant” and not a loan.
Now that the program stopped accepting applications as of August 8, 2020, closer reviews of these loans’ fast processing are being reviewed for early fraud indications.
The bad news? Early signs are many loans were fraudulent.
Of course, the headline-grabbing articles have put a spotlight on all the luxury cars alleged to have been purchased with PPP funds:
- A Florida man who bought a new Lamborghini worth $314,000, using taxpayer funding that was supposed to be used to keep his employees paid
- A man in Texas opted to use his bailout funds on Lamborghini, an SUV, as well as a new Ford F-350.
However, there are easier red flags to spot in the loans. Preliminary analysis of the PPP data by the Congressional Select Subcommittee on the Coronavirus Crisis has revealed potentially $4 billion in fraud.
For example, House Democrats warned in a September report that they had found red flags in nearly $3 billion in PPP loans after checking the information that borrowers provided against a federal business registration database. House Democrats say they found no record of these companies in the tax ID database.
Other areas of fraud include:
- Companies receiving multiple loans
- Companies obtaining loans that were excluded from doing business with the government under the System for Award Management (SAM) database
For more examples of red flags, listen to my webinar with Gina Jurva and Michael Schidlow: Deceptive Due Diligence: Identifying Risk in Commercial Lending.
Also, some loans were simply incomplete and failed to include names and addresses for borrowers.
The need for cash quickly is at the root of many of these issues. Many banks said they felt the pressure to provide relief while balancing their Anti-Money Laundering and Bank Secrecy Act duties. In other cases, lenders (which included banks, fintechs, and commercial lenders) may have extended loans to new customers, which meant they still needed to meet all of their existing customer onboarding standards—including components of Know Your Customer (KYC) rules and try to timely process loans.
As the review process begins – and as companies seek to submit forgiveness applications on the loans – a few key details stand out:
- Any loan recipient has a six-year record retention requirement on the loan paperwork
- All loans over $2 million are subject to additional scrutiny under the current audit plan, and this limit will not be the minimum for other audits and investigations
- Random spot check audits will occur
What are some red flags that jump out – that could have been found doing standard KYC:
- Confirming a business was actually in operation as of February 15, 2020
- Verifying a business or its principals weren’t currently in bankruptcy or on a debarred/government exclusion list
- Confirming if an owner in the company (defined as having 20% or more interest) was currently charged with a felony
- Verifying if an owner – within the past five years – had a felony fraud, bribery, embezzlement, or false statements conviction – to name just a few verifiable elements to the application using public records data
To date, the Inspector General’s Office, known as the SIGTARP, has pursued investigations that led to 24 enforcement actions against banks and other organizations and the conviction of 291 individuals, including 76 bankers, according to the office. SIGTARP audits and investigations will almost certainly lead to significant criminal and civil enforcement activity in the coming months.
Furthermore, the Department of Justice (DOJ) did not wait for these audits and investigations. Relying upon lessons from the past, the DOJ established a PPP fraud team to investigate potential cases almost as soon as the program started operating. DOJ worked with the FBI, IRS Criminal Investigation, SBA’s Office of Inspector General, and the FDIC’s Office of the Inspector General, along with other state and local authorities. According to Acting Assistant General Brian Rabbitt, the goal was to hold “fraudsters” and other bad actors accountable and deter other “would-be-fraudsters” from engaging in similar conduct.
The DOJ announced their first indictments months ago and, on September 10, shared that they had charged 57 people to date. These defendants had “allegedly committed fraud to obtain money from the PPP,” and included individuals and coordinated criminal rings. In total, these cases involve attempts to steal over $175 million from the PPP, with losses to the government of over $70 million.
The lesson? While the need for legitimate businesses to access necessary government relief funds is great, the need to know your customer remains. There are ways to leverage technology to allow both needs to be met today.
As Congress debates additional stimulus packages for small businesses, including more PPP lending – let’s hope lessons to detect fraud- pre-application – have been learned.