Loose Change – Lax Due Diligence Risks in Commercial Lending
The financial sector is at an interesting crossroads. The need to expand business is as much a driver for economic success as ever, while marketplace risk typologies appear to have increased exponentially. Conversely, regulatory expectations for financial institutions have become more complex—and simultaneously more ambiguous—as new guidance is issued for emerging risks.
Commercial lending has now been moved forward into the spotlight as one of the convergence points of credit, reputational, and financial crime risk.
Where diligence is due
Since the nascency of enforcement actions, regulators have embedded the concept of “publicly credible” information into financial institutions’ due diligence processes. This concept has recurred frequently, perhaps most poignantly in the $2.6 billion Madoff enforcement action where, despite credible information suggesting the possibly nefarious nature of Madoff’s “investments,” the hosting bank continued the relationship for decades without filing a timely Suspicious Activity Report (SAR).
The Punjab National Bank fraud centered much more succinctly around commercial lending activity and the failure to cross reference credit and financial crime due diligence.
In that scandal, jeweler Nirav Modi utilized a lending product, a Letter of Undertaking (LoU), which effectively has the bank take out commercial loans on its own ledger for a client’s behalf. Allegations had persisted that Modi had defrauded the bank when applying for the LoU and that the bank had deliberately ignored patent risks as Modi repeatedly extended the loan. These lax lending processes and controls increased the bank’s exposure to loss from millions to billions over time.
Similarly, some applicants for U.S. relief loans have been falsifying documentation to get approved. In one case, an applicant sought almost $5 million from the Small Business Administration to cover payroll protection for 400 employees, claiming an average payroll of $2 million monthly. In reality, the defendant had forged the names of those employees and supporting tax documents.
These types of commercial lending frauds emerged as quickly as the pandemic itself did, with people looking to deceive both financial crime and credit due diligence processes to obtain loan approval.
In another case, a software engineer applied for $1.25 million in Payroll Protection Program loans for 2 companies that didn’t exist at all. The defendant provided lenders documentation showing that his purported businesses were opened and given EINs years earlier, providing doctored bank statements showing the same. The bank account had only been opened a few days before the loan application, and the business assigned its EIN 2 days before the PPP loan application.
A natural alternative
With this need to expand commercial lending, banks have been looking for untapped or previously restricted areas of business in which to develop. While many financial institutions have a reasonably structured risk appetite when it comes to cannabis-related banking, which could be driven by something as binary as a state’s legalization status, commercial lending for hemp-related businesses is a bit more “hazy.”
With the passing of the 2018 Farm Bill, hemp made its way to the table as a viable area of both direct commercial banking and lending. According to the bill’s provisions, hemp is “legal” if it’s under the 0.3% THC content. If questions arise about how to be sure of the product’s adherence to that requirement as the sentence is read, envision serving as the head of credit risk for a financial institution trying to determine whether a prospective lending client is being truthful about what they are growing/selling.
FinCEN attempted to assuage concerns around hemp banking by providing guidance on BSA due diligence. While the guidance provides a foundation by adding language about USDA licensing, the language is vague; the burden still sits with banks on how to accept that documentation. The client can provide a copy of the license or attest to their status as being licensed. The client bank can inspect crop reports or other related paperwork, but any experienced AML practitioner has seen their share of dubious paperwork.
Anecdotally, during one investigation a client presented a branch with 3 sets of tax EINs and state corporate registrations, trying to open 3 business accounts. The banker didn’t question the near-identicality of the documentations, or how the businesses at issue were existing commercial entities comparable to the Coca-Cola Company in renown. The banker was so interested in opening the account they were blinded to the patent impossibilities of the circumstances, so they opened the accounts that day.
Banks’ risk assessment and tolerance metrics are back at center stage regarding hemp and commercial lending. The hemp advisory firmly keeps the AML due diligence burden with banks, meriting a collaborative approach between the AML and credit risk teams.
While banks should have processes embedded around their tolerance levels for cannabis, those processes should cut across due diligence verticals. For example, a client’s lending applications (even rejected loans) should be scrutinized for anomalies in paperwork or previous nexuses to cannabis; for example, previous loans for cannabis-related businesses contrasted with a new “sudden” interest in the hemp market could be an indicator of a potential misrepresentation about their nexus to cannabis all along.
Banks’ due diligence processes should be collaborative enough to further identify and cross reference beneficial owners across business types. So, if a client has one foot in the world of both THC-laden and “benign” hemp, that should merit further scrutiny.
Lastly, if cases like the PNB Bank Fraud and similar allegations of default fears have any lessons learned, financial institutions should continue to leverage reliable tools to research both the creditworthiness and reputational risk that a client might pose when it comes to “publicly credible” information.
Find people, businesses, assets and affiliations, and other critical information with a vast collection of public and proprietary records