As part of the response to the COVID-19 pandemic, the UK government has introduced a number of measures to support businesses and employment. The government is providing liquidity through various financing measures, using accredited lenders for the Coronavirus Business Interruption Loan Scheme and the Coronavirus Large Business Interruption Loan Scheme. Accredited lenders are listed on the British Business Bank website.

Other European countries have enabled similar relief efforts. In Italy, the so-called “Heal Italy” decree provides for extraordinary measures to strengthen the national health service and provide financial and economic support to families, workers, and companies. Germany has launched the largest aid package in its history with the Coronavirus protective shield mobilising massive funds for employees, the self-employed, and companies, and strengthening the health system.

In the United States, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) was signed into law, providing several provisions to assist Americans during this time and beyond. The Small Business Administration’s Paycheck Protection Program and the Federal Reserve’s Main Street Lending Program both provide lenders the ability to make loans to support small- and medium-size businesses.

As lenders start to implement the measures, they should be aware of significant and unforeseen compliance, legal, and operational risks to their institution. Lenders must also be aware of and proactively address gaps in processes that may be exploited by fraudsters, both within the organisation and externally.

With extremely high loan origination volumes amidst rapidly evolving expectations, how can lenders protect themselves from unforeseen fraud risk exposure?

Scheme areas vulnerable to fraud

The various financing schemes present opportunities for potential fraud that may impact the lender. Understanding typical fraudulent tactics can help lenders identify new risks and enhance governance frameworks to mitigate these risks. The following represents examples of fraud scenarios and potential funding vulnerabilities.

• The insider threat: This includes fraud by employees within a lending organisation that should be monitored. For example, sharing of user login identifications or collusion with a borrower.
• The customer threat: This includes deceptive or misleading actions on behalf of an applicant to obtain a loan. This should be identified through due diligence processes and a robust but efficient control environment. An example of applicant-driven fraud is the falsification of eligibility criteria under the scheme.
• The external threat: Unrelated to direct lender or borrower activities, fraud can also stem from external sources. Examples of potential risk factors include those from imposters posing as lenders to obtain sensitive customer information. 

Key steps to proactively mitigate fraud risk

Once the lending organisation has identified fraud risks, they must examine and rapidly enhance governance frameworks to mitigate these risks. Our experience in helping financial institutions prevent, detect, and remediate fraud and financial crime has shown that increased focus in these areas is critical in times of crises and peak lending periods. The following steps are important:

1. Testing of applications with risk-based reviews, data-driven sampling, and disbursement audit testing 
   
2. Conducting process reviews with current-state assessments, target operating models, and change management/implementation support
3. Supporting controls with review of current environments and controls testing
4. Reporting to include outliers, illogical conclusions, and trending analysis
5. Enabling any additional staff with adequate training, process, and compliance support 
6. Maintaining critical anti money laundering functions when allocating resources to uphold high-priority compliance functions, such as know-your-customer, sanctions, and transaction monitoring.

Staying vigilant while being sensitive to borrower needs

The difficulties for the lenders in the financing schemes are just beginning and as such the governance and regulatory requirements will become increasingly complex. Governments around the world are focused on fund deployment to appropriate borrowers and lenders are working with new rules to get as much funding released as quickly as possible. Ultimately, though, lenders are responsible for prudent and responsible lending in a turbulent environment. 

Assessing the adequacy of your financial crime framework, its effectiveness and suitability during this time is crucial to protect your ongoing regulatory compliance and participation in the scheme. It will be a complex balancing act to deploy funds quickly to borrowers whilst managing staffing issues and managing fraud and broader financial crime risks.