On March 27, 2020, as part of the response to the COVID-19 pandemic, the Coronavirus Aid, Relief, and Economic Security (CARES) Act was enacted. As financial institutions start to implement the PPP, they should be aware of significant and unforeseen compliance, legal, and operational risks to their institution. These lenders must also be cognizant of and proactively address program areas potentially exposed by fraudsters, both within the organization and externally.
As increased lender demand has resulted in extremely high loan origination volume and rapidly evolving guidance, how can lenders protect themselves from unforeseen fraud exposure?
Program Areas Vulnerable to Fraudsters
The PPP has many areas of potential fraud that may impact the lending financial institution. Understanding fraudster tactics can help lenders identify new risks and enhance governance programs to mitigate these risks. The following represents examples of fraud scenarios and potential program vulnerabilities.
Within the lender organization: This includes fraud on the part of parties within a lending organization which should be monitored. For example, sharing of user login identifications.
Fraud perpetrated by borrowers: This includes deceptive or misleading actions on behalf of a borrower to obtain a loan or obtain loan forgiveness. This should be identified through due diligence processes and a strong control environment. An example of borrower-driven fraud is borrower-falsification of the disbursement of funds as outlined by program guidance.
External party fraud: Unrelated to direct lender or borrower activities, fraud can also stem from external sources. Examples of potential issues include those from imposters posing as lenders to obtain sensitive customer information.
Key Steps to Bolster Lending Programs and Proactively Mitigate Fraud Risk
Once the lending organization has identified unforeseen fraud risks, they must examine and bolster governance programs to mitigate these risks. Our experience in helping financial institutions prevent, detect, and remediate fraud has shown that focus in these program areas is critical in times of crises and peak lending periods including taking the following steps:
Testing of applications and loan forgiveness compliance with risk-based reviews, data-driven sampling, and disbursement audit testing
Conducting process reviews with current state assessments, target operating models, and change management / implementation support
Supporting controls with review of current environment and controls testing
Reporting to include outliers, illogical conclusions, and trending analysis
Monitoring delegated lender oversight
Ensuring that staff augmentation has adequate training, process, and compliance support
Staying Vigilant While Being Sensitive to Borrower Needs
The difficulties of the Small Business Administration lenders in the Paycheck Protection Program is just beginning. Although the initial onslaught of applications may have passed, the program governance needs are ongoing. The government is focused on fund deployment to appropriate borrowers and borrowers are working with new rules to get as much funding as quickly as possible. Ultimately though, lenders are responsible for prudent and responsible lending for an evolving program in a turbulent environment. A look back of the actions taken during this time is crucial to protect your participation in the program going forward.
Special thanks to contributors Matthew Moosariparambil and Sara Laskoski.