Amid growing media coverage of fraud related to government loan programs and unemployment insurance claims, the Small Business Administration (SBA) issued an Information Notice (IN) on July 22 dealing specifically with the identification and reporting of suspicious activity related to the Economic Injury Disaster Loans (EIDL) Program. The IN is aimed at alerting depository institutions to the potential of suspicious activity related to funds deposited in personal or business accounts.
The IN specially notes the following non-exhaustive examples of COVID-19 EIDL suspicious activity and red flags:
- Use of stolen identities or EIN or SSN numbers to qualify for the EIDL advance or EIDL loan.
- Purported businesses, including front or shell companies, lacking indicia of operating presence or history, receiving EIDL advances or EIDL loans.
- Applicants working with third parties to obtain EIDL advances or EIDL loans in exchange for keeping a percentage of the funds.
- Account holders that are victims of social engineering schemes and may not know that the source of the funds is an EIDL advance or EIDL loan.
- A customer advises a financial institution that the customer received a COVID-19 EIDL ACH deposit from “SBAD TREAS 310” and “Origin No. 10103615” into their account but did not apply for a COVID-19 EIDL loan.
- A customer receives a COVID-19 EIDL ACH deposit after the financial institution previously denied the customer’s Paycheck Protection Program (PPP) loan application, particularly where the financial institution identified inaccurate or incomplete information in the customer’s PPP loan application.
- A customer not known to be a small business, sole proprietor or independent contractor receives a lump sum COVID-19 EIDL ACH deposit from “SBAD TREAS 310” and “Origin No. 10103615” into a personal account.
- A new customer opens an account and shortly thereafter receives a COVID-19 EIDL ACH lump sum deposit from “SBAD TREAS 310” and “Origin No. 10103615.”
- A single account receives multiple EIDL advances or multiple EIDL loan deposits.
The IN reminds depository institutions that if they identify potentially suspicious activity related to EIDL loan advances or the deposit of loan advances, they should follow their internal protocols and state and federal regulatory guidance for investigating and reporting this activity, including, as appropriate, filing a suspicious activity report (SAR). It further notes that depository institutions are required to notify the SBA of suspicious activity via the SBA hotline, email or online submission form. Contact details for each of these forms of communication are included in the IN.
Paycheck Protection Program (PPP)
While the IN addresses specific obligations related to the EIDL Program, many of the same indicators of suspicious activity are evident in the actions being brought by the Department of Justice in PPP fraud cases. These include: the use of multiple straw companies, use of SSNs of deceased individuals to represent employees, other false and misleading statements included in applications, loan proceeds deposited in a new account at an institution other than the one that made the loan and not ostensibly used for the business purpose designated by the PPP, and even attempts by individuals under investigation for other crimes to obtain PPP loans.
To date, the Department of Justice has identified and charged parties in more than 25 cases related to PPP loans, and the number of cases is expected to increase significantly as law enforcement continues to investigate other and sometimes more subtle cases of deception. Further, it is widely expected that the loan forgiveness phase of the PPP will give rise to more cases of fraud and more prosecutions.
Just as is the case with suspicious activity related to EIDL, depository institutions are expected to comply with their internal procedures and regulatory guidance for investigating and reporting suspicious activity related to the PPP.
Media reports of fraud related to unemployment claims have ranged from individuals who obtained unemployment benefits by submitting false information to an organized crime network that used stolen personal information to claim benefits for thousands of individuals across the country. These claims were paid by electronic deposit to bank accounts, most of which were already owned by the criminal network. However, in some cases, the benefits were directed to the accounts of unknown individuals who received calls, texts or emails, threatening them to return the money to the scammers by wiring it, sending cash or buying gift cards.
Innocent victims first learned of their involvement when they received letters from their state unemployment offices or their employer, discovered these deposits while reviewing their bank statements, or legitimately attempted to process an unemployment claim.
Several states have already reported their residents have been victims of organized crime efforts to steal unemployment benefits in the hundreds of millions of dollars, and the numbers are expected to grow.
Depository institutions that detect or become aware of false unemployment claims are expected to investigate and, as appropriate, file SARs.
Actions for Depository Institutions
Depository institutions should take proactive steps to ensure proper investigation and reporting of suspicious activity related to government aid programs, including:
- Ensuring that staff have been trained, and continue to be updated, on potential fraud schemes.
- Considering whether additional questions/scrutiny are necessary when the original source of funds for a new account is from a government aid program.
- Including new or modifying existing rules/scenarios in transaction monitoring systems to detect potential suspicious activity.
- Understanding reporting obligations under specific government aid programs, beyond the need to file SARs.