Congress Trains its Sights on the FinTech Industry’s Role in Issuing Allegedly Fraudulent PPP Loans

Congress recently announced an investigation into the role of certain financial technology (“FinTech”) firms and partner banks in issuing allegedly fraudulent Paycheck Protection Program (“PPP”) loans.  The May 28th press release from the House of Representatives’ Select Subcommittee on the Coronavirus Crisis cited recent reporting which “found that FinTechs and their bank partners handled 75 percent of the approved PPP loans that have been connected to fraud by DOJ, despite facilitating just 15 percent of PPP loans overall.”  This announcement follows closely on the heels of the Subcommittee’s March hearing on “Rooting Out Fraud in Small Business Relief Programs,” and marks yet another example of the scrutiny pandemic relief program participants will continue to face from regulators.  It also confirms that – despite severely relaxed underwriting requirements – FinTechs and their partner banks, in addition to PPP loan recipients, should be prepared for government scrutiny. 

In tandem with the announcement, the Chairman of the Subcommittee (Rep. Jim Clyburn) sent letters to a handful of FinTech firms and partner banks, requesting broad categories of documents and information relating to PPP loans they handled, including information about the processes and procedures the firms used to review and approve PPP loans, controls in place to deter and identify PPP loan fraud, training provided to employees and contractors regarding fraud control and prevention, and all communications (including email, chat room logs, and leadership meeting minutes) regarding fraud or other criminal activity relating to PPP loans.  The letters noted that while FinTechs apparently “made hundreds of millions of dollars in fees by issuing publicly funded PPP loans,” they failed to establish proper due diligence procedures.  As one example of what was described as a rushed process, the letters allege that some loans were approved in “as little as an hour.”  In another example, one letter claimed that a FinTech firm issued a loan between $350,000 to $1 million to a Florida corporate entity “established nearly three months after the deadline that businesses had to be operational by to qualify for PPP loans.”  That entity apparently had no online footprint, was registered to somebody’s residential address, and did not have any of the business licenses one would expect for its purported line of business.  These oversights, according to the letters, “may have led to millions of dollars in FinTech-facilitated PPP loans being made to fraudulent, non-existent, or otherwise ineligible businesses.”

The press release and letters explain that the Select Subcommittee plans to explore the compliance systems and fraud controls these FinTechs and their partner banks use to issue PPP loans.  This probe underscores the importance of consistent and documented due diligence procedures to detect fraudulent applications for those processing and funding PPP loans.  To help mitigate potential risk, lenders should ensure that their PPP program:

• Employs a robust, active, and appropriately-trained quality assurance team;
• Includes written policies and procedures for conducting due diligence and monitoring on PPP loan and forgiveness applications, both before and after approval, including random sampling of approved loans;
• Features policies and procedures for escalating red flags and taking immediate corrective action;
• Avoids bonus/incentive programs that reward speed and volume of loan review and processing; and
• Maintains the same high standard of due diligence and quality controls as those in place for other lending programs at the institution (e.g., loans involving its own funds vs. government-provided funding).