This week the Senate is scheduled to take up legislation to reauthorize the Paycheck Protection Program. The bill, which could be worth as much as $257 billion, would allow the hardest-hit small businesses to receive a second forgivable loan and would reopen the application process for small business owners who have yet to apply. While the Paycheck Protection Program has undoubtedly been a valuable lifeline to small businesses and employees during the coronavirus pandemic, the program’s reauthorization must be, but currently isn’t, accompanied by reforms to improve transparency to help root out waste, fraud, and abuse.
The Paycheck Protection Program was authorized in March as part of the Coronavirus Aid, Relief, and Economic Security Act, also known as the CARES Act. The program was created as part of the Small Business Administration’s 7(a) loan guarantee program. The Paycheck Protection Program provides direct loans up to $10 million to small businesses that were harmed economically by the coronavirus. A key part of the Paycheck Protection Program is the ability for these loans to turn into grants if employers maintain and rehire workers.
Just seven days after the coronavirus relief bill became law, the Small Business Administration began approving Paycheck Protection Program loans. The program was so popular that it ran out of its initial $349 billion funding in less than two weeks, and Congress quickly injected another $310 billion into the program. When the program expired in early August, it had made more than 5.2 million loans totaling more than $525 billion dollars. With the ability for these loans to be turned into grants, that’s $525 billion of free taxpayer money on the table.
Ripe for Fraud
The attractiveness of what could essentially be free money didn’t go unnoticed by larger companies. For example, larger companies and some independently owned chains such as Ruth’s Chris Steak House, Shake Shack, and the Los Angeles Lakers took advantage of the Paycheck Protection Program’s loose eligibility requirements and applied for—and received—millions of taxpayer dollars in loans. Foreign entities benefitted as well. The Project On Government Oversight, along with the Anti-Corruption Data Collective, uncovered that millions of dollars’ worth of Paycheck Protection Program loans went to Chinese state-owned companies.
And while these large or foreign companies received financing, smaller mom-and-pop businesses found it difficult or even impossible to receive aid in a timely manner. Many of these main-street businesses have closed for good.
The purpose of the program is spelled out in its name: It was intended to help small businesses keep employees on the payroll during a time of great economic uncertainty. Despite that laudable goal, the hundreds of billions of dollars being made available in potentially forgivable loans puts the program at high risk for waste, fraud, and abuse. On the same day the Small Business Administration launched the program, the agency’s inspector general released a white paper warning of the potential for fraud based on previous audits of economic stimulus programs. The report found that delays in promulgating regulations caused confusion, and that the Small Business Administration “did not require program participants to submit documentation, which resulted in inappropriate or unsupported loan approvals.” Based on these initial warnings, the agency should have implemented safeguards and policies to ensure the money was going to those who truly needed it. Unfortunately, that doesn’t appear to have happened. In September, the House of Representatives’ Select Subcommittee on the Coronavirus found that “a lack of oversight and accountability from the Treasury Department and Small Business Administration (SBA) may have led to billions of dollars being diverted to fraud, waste, and abuse, rather than reaching small businesses truly in need.”
A limited review of loans so far has found that, indeed, some loans did not go toward the purpose of saving jobs. As of early October, the Justice Department had uncovered 56 cases of alleged fraud in the Paycheck Protection Program. A POGO analysis of those cases found that individuals had sought a total of $250 million in loans and successfully obtained $113 million. In some of the cases, fraudsters allegedly used the loans to purchase Lamborghinis and yachts, go to strip clubs, and make risky stock market bets. Many of the alleged fraudsters obtained more than one loan for identically named companies, sometimes using the same address. As of now, small businesses are not allowed to take out multiple Paycheck Protection Program loans. The Small Business Administration’s e-Tran system, an electronic system through which lenders submit loan applications for approval, should be flagging these instances, and lenders should be more diligent in not approving loans based on that information.
Fifty-six cases out of 5.2 million loans may seem small, but these fraud cases are likely only the tip of a very large iceberg. As POGO previously reported, banks filed with the Treasury Department’s Financial Crimes Enforcement Network nearly seven times the average monthly number of suspicious activity reports involving business loans. While not all reports were related to the Paycheck Protection Program, an FBI official did confirm that suspicious activity reports filed by financial institutions were assisting federal efforts to combat COVID-19-related fraud.
Particularly concerning is the role that financial technology, or “fintech,” companies played in approving many of these loans. In POGO’s recent analysis, out of the 56 fraud cases, which involve 97 loans, just under half (48 out of 97) involved seven fintech companies and banks working closely with fintech companies. These seven companies and banks approved 13% of the total 5.2 million Paycheck Protection Program loans. Businesses sought out fintech companies when applying for a Paycheck Protection Program because of the unusually fast turnaround time to get a loan approved. It often takes traditional financial institutions days to conduct the due diligence and anti-money laundering screenings with new customers. However, fintech companies were able to approve loans within 24 or 48 hours. According to one fintech company POGO looked at, called Kabbage, “over 75% of all applications were processed without human intervention or manual review,” and it took a median time of only four hours to approve loans. While the program was designed to get the money out to businesses as quickly as possible, it’s important that lenders do the necessary verifications to prevent fraud and money laundering. It appears that a mere few hours might not have been enough time for adequate review. Several fintechs approved loans without being able to verify tax return information as required by law.
Fend off Automatic Forgiveness
Given the potential for a vast amount of fraud in the more than half-trillion dollars distributed through the Paycheck Protection Program, the administration and Congress should resist pressure for wholesale forgiveness of these loans. Banks and trade associations have been lobbying Congress and the administration to streamline the forgiveness process.
Those efforts seem to be paying off. In June, Senators Kevin Cramer (R-ND), Bob Menendez (D-NJ), Thom Tillis (R-NC), and Kyrsten Sinema (D-AZ) introduced the Paycheck Protection Small Business Forgiveness Act, bipartisan legislation to streamline forgiveness of Paycheck Protection Program loans. The legislation would forgive loans up to $150,000 if borrowers submit a one-page attestation that they used the money appropriately. Then in July, Senate Committee on Small Business and Entrepreneurship Chairman Marco Rubio (R-FL) and Senator Susan Collins (R-ME) introduced the Continuing Small Business Recovery and Paycheck Protection Program Act. This bill, among other things, would simplify the forgiveness application and documentation requirements for loans under $150,000. This proposal could be voted on as early as this week.
As Congress considers if and how to streamline the forgiveness process and make it easier for small businesses to seek forgiveness, the administration is already taking action. Earlier this month, the Treasury Department and Small Business Administration unveiled a new one-page Paycheck Protection Program loan forgiveness application for loans worth $50,000 or less. According to the new application instructions by Treasury and SBA, the new form requires fewer calculations and less documentation for eligible borrowers. The borrower simply needs to provide the loan amount, the number of employees at the time of loan’s disbursement, a request for forgiveness, and an attestation that they followed the requirements of the loan program.
While $150,000, or even $50,000, may not sound like a lot, more than 87% of the 5.2 million Paycheck Protection Program loans were below the $150,000 threshold. Those loans represent more than 28% of the $525 billion lent out through the program. Businesses that received loans under $150,000 most likely are the smallest of small businesses and were most in need of this money. However, this is not a reason to eliminate the loan requirements the borrowers had agreed to. To be clear, there may be some necessary reforms to the forgiveness process to reduce the burden on small businesses, but these businesses should be providing all the necessary supporting documentation to their lender to prove they complied with the conditions of the program, not just saying that they’ve met the requirements.
This is especially true given the administration’s troubling refusal to release the identities of those who received Paycheck Protection Program loans under $150,000. The refusal to release this data is despite three separate laws that would require disclosure, and despite the fact that the last page of the loan application informs borrowers that the information would be made public. The Small Business Administration has been disclosing this data on 7(a) small business loans as well as other types of small business loans for decades across multiple administrations. Borrowers knew their information would be made public upon taking out the loan, and based on existing law mandating disclosure of these types of awards and existing agency practice, there is every reason to believe Congress meant for these loans to be made public. The fact that all of these loans have the potential to be turned into free grant money at the expense of the taxpayer underscores the need for increased transparency around these transactions.
The primary beneficiary for automatic wholesale forgiveness and the streamlining of the forgiveness process of these loans would be the lenders rather than the small business borrowers. If Congress or the administration moves forward with plans to only require a one-page attestation that a borrower complied with the requirements of the loan program, the business owner still needs to do the calculations to make sure they spent the minimum amount required on payroll related expenses. Furthermore, borrowers must retain this information should their loan be audited by the Small Business Administration. The small businesses that took out Paycheck Protection Program loans are not going to be saving any time or money when applying for forgiveness since they need to collect this information.
Blanket forgiveness simply means the banks won’t have to spend the time and labor to review the borrower’s forgiveness application and supporting documentation. This has the potential to save banks and other financial institutions thousands or hundreds of thousands of hours of labor—and thus money—in reviewing forgiveness applications. While the lenders would save potentially millions, small businesses wouldn’t be saving anything. Proposals for automatic forgiveness of Paycheck Protection Program loans are just another example of larger, more well-connected businesses seeking COVID-19 relief rather than helping the smallest businesses.
With fewer than 3,900 employees, the Small Business Administration needs lenders’ support in helping to verify both the initial need of loans and the requirements for forgiveness of the more than 5.2 million Paycheck Protection Program loans. While we’ve already seen cases of fraud and will likely see many more, financial institutions are reasonably concerned about being held liable for approving these loans should they later be determined to be fraudulent. Proposals like the Rubio-Collins Continuing Small Business Recovery and Paycheck Protection Program Act would grant a safe harbor to financial institutions that relied on certification of documents by a borrower when applying for a Paycheck Protection Program loan or forgiveness. This means that no enforcement action could be taken against the lender for violating federal banking laws should it be proven that a borrower falsified documents.
Banks and other financial institutions should be doing their due diligence in verifying that their customers and borrowers have complied with the requirements of the Paycheck Protection Program. Not doing so risks losing hundreds of billions of taxpayer dollars to waste, fraud, and abuse rather than providing the economic assistance that is so necessary to keep paychecks going to employees during the pandemic.
If lenders can confidently determine after reviewing materials from the borrower that a loan was issued in good faith, and that the lender complied with the requirements of the loan program, then the lender should not be held responsible should it later be determined that a loan was fraudulent. The federal government and law enforcement agencies should be focused on holding accountable the criminals who took out fraudulent loans and who sought or are seeking forgiveness. However, banks should not be let off the hook if they ignored documents that are blatantly fraudulent. Requiring borrowers to submit supporting documentation when applying for a loan and for forgiveness should be in any safe harbor proposal.
The Paycheck Protection Program has undoubtedly been a valuable lifeline to small businesses and employees during the coronavirus pandemic. However, $113 million in loans through the program have been implicated in cases of alleged fraud, and we can expect that number to increase as more cases come to light. As Congress considers reauthorizing the Paycheck Protection Program making hundreds of billions of dollars in new funds available through the program, Congress should consider additional safeguards to improve its effectiveness and to reduce the program’s susceptibility to waste, fraud, and abuse.
The administration should follow the existing laws and immediately publish the complete data for the Paycheck Protection Program loans. The Federal Funding Accountability and Transparency Act, Digital Accountability and Transparency Act, and the Freedom of Information Act all require public disclosure of awards to recipients. In addition to three separate laws that require disclosure, the Small Business Administration has been disclosing this data on 7(a) small business loans as well as other types of small business loans for decades across multiple administrations. Disclosing the recipients of Paycheck Protection Program loans will enable taxpayers to know who they’re lending to and whether that borrower did what they said they were going to do with the money.
If the Paycheck Protection Program is reauthorized, the Small Business Administration should require applicants to fill out a form giving the agency authorization to check tax information with the IRS, just as the SBA does with its Economic Injury Disaster Loan program. Many firms were not able to verify tax return information since the IRS pushed back the deadline to file 2019 taxes just weeks before the Paycheck Protection Program expired. The Small Business Administration should use actual tax documents rather than relying on applicants to self-certify the accuracy of their own information.
If the Paycheck Protection Program is reauthorized, the administration should amend the formula for how they compensate banks that process Paycheck Protection Program loans. Rather than paying banks a percentage of approved loans below certain loan thresholds, compensation should be contingent on the bank’s ability to root out waste, fraud, and abuse. Banks should not receive payment on loans they approved that turned out to be fraudulent.
Given the high percentage of fraudulent Paycheck Protection Program loans approved by fintech firms, the Small Business Administration should subject these firms to a higher level of review. Under the administration’s current policy, Paycheck Protection Program loans are not subject to an automatic audit if they are less than $2 million, meaning millions of loans will never be reviewed by the agency. Loans under $2 million are, however, subject to random review. The significant proportion of loans that are approved by fintech firms with no human interaction makes it easier to commit fraud. Therefore, the Small Business Administration should be reviewing these loans at a much higher rate than Paycheck Protection Program loans disbursed by traditional financial institutions.
Congress should clearly direct the administration to allocate all remaining Paycheck Protection Program funds appropriated to the Treasury Department or the Small Business Administration in a way that prioritizes traditionally underserved markets such as minority- and women-owned businesses, as well as businesses in rural communities. Relief programs like the Paycheck Protection Program are especially important for communities of color, who have been disproportionally affected economically by the pandemic. The Small Business Administration’s inspector general found that “Because SBA did not provide guidance to lenders about prioritizing borrowers in underserved and rural markets, these borrowers, including rural, minority, and women-owned businesses may not have received the loans as intended.” It is crucial that Congress clearly spell out its intent to prioritize these traditionally underserved business owners in all future aid programs. Explicit direction as to how agencies should prioritize distribution of federal dollars under emergency spending programs like the Paycheck Protection Program is a foundational element to effective oversight that will result in a Congress better equipped to respond to future emergencies.
If the Paycheck Protection Program is reauthorized, the Small Business Administration should improve its e-Tran system to better catch duplicate loan applications, and when the system does flag duplicate applications lenders should reject the borrower’s request for an additional loan so long as businesses are only allowed to take out one loan. The Small Business Administration’s e-Tran system should be flagging instances of multiple loans for a single business, and lenders should be more diligent in not approving duplicate loans based on that information. Improving both the e-Tran system and the information obtained from the system will help prevent individuals from bank-hopping—applying for and receiving multiple Paycheck Protection Program loans from different financial institutions.
Congress should resist proposals to forgive Paycheck Protection Program loans without documentation that the conditions laid out in the coronavirus relief bill were met. Such proposals would remove a crucial layer of oversight and expose billions of tax dollars to additional risk of waste, fraud, and abuse.