What banks can learn from PPP fraud losses

Listen to PPP Retrospective: Lessons to Prevent the Next Fraud Wave (10 min):

While businesses and workers saw the $800 billion Paycheck Protection Program (PPP) as a lifeline during a time of unprecedented disruption, many bad actors saw an unprecedented opportunity to commit large-scale fraud. And they were right. New research offers a retrospective on how a large share of PPP funds issued fell prey to fraud. 

Squid Game Lessons for PPP Loans

In some ways, the Paycheck Protection Program reminds me of the hit Netflix series Squid Game. Here’s why. (Warning: Minor Squid Game spoilers ahead!)

At one point in the show, Squid Game contestants looked up and saw an enormous piggy bank filled with cash representing the winner’s prize money. The pot gets larger as more contestants are eliminated from the games. At this moment, the contestants (all of whom are deeply in debt) see the prize money as their salvation. Unfortunately, blended among them are ambitious and greedy players who are also looking to get their hands on the prize – at the expense of others. 

This essentially sums up how recipients saw PPP. Small business owners, who the program was made for, and fraudsters were both eager to access the funds. But fraudsters were dishonest and underhanded.

PPP Fraud Retrospective: What Went Wrong?

A recent study shows how successful these bad actors were in scamming PPP loans. Researchers from the University of Texas at Austin estimates that out of the 11.6 million loans issued under PPP, roughly 1.8 million contained red flags for fraud. The value of these loans is $76 billion, or more than 15% of the total value of PPP. The study also found strong evidence that the majority of PPP loans that were flagged for fraud originated from FinTech lenders (who only make up roughly 30% of lenders).

Of course, this is just one report that provides a PPP retrospective and insights into how fraud permeated the program. It’s also worth noting that PPP came together very quickly due to fluctuating world events. What’s more, banks and lenders faced intense pressure to distribute funds as quickly as possible to applicants in an effort to protect the economic security of the United States. Fraudsters were also highly motivated and coordinated in their efforts – creating a perfect storm.

This PPP retrospective reveals there were numerous opportunities for bad actors to take advantage of the chaos surrounding the program. But banks, financial institutions (FIs), and FinTechs can learn valuable lessons from the mistakes made under PPP and avoid future fraud attacks. After all, PPP is only the latest government-backed lending program and it is unlikely to be the last. 

6 Key PPP Fraud Retrospective Lessons for Banks 

Here are the most important takeaways from the PPP fraud insights.  

1. Don’t Skirt the Screening Process

Perhaps the most critical lesson banks, FinTechs, and lenders should learn from PPP fraud revelations is to put a premium on the onboarding process. Larger banks limited their PPP loans to existing customers, which helped reduce the risk of fraud. Businesses that didn’t bank with these larger organizations turned to FinTechs and online lenders. This meant many FinTechs issued loans to borrowers without an existing business relationship or a clear understanding of their history. In some cases, several loans were issued to different recipients – all residing at the same address. 

Banks and lenders should bolster their onboarding processes to get a clear picture of who a borrower is before issuing loans to them. Enough data exists to determine if a loan is high-risk based on the borrower’s history and whether certain details of their profile raise red flags.

2. Connect the Dots

The surge in applicants seeking PPP loans demonstrates how important it is for banks to embrace link analysis and entity resolution. With multiple PPP loan applications coming in, banks can use link analysis and entity resolution solutions to uncover links between unknown applicants and known fraudsters while keeping staffing levels the same. These tools flag multiple applications from a single user, address, or mobile device, for example. They can also uncover fraudulent patterns and expose organized and networked criminal activity that would otherwise go unnoticed. 

3. Review Historical Data

As noted earlier, larger banks that issued PPP loans to their existing customers were less likely to experience fraud. But some lenders and FIs don’t have historical data available to them. If this is the case, FIs should consider alternate sources. For example, does the information provided by an applicant match the behaviors of a similar business? Is there evidence an applicant made false statements on their application (e.g., a business that is two years old with no public record)? Are transactions in line with their type of business? How many employees do they have on their monthly payroll? FIs should look at all available historical data of both the applicant and their industry to determine if anything contributes to the applicant’s overall risk rating.

4. Perform a Lookback

With so many loan applications coming in from disparate regions and different businesses, it’s important to get a clear picture of how the loans are performing after they have been issued. Banks can perform a lookback review several days or weeks after the loan is approved to determine if some types of loans (based on the type of business or based in a specific region, for example), are delinquent faster than others or are at risk of violating the terms of the loan. Are the loan proceeds being spent as intended? These investigations can help FIs and lenders understand which types of loans pose a greater risk and help make future lending decisions less risky.

5. Watch for Mismatches

When PPP debuted, many businesses were eager to access the funds, and FIs, banks, and FinTech lenders had to determine who was being straightforward during the application process. This is when banks should watch for mismatches that indicate an applicant is being dishonest or poses a higher risk. For example, does the number of loan applications from a certain region outpace the number of LLCs in the region listed on the state’s business registry? Or did applicants apply for the maximum loan amount of $100,000, a strangely rounded figure for their business (or $99,990)? These types of mismatches indicate there is suspicious activity that warrants further investigation.

6. Build Digital Trust Online

If there’s one thing the level of fraud reported in connection to PPP loans, it’s that digital trust needs to be central to digital lending. Digital trust entails a confident understanding of a user’s behavioral biometrics, device data, network data, and malware signals. In an online lending ecosystem, bank staff is less likely to meet a loan applicant in person. This means the FIs, banks, and FinTechs must review their online lending platforms to look for vulnerabilities that fraudsters will exploit. For example, are loan application fields completed with copy and paste operations? Or is an applicant making unusual gestures on their smartphone screen or using a different language setting? 

These are indicators that something in the application process is off. Introducing digital trust to the online lending process can both prevent fraud and ensure a smooth customer journey for legitimate users. 

PPP was an emergency measure needed to help everyday businesses survive. Hopefully, another crisis won’t happen for a long time. But when the next one hits and governments launch new large-scale relief programs like PPP, lenders who adopt these measures are less likely to fall victim to fraud. 

Digital trust is central to the connected economy. Watch our webinar 4 Key Elements of Digital Trust to learn how banks can ensure digital trust across the customer journey.