The U.S. Treasury Department's anti-money laundering (AML) unit plans to share information aimed at helping banks and other financial institutions spot and report fraud schemes linked to the COVID-19 pandemic, a senior official said last week.
This announcement comes as bank AML executives and consultants are scrambling to tweak automated monitoring systems to more effectively police loans linked to the government’s $500 billion Payroll Protection Program (PPP) for fraud and other illicit activity.
Treasury’s Financial Crimes Enforcement Network (FinCEN) “plans to publish multiple advisories highlighting common typologies used in the pervasive fraud, theft, and money laundering activities related to the pandemic to better help the financial sector detect and report this activity,” FinCEN Director Kenneth A. Blanco said in written remarks delivered during a virtual currency industry event held online.
FinCEN’s typologies — which are apt to take into account information contained in Suspicious Activity Reports (SARs) already filed by financial institutions during the pandemic — could be of immense value to private-sector players working to understand what activity is truly suspect in the COVID-19 era.
The PPP, a federally funded bailout program aimed at helping shuttered small businesses stay afloat and pay employees, relied on banks to rapidly channel massive sums of money to businesses in the form of millions of forgivable loans. But the program, which saw the first tranche of funds dispersed in early April, involved urgent disbursements and left many concerned about the potential for fraud on a massive scale.
Complicating the matter, in less than a month — eight weeks after the first loans were made — banks will have to begin making decisions on recipients’ eligibility for loan forgiveness, a deadline that some AML executives worry will challenge their ability to adequately scrutinize the use of loan funds. In part because the PPP did not follow the process of traditional loan underwriting and there are government restrictions on how the money can be spent, bank automated monitoring systems are not equipped to effectively differentiate normal activity from that which is potentially linked to fraud or other criminal activity, AML experts say.
Traditional fraud signs may not be useful
A senior AML executive at a large U.S. bank said his institution is working to develop a better understanding of what PPP-linked suspicious activity looks like because traditional loan fraud indicators — such as multiple applications or failures to provide requested documentation — may not be useful in the bailout context.
Many business owners submitted multiple applications out of concern they might be left out of the program, and some, after obtaining loans at other institutions, probably ignored other banks’ requests for supporting documentation, the source said. Nonetheless, his bank does believe that at least some traditional markers of loan fraud — such as rapid movement of proceeds offshore — remain useful and will yield some SAR filings, the source said.
The goal is to file SARs that are useful to law enforcement authorities, he said. But he added that his bank also needs to be in a position to offer a “defensible position” in the face of regulatory scrutiny and criticism expected in the future.
Meanwhile, AML experts are starting to develop new “rules” that could be used to enhance automated bank monitoring systems so that they are more capable of separating fraud from legitimate PPP loan activity.
It is unclear how many such projects are underway, but it is likely that many banks — especially large institutions with a national footprint — are independently undertaking similar projects. Many vendors and consultants are likewise thought to be working on similar innovations. The goal is to effectively track PPP funds from the initial disbursement through current account activity and “to try to learn what normal looks like, what is abnormal and what is suspicious,” said a former Treasury official who now works as a consultant at a firm in the initial stages of one such project.
“The last few months have had a profound effect on the world as we know it or knew it, including in the area of illicit finance threats and related crimes.”
The efforts, which are in their infancy, will be complicated by the fact that what is normal transactional activity will vary based on a loan recipient’s location, industry, and size. The first step will be to analyze the loan-related data that has been amassed to date.
“People taking million-dollar loans will have different transactional signatures than those taking $20,000 loans, and businesses in New York City are going to look quite different from those in Omaha, and retail customers are going to look different than businesses-to- business customers,” the former Treasury official said. “Without that kind of diagnostic based on behavioral modeling, you really are shooting a lot in the dark, because traditional markers of fraud in traditional loan programs do not seem to be particularly useful in this set of circumstances.”
In his speech last week, FinCEN’s Blanco noted “these are, without a doubt, unprecedented times” and that “the last few months have had a profound effect on the world as we know it or knew it, including in the area of illicit finance threats and related crimes.”
“With businesses and individuals in our country and across the globe facing new and challenging circumstances, along with the rollout of major new federal, state, local, and foreign government initiatives to combat the COVID-19 pandemic and its economic consequences, the entire AML community has been adapting in real time,” he said, adding that FinCEN is continuously monitoring criminal activity exploiting the pandemic and is supporting law enforcement investigations into COVID-19-related cybercrime, scams, and fraud.
“The mission for all of us in the financial space is to get badly needed funds to the intended recipients who need it — some for their financial survival — not to exploitative criminals and fraudsters,” he said.