The SBA’s EIDL Program
An Overview of the EIDL Program
The EIDL program provides low-interest loans directly from the SBA to small businesses, small agricultural cooperatives, and most private nonprofit organizations that suffer “substantial economic injury” in a declared “disaster area.”3 Disaster areas are traditionally defined by the SBA, the President, and the Secretary of Agriculture.4 These typically include regions affected by fires, tornados, severe storms, flooding, drought, and civil unrest, among other qualifying disasters.5 “Substantial economic injury” in this context means the businesses were unable to meet their obligations and pay their ordinary and necessary operating expenses.6
The amount of an EIDL is based on an applicant’s actual economic injury and financial needs, regardless of whether the business suffered any property damage.7 Interest rates for EIDLs are limited to no more than four percent annually, and the term of the loans may not exceed thirty years.8 The repayment terms depend on an applicant’s ability to repay the loan.9 EIDLs are only available to applicants whom the SBA determines are unable to obtain credit elsewhere.10 Accordingly, EIDLs have historically provided the necessary working capital, up to $2 million, to help small businesses survive until normal operations resume after a disaster.11
EIDLs Under the CARES Act
As part of the CARES Act, Congress expanded the SBA’s EIDL program to provide economic relief for temporary losses of revenue due to COVID-19.12 The expanded program sets interest rates at 3.75% for small businesses and 2.75% for non-profits.13 The CARES Act also waived the requirement that applicants be unable to obtain credit elsewhere to qualify for an EIDL.14
To quickly address the COVID-19 pandemic, Congress also authorized the SBA to provide advances of up to $10,000 to applicants who applied for COVID-19 EIDLs and self-certified as to eligibility, while applicants awaited processing of their EIDL applications.15 The SBA is no longer advancing funds to applicants prior to approval because all available funds allotted by Congress for the advances have been allocated.16
Enforcement Actions Identifying Fraud in the COVID-19 EIDL Program
The U.S. Department of Justice (“DOJ”), as part of its crackdown on those suspected of fraudulently exploiting federal relief programs aimed at combating the COVID-19 crisis, has already brought three enforcement actions against individuals who have allegedly fraudulently obtained EIDLs.
The first case was brought in the Southern District of New York in which the U.S. Attorney’s Office charged Muge Ma with, among other things, making false statements to the SBA when he sought a total of $650,000 through two EIDL applications.17 The criminal complaint alleges that Ma falsely stated that his two companies had hundreds of employees and a multimillion-dollar payroll, when, in reality, Ma appears to be the only employee of his companies.18 Before Ma’s allegedly fraudulent conduct was discovered, the SBA had approved a $500,000 loan and a $10,000 advance for one of Ma’s companies, and a separate $150,000 loan for the other.19
The second case was brought in the Eastern District of Virginia in which a federal grand jury indicted Joseph Cherry II for submitting allegedly fraudulent EIDL applications.20 The indictment alleges that Cherry, who was serving a term of supervised release following a prison sentence for engaging in a three-year scheme to defraud financial institutions by obtaining loans through false applications,21 submitted two EIDL applications in which he falsely claimed ownership over two businesses that had been affected by COVID-19.22 Based on his EIDL applications, the SBA approved Cherry for an EIDL and deposited $196,900 into Cherry’s bank account on April 24, 2020.23 By April 25, 2020, Cherry allegedly had withdrawn in cash or cashier’s check approximately $140,000 of the proceeds for personal use.24
The third case was brought in the Southern District of Ohio. The DOJ charged Nadine Consuelo Jackson with bank fraud and making false statements to a bank within the jurisdiction of a federal agency.25 The criminal complaint alleges that Jackson lied in her EIDL application, falsely claiming that her company had eight employees and gross revenue of $108,050 for the twelve months prior to the COVID-19 pandemic.26 The SBA affirmed Jackson’s application for an EIDL in the amount of $46,100.27 After the money was delivered into her company’s bank account, Jackson forwarded the money through five wire transfers to another bank.28 Shortly thereafter, the government obtained a warrant to seize the funds.29
According to the IG’s Management Alert, it is likely that fraudulent activity under the EIDL program reaches well beyond the enforcement actions brought to date. The Office of the IG (“OIG”) has been inundated with reports of suspected fraudulent activity via reports to investigative field offices and the OIG hotline.30
The OIG has reportedly received complaints of more than 5,000 instances of suspected fraud from financial institutions receiving EIDL deposits.31 Nearly 3,800 of those reported instances came from only six unnamed financial institutions.32 Some financial institutions have reported dollar amounts rather than the number of instances of suspected fraud, with nine financial institutions reporting $187.3 million in suspected fraudulent transactions.33
How Banks Have Helped the SBA Identify COVID-19 EIDL Fraud
When the SBA disburses an EIDL advance or an EIDL to an applicant, all proceeds are deposited into the verified financial institution depository account belonging to the applicant.34 As a result, banks and other financial institutions that manage personal and small business depository accounts are well positioned to detect potential fraud. Since the inception of the program, financial institutions have identified and reported suspicious activity under COVID-19 relief programs, including:
- Accounts established using stolen identities;
- Account holders unable to explain origins of deposits or identify business names on loans;
- Account holders claiming to use the funds to open a business;
- Account holders attempting to transfer funds into investment accounts;
- Account holders attempting to transfer funds to foreign accounts;
- Loan deposits being made into accounts (with no other account activity) that were established remotely just before receiving the loaned funds;
- EIDLs made to agricultural businesses being deposited into accounts of unrelated third parties located in different states than the businesses;
- Account holders attempting to withdraw loaned funds in cash or transfer the funds to other newly established accounts; and
- EIDLs or advance grants being deposited into personal accounts—with no evidence of business activity—of customers of the financial institution.35
The OIG has identified several instances in which financial institutions have frozen funds while they contacted the SBA seeking information about the applicant to ensure that the funds were not obtained fraudulently, including:
- A London-based international money transfer business that identified $1.9 million in pending SBA deposits to be transferred internationally.36 The financial institution is reportedly seeking to have the SBA “blacklist” these account numbers to prevent future deposits and is working with the SBA to identify payouts already made.37
- A banking service provider, which receives about 300 deposits per day, identified $73 million in SBA deposits from approximately 3,000 transactions as suspicious.38
- A federal credit union reported to DOJ’s Criminal Division that it had received $15 million in SBA deposits in recent weeks.39 The credit union audited 60 of the transactions and determined that 59 of them appeared to be fraudulent.40
Steps Banks Can Take to Identify and Report Suspicious Activity Related to EIDLs
On July 22, 2020, the SBA issued guidance alerting depository financial institutions to the potential for suspicious activity related to COVID-19 EIDL funds deposited into business or personal accounts (“SBA Guidance”), and included the following examples of suspicious activity:
- Use of stolen identities to qualify for the EIDL;
- Purported businesses, including front or shell companies, lacking indicia of operating presence or history, receiving EIDLs;
- Applicants working with third parties to obtain EIDLs in exchange for keeping a percentage of the loaned funds;
- Account holders who are victims of social engineering schemes and may not know that the source of the funds is an EIDL;
- A customer receives a COVID-19 EIDL ACH deposit after the financial institution previously denied the customer’s PPP loan application, particularly where the financial institution identified inaccurate or incomplete information in the customer’s PPP loan application; and
- A single account receives multiple EIDL funds deposits.41
The FinCEN Advisory likewise provides guidance for financial institutions in identifying fraud, describes COVID-19-related malicious cyber activity and scams as well as associated financial red flag indicators, and provides information on how financial institutions should report suspicious activity.42 The FinCEN Advisory also identifies red flag indicators for financial institutions to aid them in detecting, preventing, and reporting suspicious transactions associated with the COVID-19 pandemic.43 Such red flags indicators relate to:
- Ways to verify a customer’s identification and prevent identity theft;44
- Tips for identifying phishing, malware, and distortion scams;45 and
- How to guard against schemes aimed at compromising business operations.46
The FinCEN Advisory warns that financial institutions should also be on alert for potential suspicious activities involving their customers since their customers may be targets of scammers.47 Finally, the FinCEN Advisory provides detailed instructions that all financial institutions should follow when filing Suspicious Activity Reports with FinCEN.48
In light of the SBA IG’s findings of pervasive fraudulent activity in the EIDL program, financial institutions should be on alert for the red flags identified in the FinCEN Advisory and should take steps now to implement the policies set forth in the SBA Guidance to identify and report suspicious activity to the SBA and other regulatory agencies. By assisting these agencies in preventing fraud, financial institutions will also simultaneously ensure that EIDL funds are disbursed to those who actually qualify for them and provide greater protections to their customers who may be unwitting victims of a fraudulent scheme.
1Office of the SBA Inspector General, Management Alert: Serious Concerns of Potential Fraud in Economic Injury Disaster Loan Program Pertaining to the Response to COVID-19 1, U.S. Small Bus. Admin. (Jul. 28, 2020), [hereinafter “Management Alert”], https://www.sba.gov/sites/default/files/2020-07/SBA_OIG_Report_20-16_508.pdf?utm_medium=email&utm_source=govdelivery.
2See U.S. Treasury Fin. Crimes Enf’t Network, FIN-2020-A005, Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic, (Jul. 30, 2020) [hereinafter “FinCEN Advisory”], https://www.mlex.com/Attachments/2020-07-30_49YP4754R8O5IIVZ/FinCEN%20Advisory%20Covid%20Cybercrime%20508%20FINAL.pdf.
3EIDL Loans, U.S. Small Bus. Admin., https://disasterloan.sba.gov/ela/Information/EIDLLoans (last visited Jul. 31, 2020).
4Declarations, U.S. Small Bus. Admin., https://disasterloan.sba.gov/ela/Declarations/Index (last visited Jul. 31, 2020).
6See EIDL Loans supra note 3.
12See Coronavirus Aid, Relief, and Economic Security Act, § 1110.
16Disaster Loan Applications, U.S. Small Bus. Admin., https://www.sba.gov/page/disaster-loan-applications (last visited Jul. 31, 2020).
17 Compl. ¶ 6, United States v. Ma, No. 20-mj-05202 (S.D.N.Y. May 20, 2020) (No. 1).
19Chinese National Arrested for $20 Million Scheme to Fraudulently Obtain Loans Intended to Help Small Businesses During COVID-19 Pandemic, DOJ Press Release (May 21, 2020), https://www.justice.gov/usao-sdny/pr/chinese-national-arrested-20-million-scheme-fraudulently-obtain-loans-intended-help.
20Man Indicted for COVID-19 Related Loan Fraud, DOJ Press Release (May 29, 2020), https://www.justice.gov/usao-edva/pr/man-indicted-covid-19-related-loan-fraud.
21Men Sentenced for Attempting to Defraud USAA Bank of $1.5 Million, FBI Press Release (Oct. 19, 2009), https://archives.fbi.gov/archives/norfolk/press-releases/2009/nf101909.htm.
22 Indictment ¶¶ 7-17, United States v. Cherry, No. 20-cr-00027-RBS-LRL (E.D. Va. May 29, 2020) (No. 1).
23Id. at ¶ 12.
24Id. at ¶¶ 13-15.
25Dayton Business Owner Charged with COVID-Relief Fraud, DOJ Press Release (June 24, 2020), https://www.justice.gov/usao-sdoh/pr/dayton-business-owner-charged-covid-relief-fraud.
26 Compl. ¶ 22, United States v. Jackson, No. 20-mj-00301-SLO (S.D. Ohio June 23, 2020) (No. 1).
30See Management Alert, at 2; see also SBA Information Notice: Guidance Regarding Identification and Reporting of Suspicious Activity in the COVID-19 EIDL Loan Program, U.S. Small Bus. Admin. 2 (Jul. 22, 2020) [hereinafter, “SBA Guidance”], https://www.sba.gov/sites/default/files/2020-07/5000-20037-508.pdf (noting that the OIG Hotline is 1-800-767-0385).
31See Management Alert, at 2
34 SBA Guidance, at 1.
35See Management Alert, at 3-4.
36See id. at 4.
41See SBA Guidance, at 2.
42See FinCEN Advisory, at 1.
43See id. at 2.
44See id.at 3-4.
45See id. at 5-6.
46See id. at 6-7.
47See id. at 2.
48 See id.at 7-8.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.