The Paycheck Protection Program (PPP) is responding to the COVID-19 pandemic and its economic impact with remarkable speed. But this rapid response also provides an opportunity to fraudsters of all kinds. They too are rapidly responding, instinctively sensing that overburdened, rushed institutions will be more likely to miss fraudulent loan applications, which divert precious resources from employees in need to undeserving, potentially criminal entities. Even if applicants have no criminal intentions, economic desperation is forcing many into a “why not” attitude that strains the system. Just like how many hospitals are overwhelmed by victims of the virus, many financial institutions are being overwhelmed with loan applications, allowing fraud to succeed by hiding within the chaos.
Given its resources, the Small Business Administration (SBA) is doing a remarkable job administering the PPP loans, but with most of their limited resources put towards getting money quickly to organizations at a historic scale, other institutions must take on the task of risk screening the loans.
So what can be done to help? We believe technology can play a critical role in identifying risky loans and triaging resources toward this new economic challenge and opportunity.
The SBA inspector general is well aware of the potential for fraud and has written about lessons to be learned from previous stimulus periods to help guide financial institutions. At the same time, the DOJ has announced an effort to stem the tide, and first prosecutions for fraudulent applications are just starting to be revealed.
Industry experts are exhorting institutions to scale up their risk screening to meet the moment. And of course investigative journalists are doing their best to expose the high-profile entities that have made inappropriate applications, including Shake Shack and the Los Angeles Lakers, but these are piecemeal stories, not systematic efforts.
These efforts represent the tip of the iceberg, implementation efforts are inconsistent, and it is unclear any of these approaches can scale to the degree necessary to ensure adequate coverage. In the analogy on the need to build a test-and-trace systems to combat the virus at scale, the situation calls for a technology-enabled AI screening system to systematically call out the risky entities, letting humans do what they do best at the end of the screening funnel: following the resulting leads and confirming fraud without a doubt.
Quantifind’s platform is uniquely set up to perform exactly this workflow, by applying its risk-screening technology in batch-mode to a large number of candidate entities. Our systems easily scale to large numbers of entities, and our algorithms (which confidently link entities and classify entities into relevant risk categories from public data) are built for the task at hand.
In previous reports, we have demonstrated other ways our technology can apply to the pandemic situation, including helping banks with backlogs and discovering the entities behind COVID-related fraud, such as fraudulent PPE and pseudo-scientific medical scams. Here, we discuss in more detail the kind of work we are performing with financial institutions to combat PPP fraud directly by matching applicants to risk signals from public data sources.
The work we perform with financial institutions is always private, but in the case of the SBA program, awarded entities are made public. As a community, we can thus take advantage of this transparent government resource to screen entities and find those that are most likely to be fraudulent.
The current data only reveals very early SBA awardees (from just after first shelter-in-place orders were put in place), and a much larger dataset is coming soon to cover the April surge. From this early data, Quantifind’s AI-driven screening system was able to find signs of risk by automatically screening thousands of cases, revealing, for example, the following anonymized stories:
Other cases involve companies with ties to financial crimes and foreign ownership, as well as individuals with potential drug trafficking and terrorism connections.
Of course, each of these findings does not indicate a crime in isolation, but they do indicate Quantifind’s ability to winnow a large number of entities down to a select few worth manual investigation, drastically increasing the efficiency of any screening effort.
The risk factors for the PPP are an expected point of debate: What matters and what does not to a law enforcement investigator? We can break the risk factors down into relevant categories: previous financial crimes, eligibility mismatches (lying about number of employees), inappropriate ownership (shell companies or foreign-owned). Less relevant risk factors (which banks sometimes are interested in) might include: small claims legal proceedings, certain industries (marijuana, cryptocurrencies), and minor offenses. Indicators under the category of “financial stress” (including bankruptcy proceedings, or layoffs) might otherwise be a sign of risk to a lender, but here may be a justification for the loan depending on the circumstances.
These risk factors imply other potential approaches for risk screening. Concerning eligibility, one approach would be to compare loan amount to independent indications of employee numbers, popularity, or revenue. Large anomalous outliers in the scatter-plot space (large loan, but low “presence”) would indicate potential avenues for investigations. Similarly, certain geographic locations (e.g., Cyprus) or company naming patterns (e.g., “* international”) open a company up for scrutiny.
Beneficial ownership, and screening the owner (or key executives) of any applicant, is also a necessary step. This opens up the risk profile and enables the screener to see multiple companies and networks, to confirm fraudulent patterns such as “double-dipping” or evidence of financial crime via other owned entities.
On top of each individual entity discovery, it is also important to step back to recognize general trends among all applicants. This would expose which industries are over-represented (e.g., lawyers and dentists are prevalent in early data) and evaluate the system for fairness in terms of ultimate representation.
As with any machine learning technology, once the risk factors and training examples are defined, the problem becomes amenable to systematic algorithmic approaches. Quantifind has multiple layers of models, applied across a vast set of diverse data sources, to make risk-screening work. We use sophisticated named entity linking (NEL) approaches to ensure that the risky entity discovered is the same as the entity in question, with stated levels of confidence. We establish risk-relevancy to ensure that, given the document, the risk applies directly to the entity in question. Quantifind also ensures that risk can be properly identified from unstructured sources, developing advanced topic models that cover all natural language indications that a certain risk is present.
The result is a scalable solution that meets the potential of any well-designed automated solution: enhancing consistency, coverage, speed, and efficiency. Given the scale of PPP applications in process, automated solutions like Quantifind’s go from being an optimization of an existing process to a required component of any solution.
Quantifind is offering its services to any financial institution in the position of screening a historic number of applications without the necessary manual resources. Contact us to discuss our scalable methodology and open-data discoveries: firstname.lastname@example.org.