The Coronavirus Business Interruption Loan Scheme (CBILS) and Bounce Back Loan Scheme (BBLS) have proven to be critical in helping many businesses stay afloat, and have seen c.£38 billion provided to 1.3 million businesses to date.
Yet, in recent weeks, there has been increasing press coverage concerning the rise in fraud committed by people abusing these schemes. As loan applications are largely reliant on self-certification and processed in an emergency, individuals and participants in organised crime have seized the opportunity to access funds with ease, on the basis that normal lending checks were loosened. The specific risks that amount from this include synthetic identity fraud, first party fraud and mule and money laundering activities. The full scale of the fraud may not be known for some time, however, losses are estimated to exceed averages between 0.5% and 5% - and the UK National Audit Office has recently said that the Government face a potential loss somewhere between £15 and £26 billion.
As banks begin considering the collection and recovery of these loans, many are now dealing with the ramifications of having applied less stringent Know Your Customer (KYC) checks to meet compressed government timelines and pressure to get funds to desperate businesses. In order to recoup the money from the government, banks need to have a proper system to avoid fraud in the first place. As the BBLS have recently been extended, it is prudent to consider whether:
- A robust application process is in place to identify potential fraud early on and subsequently throughout the lifecycle, or
- Remedial activity is required, checking for fraud and ensuring the right people have received the funds.
Fraud risks related to BBLs are not new risks per se (application fraud and identity theft, for example, are well known threats to the industry). However, due to the emergency of the scheme, and the fact that fraud and financial crime teams may be been under more operational pressure due to the pandemic, these risks are more likely to materialise.
The Financial Conduct Authority stated that they expected banks to maintain compliance with money laundering regulations. For existing customers, where a bank has already carried appropriate due diligence before an application has been received, they may not need to do further checks. However, if the bank has received flags or alerts suggesting that the customer poses a higher risk, further checks will be required. The decision makers will need to focus on three key areas; technology and automation, process and quality control, and people.