Lynn Woosley is a Senior Director with Treliant. She is a seasoned executive with extensive risk management experience in regulatory compliance, consumer and commercial credit risk, credit and compliance risk modeling, model governance, regulatory change management, acquisition due diligence, and operational risk in both financial services and regulatory environments.
- Source: sba.gov
Treliant knows credit and operational risk. If you need help assessing your institution’s PPP performance, we can help.
On December 23, 2020, the Inspector General (OIG) of the Small Business Administration (SBA) issued a memo summarizing key internal control recommendations related to the Economic Injury Disaster Loan (EIDL) and Paycheck Protection Program Loan (PPP) programs. The recommendations were summarized and reiterated from four prior reports related to SBA pandemic response programs, as well as three prior White Papers reviewing prior SBA disaster and economic stimulus programs and unpublished draft reports regarding PPP implementation and execution. The OIG recommends that lenders be required to validate that:
- The business was established prior to the mandated date; and
- The loan amount does not exceed applicable standards, including maximum amount per employee, maximum number of employees, and other applicable size standards.
In addition, OIG recommends the SBA enhance PPP processes to ensure that:
- Loans are not disbursed to borrowers included on the Treasury’s Do Not Pay list;
- Include the North American Industry Classification System (NAICS) code as a required component of the PPP application to ensure loans are not approved to participants in ineligible industries; and
- Include borrower demographic information on PPP applications.
The OIG also made recommendations related to the EIDL program, including:
- Establishing controls to ensure loan proceeds are deposited into legitimate bank accounts of eligible borrowers;
- Prevent changing loan application information post-approval without reviewing the application again;
- Verify applicant identity, eligibility, and business start date using photo IDs, tax records, Employer Identification Numbers or Social Security Numbers incorporation records, and other means;
- Ensure loan recipients are not on the Treasury Do Not Pay list; and
- Improve the systemic ability to identify risk factors related to fraud, duplicate applications, or other issues.
Banks will recognize that failure to meet these standards may expose risks in internal fraud and anti-money laundering systems. If you need assistance ensuring your firm is prepared for scrutiny, Treliant can help.