New Select Subcommittee Report Reveals How Fintech Companies Facilitated Fraud in the Paycheck Protection Program

Washington, D.C. (December 1, 2022) – Today, the Select Subcommittee on the Coronavirus Crisis, chaired by Rep. James E. Clyburn, released a staff report detailing the poor performance of many financial technology companies (fintechs) in administering the nation’s largest pandemic relief program, the Paycheck Protection Program (PPP). The report details how the investigated companies, despite being tasked with processing PPP applications while screening out those with signs of fraud, abdicated that responsibility—in many cases recklessly—resulting in the approval of large numbers of fraudulent applications.

In May 2021, the Select Subcommittee initiated an investigation into the role of fintech companies Kabbage, Inc. and Bluevine and partner banks Cross River Bank and Celtic Bank in facilitating PPP fraud following public reports they were linked to disproportionate numbers of fraudulent loans. The investigation was expanded in November 2021 to include fintech start-ups Blueacorn PPP, LLC, and Womply, Inc., after an analysis determined significant percentages of PPP loans facilitated by the companies had indicators of fraud.

Chairman Clyburn released the following statement about today’s report:

“As today’s report details, many fintechs, while promising to help disburse billions of Paycheck Protection Program dollars to struggling small businesses efficiently and expeditiously, refused to take adequate steps to detect and prevent fraud despite their clear responsibility to safeguard taxpayer funds. Even as these companies failed in their administration of the program, they nonetheless accrued massive profits from program administration fees, much of which was pocketed by the companies’ owners and executives. On top of the windfall obtained by enabling others to engage in PPP fraud, some of these individuals may have augmented their ill-gotten gains by engaging in PPP fraud themselves.

“We must learn from this inexcusable misconduct to erect guardrails that will help ensure that federal programs—including emergency assistance programs in future crises—are administered more effectively, efficiently, and equitably while keeping waste, fraud, and abuse to an absolute minimum. Based on our initial findings, I have asked the SBA and SBA OIG to conduct further investigation into these companies and pursue all appropriate remedies, and I have informed DOJ that some of our findings may warrant its attention.”

Today’s staff report is entitled “‘We Are Not the Fraud Police’: How Fintechs Facilitated Fraud in the Paycheck Protection Program” and is available in full here. The report reveals the following key findings:

Fintechs and Lenders Observed Significant Fraud in the PPP, Which They Attributed to Program Mismanagement as They Sought to Evade Responsibility

• Fintechs and lenders blamed the Trump Administration’s mismanagement of the PPP for the high volume of fraud in the program. In a September 2020 email, fintech Kabbage’s head of policy wrote of the Small Business Administration (SBA): “At the end of the day, it’s the SBA’s shitty rules that created fraud, not [Kabbage].” 
• In response to an August 2020 SBA email announcing a webinar on preventing PPP fraud, lender Celtic Bank’s President called the Trump Administration’s action “a bit late,” remarking that the “horse has been out of the barn for a while now” with respect to PPP fraud.
• Fintechs and lenders looked to avoid taking responsibility for taxpayer money that was lost to fraud. In an internal email obtained by the Select Subcommittee, the CEO of Celtic Bank wrote: “the industry should push hard to make sure the SBA accepts the fraud risk.” 

Blueacorn Took Only Minimal Steps to Prevent Fraud in Its Facilitation of Billions of Dollars in PPP Loans, While Abusing the Program to Enrich Its Owners

• Fintech Blueacorn received over $1 billion in taxpayer-funded processing fees but spent little on fraud prevention and eligibility verification. Blueacorn transferred nearly $300 million in profits to its owners while only spending $8.6 million—less than one percent of the fees it received for its PPP work—on its fraud prevention program. Blueacorn also gave approximately $666 million to a marketing firm controlled by members of its senior leadership—almost 50 times more than the $13.7 million the fintech spent on eligibility verification to detect fraud. Blueacorn had only “one direct employee who assisted with processing PPP loan applications” for the 1.7 million loans it reviewed.
• Blueacorn “almost exclusively relied on third-party companies and contractors” to process PPP loan applications. According to a former employee, Elev8 Advisors “hired at least 30 of [Elev8 Advisors’ owner’s] closest friends and family to work as underwriters submitting PPP loans to the SBA through Blueacorn.” In a text message obtained by the Select Subcommittee, Elev8 Advisor’s owner, Kristen Spencer, made her motivation clear: “We are doing this for the people we hired to make money. Our friends and family. That is where the money is going. And it will be life changing money for anyone who does it.”
• Blueacorn loan reviewers reported receiving poor training and being pressured to “push through” PPP loans, even if the reviewers doubted the authenticity of the loan’s supporting documents. One former Blueacorn loan reviewer told the Select Subcommittee that the company’s reviewers were “submitting PPP loans to the SBA the first minute of the first day” of their employment despite having “no formal or informal training on loan underwriting, as well as no training on how to properly identify and report fake government identification such as a driver’s license.” The reviewers were told “the faster the better” and that each loan application review “should take you less than 30 seconds.”
• Blueacorn gave priority and less scrutiny to high dollar loans and those identified as “VIPPP” by Blueacorn’s founder. Blueacorn’s owners directed reviewers to prioritize “monster loans [that] will get everyone paid” and created an exclusive category of PPP loans, called “VIPPP” loans. Blueacorn’s owners directed loan reviewers “to prioritize and submit large [“VIPPP”] loans without following protocols that [loan reviewers] had been trained to complete.” While prioritizing “VIPPP” loans, Blueacorn’s owners were dismissive of other loans, writing “delete them,” “who fucking cares,” and “[w]e’re not the first bank to decline [PPP] borrowers who deserve to be funded…they go elsewhere.” 
• Blueacorn’s founders attempted to improperly charge some PPP applicants. According to their former business partners, Blueacorn founders Nathan Reis and Stephanie Hockridge attempted to directly charge some applicants a 10 percent fee for successfully procuring PPP loans—in violation of SBA rules. 
• Blueacorn’s founders arranged PPP loans for themselves through Blueacorn, some of which have signs of potential fraud. In addition to likely taking over $120 million in taxpayer-funded PPP processing fees as personal profit, Mr. Reis and Ms. Hockridge received nearly $300,000 in PPP loans, some of which were facilitated by their own company. Applications for these loans—some of which Blueacorn lending partner Capital Plus later demanded be repaid—included supporting documentation with suspicious elements. In one application, Mr. Reis claimed to be an African American and a veteran—both of which appear to be false.
• The owners of Elev8 Advisors—Blueacorn’s primary eligibility verification and compliance consultants—received PPP loans for themselves, their businesses, and their family members through Blueacorn’s lending partners. Elev8 Advisors owners Adam Spencer and Kristen Spencer used Blueacorn to secure PPP loans for themselves, their companies, and their family members. In the months after receiving these loans, the Spencers purchased an $8 million mansion in cash and acquired multiple luxury cars. The Spencers’ loan applications also contained suspicious elements, including companies with unusually high profit margins and claims of income that appear unsupported by accompanying documentation. A confidential witness who spoke to the Select Subcommittee said that Mr. Spencer directed at least one family member—who also served as a PPP loan reviewer—to fraudulently apply for a PPP loan for a defunct business through Blueacorn, and later used the funds for home renovations.

Womply’s PPP Fraud Screenings Failed to Prevent “Rampant Fraud”—and Were Accompanied by Questionable Business Practices—Despite Generating Over a Billion in Profits

• Lenders paid Womply over $2 billion in processing fees for Womply’s “PPP Fast Lane” to screen applications for fraud and eligibility. In the first round of the PPP, Womply provided referral services to lenders, receiving just $3 million from lenders for its services. Womply later rebranded itself as a “technology service provider” and, according to its lending partners, became responsible for handling eligibility and fraud verification for over a million PPP loans through its “PPP Fast Lane.” 
• Multiple Womply lending partners, including Dreamspring, Lendistry, Fountainhead and Benworth, criticized Womply’s fraud prevention practices, with lenders describing its systems as “put together with duct tape and gum” and accusing Womply of allowing “rampant fraud” to infiltrate the PPP.
• Largely thanks to windfall taxpayer-funded PPP processing fees, Womply had a net revenue of over $2 billion in 2021, but received over $5 million in PPP loans for itself, which the SBA later determined it was ineligible to receive. In 2021, Womply had a gross profit of $1.8 billion and gross profit margin of nearly 90 percent, yet it received over $5 million in PPP loans from its largest biggest partner, Harvest, and asked forgiveness for these loans in 2021. After reviewing Womply’s forgiveness application, the SBA determined that Womply was ineligible for the loans that Harvest approved and has since required the fintech to repay them in full. Both Womply’s CEO and President also received PPP loans for themselves, despite each earning over $400,000 in salary in 2021 and likely taking tens of millions in taxpayer-funded PPP processing fees as personal profits.
• Womply’s CEO—who was convicted of insider trading in 2014 and has been permanently barred from participating in the securities industry—led Womply’s fraud prevention efforts and instructed his company to not cooperate with federal PPP fraud investigators. Despite telling its lending partners that Womply was working closely with the SBA and SBA Office of Inspector General (SBA OIG), Mr. Scammell resisted providing information to federal investigators conducting PPP fraud investigations. The SBA OIG and Fountainhead, one of Womply’s lending partners, made multiple requests for information from Womply “so that the SBA can investigate potential fraudulent loan activity carried out by PPP borrowers.” Womply refused to cooperate, and Fountainhead was ultimately forced to get a temporary restraining order against Womply so they could not “destroy these [PPP loan] documents.”
• Womply updated its privacy policy in 2022 to give itself the right to transfer sensitive personal and financial data of hundreds of thousands of PPP borrowers to its owners’ new business. In May 2022, Womply notified its customers—likely including PPP applicants—that it was giving itself the right to transfer “over 2 [million] tax documents, over 1.5 [million] bank accounts from applicants” to its new company, Solo Global, Inc. Womply refused to tell the Select Subcommittee whether it has transferred sensitive PPP applicant personal and financial data to this new company, how it is using sensitive PPP applicant data, and whether it is using this data to generate profits for their new company. 

Capital Plus, Harvest, and Other Fintech-Partnered Lenders Conducted Little Oversight over Womply and Blueacorn’s Activities, Allowing Fraud to Infiltrate The PPP

• Multiple PPP lenders admitted to having no formal program to monitor their fintech partners or to detect fraud in the PPP loans that they submitted. The lenders investigated told the Select Subcommittee that they largely relied on their fintech partners to perform fraud prevention and eligibility verification.
• Prestamos and Harvest described their oversight of fintech processed loans as being limited to “spot checks” conducted at “random” on a small percentage of loan application files. In one case, lender Capital Plus approved dubious loans to Blueacorn’s owners but claimed to not have discovered that they issued these loans until months later. Despite this lack of oversight, multiple for-profit lenders—including Capital Plus and Harvest—reported hundreds of millions of dollars in profits as a result of their participation in the program.

Kabbage’s PPP Activities Illustrate that the PPP Lacked Incentives for Fintechs to Implement Strong Fraud Prevention Controls or Appropriate Borrower Servicing

• Kabbage, which facilitated over 310,000 PPP loans, implemented a system that confused and concerned employees and financial institutions. Multiple employees expressed concern about Kabbage’s loan review process, with one informing her supervisor that she was “really uncomfortable with the review procedures” for loans and expressing her belief that “the level of fraud we’re reviewing is wildly underestimated.” A bank working with Kabbage expressed concern about the “significant increase in the fraudulent transactions confirmed by Kabbage” during the first round of the PPP. 
• Kabbage approved loans with likely indicators of fraud, partly because the program imposed minimal risk on lenders who approved questionable applications. In one exchange, a Kabbage risk manager supervising fraud specialists told his team that “a fundamental difference” between the level of diligence applied in the PPP, as opposed to normal lending by Kabbage, was that “the risk here is not ours – it is SBA’s risk.”
• As PPP fraud surged, Kabbage reduced its full-time fraud prevention staff. Between May and June of 2020, during the height of the PPP, Kabbage reduced its risk and account review teams by approximately half. After American Express acquired the majority of Kabbage’s assets in October 2020, its PPP loan portfolio was transferred to a minimally resourced spin-off entity. That company continued to fund tens of thousands of loans while retaining only one full-time anti-fraud employee.

Bluevine Initially Faced Significant Fraud Rates, but Its Longstanding Partners Intervened to Improve Fraud Prevention Over the Course of the Program

• Federally regulated bank partners successfully pushed Bluevine to improve its controls during the PPP, likely reducing fraud. In contrast to the other fintechs and lenders examined by the Select Subcommittee, Bluevine’s partner lender Celtic Bank conducted continuous oversight of Bluevine’s anti-fraud controls and prompted Bluevine to introduce new software and manual review processes. These changes were followed by a steep decline in fraud incidents.

• Overwhelmed by fraud despite improved controls, Bluevine faced difficulties with timely reporting of fraud to law enforcement. Celtic Bank submitted late Suspicious Activity Reports (SARs) due to delays at Bluevine, in violation of applicable banking regulations and to the possible detriment of law enforcement efforts to address ongoing fraud. These issues raise concerns about adequate and full reporting of PPP fraud by other third-party service providers—especially those who lacked experience in filing SARs—who were facing the same fraud threats but received less rigorous oversight from lending partners.

Based on the findings, the report includes 11 recommendations to address PPP fraud and improve future programs. It urges the SBA to consider carefully whether businesses like fintechs that are not subject to traditional financial regulations should be permitted to play a part in future federal lending programs, and recommends that Congress take these factors into account in considering future legislation. The report also recommends that the SBA and SBA OIG continue to investigate fraud in PPP and require stricter oversight during emergency programs, and that the SBA OIG investigate any including potentially fraudulent loans received by Blueacorn owners and consultants detailed in today’s report, and that the Department of Justice (DOJ) continue its work prosecuting fraud in the PPP. Finally, the report recommends that any expansion of SBA programs to unregulated lenders or agents, including fintechs, should be accompanied by greater oversight by the agency.

The Select Subcommittee’s findings are based on more than 83,000 pages of internal documents from Kabbage, BlueVine, Cross River Bank, and Celtic Bank, Blueacorn and Womply as well as information and documents from fintech PPP lending partners Harvest, Capital Plus, Prestamos, American Express, KServicing, Fountainhead, Benworth, Wells Fargo, Bank of America, and CDC Small Business Finance. The Select Subcommittee had multiple briefings and conversations with former fintech employees, executives, lending partners, and others with knowledge of fintech activities during the PPP, as well as with the SBA and the SBA OIG.

Click here to read’s today’s report.

Click here to read the letter from Chairman Clyburn to the Department of Justice.

Click here to read the letter from Chairman Clyburn to the Small Business Administration.

Click here to read the letter from Chairman Clyburn to the Small Business Administration Office of Investigator General.

Click to read documents released with today’s report by section: Background/General Findings, Blueacorn, Womply, Criminal Gangs, Kabbage, and BlueVine.