On July 28, 2020, the Office of the Inspector General (OIG) of the Small Business Administration (SBA) issued a management alert titled “Serious Concerns of Potential Fraud in the Economic Injury Disaster Loan Program Concerning to the Response to COVID -19. “1 The Inspector General said the OIG has identified approximately $ 250 million in Economic Disaster Lending Program (EIDL) funds that have been issued to “potentially ineligible recipients” in potentially fraudulent transactions. Without directly questioning the amount, SBA Administrator Jovita Carranza disputed the conclusion that the alleged fraudulent transactions resulted, in part, from the SBA’s failure to implement appropriate internal controls over the EIDL program.


The EIDL program, under which the SBA provides long-term loans to small businesses affected by natural disasters, is well established. EIDL loans can be used to pay off fixed debts, payroll, accounts payable and other liabilities if the business is otherwise unable to meet those obligations due to “economic harm.” The term “economic harm” has been interpreted to mean that the business is unable to pay its ordinary and necessary operating expenses. The program differs in some ways from the much-publicized $ 660 billion Paycheck Protection Program (PPP) authorized under the CARES Act. An EIDL loan is offered at a higher interest rate than a PPP loan – 3.75% – and is processed by the government rather than a private bank. There are also fewer initial restrictions on how EIDL funds can be spent.

In March 2020, Congress expanded the program as part of the legislative response to COVID-19, as previously discussed by AGG. In particular, the CARES Act allocated $ 10 billion for EIDL upfront grants of up to $ 10,000 to qualifying small businesses and nonprofits. Grant recipients are not obligated to repay these funds if, for any reason, the loan application is subsequently refused. On July 11, 2020, the SBA announced the end of the early grant program.

Congress has demanded that these EIDL grant funds be disbursed within three days of submitting the application. Due to the short time frame, the CARES Act also required the SBA to accept a self-certification – under penalty of perjury – that the applicant is an eligible entity. However, when this COVID-related EIDL expansion took effect, the SBA immediately encountered obstacles in handling the millions of requests it received within days. In order to address the backlog and in response to criticism from Congress and the companies involved, the agency has outsourced much of the loan processing work to business consultants. According to an SBA update3 released on July 15, 2.5 million EIDL loans, totaling approximately $ 150 billion, were approved.

Findings of the report

Since June, the OIG has seen a significant increase in reports of suspicious and potentially fraudulent activity from financial institutions and law enforcement agencies. The reports from nine banks alone accounted for a combined total of $ 187.3 million in suspected fraudulent transactions. Overall, the office has received over 5,000 complaints about the EIDL program from 440 financial institutions, the majority – nearly 3,800 – from just six entities.

From these complaints, the OIG developed a list of red flags for potential fraud, including the use of stolen account identities, the inability to explain the origin of the business name on the app, attempts to transfer funds from the program to investment accounts or foreign accounts; accounts opened only for depositing program funds, deposits of program funds to third parties, and more. In one case, a federal credit union reported to the Department of Justice’s (DOJ) Criminal Division that it received $ 15 million in 60 SBA transactions. An audit found that 59 of these transactions appeared to be fraudulent.

During its ongoing investigations, the OIG has determined that over 20,000 EIDL advances and 6,000 EIDL loans have been made to potentially ineligible businesses. These include companies that have been registered after the January 31 registration deadline specified by SBA regulations. The OIG also identified hundreds of businesses that received more than one EIDL loan, noting that duplicate loan receipts were made possible because the agency “did not put in place effective controls to determine whether applicants had previously applied for and received financial assistance “.

Agency response and recommendations

SBA administrator Jovita Carranza responded that the report’s findings were “unexpected”. The SBA disputed that it failed to implement appropriate internal controls for EIDL advances and EIDL loans. Specifically, the agency identified a duplicate application check, business owner identity check, bank account verification checks, and additional checks that had been implemented as part of the program. advance. The Administrator further noted that the loan processing system is an “automated decision engine that works in concert with” the program loan officers “to perform functions relating to loan eligibility, identification potential fraud and approval / denial ”and that there are over 70 rules relating to loan qualification and approval.

The agency also noted that it continues to improve internal controls at EIDL. On July 16, the SBA informed the Office of Disaster Assistance (ODA) of reports from three major banking institutions regarding suspicious activity related to the EIDL program. On July 22, the agency issued Information Notice 5000-20037 to depository financial institutions and all SBA employees alerting them to “potential suspicious activity related to COVID-19 EIDL funds deposited on professional or personal accounts ”.

In its analysis of the agency’s response, the OIG expressly welcomed the corrective actions taken on July 16-22, while calling for future “meaningful and cooperative discussions with SBA management to share information and reports. of conclusions ”in order to continue to fight against potential fraud. .

In light of its findings, the OIG also recommended that SBA (1) “[a]assess vulnerabilities with the aim of strengthening or implementing internal controls to deal with notices of potential fraud ”and (2)“[c]create an effective process and method for lenders to report suspected fraud to the Disaster Assistance Office and recover the funds.


This is not the first alarm to sound regarding the relative fraud sensitivity of COVID-19 relief programs. In June, the Government Accountability Office (GAO) released a report3 warning that the PPP program was vulnerable to fraud and waste. Like the SBA OIG, the GAO noted that “[b]due to the number of loans approved, the speed with which they were processed and the limited guarantees, there is a significant risk that some fraudulent or inflated applications will be approved… ”

Nor are the OIG’s findings particularly surprising when viewed through the lens of the history of government disaster relief programs. AGG’s in-depth coverage of previous disaster relief loans – and resulting fraud investigations and enforcement actions – are accessible here. The scrutiny of applicants and beneficiaries of EIDL (and other COVID-related relief) is only just beginning. It remains essential for any business in need of these public funds to maintain a strong compliance position, seek legal advice when necessary, remain vigilant, and respond appropriately to allegations or suspicions of wrongdoing.

[1] https://www.sba.gov/document/report-20-16-serious-concerns-potential-fraud-eidl-program-pertaining-response-covid-19

[2] https://www.sba.gov/sites/default/files/2020-07/EIDL%20COVID-19%20Loan%207.15.20.pdf

[3] https://www.gao.gov/reports/GAO-20-625/