The Small Business Administration provided $1 trillion to help small businesses during the pandemic. But in some instances funds went to fraudsters—the Department of Justice charged hundreds of individuals and is investigating many more.
We flagged 3.7 million recipients of SBA funds as having warning signs consistent with potential fraud. Such "indicators" aren’t proof of fraud, which is why we referred them for further review and possible law enforcement investigation.
SBA hasn't had timely access to some external data sources—such as IRS data—that could help prevent fraud. We recommended that SBA develop a plan for accessing such data.
What GAO Found
The Small Business Administration (SBA) moved quickly under challenging circumstances to develop and launch pandemic relief programs to help small businesses. These programs, including the Paycheck Protection Program (PPP) and COVID-19 Economic Injury Disaster Loan (COVID-19 EIDL), totaled over $1 trillion and assisted more than 10 million small businesses. However, in some instances relief funds went to those who sought to defraud the government. As schemes emerged, SBA adapted its fraud risk management approach and added controls to help prevent, detect, and respond to fraud.
GAO analyzed 330 PPP and COVID-19 EIDL fraud cases. Federal prosecutors across the United States filed bank fraud, wire fraud, money laundering, identity theft, and other charges against 524 individuals associated with these cases. This analysis is based on fraud cases publicly announced by the Department of Justice (DOJ) as of December 2021.
Cases Charged by the Department of Justice Involving Paycheck Protection Program (PPP) and COVID-19 Economic Injury Disaster Loan (COVID-19 EIDL) Fraud, as of December 31, 2021
In those cases, DOJ charged individuals with
- misrepresenting eligibility, falsifying documents, using stolen identities, and
- deliberately exploiting the programs by conspiring with each other, sharing knowledge on how to circumvent controls, and obtaining kickbacks.
For the 155 of the 330 cases that reached conclusion through guilty pleas or convictions, GAO calculated about $188 million in direct financial losses. Across these cases, as of December 2021, 94 individuals had been sentenced to an average of about 37 months in prison. The number of cases will continue to grow. As of January 2023, the SBA Office of Inspector General (OIG) had 536 ongoing investigations, and the statute of limitations has been extended to 10 years to prosecute individuals who committed PPP and COVID-19 EIDL-related fraud.
Select GAO analyses of PPP and COVID-19 EIDL data, including comparisons with National Directory of New Hires (NDNH) wage data, identified over 3.7 million unique recipients with fraud indicators out of a total of 13.4 million (see figure). Fraud indicators can be used to identify potential fraud and assess fraud risk. They are not proof of fraud. Additional review, investigation, and adjudication is needed to determine if fraud exists. To that end, GAO referred the unique recipients with fraud indicators it identified to the SBA OIG for further review and investigation. The unique recipients identified include potentially non-existent businesses or businesses that may have misrepresented employee counts to obtain more funds. However, it is possible that the analysis identified non-fraudulent recipients with data discrepancies consistent with an indicator. While SBA has conducted its own analyses to identify recipients with fraud indicators, it does not have access to the NDNH database and could not have performed the same analyses as GAO.
Unique Paycheck Protection Program (PPP) and COVID-19 Economic Injury Disaster Loan (COVID-19 EIDL) Recipients with Fraud Indicators
SBA has employed data analytics to enhance fraud prevention and detection. For example, the use of analytics contributed to SBA determining that some PPP borrowers were ineligible for loan amounts or used them for unauthorized purposes, resulting in $4.7 billion in loan proceeds not being forgiven. In addition, SBA referred over 669,000 potentially fraudulent PPP and COVID-19 EIDL loans to the SBA OIG for investigation after using data analytics and conducting manual reviews. SBA enhanced its analytic capabilities during the pandemic and has recognized that it would benefit from further development of its data analytics program. SBA has opportunities to continue to improve its ability to prevent and detect potentially fraudulent transactions. For example, SBA did not fully leverage information to help identify applicants who tried to defraud multiple pandemic relief programs. While it has access to multiple external data sources, SBA does not have access to other external data sources that could aid in fraud detection and prevention. Leveraging information across programs and obtaining access to external data are consistent with leading fraud risk management practices. SBA has the opportunity to ensure that it fully leverages data across programs and accesses external data to the fullest extent possible to mitigate the likelihood and impact of fraud. Obtaining such access could necessitate pursuing statutory authority or entering into data-sharing agreements with other agencies to gain timely access to those sources.
Why GAO Did This Study
Congress established four programs to support small businesses during the pandemic: PPP, COVID-19 EIDL, Restaurant Revitalization Fund, and Shuttered Venue Operators Grant. Widely reported incidents of fraud raised questions about SBA's management of these programs. For this and other reasons, GAO added small business emergency loans to its High Risk Program in 2021.
The CARES Act includes a provision for GAO to monitor COVID-19 pandemic relief funds. This report (1) analyzes fraud cases charged by DOJ involving PPP and COVID-19 EIDL to understand fraud schemes and impacts, (2) provides the results of select data analyses regarding fraud indicators in PPP and COVID-19 EIDL, and (3) identifies opportunities for SBA to enhance its data analytics.
GAO analyzed DOJ press releases and court documents related to PPP and COVID-19 EIDL cases publicly announced as of December 2021 for fraud schemes and impacts. GAO analyzed 2020 and 2021 PPP and COVID-19 EIDL data, comparing these data to NDNH wage data to identify the presence of fraud indicators. GAO also evaluated SBA's data analytic efforts against leading practices.
GAO recommends that SBA (1) ensures it has and utilizes mechanisms to facilitate cross-program data analytics and (2) identifies external data sources that could aid in fraud prevention and detection and develop a plan to obtain access to those sources. SBA concurred with both recommendations.
Recommendations for Executive Action
|Small Business Administration||The Administrator of SBA, in coordination with the Fraud Risk Management Board, should ensure that SBA has mechanisms in place and utilizes them to facilitate cross-program data analytics. (Recommendation 1)||
|Small Business Administration||The Administrator of SBA, in coordination with the Fraud Risk Management Board, should ensure that SBA has identified external sources of data that can facilitate the verification of applicant information and the detection of potential fraud across its programs. It should then develop a plan for obtaining access to those sources, which may involve pursuing statutory authority or entering into data-sharing agreement to obtain such access. (Recommendation 2)||