Bounce Back Loan fraud: a retrospective


To date, UK taxpayers have funded pandemic business loans totalling over £70 billion. But have some banks failed to implement adequate controls to prevent widescale fraud due to government’s insistence for a lightning speed roll out of the scheme? Edward Vaughan, a former National Crime Agency Officer and now Head of Banking at TruNarrative, believes radical scrutiny is needed.

Last year saw the government introduce three business loan programmes to support companies through the pandemic. One, the Business Bounce Back Loan Scheme (BBLS), allowed smaller companies to borrow between £2,000 and £50,000 on some very favourable repayment terms.

Back in May 2020, it was a welcome lifeline thrown by the chancellor, with the government, UK taxpayer, and issuing banks – bearing responsibility to ensure repayment and underwrite the loans. Good news for businesses but a potential risk for almost everybody else.

The perfect storm

The implementation of the programme, by necessity, was extremely rapid: the UK economy was in crisis and to ensure that speed of pay-out was achieved, some of the more traditional risk processes may have been overlooked including formal credit and affordability assessments with reliance placed on self-certification by the applying business.

Further, some banks who deployed legacy banking onboarding solutions lacked the digital fraud detection strategy to spot those bad-actors. It’s hardly surprising the opportunity for serious and systemic fraud was, and still remains, huge.

By now we’ve all seen the headlines of various unscrupulous characters reportedly indulging in new cars etc, supposedly courtesy of a government loan programme designed to help them weather the hard times over the last year. Whether or not these are indeed examples of unethical lending and borrowing, it is easy to see how the taxpayer might perceive the scheme as the public purse subsidising possibly underservant businesses and owners.

To make matters worse, the threshold for eligibility was set low: any companies trading on the 1 March 2020, who were adversely affected by the coronavirus (COVID-19), and who hadn’t applied or received a Bounce Back Loan Scheme, were entitled to the loan.

Diluted checks and controls

In a recent report investigating the BBLS, The National Audit Office noted that eligibility criteria were less strict than for CBILS and CLBILS, leading to an increased credit and fraud risk. A third-party review has also confirmed a “very high” level of fraud risk attributable to self-certification, multiple applications, lack of legitimate business, impersonation and organised crime. Any investigation professional will tell you that criminals have indeed exploited poor risk and controls in some banks to fraudulently access the funds.

A £26 billion bill?

The potential impact is sobering. HM Treasury statistics show BBLS borrowing over £44.74bn, across more than 1.9m applications. The Department for Business, Energy & Industrial Strategy (BEIS) and the British Business Bank estimates that as high as 60% of borrowers may default on the loans, (either through a fraudulent claim or an inability to pay) resulting in a £15-26 billion cost to the government based on current scheme lending.

That’s said, the harsh reality is that some businesses may not have survived the pandemic and are subsequently and genuinely unable to pay.

The ability of the government and banks to underwrite these loans in order to support those businesses is crucial. However, the lack of checks to verify the applications of the businesses and individuals who were applying for these make it difficult to separate the legitimate loans from the fraudulent ones.

We’re now seeing some major banks starting to freeze bank accounts that may be linked to this type of fraud – but clearly it’s too little, too late. The funds have been received and likely laundered through the financial system, leaving little, if anything, to recover from suspect beneficiary accounts.

Big lessons

All loans were digitally transacted, so the process could (and should) have been more technologically robust, ensuring each bank’s control environment would scrutinize several key fraud indicators: identity verification, documents, biometrics and more. But with the government pressure to rapidly deploy the scheme, is it any wonder that criminals exploited the slightest of gaps in the process when the banks didn’t have time to design and test a new and robust control environment? The time bomb is ticking, as everyone waits to see what happens once the repayments start to fall due.

The solution: intelligence led approach

As a former counter-terrorism intelligence analyst and NCA officer, I know from experience that this kind of initiative will require many intelligence analysts and officers. Information and intelligence sharing is key. A ‘data first’ intelligence led strategy, utilising technology such as network analysis and discovery, should feed directly into a task force based on the performance of loans – shining a light on the most harmful criminal networks, allowing them to be identified, targeted, and dismantled effectively with the appropriate resources.

The BBLS oversights are unfortunate, and the risk and exposure to fraud needs to be addressed. But, given the right investment and resources, an intelligence led approach could provide the critical dividend needed to peel back the wider structure of UK organised crime groups and money laundering activity.

Speak to Eddie and how we help orchestrate your AML processes for smooth onboarding and compliance. Request a demo below.

Book a demo

Transform the way you view compliance and financial crime in your business in 45 minutes. Register now