Joseph Stewart has never owned a business, but in October a notice arrived at his Northport home saying he had to repay a $9,900 federal loan from a program meant to help businesses survive the pandemic.
Stewart, a bond underwriter, is among 846,600 people nationwide whose name, Social Security number and other personal information were used to fraudulently obtain disaster loans and grants, according to an estimate from the U.S. Small Business Administration's inspector general.
Fraud in SBA's Economic Injury Disaster Loan program, or EIDL, may total as much as $79 billion, the inspector general said. That’s 35% of the $225 billion in pandemic-related EIDL disaster loans and grants approved since the coronavirus struck last March, according to a Newsday analysis of SBA data.
Long Island's top federal prosecutor called the EIDL grants "catnip for criminals" because they required little documentation from the applicant and were deposited into their bank account within three days.
Stewart, 54, a retired New York City police officer, said of the bogus loan in his name: "The fraudsters said I was the sole proprietor of a restaurant with four employees — but I’ve never owned a business in my life."
The restaurant supposedly had 2019 revenue of $310,000 and opened three years ago at an address that's actually Stewart's home address, according to a copy of the fraudulent EIDL application, which Newsday reviewed.
"The SBA should verify who the person is and that they have a business before giving them the money," he said. "I only found out about this when the loan statement came to the house in the mail."
Stewart, who spent 20 years in the NYPD, said his research shows that the fraudulent loan in his name was applied for in August using a computer in Pine Bluff, Arkansas. Stewart said he is among 147 million people who had their personal information exposed in a 2017 data breach of the credit reporting agency Equifax.
More than 20 loan applications were submitted to SBA from the Arkansas computer, Stewart said, citing conversations with a U.S. Secret Service agent based in Arkansas. Three loans were approved, totaling more than $100,000, he said.
Stewart said the Secret Service agent told him that the loan in his name was the smallest of the three. It was deposited on Sept. 1 into an empty account, also under Stewart’s name, at Green Dot Bank, an online financial institution that Stewart said he’d never heard of.
The criminals spent all the money in six days using a debit card, according to a report from Green Dot Bank's regulator, the Federal Reserve Bank of San Francisco, which Newsday reviewed.
Asked to comment on Stewart's case, a spokesman for the Secret Service in Washington said it "does not confirm the existence or absence of a potentially ongoing investigation." Green Dot Bank's chief risk officer Philip Lerma also wouldn't discuss Stewart's case but said, "we work around the clock and invest heavily to identify, block and address fraudulent activity."
SBA’s Office of Inspector General, an independent watchdog, is among about a dozen government agencies that Stewart said he contacted about the bogus disaster loan. OIG officials said criminals are using stolen personal information to secure EIDL loans and grants. They declined to discuss Stewart’s case.
"We’ve started to see a lot of cases involving identity theft, which stems back to the lax [fraud] controls that were in place at SBA" last year, Inspector General Hannibal "Mike" Ware said in an interview with Newsday.
The EIDL program has been around for nearly 70 years, helping businesses, homeowners and nonprofits to recover from natural disasters such as Superstorm Sandy in 2012 and Tropical Storm Isaias in August. The government loans can be for amounts up to $2 million with terms as long as 30 years.
As the virus was taking hold in spring 2020 and lockdowns were instituted to slow its spread, Congress and the administration of then-President Donald Trump made changes to the program, notably creating the EIDL Advance grant — up to $10,000 per business, which did not have to be repaid — and requiring less information from applicants.
SBA calculates the loan and grant amounts based on the business' number of employees, revenue and cost of goods sold in 2019.
With the pandemic creating havoc in the U.S. economy and taking a heavy toll on small businesses, there was a sense of urgency as Congress and the Trump administration directed SBA to quickly help companies that were facing permanent closure.
"But SBA also lowered the guardrails in its own [fraud] control environment for EIDL, and that allowed fraudsters to take advantage of the program at an alarming rate," Ware said.
He said SBA "abandoned" its usual practice of two loan officers reviewing each EIDL application, in favor of "tons of loans being approved in huge batches without review." And he said, "the [computer] system flags that would have caught fraud were basically ignored to rush money out the door."
A program official said last week that Ware's estimate of EIDL fraud is based in part on fraudulent applications that have been flagged by SBA loan officers. The program official, who spoke on the condition that his name not be published, said Congress recently gave SBA the ability to obtain a loan applicant's tax returns directly from the Internal Revenue Service, which wasn't possible in 2020.
"Since the [COVID-19 EIDL] program was launched over a year ago, we have made many steps throughout to mitigate fraud," the program official said.
Ware began warning of "rampant EIDL fraud" in July 2020 but said his recommendations for greater scrutiny of loan applications were disputed or ignored until the final days of the Trump administration.
Trump’s SBA "took the view that the inspector general will catch [fraud] on the back end…They just needed to expeditiously get this money out," Ware said. "But you can’t depend on running after the money from bad actors at the tail end. You need to set up a proper control environment at the beginning to keep the majority of bad actors out of the program."
SBA Administrator Isabella Casillas Guzman, who has led the agency since March, has reinstated the antifraud measures.
"EIDL faced challenges in the way that it was quickly rolled out without some of the normal controls" for fraud, she told Newsday. "We’ve made sure the controls for fraud are back in place while also balancing the need to deliver this program swiftly."
Ware and the SBA have so far recouped $2 billion in EIDL funds that were obtained fraudulently, according to Ware. The cases often involve the Department of Justice, Federal Bureau of Investigation, Department of Homeland Security and other law enforcement agencies.
An early case from the Justice Department’s Eastern District, which includes Long Island, involves a Brooklyn man who received a $42,400 EIDL loan and a $10,000 Advance grant to sustain what turned out to be a fictitious commercial car wash, according to an October indictment.
Jeremy Trapp, 25, sought the funds a year ago for a car wash that he claimed to own and said was located at the same address as the apartment building where Trapp lived. He said the car wash had 10 employees and 2019 revenue of $150,000, neither of which was true, the indictment states.
"I lied about [owning a car wash] and applied for a loan," Trapp said in April when he pleaded guilty to wire fraud. He awaits sentencing and faces up to 20 years in prison. The loan money was recovered.
The Trapp case is "an example of the smaller scale of EIDL fraud that we’re seeing, but that’s starting to change," said Mark Lesko, acting U.S. Attorney for the Eastern District. "We’re seeing sophisticated actors enter this space, with high numbers of loan applications using shell companies or dormant companies."
He is Long Island's top federal prosecutor, but will be leaving to temporarily lead the Justice Department's national security division in Washington.
The Eastern District’s biggest case of EIDL fraud so far involves three JetBlue employees and two others who allegedly stole more than $1 million last year. They filed false loan applications for eight businesses that had no employees and no verifiable revenue in 2019.
The five defendants were arrested June 10 and charged with wire fraud. They have yet to enter pleas.
All the defendants and attorneys for three of them either didn't respond to requests for comment or couldn't be reached. Attorneys for the other two defendants declined to comment.
Two of the JetBlue employees allegedly used a JetBlue computer in July 2020 to submit loan applications for two businesses. The defendants claimed each firm had 26 employees and 2019 revenue of more than $690,000, though records show no employees and no federal income tax return ever being filed, according to the federal complaint.
The companies received $139,400 and $80,500, respectively. The money was used for personal expenses, such as one defendant's September 2020 car payment to BMW Financial Services, the complaint states.
Some perpetrators of EIDL fraud also rip off the Paycheck Protection Program, a separate COVID-relief initiative also overseen by SBA, said Tom Miller, a fraud expert and CEO of the risk management business ClearForce Inc. in Vienna, Virginia. The PPP consists of bank loans guaranteed by the federal government and meant to help companies survive the pandemic.
"With the COVID relief programs, there was so much money that went out so quickly that you have bad guys trying to find ways to get some of the funding," Miller said.
Prosecutors in the Justice Department’s Southern District, which includes Manhattan, said a Chinese citizen attempted to defraud EIDL and PPP together of more than $20 million.
Muge Ma, 37, pleaded guilty last week to bank fraud and aggravated identity theft. He will be sentenced in September and faces up to 30 years in prison.
Ma admitted to orchestrating the multimillion-dollar scheme to fund his two companies. In fraudulent loan applications, he said the companies had "global" operations that together employed 344 people, paid millions of dollars in wages and generated 2019 revenue of $4.4 million.
But Ma was one company’s only employee and the other had no employees, according to a federal criminal complaint.
Ma was approved for two EIDL loans and an Advance grant, totaling $660,000, and a PPP loan for $800,000 before being arrested a year ago, prosecutors said.
In Manhattan federal court, Ma said, "As part of the [loan] application I included some information that was not true, including inaccurate payroll information. I knew I had filed inaccurate information that would affect the outcome of the application" in terms of the PPP loan being approved, he said.
In Northport last week, Stewart received the letter from SBA that he's been waiting for ever since reporting the fraudulent EIDL loan in his name eight months ago.
The two-page letter states that Stewart will not be held liable for the bogus loan and it won't affect his credit score.
"After a thorough review of the loan record and the information you have provided, we have confirmed that you did not apply for this loan nor receive any benefit from this fraudulent loan application," SBA's Office of Disaster Assistance wrote in the letter, which Newsday reviewed. "SBA will not take any action to collect this loan from you."
WHAT TO DO
Actions to take if your identity has been stolen and used to apply for a COVID-19 Economic Injury Disaster Loan, or EIDL.
- File a report with local police
- Contact the U.S. Department of Justice: 866-720-5721 or justice.gov/DisasterComplaintForm
- Contact the U.S. Small Business Administration’s Office of Inspector General: 800-767-0385 or sbax.sba.gov
- Contact the Federal Trade Commission: ftccomplaintassistant.gov
- Report the issue to your bank or credit union and to the major credit reporting agencies
SOURCES: U.S. Department of Justice, Small Business Administration
BY THE NUMBERS
$225 billion: EIDL loans and grants approved since April 2020
$79 billion: Estimate of potential fraud in the program
$2 billion: Fraudulent EIDL payouts stopped or clawed back by SBA and its inspector general
SOURCE: U.S. Small Business Administration