As all lenders now know, the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) Paycheck Protection Program (“PPP”) secured loans are the key element of economic relief for children. small businesses during the COVID-19 crisis. Yet in the rush for these loans to flow into the economy, the Small Business Administration (“SBA”) has issued interim regulations that raise important unanswered questions about the compliance policies of participating lenders. Temporary changes to the business loan program; Paycheque Protection Program (proposed April 2, 2010) (to be codified in 13 CFR pt. 120). These questions are radically different but equally important for banks and other traditional lending institutions accustomed to operating under the Bank Secrecy Act (“BSA”) and for non-bank lenders who have never been under the jurisdiction of the BSA. .
Banks and other traditional credit institutions have already implemented AML (Anti-Money Laundering) and KYC (Know Your Customer) policies. For them, the provisional regulation of the ASB does not appear, at first glance, to be disturbing; it simply requires that these lenders “follow their existing BSA protocols”. In this crisis, however, nothing is the same. The urgency of getting these loans approved and the importance of social distancing make verifying the applicant’s information not an easy task. Although SBA regulations state that “PPP loans for existing clients will not require re-verification under applicable BSA requirements unless otherwise specified by the institution’s risk-based approach to BSA compliance ”, the question arises as to whether a PPP loan application for an existing customer qualifies as a new account for the purposes of the FinCEN Customer Due Diligence (“ CDD ”) rule. Fortunately, the SBA and the Treasury Department have published revised FAQs addressing this issue and explaining that, for PPP loans to existing clients, lenders do not have to recheck the information that had been previously provided and verified and did not. not even collecting and verifying missing information in the first place “unless otherwise specified by the lender’s risk-based approach to BSA compliance”. Frequently Asked Questions (FAQs) About Paycheck Protection Program Loans (April 8, 2010). We expect the SBA Final Rules to be updated to reflect this important clarification.
For non-bank lenders who have not been subject to the BSA, the provisional rule requires such lenders “to establish an anti-money laundering (AML) compliance program equivalent to that of a comparable federally regulated institution.” , who “[d]Depending on the comparable federally regulated institution,… may include a client identification program. What is clear is that these non-bank lenders will need to establish some sort of AML and (probably) KYC policy in order to participate in PPP loans. What is not clear is how much these policies need to be crafted, especially given how quickly they would need to be designed and implemented to join this emergency agenda. This problem is compounded by the BSA’s broad definition of “financial institution”, which includes a wide variety of different financial entities, making it difficult for non-bank lenders to determine the type of “financial institution” after which they should model their new policies. Unless the SBA provides additional guidance on how to determine the appropriate comparable institution, developing the best AML and KYC policy for each non-bank lender might rely more on their already existing procedures and what they need. is reasonably possible to implement within an accelerated timeframe.