Eric M. Thorson Inspector General U.S. Small Business Administration Before the Committee on Small Business and Entrepreneurship United States Senate November 13, 2007

Testimony of
Eric M. Thorson
Inspector General

U.S. Small Business Administration
Before the Committee on Small Business and Entrepreneurship
United States Senate
November 13, 2007

Chairman Kerry, Ranking Member Snowe and Members of the Committee,

On the morning of January 9, 2007, as a result of a lengthy investigation, Special Agents of the SBA Office of Inspector General (OIG) and the U.S. Secret Service began a sweep in Detroit, Michigan, resulting in the arrest of 18 individuals. Among those taken into custody were former Business Loan Center, LLC (BLX) Executive Vice President, Patrick Harrington, and former Huntington National Bank Vice President, Deborah Lazenby. Mr. Harrington’s indictment charged him with making at least 76 fraudulent SBA-guaranteed loans totaling about $76 million. We believe this is the largest government-backed loan fraud scheme in SBA history. Mr. Harrington has actually admitted to making about 96 fraudulent SBA-guaranteed loans, so attempts to identify and investigate additional fraudulent loans, not charged in his indictment, are ongoing.

Since his arrest, Mr. Harrington has pled guilty to one count of conspiracy and one count of lying to a Federal Grand Jury. He is expected to be sentenced in January and faces up to 10 years in prison. Ms. Lazenby was recently sentenced to 2 years in prison for her role in providing phony cashier’s checks to demonstrate borrowers’ injections of equity into their businesses.


So far, the investigation regarding SBA-guaranteed loans made by the Detroit BLX office has resulted in the indictment of 27 individuals, with most of these indictments pre-dating the January 9, 2007, arrests cited above. Three of those indicted are currently international fugitives. To date, SBA recoveries from BLX, together with potential cost savings from the withdrawal of SBA guaranties on certain Detroit loans, have totaled
approximately $16 million. This criminal investigation is continuing, with further indictments expected.

These rather dramatic events caused us to look at the broader picture of how such a widespread fraud scheme—involving so many loans made by one of SBA’s largest
lenders—could occur. Working with the information initially provided by the SBA Investigations Division in the criminal case, the Auditing Division proceeded with the
effort of reviewing SBA’s oversight of BLX from 2001 to 2006. This was not an audit of BLX’s lending practices. Rather, this was an audit of how SBA monitored and oversaw BLX during this period and whether SBA took effective action to address any significant risks stemming from BLX’s lending practices. We issued our first report on this effort in July and are currently evaluating SBA’s oversight of other Small Business Lending Companies (SBLCs).

SBA Was Aware of Recurring Performance and Compliance Issues with BLX, but There Were Few Consequences for its Performance Problems

The purpose of our audit was to determine whether SBA had identified performance or compliance issues that should have alerted it to potential problems with the lender’s loan origination practices. It should be noted that, for a number of years, BLX has been one of
the most active lenders in SBA’s 7(a) loan guaranty program. Unlike most lenders in the 7(a) program, BLX is an SBLC, which means that it is exclusively regulated by SBA.

SBA has also delegated authority to BLX by admitting it to the Preferred Lending Program (PLP), which is generally reserved for the best and most knowledgeable SBA
lenders. This allowed BLX to originate and approve loans with virtually no prior SBA review.

Our report disclosed that SBA, based on its on-site reviews of BLX, its evaluations of the lender’s performance, and feedback received from its field offices, was aware of material and recurring issues with BLX’s performance. Although the fraudulent activity surfaced
by our investigation would not have been readily apparent to SBA, we believe that the high rate of defaulted loans and other indicators of problems with BLX’s loans presented undue financial risk to SBA and, therefore, merited in-depth reviews of the defaulted loans, as well as possible suspension of BLX’s PLP status. Despite the indications of problems with BLX’s loans, however, SBA continued to regularly renew BLX’s delegated PLP lending authority and honor the lender’s guaranty purchase requests without taking any additional precautions, paying out $272.1 million in guaranties
between 2001 and 2006. Quite simply, SBA did not hold the lender accountable for its performance problems.

SBA Needs to Strengthen its Oversight Practices

The broader topic of today’s hearing—whether SBA has effective safeguards and a means of overseeing lenders that facilitates the prevention and detection of fraud—has
been an area of concern and focus for my office for a number of years. Our audits and investigations have identified significant weaknesses in the Agency’s oversight of its lenders and, since 2000, we have identified lender oversight, guaranty purchase reviews,
and loan agent fraud as major management challenges facing the Agency. SBA has been slow to develop its lender oversight program, and only in recent years has the Agency made progress in addressing longstanding weaknesses.

We recognize, however, that the Agency has taken some significant steps that we wish to acknowledge. These include:

(1) Establishing a lender oversight office and an oversight committee made up of senior Agency officials;
(2) Establishing the Loan and Lender Monitoring System;
(3) Issuing a standard operating procedure (SOP) on conducting on-sight reviews;
(4) Issuing regulations on fees for performing lender reviews;
(5) Issuing proposed lender enforcement regulations; and
(6) Evaluating improvements needed in its reviews of requests by lenders for purchases of guaranties on defaulted loans (guaranty purchase reviews).

While we commend the Administrator and SBA staff for taking some important steps to improve the Agency’s oversight practices, considerably more needs to be done to develop a meaningful oversight process that can effectively safeguard SBA’s more than $60 billion portfolio of guaranteed loans. Despite these efforts, in our opinion, the mdeficiencies we observed in SBA’s handling of BLX are symptomatic of broader, systemic issues that have restricted the effectiveness of SBA’s oversight. These issues, which fall into five categories, must be addressed if SBA is to succeed in further strengthening controls over participating lenders.

  • SBA has focused on the quantity of loans produced and not the quality. With the exception of 2005, SBA has increased its 7(a) loan production goals every year since 2001. In 2007, SBA set its most ambitious goal yet—to grow the Agency’s loan portfolio by 15 percent. SBA has not, however, set goals to improve the quality of its loan portfolio or the performance of lenders participating in its loan programs. For example, SBA could develop and enforce portfolio quality evaluation standards to ensure that lenders minimize the Agency’s losses. SBA’s focus on loan production has also significantly affected how the Agency deals with unacceptable lender performance. By publicly announcing goals to grow the loan portfolio every year, SBA has created an environment where it may be difficult to take corrective action against large lenders when doing so might jeopardize SBA’sability to obtain those goals. We have also noted disparities in SBA’s treatment of large and small lenders whose performance has been deemed unacceptable. For example, we have seen poor performing lenders with limited loan production have their delegated lending authorities denied, or be removed from SBA’s lending programs. In other cases, large lenders with the same problems have been allowed to maintain their preferred lending status. This was evidenced most recently by SBA’s handling of BLX. We believe SBA may have been reluctant to take enforcement action against BLX because it is among SBA’s top 10 lenders in the value of loans disbursed.

  • SBA has delegated a considerable amount of loan making authority to lenders without making corresponding increases in its monitoring and oversight efforts. Faced with dwindling staff resources, and in an effort to expedite the lending process, SBA has increased its reliance on lenders to originate, service, and liquidate guaranteed loans with little Agency oversight. Currently, more than 87 percent of SBA’s loans are made using delegations of authority, where lenders are authorized to make loans with minimal oversight by SBA. SBA requires limited documentation from these lenders to demonstrate their compliance with the Agency’s lending policies. Borrowers and lenders are also allowed to certify to various facts without subsequent verification by SBA personnel, even after the loans default. These certifications include such information as the borrower’s citizenship, prior losses on government loans, intended use of working capital, and the status of refinanced prior debt. By increasing its use of delegated lender authority, SBA has assumed more risk. However, it has not fully implemented compensating controls to mitigate that risk. For example, our audit of the Office of Lender Oversight Corrective process disclosed that each year SBA has reviewed only a fraction of the lenders operating under delegated lending authority. Of the approximately 350 lenders eligible for onsite reviews, only 70 were reviewed in 2005 and only 55 were reviewed in 2006. Although SBA has a goal to increase the number of reviews it conducts in 2008 as it can now fund this activity through fees charged the lenders, it is unclear whether SBA will meet its goals given the criticism it has received from lenders over these fees.

  • Reductions in personnel over the past 5 years have diminished the Agency’s capacity to provide oversight at a time when it is growing its loan portfolio. SBA has had a 25 percent reduction in personnel since 2001, while loan production has increased by more than 100 percent over that same period. SBA’s Office of Credit Risk Management (formerly the Office of Lender Oversight) has not had a significant staff increase, and is currently operating with less than its authorized number of personnel. As a result, it cannot perform the type of analyses that might detect fraud schemes and isolate high-risk situations or investigate lenders with high default rates. Staffing shortages at the SBA’s National Guaranty Purchase Center have also prevented the Agency from conducting effective and timely purchase reviews of all defaulted loans. These reviews occur either pre-purchase, before the guaranteed portion of the loan is paid out, or post-purchase, involving loans that have been sold on the secondary market to investors. In our view, SBA’s review of guaranty purchase requests by lenders on loans that have gone into default is a key lender oversight function. Currently, however, SBA has a backlog of 1,000 unprocessed pre-purchase requests and over 3,000 unprocessed post-purchase loan packages that vary in age from 12 months to over 6 years. Because SBA had not conducted post purchase reviews on a significant backlog of loans, including many of those originated by BLX, the Agency does not have current or complete information on lender compliance issues, and only acquires this information long after the guaranties were purchased and the money paid out. As a result, SBA lacks critical data to determine whether corrective action is warranted to address lender deficiencies. In addition, untimely reviews limit the OIG’s ability to effectively investigate and prosecute criminal fraud. Our office has identified recurring problems with the quality of purchase reviews used to support guaranty payments and control improper payments. The sheer volume of guaranty purchase requests that the Agency must process with current staffing levels, combined with the Agency’s goal of paying lenders in a timely manner, have resulted in careless purchase reviews that failed to identify loan deficiencies. For example, last year we estimated that as much as $131 million in purchases of SBAExpress and Community Express loans had not been properly reviewed by SBA. We also examined the Agency’s purchase process for 7(a) loans, which disclosed significant deficiencies in the Agency’s reviews of lender purchase requests that led us to question the Agency’s estimate of improper payments. We reported that almost half of the loans we reviewed were purchased by SBA without adequately analyzing whether lenders originated, serviced, and liquidated loans in accordance with SBA requirements and prudent lending practices. Although SBA has taken steps to revamp the purchase review process for 7(a) loans, in September 2007, it determined that more than 50 percent of all backlogged 7(a) purchase packages were missing significant documents required for effective review.

  • Potential conflicts exist between SBA’s lender advocacy and oversight roles and the organizational structure supporting these functions. The lender oversight responsibilities of SBA’s Office of Credit Risk Management (OCRM) and the lender advocacy role of the Office of Financial Assistance (OFA) are not compatible. Both offices reside within the Office of Capital Access (OCA), which is responsible for the direction and administration of SBA’s lending programs. Because the lender oversight role may involve taking necessary enforcement actions or revoking PLP status, the responsibilities of OCRM are not compatible with role of OFA and OCA in promoting SBA’s lending programs and growing the Agency’s loan portfolio. Furthermore, SBA’s guaranty purchase centers report to OFA. It would make more sense to place the purchase centers under OCRM because guaranty purchase reviews are an important component of lender oversight.

  • SBA is not focused on fraud detection. The size of SBA’s loan portfolio, and its growing reliance on lenders for loan making, have made SBA’s loan programs vulnerable to fraud, and presented SBA with significant challenges in ensuring the integrity of these programs. Historically, SBA’s efforts to detect fraud have been limited. The Agency has relied primarily on third-party reviews of lender activities to ensure that lenders are making good quality loans, as well as guaranty purchase reviews. For years, OIG investigations have revealed a pattern of fraud by loan packagers and other for-fee agents in the 7(a) program. Often loan agents are able to exploit systemic weaknesses in SBA lending and the lack of SBA oversight. As a result, they are able to implement fraudulent schemes on multiple loans causing losses of millions or tens of millions of dollars. This was evident in the BLX arrests that were made in January. In fact, past and ongoing OIG investigations have identified loan agent fraud on hundreds of millions of dollars of loans. An OIG management challenge has for years recommended that the Agency implement effective measures to track loan agent involvement so that quick action can be taken to prevent losses if fraud is detected. However, to date, Agency efforts to track loan agents have been limited and ineffectual. While it is not the Agency’s responsibility to investigate fraud, given the billions of dollars at stake, we believe SBA needs to take more aggressive steps to identify and address potentially fraudulent activity. We recognize that fraud detection is not an exact science. No matter how sophisticated the fraud detection techniques are, not all fraud and abuse can be identified. However, implementing a variety of monitoring efforts holds more promise for identifying potentially fraudulent activity than the Agency’s current strategy, and also provides a deterrent to such illegal activity.

Redacting the Audit Report

Finally, let me address the issue of our audit report and the numerous redactions it contains. I have been asked why we allowed any redactions, why we just didn’t rewrite
the report so it would not generate this controversy, and why we issued the report at all.

Regarding the issue of rewriting a report to eliminate controversy, we conduct an audit for one purpose, and that is to attempt to draw attention to issues, oftentimes weaknesses, which will allow the Agency to improve a process, procedure or program to make the Agency run better and more efficiently. We are also required to meticulously back up the statements we make with hard evidence so that we do not simply report unfounded whims of the writer. In doing so, we use whatever information or data we have to demonstrate the credibility of our report and to strengthen our recommendations. We
have never rewritten an audit report to avoid controversy, and we will not do so in the future.

I have also been asked why, if the OIG is independent, we allowed anyone, even the Agency General Counsel, to redact portions of our report. The answer is that, although
there is no requirement that we post audit reports on the Web, we generally post these reports because we believe that making the reports available serves the public interest. However, the public interest has to be balanced against the potential harm that could occur from releasing the report. We have, in the past, extensively redacted reports on SBA’s Information Technology weaknesses in order not to provide a roadmap for
hackers to disrupt SBA’s systems.

In this case, the General Counsel stated that there could be harm to the Agency from releasing the report. Although our lawyers do not necessarily agree with the OGC legal
analysis, this is an unusual circumstance where the report discusses the actions of a private sector company. We believe the reasons for doing so are self evident. I have great respect for Mr. Borchert, the SBA General Counsel. So, when he offered redactions that he felt protected various Agency privileges and stated that some Agency operational practices could be damaged if those redactions were not made, we accepted his concerns.
Simply put, we do not wish to cause any harm to the Agency, and in fact, strongly desire to make it better. As I said, although we do not necessarily agree with the reasons for the redactions, the safest path was to accept, for now, those redactions and post the report. I hope that we have provided both the Agency and the Committee a thorough picture of both the history of this important criminal case, as well as our summary of current problems that SBA is experiencing in the area of lender oversight. As I mentioned earlier, the Agency has made notable strides in strengthening its oversight capacity, but
as I have also pointed out, there is much left to do.