SBA’s Handling of Identity Theft in the COVID-19 Economic Injury Disaster Loan Program

The Office of Inspector General (OIG) is issuing this Evaluation report to notify Small Business Administration (SBA) officials of  significant matters regarding its handling of complaints of identity theft in the Coronavirus Disease 2019 (COVID-19) Economic Injury Disaster Loan (EIDL) program.

We recommend the Administrator to direct the Associate Administrator for the Office of Disaster Assistance, the Chief Financial Officer for the Office of Performance Management and Chief Financial Officer, and the Associate Administrator for the Office of Capital Access to:

1. Develop a process to maintain and track all identity theft complaints.
2. Develop a process to provide status updates to each complainant alleging identity theft.
3. Complete and formalize a process to restore identity theft victims to their condition prior to the fraud. The process should include steps to stop the loan billing statements, prevent delinquency collections, release them from loan liability and UCC liens. 
4. Develop a process to remove any fraudulent loans and related UCC filing fees from its financial records. 
5. Review over 150,000 returned billing statements and resolve any that involve identity theft, then refer fraudulent loans to OIG.

While management stated they partially agreed with all of the recommendations, management’s formal comments state they took actions to address each of them.