All Things FinReg


The US Senate approved an additional $310 billion in funds for the Paycheck Protection Program (PPP) on April 20, and the House of Representatives is expected to approve these additional funds within days. As fintech companies accelerate their participation in the re-funded program, it is important to remain aware of the liability risks of doing so.

The PPP, which provides loans to eligible borrowers aimed at helping them maintain employees on payroll, ran out of its original $349 billion allocation on April 16. Despite the PPP funds being exhausted at such a rapid pace, Senate Small Business Committee Chairman Marco Rubio (R-FL) noted on April 4 that many prospective borrowers had trouble accessing the PPP through traditional lenders, and championed the participation of fintech lenders to expand borrower access.

SBA Measures to Limit PPP Lender Exposure

As we explained in our LawFlash on PPP lender enforcement exposure, the Small Business Administration (SBA), in implementing the PPP, took several measures to limit lenders’ potential exposure, including most directly by allowing lenders—in most circumstances—to rely on borrowers’ eligibility and loan forgiveness certifications.

The scope of these protections, however, is not always clear, particularly with respect to a PPP lender’s obligation to conduct a “good faith review” of borrowers’ historical payroll costs and any lender submission for advance PPP loan forgiveness, including the degree to which a lender may rely on borrower representations in support of such a submission.

In addition, and of particular importance to fintech companies, the SBA is explicit that lenders subject to the Bank Secrecy Act (BSA) must continue to follow all BSA/anti-money laundering (AML) requirements. Lenders not already subject to the BSA that wish to participate as PPP lenders must establish an AML compliance program equivalent to that of a comparable federally regulated institution.

Considerations for Fintech Lenders Participating in the PPP

In certain respects, fintech lenders, which are more likely than traditional lenders to have experience implementing AML and Know Your Customer (KYC) protocols for customers they have never met in person, are better situated to follow through on these controls while participating in the PPP in this remote economic environment. On the other hand, fintech companies scaling their existing lending businesses and newly participating as lenders are likely to see an influx of new small business customers urgently applying for PPP loans. As such, lenders must continue to ensure that their existing (or newly adopted) BSA/AML controls are sufficient to deal with this growing and potentially changing customer base.

Furthermore, many fintech companies have been participating in the PPP in capacities other than standalone lenders. For example, companies have worked with partner banks in issuing PPP loans, and others have provided application-processing services for lender banks. In these arrangements, it is imperative that the participants have a clear allocation of responsibilities—both PPP- and BSA/AML-specific—to limit potential exposure.


In short, while the PPP presents an opportunity for many fintech companies to expand or establish their lending businesses, it also creates the risk of liability exposure now and in the future. Participating fintech lenders must ensure that they and their lending partners are complying with all PPP lender requirements, including BSA/AML compliance.

We expect that the various financial regulators will announce additional guidance with respect to PPP lending as the COVID-19 situation develops. We will keep you posted on key initiatives as they are announced.

Visit our Coronavirus COVID-19 resource page for more information on COVID-19 and other helpful industry resources during this challenging period.