Helping small businesses while protecting taxpayers' dollars
Contact Us
  • Case study

Helping small businesses while protecting taxpayers' dollars

How Primis mitigated the risk of 2,500 Paycheck Protection Program loans in just two months

Who we worked with

Primis is a Small Business Association (SBA)-preferred lender and a rapidly growing, community-based bank in the southeastern United States, with more than $3 billion in assets

How we helped

  • Implemented a custom-built workflow within riskCanvasTM, Genpact's financial crime software suite, to perform KYC due diligence on PPP loans
  • Sourced additional customer information and performed KYC due diligence on loan applications
  • Assigned an overall risk score for each PPP customer and generated compliance reports

What the bank needed

  • To perform know-your-customer (KYC) due diligence on 2,500 loan applications as part of the Paycheck Protection Program (PPP) of the US Coronavirus Aid, Relief, and Economic Security (CARES) Act
  • To detect, manage, and remediate any potential fraud or compliance issues in just eight weeks

What the bank got

  • Processed 40% more PPP loans, leading to a 33% increase in overall loan volumes in just four months
  • Converted 200 PPP customers to permanent customers, resulting in a 10% increase in deposits
  • Identified a loan fraud rate of 3%, approximately 2.5% higher than non-PPP loans
  • Developed a stronger approach to due diligence for the long term


Get to know thousands of new customers, fast

Between April and June 2020, the US government disbursed $518 billion in forgivable PPP loans, administered by the SBA under the CARES Act. Banks had to move at warp speed to extend those loans and help small businesses keep their employees on payroll and their companies running.

Primis, a growing regional community bank with more than $3 billion in assets, is an SBA-preferred lender. With a depth of SBA expertise equivalent to that of a bank many times its size, Primis was in an ideal position to offer PPP loans. The bank enrolled in the program early, marketed its participation through local accounting firms, and made its PPP application available online in time for launch.

Take a copy for yourself

Learn more

A flood of loan applications from unknown entities

Within two days, Primis was inundated with thousands of PPP loan applications from small businesses nationwide.

Traditional community banks like Primis are built on relationships. They know most of their customers personally. And they gain comfort in the legitimacy of new customers, typically located within a five to 10-mile radius of a branch, in large part by placing eyes on them. But PPP loan applications were pouring into Virginia-based Primis from unknown entities in every state across the country. And most of these new customers didn't bank close enough to a branch to pick up their loan checks.

"Once we saw where these applications were coming from, and the volume and speed of them, we knew this was going to be a challenge," says Dennis Zember, CEO, Primis. "But this was a life-or-death situation for many small businesses. It didn't seem right to turn them away. And I've never viewed state or county lines as a particularly meaningful boundary. I view the whole country as my oyster. As long as we could determine on behalf of the government that we were not being defrauded, I was not afraid to lend nationwide."

A program that was a fraudster's dream come true

By its nature, though, the program was rife with opportunities for fraud.

"The government was adamant that banks loan the money rapidly," says Zember. "The application process was simple, the interest rate was low, the money never needed to be repaid. All someone had to do was provide two or three pieces of information, and – boom! – they got a big wire."

Still, it was the SBA's job to ensure that taxpayer dollars weren't being misappropriated. The SBA tasked the banks that had rapidly funneled the stimulus money to their small business customers with identifying which small businesses should get a write-down (estimated at around 70–90% of loan balances) or be punished for accepting or using funds in a way that was inconsistent with program guidelines.

The stakes were high. A fraud rate of even 0.5% meant a loss of $2.5 billion to American taxpayers. The government acknowledged the increased risk of providing such huge amounts of money at a breakneck pace. But expectations for due diligence were still high.

Inadequate internal resources for the job at hand

Primis didn't have the internal resources to conduct KYC due diligence for thousands of new customers in the eight weeks the regulator gave banks to set up forgiveness operations. Nor did it have the resources to manage the full volume of applications it received – 4,100 in all – on its own.

"As a regional, community bank we just didn't have the people, processes, or technology in place to manage this program by ourselves," says Zember.

Like many banks administering PPP loans, Primis had redeployed staff to process PPP loan applications. Many of these employees didn't have any loan experience at all, which created the opportunity for mistakes.

What's more, Primis had acquired five other banks in the past 15 years. And PPP threatened to put undue pressure on its newly integrated due-diligence processes.


Going above and beyond to vet new customers and weed out fraud

Primis didn't just want to lend money to small businesses in need. It also wanted to meet the gold standard of risk and compliance. Its solution would have to:

  • Gather and double-check every PPP loan artifact for 2,500 small business customers, including customer profile information and business documentation
  • Place high-risk areas, like beneficial ownership structures, under a microscope
  • Highlight other KYC risks as well as small business customers' appearances on watch lists

Primis evaluated several potential solution provider partners to help it address the challenge. "The Paycheck Protection Program was brand new," says Zember. "Yet most of the companies we spoke to planned to reuse rigid, off-the-shelf programs. Genpact had proactively brought together industry, technology, and regulatory experts to develop a custom-built workflow for PPP within its finely tuned financial crime software suite. Genpact also had the digital, industry, and risk expertise to work with our bank to adapt the solution for our specific needs."

Primis was confident that Genpact could help the bank to achieve its goals.

Turn challenges into opportunities for your bank

Learn more

The gold standard for PPP due diligence

We rolled out a tailor-made workflow within riskCanvasTM, our financial crime software suite, which allows financial institutions to detect, investigate, and prevent a variety of threats.

riskCanvasTM is a cloud-based solution, native to Amazon Web Services (AWS) built using development operations (DevOps) best practices. This allowed us to deploy the infrastructure, application, networking, encryption, and security monitoring as-a-code for Primis with no manual intervention. Once the code was committed, the continuous integration and continuous deployment (CI/CD) pipeline took it and performed automated testing on it. Due to the sensitive nature of the regulatory environment surrounding financial services, riskCanvasTM required business and technical teams to manually review and validate production deployment. Once the code was in production, Amazon CloudWatch monitored the deployed workloads to optimize capacity, ensure business continuity and disaster recovery, and enable storage and backup operations. This saved time compared to manual deployment processes.

In fewer than three weeks, Genpact had the system up and running, had configured a tailored workflow, and was already delivering value to the business.

A team of financial crime leaders applied their expert human judgment to the reviews and operated the workflow in a secure work-from-home environment. The solution:

  • All loan documentation that PPP customers had submitted when they originally applied for the program, such as articles of incorporation
  • Identified any gaps in the necessary loan documentation
  • Provided third-party verification of supporting information, including, for example, business address and owners' identification
  • Thoroughly assessed KYC artifacts, which involved searching for evidence of salary payments to employees, checking beneficial owners' names against watch lists, and searching for negative news to uncover risks, such as politically exposed persons
  • Tagged all evidence with the relevant regulatory citation
  • Assessed risk factors and assigned an overall score for each small business customer, using our scoring algorithm, riskDNA
  • Provided a standard report on each customer, which highlighted areas of due-diligence risk and included expert recommendations

Some of the red flags the solution identified included:

  • Generic or ambiguous business descriptions
  • Questionable incorporation documents
  • Unusual payroll statements
  • Suspicious invoices provided as evidence that a business exists
  • Virtual rather than physical office locations as registered addresses
  • A lack of records found in external, open-source searches

The solution allowed the bank to see not only which customer files required further investigation, but also how its existing due-diligence processes could be improved for the long-term using world-class risk and compliance processes.


Less risk, broader horizons

Primis is now an industry leader in risk and compliance for PPP loans and has felt the benefits of this across the business.

Less risk

Genpact's solution successfully checked all 2,500 PPP loans and identified 3% that appeared to be potentially fraudulent. Though this was roughly 2.5% higher than for non-PPP loans, it wasn't as high as the bank expected given the nature of the program.

"The results have exceeded all of our expectations. The end product has impressed our risk team and our board of directors," says Zember. "And when the regulators see how far above and beyond we've gone to vet new customers and weed out fraud, they are bound to be impressed too."

The solution protects Primis against legal, reputational, and regulatory risk. "We have materially decreased the perceived and actual risk in our PPP loan portfolio due to Genpact's hard work," says John Colantoni, chief risk officer at Primis. "This has enabled us to achieve compliance, protect taxpayer dollars, and ensure available aid goes to actual small businesses that legitimately need it. It's also helped us to build our own internal expertise and enhance our reputation as a risk and compliance leader in the industry, which will pay dividends going forward."

More customers and stronger risk processes

Primis has also won more customers, both in the short and long term. "There's no way we could have processed the same number of PPP applications without Genpact," says Zember. "As the bank earns a fee on each PPP loan application, we wouldn't have achieved the same level of revenue from the program. And there's no way we could have helped as many small businesses as we did." Some of the new PPP customers even ended up transferring their deposit accounts to Primis. In fact, deposits are up by about 10%.

Primis executives also received invaluable guidance that would improve its due-diligence processes for the long haul. "My executive staff grew professionally through this engagement," Zember says.

Broader horizons

After transforming from a regional bank into a nationwide lender practically overnight, Primis now has its sights set on broader horizons. "Now, if the best customer is in Santa Fe, New Mexico, we're going to bank that customer even if we don't have a branch there," says Zember.

Genpact's solution helped Primis respond to the needs of businesses across America. And it placed the bank at the front of the pack of financial services firms that are doing the right thing by American taxpayers.

As companies continue to face uncertainty, Primis can continue to support small businesses with confidence, build its reputation as a leader in risk and compliance, and fulfill its expansion goals. Thanks to Genpact, it's onward and upward for both Primis and its customers.

Visit our financial risk and compliance management page

Learn more