The gold standard for PPP due diligence
We rolled out a tailor-made workflow within riskCanvasTM, our financial crime software suite, which allows financial institutions to detect, investigate, and prevent a variety of threats.
riskCanvasTM is a cloud-based solution, native to Amazon Web Services (AWS) built using development operations (DevOps) best practices. This allowed us to deploy the infrastructure, application, networking, encryption, and security monitoring as-a-code for Primis with no manual intervention. Once the code was committed, the continuous integration and continuous deployment (CI/CD) pipeline took it and performed automated testing on it. Due to the sensitive nature of the regulatory environment surrounding financial services, riskCanvasTM required business and technical teams to manually review and validate production deployment. Once the code was in production, Amazon CloudWatch monitored the deployed workloads to optimize capacity, ensure business continuity and disaster recovery, and enable storage and backup operations. This saved time compared to manual deployment processes.
In fewer than three weeks, Genpact had the system up and running, had configured a tailored workflow, and was already delivering value to the business.
A team of financial crime leaders applied their expert human judgment to the reviews and operated the workflow in a secure work-from-home environment. The solution:
- All loan documentation that PPP customers had submitted when they originally applied for the program, such as articles of incorporation
- Identified any gaps in the necessary loan documentation
- Provided third-party verification of supporting information, including, for example, business address and owners' identification
- Thoroughly assessed KYC artifacts, which involved searching for evidence of salary payments to employees, checking beneficial owners' names against watch lists, and searching for negative news to uncover risks, such as politically exposed persons
- Tagged all evidence with the relevant regulatory citation
- Assessed risk factors and assigned an overall score for each small business customer, using our scoring algorithm, riskDNA
- Provided a standard report on each customer, which highlighted areas of due-diligence risk and included expert recommendations
Some of the red flags the solution identified included:
- Generic or ambiguous business descriptions
- Questionable incorporation documents
- Unusual payroll statements
- Suspicious invoices provided as evidence that a business exists
- Virtual rather than physical office locations as registered addresses
- A lack of records found in external, open-source searches
The solution allowed the bank to see not only which customer files required further investigation, but also how its existing due-diligence processes could be improved for the long-term using world-class risk and compliance processes.