BALTIMORE — Small business loans issued during the pandemic are now coming due. The 30-month deferment period is ending for many business owners who needed the money to stay open and they're being told they'll have to start making payments. This includes a retired Baltimore County police officer who says he never applied for a loan, and has been trying for nearly three years to get it removed from his record.
Jeff Royahn is used to solving crime, not being the victim of one.
“I never received a $9,200 check from anybody. I never cashed it. I don't know anything about it,” said Royahn.
But in October of 2020, the Small Business Administration sent a notice to Royahn that they approved his request for a $9,200 disaster loan and he'll need to pay it back.
“When I got that first one, I had contacted their identity theft hotline. That was on November 2, 2020,” said Royahn.
He filed a report with the Baltimore County Police Department, Federal Trade Commission, Maryland Office of the Attorney General, FBI Internet Crime Complaint Center, his credit bureaus, and the National Center for Disaster Fraud.
“I spoke to the person in the fraud department at this phone number and they said that this is very new for them,” Royhan recalled.
The loan repayment letters kept coming, so he mailed copies of these reports to the SBA.
“And I certified it. And it was stamped that they got it last March,” said Royahn. “There's no phone number, there is nothing. There's nobody I can talk to. And I don't know what else to do. You can investigate a homicide faster in three years. I mean, this is ridiculous. It’s absurd.”
As recent as last month, he received a notice that he missed two payments, and the loan is past due. Royahn was concerned this delinquent loan would impact his credit score, so he contacted WMAR-2 News Mallory Sofastaii.
Sofastaii contacted the SBA, and a few days later, Royahn received an update.
"We have confirmed that you did not apply for this loan nor receive any benefit from this fraudulent loan application...we are taking action to disassociate this loan from your identity and will cease all notices,” according to an email sent to Royahn from the SBA.
“Unfortunately, the government is very slow in resolving these issues. And the problem is that this is a person's life that's at stake here,” said David Williams, president of the Taxpayers Protection Alliance.
In a 2021 report, the Government Accountability Office found that the SBA approved at least 3,000 loans worth $156 million to ineligible applicants including those whose businesses did not exist.
Williams knows fraudsters manipulated the system, but he wants confirmation that there will be more controls in the future.
“What did they learn? Have they learned their lesson? And that's what taxpayers want to know is that, yes, a lot of money has been wasted, but what are they going to do next time when this happens again? Do they have the proper systems in place to make sure that this doesn't happen?” asked Williams.
In an email to Sofastaii, an SBA spokesperson wrote:
"The CARES Act passed in March 2020 required the SBA to accept self-certification from COVID EIDL applicants and prohibited the SBA from obtaining tax records to determine eligibility. In 2021, the SBA strengthened internal controls for the COVID EIDL program, including requiring tax returns."
The spokewoman added that once the SBA receives notification and supporting documentation from an identity theft victim, it takes approximately 14 days to complete the review and resolve. She did not say why it took much longer in Royahn’s case.
There have been efforts to recover some of the stolen funds. Last summer, the U.S. Secret Service said it returned $286 million in fraudulently obtained pandemic aid loans to the Small Business Administration. The SBA added that the statute of limitations has been extended from 5 to 10 years to allow more time to investigate and prosecute COVID loan fraud.
Click here for additional information on how to report identity theft and what steps to take if you believe your personal information has been compromised.