Key Takeaways
- New York's proposed Senate bill would extend criminal usury statutes to merchant cash advances, revenue-based financing, and invoice factoring for the first time.
- MCA underwriting best practices must now prioritize verifiable cash flow documentation that proves a transaction is a genuine purchase of receivables, not a disguised loan.
- Funders who rely on thin documentation or incomplete bank verification face the greatest legal exposure if criminal usury frameworks expand.
- AI-powered bank statement analysis can build the evidentiary paper trail that distinguishes compliant MCA deals from those regulators may reclassify as loans.
- The bill's reach beyond New York could set a template for other states, making documentation upgrades an industry-wide imperative.
Criminal Usury Expansion Is Coming for MCA Funders
A New York Senate bill introduced in May 2026 proposes to rewrite the state's criminal usury laws to cover invoice financing, revenue-based financing, merchant cash advances, retail installment contracts, and any transaction that "in substance functions as the advance of funds in exchange for a future payment." That final clause is the one that should keep every MCA underwriter awake at night. If signed into law, the bill wouldn't just create new civil liability. It would make certain MCA transactions a criminal offense. For funders operating on the assumption that MCA underwriting best practices only need to satisfy civil courts and state disclosure rules, this is a category shift. The legislative text, available through the New York State Senate, treats economic substance over legal form. In other words, calling a deal a "purchase of future receivables" won't be enough. Prosecutors would examine whether the transaction actually functions that way in practice.
This article breaks down what the bill means for MCA funders, why existing underwriting documentation may not hold up under criminal scrutiny, and how automated bank verification creates the evidentiary foundation funders will need to defend their deal structures.
Why Standard MCA Underwriting Documentation Falls Short Under Criminal Scrutiny
The Substance-Over-Form Standard
Most MCA agreements are carefully drafted to describe a purchase of future receivables. The contract language matters, but it isn't the whole story. Courts in New York have already applied a substance-over-form analysis in civil cases, examining whether the funder bore genuine risk of non-payment tied to the merchant's actual sales. The proposed criminal usury bill codifies this approach and raises the stakes from monetary damages to potential prosecution.
What does that mean in practice? If a funder advances $50,000 against future credit card receipts, the underwriting file needs to demonstrate that the funder actually analyzed the merchant's revenue, verified bank deposits consistent with claimed sales volume, and structured remittance as a true percentage of daily receivables. A thin file with a signed application and three months of bank statements that nobody carefully reviewed won't establish genuine commercial risk-sharing.
Three Documentation Gaps Most Funders Ignore
First, many funders collect bank statements but don't systematically extract and cross-reference deposit patterns against the merchant's stated revenue. A PDF sitting in a folder isn't evidence of analysis. Second, few underwriting files document the decision rationale, specifically, how the funder determined that the merchant's cash flow supported the advance amount and the projected remittance timeline. Third, audit trails are often incomplete. If a regulator or prosecutor asks to see every step from application intake to funding decision, most funders can't produce a clean chronological record.
These gaps exist because the industry has historically optimized for speed over documentation depth. As we explored in our analysis of how New York's MCA criminalization bill reshapes bank verification software for funders, the regulatory environment is now demanding that speed and compliance coexist. Funders who treat them as trade-offs will find themselves exposed.
How AI-Powered Cash Flow Verification Builds a Defensible File
The answer isn't to slow down underwriting. It's to automate the evidence collection. AI-powered bank statement analysis can extract daily deposit totals, identify revenue seasonality, flag inconsistencies between stated and actual cash flow, and categorize transaction types, all within minutes of document upload. This isn't generic "AI is transforming everything" rhetoric. It's a specific application of optical character recognition layered with machine learning transaction classification models trained on MCA-relevant bank statement formats.
When Let's Submit processes a merchant's bank statements, the platform's AI extracts structured financial data, including average daily balances, deposit frequency, NSF occurrences, and existing ACH debit patterns that might indicate prior funding positions. That extracted data populates a reviewable summary that an underwriter can verify before approving the deal. More importantly, every extraction, review, and approval step is logged with timestamps, creating the audit trail that transforms an underwriting file from a loose collection of PDFs into a defensible compliance record.
For funders evaluating their exposure under potential criminal usury statutes, the question isn't whether they have bank statements on file. It's whether they can prove they actually analyzed them and made a risk-based funding decision grounded in the merchant's real cash flow.
Beyond New York: Why This Bill Matters for Every MCA Funder
New York isn't operating in a vacuum. California's AB2116 commercial financing disclosure requirements already signal a broader trend toward treating MCA transactions with the same regulatory scrutiny applied to traditional lending. Virginia now has 229 registered MCA providers under its own disclosure regime. The proposed New York bill is simply the most aggressive iteration yet, moving from disclosure mandates to criminal penalties.
Even funders headquartered outside New York face exposure. If the merchant is located in New York, or if the agreement specifies New York law, the criminal usury statute could apply. Given that New York-based merchants represent a substantial share of MCA deal flow nationally, geographic avoidance isn't a realistic strategy.
What Prosecutors Would Actually Look For
If the bill passes and prosecutions begin, the evidentiary focus will likely center on three questions. Did the funder conduct genuine underwriting based on the merchant's ability to generate receivables? Was remittance structured as a fixed percentage of actual sales, or as a de facto fixed payment that functioned like loan amortization? And did the funder bear real risk of loss if the merchant's business declined?
Each of these questions points back to bank verification data. A merchant's bank statements are the primary source of truth for revenue patterns, deposit consistency, and existing financial obligations. Funders who can demonstrate systematic extraction and analysis of this data at the time of underwriting, not after the fact, will be in the strongest position to defend their transactions as genuine receivables purchases.
Stacking Detection as a Compliance Imperative
The criminal usury bill also creates new urgency around MCA stacking detection. If a funder advances capital to a merchant who already has three existing positions, the resulting cash flow burden may transform what looks like a receivables purchase into something closer to a predatory loan in the eyes of a prosecutor. Identifying existing positions through bank statement analysis, specifically by flagging recurring ACH debits that match common MCA remittance patterns, isn't just a credit risk measure anymore. It's a compliance necessity.
As we detailed in our guide on how to prevent MCA stacking fraud with smarter bank verification, automated detection of existing funding positions before approval is the most reliable way to avoid over-advancing. Under a criminal usury framework, that same detection serves double duty as evidence that the funder exercised reasonable diligence.
Building an Underwriting Workflow That Withstands Criminal Scrutiny
Upgrading MCA underwriting best practices for this new environment doesn't require tearing down existing workflows. It requires layering in automated verification and documentation at critical decision points. The workflow should look something like this.
At intake, the merchant uploads bank statements through a secure portal. Let's Submit's AI extraction runs immediately, parsing deposit history, balance trends, NSF events, and recurring debits. The underwriter reviews structured data rather than raw PDFs, which reduces both review time and the risk of missing critical patterns. Every field the AI extracts is editable, so the underwriter can correct or annotate before the data flows into the decision record. Once the underwriter approves, the complete file, including raw documents, extracted data, review notes, and timestamps, is preserved as a single auditable record.
This isn't theoretical. In 2026, the Consumer Financial Protection Bureau continues to signal interest in small business lending oversight, and state legislatures are filling perceived gaps with their own enforcement mechanisms. Funders who build documentation rigor into their workflow now will be positioned to operate across any regulatory environment, whether it's New York's proposed criminal statute, California's disclosure rules, or whatever comes next.
Frequently Asked Questions
What does New York's criminal usury bill mean for MCA funders?
The proposed bill would extend New York's criminal usury statutes to cover merchant cash advances, invoice factoring, and revenue-based financing. If enacted, MCA transactions that function as disguised loans could be prosecuted as criminal usury rather than just challenged in civil court. Funders would need to demonstrate through their underwriting documentation that each transaction is a genuine purchase of future receivables with real risk-sharing, not a fixed-repayment advance that mimics a high-interest loan.
How do MCA lenders prove a transaction is a true receivables purchase?
The strongest evidence comes from bank statement analysis conducted at origination. Funders should document that they verified the merchant's actual revenue through deposit history, sized the advance based on demonstrated cash flow, and structured remittance as a genuine percentage of future sales. An auditable record showing when bank statements were reviewed, what data was extracted, and how the funding decision was reached provides the evidentiary foundation. Platforms like Let's Submit automate this extraction and create timestamped audit trails for every application.
Will other states follow New York's approach to criminalizing MCA?
While no other state has introduced identical legislation as of mid-2026, the trend toward stricter MCA regulation is clear. California, Virginia, and several other states have enacted disclosure and registration requirements. New York's criminal usury bill represents the most aggressive step yet, and its passage could provide a legislative template for other states. Funders operating nationally should treat documentation upgrades as a proactive investment rather than a reactive response to a single state's actions.
Can AI-powered underwriting tools help MCA funders stay compliant?
Yes, specifically by automating the extraction and documentation of cash flow data from bank statements. AI tools trained on MCA-relevant document formats can identify deposit patterns, detect existing funding positions through ACH debit analysis, and flag inconsistencies that suggest a merchant's stated revenue doesn't match actual bank activity. The key compliance benefit is the audit trail. When every extraction and review step is logged automatically, funders can demonstrate that their underwriting decisions were data-driven and conducted with genuine diligence.
Conclusion
New York's proposed criminal usury expansion isn't a distant hypothetical. It's a bill with active sponsors in a state that generates a disproportionate share of MCA deal flow. Whether it passes this session or next, the direction is clear: regulators and legislators are moving toward treating MCA transactions with the same scrutiny applied to loans, and funders whose underwriting files can't withstand that scrutiny face real legal risk.
The fix isn't complicated. It's systematic. Automated bank statement extraction, structured data review, and complete audit trails turn every funded deal into a defensible compliance record. Let's Submit was built for exactly this workflow. Visit letssubmit.ca to see how AI-powered document extraction and async bank verification give your underwriting team the speed and documentation depth this new regulatory environment demands.