Key Takeaways
- A New York Senate bill proposes rewriting criminal usury laws to cover merchant cash advances, invoice factoring, and revenue-based financing, potentially exposing funders to felony charges.
- Even if the bill stalls, the compliance signal is clear: funders need auditable, automated bank verification software for funders that documents every underwriting decision.
- AI-powered document extraction and async verification create the defensible audit trail funders will need if state-level criminalization spreads.
- Funders who treat bank statement analysis as a checkbox rather than a compliance strategy are the most exposed to regulatory and legal risk.
A New York Bill Just Put Every MCA Funder on Notice
A newly introduced New York Senate bill aims to rewrite the state's criminal usury laws so broadly that merchant cash advances, invoice factoring, revenue-based financing, and retail installment contracts could all fall under criminal prosecution. The bill targets "any transaction that in substance functions as the advance of funds in exchange for a future payment," a definition so expansive it would capture the core mechanism of nearly every alternative lending product on the market. For funders evaluating their bank verification software for funders, this is not a theoretical exercise. It is a direct compliance alarm.
Whether or not this specific bill passes, the legislative intent is unmistakable. State regulators are moving from disclosure mandates and licensing requirements toward the sharpest tool they have: the criminal code. For MCA lenders, the immediate question is not just "how do we structure deals?" but "can we prove, at every step, that our underwriting was sound and our documentation is airtight?"
This article breaks down what the bill means for funders, why bank verification infrastructure is now a compliance necessity rather than a workflow convenience, and how AI-powered extraction and async verification create the defensible audit trails that regulators will demand.
What the Bill Actually Says and Why It Matters for Funders
The Scope of Criminalization Goes Far Beyond Usury
Previous state-level MCA regulation has focused on disclosure. California's SB 1235 requires standardized cost disclosures. Virginia created a registration framework. New York's own commercial finance disclosure law, effective since 2023, mandates APR-equivalent transparency. All of these are civil compliance regimes. A funder that falls short faces fines, cease-and-desist orders, or license revocation.
This new bill is categorically different. By folding MCAs and similar products into the criminal usury statute, a violation would not result in a compliance letter. It would result in a felony charge. The language is deliberately broad, covering any advance of funds tied to future payment, regardless of whether the transaction is structured as a purchase of receivables, a factor rate deal, or a revenue share. Funders cannot rely on product labeling to avoid exposure.
Documentation Becomes Your First Line of Defense
In any criminal proceeding involving financial transactions, the state must prove intent and conduct. A funder's strongest defense is a comprehensive, timestamped record of every underwriting decision, every document received, every data point extracted, and every review step taken. Manual processes, email threads with bank statements attached, spreadsheets with hand-entered numbers, and verbal approvals with no paper trail are liabilities in this environment.
This is where the gap between legacy workflows and modern bank verification software becomes a legal exposure. If a regulator or prosecutor requests your underwriting file for a specific deal, can you produce a complete audit trail showing when documents were received, what AI extraction returned, what a human reviewed, and what decision was made? If the answer involves searching through email inboxes and Slack threads, you have a problem.
As we explored in our analysis of how MCA audit readiness depends on bank verification software, the gap between "we verify bank statements" and "we can prove we verified bank statements" is the gap that regulators exploit.
AI-Powered Extraction Creates the Audit Trail Regulators Want
Let's Submit's approach to bank verification is built around exactly this principle. When a merchant uploads documents through a secure link, or when an ISO forwards application materials to a dedicated inbox, the platform captures everything with a timestamp. AI-powered extraction pulls business info, financials, and owner details from every document automatically, creating a structured data record that can be reviewed, edited, and exported.
Every step, from document receipt to data extraction to human review, is logged. This is not a feature designed for regulatory compliance alone; it is the architecture of a system built for the reality that every deal you fund might one day need to be defended. In a world where New York legislators are proposing criminal liability for MCA transactions, that architecture is no longer optional.
The Compliance Ripple Effect Beyond New York
State-Level Contagion Is Already Underway
New York is not acting in isolation. In 2026 alone, multiple states have advanced or considered commercial lending regulation that tightens requirements on MCA funders. California's AB2116, Virginia's registration framework with 229 registered providers, and Texas' debit law changes all point in the same direction: increasing state-level scrutiny of alternative lending practices. The New York State Senate is simply taking the most aggressive posture yet.
For funders operating across state lines, this creates a patchwork compliance challenge. A deal originated in Florida with a merchant in New York could fall under New York's jurisdiction. A syndication partner in New York could face criminal exposure even if the originating funder is based elsewhere. The safest posture is to build your verification and documentation infrastructure to the highest standard any state requires, then apply it uniformly.
Syndication Partners Face Amplified Risk
The criminalization threat is particularly acute for syndication. If a funder structures a deal that a court later characterizes as criminally usurious, every participant in the syndication is potentially exposed. This is not hypothetical. As we covered in our analysis of how a 30-year syndication Ponzi scheme exposed gaps in bank verification, syndication structures depend on trust between parties, and that trust is only as strong as the documentation backing each deal.
Syndication partners should be asking funders to demonstrate their verification infrastructure before participating in deals. Funders who can show automated, AI-powered extraction with full audit trails will find it easier to attract syndication capital. Those who cannot will find partners increasingly reluctant to participate, especially in deals involving New York merchants.
What Funders Should Do Right Now
The bill's passage is not certain. Legislative proposals in New York frequently stall, get amended, or die in committee. But the direction of travel is unmistakable, and the compliance infrastructure you build today protects you regardless of this specific bill's fate.
Start by auditing your current document intake workflow. Can you produce, for any deal funded in the last 12 months, a complete record of when documents were received, what data was extracted, who reviewed it, and what decision was made? If the answer is no, you have an immediate vulnerability.
Next, evaluate whether your bank verification process creates structured, searchable data or just stores PDFs in a folder. Regulators do not want to scroll through 90 pages of bank statements. They want extracted transaction data, flagged anomalies, and a clear narrative of how the underwriting decision was reached. AI-powered extraction is not a luxury here; it is the difference between a defensible file and a liability.
Finally, consider the applicant experience. Async verification, where a merchant uploads documents to a secure portal on their own time, creates a cleaner chain of custody than email attachments forwarded through multiple brokers. Every handoff introduces risk. Reducing handoffs reduces exposure. Let's Submit's upload link system eliminates intermediary document handling entirely, giving funders a direct, timestamped connection between the merchant's submission and the extracted data.
The MCA industry has always operated in a gray area between lending and commercial purchasing. New York's bill is an attempt to eliminate that gray area through criminal law. Whether it succeeds or not, the funders who survive the next wave of regulation will be the ones who built their verification infrastructure before they were forced to.
Frequently Asked Questions
What does New York's proposed bill mean for MCA funders?
The bill proposes rewriting New York's criminal usury laws to include merchant cash advances, invoice factoring, and revenue-based financing. If passed, funders whose transactions are deemed to function as advances of funds in exchange for future payment could face felony criminal charges rather than civil penalties. This represents a dramatic escalation from existing disclosure-based regulation and would require funders to maintain comprehensive, auditable documentation for every deal.
How does bank verification software help with MCA compliance?
Bank verification software for funders creates automated, timestamped records of every document received, every data point extracted, and every human review action taken. This audit trail is critical for demonstrating sound underwriting practices to regulators or in legal proceedings. AI-powered extraction converts raw bank statements into structured data that can be searched, analyzed, and presented as evidence of due diligence, far more defensible than manual processes relying on email threads and spreadsheets.
What is the difference between criminal and civil MCA regulation?
Civil regulation, such as California's SB 1235 or New York's existing commercial finance disclosure law, imposes fines, license revocations, or cease-and-desist orders for non-compliance. Criminal regulation, like the proposed New York bill, would allow prosecutors to bring felony charges against individuals involved in transactions deemed to violate usury laws. The burden of proof is different, the penalties are more severe, and the reputational consequences for funders are existential.
Why does async bank verification create a better audit trail than email-based document collection?
Async verification through a secure upload portal creates a direct, timestamped link between the merchant and the funder's system. There is no broker forwarding attachments, no email chain with multiple versions of the same document, and no ambiguity about when a file was received or by whom. Every upload is logged, and AI extraction begins immediately, producing structured data that is tied to a specific application and timestamp. This clean chain of custody is exactly what regulators and legal counsel look for when evaluating underwriting documentation.
Conclusion
New York's proposed criminalization of merchant cash advances is the loudest signal yet that the regulatory environment for alternative lenders is shifting from disclosure to enforcement. Funders who rely on manual, fragmented verification workflows are building on a foundation that cannot withstand serious regulatory scrutiny. The path forward requires automated, AI-powered bank verification that creates defensible audit trails for every deal, from document intake through underwriting decision.
Let's Submit was built for exactly this environment. One secure link for document collection, AI-powered extraction of financials and business data, and a complete audit trail from submission to approval. Visit letssubmit.ca to see how async verification fits into your compliance workflow before the next state follows New York's lead.