How the Saul Shalev Fraud Case Exposes Gaps in MCA Underwriting Best Practices

A Landmark Fraud Case Puts MCA Underwriting Under the Microscope

A federal judge recently denied bail for Saul Shalev, the individual accused of orchestrating one of the most elaborate and long-running fraud schemes the small business finance industry has ever seen. According to reporting from deBanked, the court found the risk factors compelling enough to keep Shalev detained through trial. The case has sent shockwaves through the MCA lending community, not just because of its scale, but because of what it reveals about how fraud infiltrates seemingly normal deal flow.

For MCA lenders and funders, the Shalev case is more than courtroom drama. It is a stress test of every underwriting workflow in the industry. The alleged scheme exploited gaps that exist in thousands of funding shops right now: inconsistent document handling, limited verification of source materials, and heavy reliance on broker-submitted paperwork with no independent chain of custody. If your MCA underwriting best practices haven't evolved in the past two years, this case should be the catalyst.

This article breaks down the specific vulnerabilities the Shalev case exposes, explains why traditional underwriting workflows fail to catch this type of fraud, and outlines the concrete technology and process upgrades that lenders need to implement before the next scheme surfaces.

How Sophisticated Document Fraud Bypasses Manual Underwriting

The Problem With Trust-Based Intake

Most MCA operations still receive applications through a patchwork of email threads, broker portals, and sometimes fax. Bank statements, tax returns, and identification documents arrive as PDF attachments forwarded through multiple hands before an underwriter ever opens them. Each handoff is an opportunity for manipulation.

The Shalev case allegedly involved doctored financial documents that were convincing enough to pass through multiple layers of human review. This is not surprising when you consider the conditions underwriters work under. A typical funder reviewing 50 to 100 deals per day cannot perform pixel-level scrutiny on every bank statement page. They look for obvious red flags, check balances against reported revenue, and move on. Sophisticated fraudsters know this. They produce documents that pass the "quick glance" test because they understand exactly what underwriters prioritize.

As we covered in our analysis of how broker-to-funder handoffs create fraud risk in MCA lending, the transition point between a broker submitting documents and a funder receiving them is where the chain of custody most commonly breaks. When a PDF passes through three email accounts before reaching your underwriting queue, you have no way to verify it hasn't been altered along the way.

Why Metadata Analysis and Tamper Detection Matter

One of the most effective techniques for catching doctored bank statements is metadata analysis. Every PDF carries embedded data about when it was created, what software produced it, and whether it has been modified. A genuine bank statement downloaded from a financial institution's portal will have metadata consistent with that bank's document generation system. A statement that was opened in Adobe Acrobat, edited, and re-saved will carry telltale signs in its metadata.

AI-powered document verification systems can perform this analysis in milliseconds. They check font consistency across pages, detect irregular spacing that suggests text replacement, identify mismatched resolution between sections of the same document, and flag PDFs whose creation metadata doesn't match the purported source institution. None of this requires a human to spend extra time. It happens automatically at the point of upload.

The challenge is that most MCA lenders haven't integrated this layer into their workflow. They rely on the underwriter's experience and judgment, which, while valuable, simply cannot scale against a determined fraudster producing high-quality forgeries.

Audit Trail Gaps That Regulators and Judges Notice

The Shalev case also underscores a compliance reality that many funders underestimate. When fraud is discovered and litigation begins, courts examine the lender's processes. Did the funder have reasonable safeguards in place? Can they demonstrate a documented chain of custody for every application? Is there a timestamped record of who received, reviewed, and approved each document?

Lenders who process applications through email threads and shared drives often cannot produce this evidence. The absence of an audit trail doesn't just create legal exposure in fraud cases. It also weakens the lender's position in regulatory examinations, investor due diligence, and insurance claims. With California's AB2116 proposing to extend consumer-level protections to small businesses generating up to $18 million in annual revenue, as we explored in our coverage of how California's AB2116 could reshape bank verification software for funders, the documentation bar is only getting higher.

Building a Fraud-Resistant MCA Underwriting Workflow

Eliminate Uncontrolled Intake Channels

The first and most impactful change a lender can make is to control the point of document entry. When applicants upload documents directly through a secure portal rather than emailing them through brokers, you eliminate the most common manipulation vector. The document goes from the applicant's hands into your system with no intermediary who could alter it.

Let's Submit was designed around this principle. Applicants receive a single secure link where they upload bank statements, identification, and supporting documents directly. Every upload is timestamped and logged. There is no email forwarding, no shared drive ambiguity, and no question about whether the file you're reviewing is the same one the applicant originally provided. For deals that do come through email, Let's Submit's dedicated inbox forwarding captures the original attachments with full metadata intact.

AI Extraction With Built-In Cross-Referencing

Once documents enter the system, AI-powered extraction does more than just pull numbers off the page. Intelligent extraction compares data across documents within the same application. If the bank statement shows average daily balances of $15,000 but the application claims $80,000 in monthly revenue, that discrepancy gets flagged before a human ever looks at the file. If the business name on the bank statement doesn't match the business name on the application, the system catches it.

This cross-referencing is something manual processes rarely accomplish consistently. An underwriter reviewing documents sequentially may not hold the exact figures from page 12 of a bank statement in memory when they reach the financial summary on the application form. Automated systems don't have this limitation. They compare every data point simultaneously and surface conflicts instantly.

Verification Doesn't End at Approval

The Shalev scheme allegedly operated over an extended period, which means funded deals continued performing (or appearing to perform) long enough to avoid triggering immediate suspicion. This points to a need for ongoing monitoring beyond the initial underwriting decision.

Lenders operating at scale in 2026 are beginning to implement periodic re-verification of active accounts. Requesting updated bank statements at regular intervals, analyzing cash flow trends post-funding, and comparing actual repayment patterns against projected performance can identify deals that were funded on fraudulent information before losses compound. The Financial Crimes Enforcement Network (FinCEN) has consistently emphasized that financial institutions should maintain ongoing due diligence programs, not just point-in-time checks. While MCA funders aren't subject to the same regulatory framework as banks, adopting this philosophy voluntarily strengthens both portfolio health and legal defensibility.

What This Means for Your Funding Operation

Consider two scenarios. In the first, a broker submits an application package via email. Your team downloads the attachments, uploads them to a shared folder, and an underwriter reviews them the next morning. The bank statements look clean. The deal funds. Six months later, you discover the statements were fabricated. You have no metadata records, no upload logs, and no way to trace when or how the documents entered your system.

In the second scenario, the same broker's client receives a direct upload link. The applicant submits their own bank statements through a secure portal. The system logs the upload timestamp, preserves the original file metadata, and runs AI extraction that cross-references the statement data against the application details. A discrepancy in reported revenue triggers an automatic flag. Your underwriter reviews the flag, requests clarification, and catches the issue before funding.

The difference between these two outcomes is not sophistication or budget. It is process design. The lenders who will weather the next fraud scheme are the ones who build verification into every step of their intake workflow rather than relying on human vigilance alone.

The Shalev case is also a reminder that fraud in MCA lending is not a theoretical risk or a rare edge case. It is an ongoing, evolving threat that targets the specific weaknesses of high-volume, speed-driven funding operations. As the industry continues to grow, with LendingTree's CFO recently calling the merchant cash advance market "a strong market that is growing," the volume of applications will only increase, and with it, the attack surface for fraud. Scaling your operation without scaling your verification safeguards is an invitation for trouble.

Frequently Asked Questions

How do MCA lenders detect fraudulent bank statements?

MCA lenders detect fraudulent bank statements through a combination of metadata analysis, visual consistency checks, and cross-referencing data across multiple documents. AI-powered systems can automatically examine PDF metadata to verify whether a document was generated by a legitimate banking platform or modified with editing software. They also compare financial figures within the bank statement against data reported on the application, flagging discrepancies like mismatched revenue claims or inconsistent balance patterns. Manual review remains important, but automated detection catches forgeries that even experienced underwriters miss under volume pressure.

What are MCA underwriting best practices for fraud prevention?

MCA underwriting best practices for fraud prevention start with controlling document intake through secure, direct-upload portals that eliminate intermediary tampering opportunities. Lenders should implement AI-powered extraction that cross-references data across all submitted documents automatically. Maintaining a complete, timestamped audit trail for every application, from initial receipt through funding decision, is essential for both fraud detection and legal defensibility. Periodic re-verification of funded accounts through updated bank statement requests adds a post-approval safety layer. These practices collectively reduce reliance on trust-based processes that sophisticated fraudsters exploit.

Why are audit trails important for MCA lenders?

Audit trails are critical because they provide documented proof of every action taken on an application, including who received documents, when they were uploaded, what data was extracted, and who approved the deal. In fraud litigation, courts examine whether the lender had reasonable safeguards. Without an audit trail, lenders cannot demonstrate due diligence. Beyond legal protection, audit trails support regulatory compliance, investor reporting, and internal quality control. As state-level regulations like California's AB2116 expand protections for small businesses, comprehensive documentation is becoming a baseline expectation rather than an optional best practice.

Can AI replace human underwriters in MCA lending?

AI cannot and should not fully replace human underwriters in MCA lending, but it dramatically enhances their effectiveness. AI handles the repetitive, high-volume tasks that humans struggle with at scale: extracting data from hundreds of pages, detecting metadata anomalies, cross-referencing figures across documents, and flagging inconsistencies. Human underwriters then focus their expertise on judgment calls, contextual evaluation, and relationship-based decisions that algorithms aren't equipped to make. The most effective underwriting teams in 2026 use AI as a force multiplier, letting technology handle detection and extraction while humans handle decision-making and exception management.

Conclusion

The Saul Shalev case is a wake-up call for every MCA lender still relying on email-based intake and manual document review. The fraud vulnerabilities it exposed are not unique to one operation. They exist wherever documents pass through uncontrolled channels, where audit trails are incomplete, and where underwriters are expected to catch sophisticated forgeries through visual inspection alone.

Closing these gaps requires a shift from trust-based processes to verification-based workflows. Secure applicant portals, AI-powered extraction with cross-referencing, metadata tamper detection, and complete audit logging are no longer premium features. They are table stakes for any lender operating at scale.

Let's Submit was built to address exactly these challenges. From secure upload links that eliminate broker-to-funder document tampering, to AI extraction that flags discrepancies before an underwriter opens the file, to a full audit trail of every action on every application, the platform is designed for lenders who refuse to let fraud exploit their workflow. Visit letssubmit.ca to see how async verification and AI-powered intake can protect your operation.