Bankruptcy Court Orders Turnover of NACLB’s Assets

The Court in Kris Roglieri’s newly converted Chapter 7 bankruptcy has ordered him to immediately turn over possession, custody, and control of his assets including all assets of the Commercial Capital Training Group and the National Alliance of Commercial Loan Brokers conference (NACLB). The order was issued today. The last update from the conference, prior to this order, was that it was purportedly still going forward under a rebranded name.

“If the Debtor is no longer in possession, custody, or control of an Estate Asset, the Debtor is to provide the Trustee with a detailed affidavit explaining why the Debtor is no longer in possession, custody, or control over the Estate Asset and providing details and contact information for whoever is in possession, custody, or control of the Estate Asset,” the order says.

The training group and conference were hardly Roglieri’s only assets. Also listed by name in the order are additional business entities, 20 guns, 7 watches, 33 pieces of artwork, 3 vehicles, and all of his office furniture.

Kris Roglieri Bankruptcy Converted to Chapter 7, The End of NACLB?

A judge approved a motion to convert the Chapter 11 bankruptcy proceeding for the embattled Kris Roglieri to a Chapter 7. The intent behind this is to kickstart the process to sell off Roglieri’s assets for the benefit of creditors whereas before Roglieri hoped that his various wholly owned businesses could somehow continue. The trustee, however, said that such an outcome was impossible given that Roglieri did not maintain financial records, has no revenue coming in, is being investigated by the FBI for ~$100 million in allegedly missing customer funds, and has no path forward. The creditors at issue in the matter felt similarly.

Among Roglieri’s wholly owned assets are Commercial Capital Training Group and the National Alliance of Commercial Loan Brokers (NACLB conference), according to documents he previously submitted to the court. He owns 100% of the membership interest in each LLC. During a prior hearing, the Chapter 11 trustee asked Roglieri if he understood that he could not transfer NACLB’s assets without trustee approval after rumors swirled that he was trying to sell it. At the time, Roglieri said that there had been no serious talks in that regard. It may have been a hard sell and could still continue to be. Despite the NACLB conference’s longevity, for example, Roglieri asserted during the proceedings that he did not maintain formal financial records for it and there are no balance sheets, P&Ls, or statement of cash flows related to it. It also apparently stiffed the venue of its last event since it lists an unpaid debt of $436,237 to Caesars Entertainment in Las Vegas.

The NACLB conference has also apparently changed its name in order to distance itself from its connection with Roglieri, according to emails reviewed by AltFinanceDaily. On March 25, an official NACLB mass email communication asserted that the conference would go forward “despite uncertainties surrounding this year’s event due to unrelated legal issues” and that “we are thrilled to announce that the annual conference will proceed this November under a new rebranded name, maintaining the trusted team that has organized the event for the past 9 years.”

Following that, an official NACLB conference representative sent out emails affirming that it was rebranding to the “Commercial Loan Broker Association” and that the conference would actually take place in a new location with a different date.

The Receiver managing Prime Capital Ventures, LLC, the main entity at the heart of the Roglieri saga, filed Chapter 11 bankruptcy protection for it on Tuesday. As part of that, he stated that the entity owes more than $100 million to its creditors.

The Long Running Mysterious Fraud in the Small Business Finance Industry and How to Defend Yourself

The submitted deals are real. The merchants are real. Everything checks out until suddenly it doesn’t. The merchants block the payments and find out they’ve been scammed.The funders find out they’ve also been scammed. But it’s too late because the money is gone and the fraudsters disappear without a trace.

deBanked reviewed hundreds of court documents, emails, and websites in preparation for this story and spoke with multiple people familiar with the matter, though only one would agree to go on record. Here’s the story of how the scam works and what you need to know to defend yourself.

It was a textbook merchant interview call. The business owner answered the questions succinctly and convincingly. He knew his stuff and sounded confident, like somebody who wanted to just finish the process and get the underwriter to issue a final approval on his funding application. His accent said little about where he was from. It sounded like it could be Mid-Atlantic or perhaps lower New England, just a regular business owner on Main Street USA.

“It sounded a little nasal, right?” said Alex Shvarts, CEO of FundKite, after playing the recording for me to judge.

The tone of the voice did actually sound unusual after thinking about it. Something was off about the call and that was the only tell. For the person on the other end of the phone wasn’t who they claimed to be. It would later be debated if they had used voice changing technology, one of many layers of obfuscation that had been put in place to cover up what is quickly becoming the scheme of the decade.

FundKite had signed up a new broker and promptly received two deals from them. On this particular one the paperwork attached to the application was real. This was a real business and these were their real documents. But the real owner of the business had no idea that any of it had been used to apply for funding with FundKite.

In a typical identity theft scenario, a scammer gets a lender to send the loan proceeds to a bank account that is controlled by the scammer, keeping the victim completely in the dark that their identity is being used for the fraud until much later when a default occurs. But in this case the scammer intended to have a funding company send money to the victim’s actual bank account. It’s a twist that understandably makes it very difficult for the funding company to later believe that the merchant’s identity had been stolen since they were the ones receiving the proceeds. But once the business has been funded, the scammer executes the next step in the scheme, convincing the business owner to send the money to them. If that sounds like a whole lot more work to make this heist successful, then you have no idea how many layers of deceit are in play and the scale at which it’s operating.

It started sometime around 2019 (maybe even earlier) and is still happening to this day across the industry. The scammer uses stolen identities to incorporate businesses, followed by using those entities to open up bank accounts for them. One account is used to impersonate being a lender and another to impersonate being a broker. They first get to work by being the fake lender and register a domain name that closely resembles and could be mistaken for a real lender they’re trying to impersonate. According to records obtained by AltFinanceDaily, domain names challenged via UDRP and seized as part of an ongoing investigation into the fraud reveal that the scammers also use stolen identities to register the domains, making the real buyers untraceable.

The objective of having these fake domains in the first place is to contact existing real borrowers of the real lender and to pass themselves off as the real lender. It’s a classic phishing scheme.

There’s various theories as to how this is done, but there’s a possibility that public records are sufficient for the scammer to accomplish this step. A reverse UCC search can reveal the names of a lender’s customers and the time in which they received a loan. From there, big data or cursory internet searches are enough to obtain the contact info of those borrowers. This type of list building is nothing new and fairly common in the data business.

The scammers then email the borrowers from the fake domain, purporting to work for their real lender, and give them the great news that positive repayment history has afforded them the reward of being able to refinance their loan at a lower rate.

It is generally good practice to check the domain name of a sender, even though that itself is not foolproof, but an incorrect one, especially one that resolves to a “404 Error Not Found” page, should be a sufficient indicator that these emails are coming from an impostor, yet business owners still fall for it, perhaps because they recognize the name and find the offer consistent with their expectations.

In one case that AltFinanceDaily reviewed, the opportunity was presented to refinance a double digit APR loan down to as low as 4% with the same lender. When the victim was asked during a deposition if that number had struck him as suspiciously low, he said it did not, especially considering his belief that he had “excellent payment history” and that he felt like it made sense to get a break after all the stresses of covid.

The scammers generally communicate with perfect English over email but will also do phone calls. They use Google voice numbers in the area code that match up with the real lender. AltFinanceDaily called an older one that had been used and nobody picked up. They might use the name of a real employee at the lender or create a fake one, going so far as to generate a paper trail online that shows the name of that person working for the lender.

Once on the hook, they ask the victim to submit lengthy documentation over email so that the refinance can be reviewed. These are typically documents like tax returns, bank statements, a copy of a driver’s license, A/R and/or A/P schedules, etc. After that the scammer moves on to the next phase, using the phished documents to apply for loans or merchant cash advances. This is where the scammer’s fake broker entity comes in.

These fake brokers tend to pass a background check because they rely on stolen identities that are clean, the business entities they’ve created under them are real and match up, there’s a tax ID, there’s a bank account in their name, and there’s no sketchy stuff about them on the internet. They even have a website, again registered with the fake identity, that often looks like or is an outright exact copy of another broker’s website. Even a diligent funding company can be duped despite a background check. Once the fake broker is signed up with a funder, the phished merchant data is submitted but with the scammer’s phone number and email address. Oftentimes the deal amounts are large. AltFinanceDaily reviewed several cases related to this scheme that ranged in size from $200,000 to $600,000.

Since all the merchant information is legit, the merchants tend to get approved. The scammers are also adept at pretending to be the merchants in an interview phone call with an underwriter, like the one I listened to previously. They can even guide the merchant through a funder-mandated bank verification under the illusion that it’s all related to their current lender for the refinance. If any questions arise about the mention of another financial company name, it’s explained away as an affiliate partner or related vendor that they use.

Once the scammer is confident the funds are coming, they tell the merchant the refinance has been approved and that there is a narrow window to complete the final steps. As part of this they send a lengthy legalese-filled digital contract with an e-sign for the fake refinance that looks exactly like their real lender’s, again reinforcing how legitimate the whole thing feels.

Once complete, they’re told that a large wire will be arriving in their account, which will actually be from the funding company they don’t know about. In a normal refinance, a lender might withhold a portion of the new loan to apply to the outstanding balance, but in these cases the victims are told that they have to receive the full amount of the funds from their lender first and then wire the outstanding balance of the loan straight back to the lender. The merchant nets the difference if there is any left over. This round-trip transaction is communicated as being their way of managing their accounting, an excuse that again seems to come across as plausible to those that think they’re dealing with their trusted lender the whole time.

In the earlier iterations of the scheme, the name on file for the bank account to wire the funds to would look almost identical to their lender’s name. When the victim sends the wire to pay off their outstanding loan, they are completely unaware that they have just wired funds to a scammer and that the entire thing had been a very elaborate ruse. It’s not until days later when their account starts getting debited by a funding company they have never heard of as part of an agreement they had never entered into do they become alerted that something is amiss. By then it’s too late. Doubly too late if the funder has also wired the fake broker a commission for putting the whole deal together in the first place.

Although the scheme can yield several hundred thousand dollars at a time, it ultimately results in the loss of their fraudulently opened bank accounts as the funders respond with an investigation that can include litigation and/or a report to law enforcement. That means the scammers have to open new accounts under new stolen identities. That’s easier said than done, which is perhaps why last year they apparently improvised on this step. They don’t need to open bank accounts for the fake lenders anymore.

Instead, according to at least three examples reviewed by AltFinanceDaily, they’re more recently asking the victims to wire the funds to the general deposit account of a cryptocurrency exchange. If this sounds like it would be too obvious, consider that it has worked. The wire forms, which look identical to the earlier versions, are only different in that they contain a different account name to send the funds to. The lender’s logo can still be found on the top.

In one case, AltFinanceDaily was able to obtain records that allowed for the funds to be traced. The scammer had the exchange convert the wired funds into Ether, to which the Ether apparently moved between three crypto exchanges before disappearing into a generic holding address of an offshore exchange with millions of transactions. Another dead end.

AltFinanceDaily emailed one of the two exchanges it reviewed related to this scheme to ask about their customer KYC procedures but received no response. The other was not contacted to avoid tipping them off to a possible active investigation. The exchanges both have deposit accounts at US banks, both of which are known for their fintech relationships. Typically, crypto exchanges that take on US customers do rely on some level of KYC. It appears based on limited evidence so far that the crypto accounts opened up by the scammers are done under the stolen identities of the merchants so that everything matches when a wire comes in. This is where it gets murky because the scammers may ask the merchants to take selfies of themselves, ones that could include holding up their ID in their hand or holding a piece of paper with a specific written message on it as proof that it’s them. That a merchant might jump through these hoops on the belief that it’s all to secure a purported refinance with their existing lender requires some suspension of disbelief, though many online finance companies these days are requiring varying levels of customer identity verification.

The outcome, in any case, is that millions of dollars have been purportedly stolen over the course of several years. The scam has been directed at all sorts of funders, from the A paper players to the Z paper players. The merchants, as the original dupes that make this possible because they fall for a basic phishing scheme, are also left to pick up the pieces. The scammers may have even scammed another high profile scammer, at least according to documents reviewed by AltFinanceDaily. There’s a brazen fearlessness to it all.

A main connecting link has been funders that will do large deals, hundreds of thousands of dollars in a single transaction. But that might be changing. Industry chatter more so than hard evidence suggests the web of intended targets might be growing and that thanks to innovations with AI and crypto, the scammers may attempt to use artificial identities for the brokers rather than real ones. A lot of the steps involving bank accounts and stolen identities are no longer as necessary, which means if you’re a funding or lending company and you’re reading this, you may be vulnerable.

Sources familiar with the matter say that it’s good practice to remind your customers about possible phishing risks and to keep them informed about what methods of communication you will use throughout the life of the relationship. This includes whether or not you might employ phone calls, emails, texts, or snail mail communications, and the precise sender information they should expect. This might limit the likelihood of your own customers from getting phished but there’s tactics you can use to prevent becoming the victim funding company as well.

According to Alex Shvarts, a good start is only conducting a merchant interview on phone numbers assigned to the business. “If it’s a cell phone we have to have a cell phone bill that verifies the owner’s information,” he says. Also, if the customer has a website, avoid communicating with them over a free email address like Outlook or Gmail or Proton Mail and instead direct all communications to an address on their company domain name, one you’ve confirmed is really theirs and not a boilerplate setup by the scammers to deceive you again. Other possible steps are to use live ID verification or a common tool like CLEAR, he suggests. Shvarts wouldn’t disclose some of the proprietary methods they’ve come up with so as not to tip off a scammer reading this.

When it comes to the broker, do proper due diligence. It’s been said that a fake broker may test the waters with a small deal first before submitting the large fraudulent one to generate a level of confidence that everything is on the up and up.

According to documents reviewed by AltFinanceDaily, the scammers typically rely on a relatively bare bones website for their fake broker shop, a collection of borrowed templates and verbiage from other companies out there. It’s a rabbit hole that can lead one down many wrong directions, especially in an era when similar bare bone lead gen sites litter the internet by the thousands. Consider doing a FaceTime or Zoom call with the broker so that you can see if their face matches the identity that’s been provided!

The scammers have used different domain name registrars and hosting services. They may push for a weekly or monthly payment option so as to create lead time between when the victim wires the funds to them and when the first debit hits from the funder they’ve targeted for it. They seem to prey on merchants that have an outstanding business loan rather than an MCA because it makes the low in-house interest rate refinance all the more plausible. So if you see debits in an applicant’s bank account from any one of the more commonly known online business lenders, you should be thinking about this story and ways to make sure you are speaking with the actual business owner. Do they know who you are? Have they been offered a refinance? Do they even know who their broker is?

“When you first identify the fraud, notify law enforcement including the FBI,” one source familiar with the matter said.

Backdooring Deals? You’re a Loser

“Backdooring is just for losers,” says Thomas Chillemi, founder and CEO of Harvest Lending, a small business finance brokerage. “Like I think anybody who participates in it is just a loser.”

Backdooring, as colorfully referenced by Chillemi, is a colloquial term used widely across the industry to describe how leads, apps, or entire deals are stolen from brokers. The deal gets submitted through the front door and then leaks out the back door to an unauthorized third party. Chillemi sums it up as such: “backdooring is ‘I secured a lead, I secured a file in some way, shape or form. And that merchant is being contacted through my efforts somehow that I didn’t give permission to.'”

It’s a scenario that’s been top of mind at brokerages across the country for years, and it’s a problem that’s getting worse, according to sources that AltFinanceDaily has spoken with.

“I would say backdooring is the worst of the worst right now,” says Josh Feinberg, CEO of Everlasting Capital, another small business finance brokerage. “I think as far as rogue employees go at direct funders, it’s the worst it’s ever been.”

Feinberg’s reference to “rogue employees” is just one such way that backdooring can occur. It can be an employee of a lender, management of a lender, an employee of the broker, a broker pretending to be a lender, and possibly in a worst case scenario even a cyber intruder like a hacker. Sometimes it’s a clandestine operation structured in a way to make it difficult for the broker to detect that their client’s file has been intercepted while other times backdooring is such a normalized function of one’s business that accepting a submission from a broker and then shopping it elsewhere to circumvent them is practically firm policy and done on an automated basis.

Some of the more seasoned brokers who are used to being on guard with what a lender intends to do with their file advise that their peers approach any proposed ISO agreement with a fine-tooth comb to establish what is or isn’t allowed. After all, if the agreement grants the lender the contractual right to backdoor the broker, is it really backdooring?

Others say the contract’s language can only carry the relationship so far.

“I only try to board up with people that seem to be good actors, but then you never know what an employee might do, right?” says Chillemi.

Whether it’s a jaded underwriter, a slick admin, or Bob in accounting who never says a peep, it only takes one individual to set eyes on an application to be in a position to transfer the information elsewhere for personal gain. AltFinanceDaily examined this subject in years past and learned the lengths that rogue employees go through to extract deal data. For example, when one funding company blocked the ability to transfer data outside of the company’s network, an employee took photos of their screen with their phone. When the employer banned cell phones in the office in response, one employee wrote down deal data on scrap paper, threw it in the garbage, and then returned to the office building after hours to try and fish it out of the dumpster.

The absurdity of that visual alone implies there must be big bucks in the backdoor business. Indeed, according to screenshots forwarded to AltFinanceDaily of what appears to be an underground Whatsapp group, backdoored deals are currently being marketed for sale with bank statements, social security numbers, and all. A single fresh backdoored file can go for $20 – $35 or buyers can purchase them in bulk, up to 600 at a time, for a discounted price.

“Fresh Packs” apparently fetch more because the applicants may not have signed a funding contract with anyone yet and are theoretically more warm to doing a deal even if they’re not quite sure how the company approaching them got all of their information. And it’s this speed and efficiency of the backdooring happening that’s making things extra difficult for brokers. For Chillemi, he says the backdooring in earlier years would reveal itself when someone would try to call his customer a month or two after the fact. “Like even if it happened after two or three days that felt really fast,” he says. “But now, you’re talking hours, like these people have it within hours and I just don’t even know how anybody could really compete with that.”

Brokers, ready for this, developed a tactic that is still used today as a front-line defense mechanism. They replace the applicant’s email address and phone number on the application with ones they control, so that when an attempted backdooring occurs, the caller is unsuspectingly contacting the very broker they are trying to steal the deal from. The result? They’re caught red-handed.

“I got a text from somebody claiming that they worked at Fidelity,” says Chillemi. “They texted me a picture of my own application. They’re so brazen that they’re just texting the merchant… they thought they were texting the merchant.”

Not only was the Fidelity component a deception, but the mistake of texting the broker who was just waiting to catch them is causing the backdoor shops to evolve. New backdoor callers know the application contact info might be booby-trapped so they’re now skip-tracing the applicants on an automated basis and getting their real contact info and using that instead.

For Feinberg at Everlasting, he says the method of substituting out an applicant’s contact info is not something they do, though he’s aware that it’s done by others in the working capital space. He says that it’s not something that would really be tolerated in the equipment finance side of the industry which operates much cleaner with no backdooring, at least in his experience. The lenders there hate it and everyone involved needs to be able to communicate with the customer. It’s just the working capital deals where all these problems happen.

“It’s defeating, and it’s a very very difficult thing to diagnose,” Feinberg says. He adds that the feeling is worse when realizing that it has happened even when submitting to top tier A players. There’s no delay either. He says that the customer can be called literally within the same hour of submitting it, which puts them in an awkward position.

“They lose complete trust in our company,” Feinberg says. “And it makes it very difficult to be able to work with these clients.”

According to Chillemi of Harvest, “Most of the time what happens is the merchant calls us and says, ‘Now I’m getting all these phone calls people saying they’re working with you,’ and it’s just kind of like an embarrassment of where I’ve got to explain to this person that somebody at these companies leaked their information that wasn’t supposed to. And it just makes me look bad, right?”

Another owner of a large broker shop, who did not authorize his name to be used in connection with this story, says that while everyone’s mind immediately goes to the lending companies, the most common source of backdoored deals is actually from rogue employees inside the brokerages themselves. Whether it’s the rep backdooring their own deals to circumvent splitting commissions with their employer or someone else in the chain that has access to the data, his advice was that brokerage owners first need to look extremely inwards before pointing fingers outwards. Investing in proper security is critical, he says.

But assuming that base is covered, Feinberg says that brokers should do a background check on the lenders and interview them like a lender would interview a merchant for funding.

“We absolutely look into the agreements that we sign but a lot of due diligence happens just on the first phone call,” Feinberg says. “Just on the first phone call we can judge whether this is going to be a real lender…”

A key question to ask, he says, is how compensation works. And that’s because an individual lender will have a defined fixed system whereas a backdoor broker pretending to be a lender is subject to the different compensation structures they have at all their different lending relationships and would not be able to guarantee any fixed commission pricing to the broker they are trying to trick into submitting, that is if they are intending to pay them out a percentage of the deals they backdoor them on in the first place.

“Trust is the number one thing with us,” Feinberg says. “And if trust gets broken, then it’s over. So we really try to work with people that we know personally. And the way that we’ve met people personally is through trade shows, specifically AltFinanceDaily events.”

Chillemi argues that someone who tries to make their living off of backdoored deals are not salespeople at all, but as he reiterates, losers.

“[the backdoor broker] knows he’s a liar,” says Chillemi, “He’s calling these people saying he’s an underwriter… he’s not strong, he’s not learning. They don’t know what they’re doing. They’re putting the lenders at risk.”