Compliance Archives

Bust Out Fraud: When a Legitimate Business Is Turned Into a Weapon

Bust‑out fraud is one of the most damaging forms of business fraud. Unlike schemes that rely on fictitious companies or obviously forged documentation, bust‑out fraud exploits real businesses with real credit histories, turning legitimacy itself into the fraudster’s most powerful tool.

We recently found records involving a bust‑out scheme while performing research in connection with a commercial lending transaction. While the specific circumstances are confidential, the pattern was familiar and increasingly common across industries.

What Is Bust‑Out Fraud?

Bust‑out fraud occurs when an individual or group gains control of an existing business, builds or exploits its creditworthiness, and then rapidly incurs debt with no intent to repay. Once the credit is exhausted, the perpetrators disappear, leaving lenders, vendors, and partners with the losses.

What makes bust‑out fraud especially dangerous is that it often looks like normal business activity, until it’s too late.

How Bust‑Out Fraud Typically Works

A classic bust‑out scheme unfolds in recognizable stages:

Acquisition or Control
The fraudster purchases a business, installs themselves as an officer, or otherwise gains operational control, sometimes through seemingly legitimate mergers, management changes, or filings.
Quiet Period / Credit Grooming
For months (or longer), the company operates normally. Bills are paid on time. Credit limits may even be modestly increased. The goal is to reinforce trust.
Rapid Credit Expansion
Once confidence is established, the business applies for additional loans, vendor credit, leases, or financing, often simultaneously and across jurisdictions.
Cash‑Out Phase
Assets, inventory, or loan proceeds are diverted. Payments suddenly stop. Executives resign or become unreachable.
Collapse
The company folds, files for bankruptcy, or simply goes dark, leaving creditors scrambling to unwind what happened.

Real‑World Examples of Bust‑Out Fraud

While every scheme differs in execution, the following examples illustrate common variants.

Example 1: The “Too Smooth” Acquisition

A mid‑sized services firm is acquired by a new holding company. The new leadership existing staff and contracts in place, pays vendors promptly, and even invests modestly in marketing. Within a year, the company secures multiple six‑figure credit lines, followed by a sudden wave of equipment purchases and short‑term loans. Three months later, the business defaults across the board and leadership vanishes.

Example 2: Vendor Credit Exploitation

A long‑standing distributor with excellent payment history begins placing unusually large orders with multiple suppliers at once, negotiating extended terms. The inventory is resold quickly, often below market, to generate immediate cash. Vendors discover the fraud only after invoices go unpaid and bankruptcy filings appear.

Example 3: Identity Leverage Across Borders

A legitimate company with international operations is acquired by new principals. Corporate records are updated in multiple jurisdictions. The firm then secures financing in countries where credit checks rely heavily on corporate registration rather than beneficial ownership. The debt accumulates rapidly and enforcement becomes complicated once the entity dissolves.

Why Bust‑Out Fraud Is Hard to Detect

Bust‑out fraud often evades traditional fraud controls because:

The business already exists
Credit histories appear legitimate
Documentation is often technically correct
Early behavior reinforces trust rather than raising alarms

In many cases, the change in intent, not the change in structure, is what transforms a normal business into a fraud vehicle.

Final Thoughts

Bust‑out fraud exploits legitimate businesses and may remain concealed without thorough due diligence. In this instance, background screening identified prior involvement by the loan applicants in a bust‑out scheme, underscoring the value of a risk‑based review in identifying fraud risks before material exposure occurs.

Disclaimer: This communication is for general informational purposes only and does not constitute legal advice. The summary provided in this alert does not, and cannot, cover in detail what employers need to know about the amendments to the Philadelphia Fair Chance Law or how to incorporate its requirements into their hiring process. No recipient should act or refrain from acting based on any information provided here without advice from a qualified attorney licensed in the applicable jurisdiction.

April 6th, 2026|Categories: Compliance Corner, Employment Decisions|Tags: Compliance, Employment Decisions|

The Quiet Risk in Background Screening: How Compliance Drift Takes Hold

Compliance failures aren’t usually the result of one big mistake. Instead, they happen through a compliance drift–the slow, quiet decoupling of your written policies from the ever-changing laws and daily operations. In background screening, “standing still” is the fastest way to fall out of compliance.

Why Programs Drift

Your policy might be static, but the world around it isn’t. Drift happens because:

Regulations move faster than handbooks: state and local Ban-the-Box, credit check, or salary history laws sometimes change quarterly, or even monthly, not annually.
Operational shortcuts become the norm: recruiters under pressure to hire may skip steps or run screens early, creating “shadow processes” that bypass legal safeguards.
Tech updates rewrite your rules: vendors update platforms and data sources; if you haven’t reviewed your settings lately, your software might be making decisions your policy doesn’t authorize.
Growth outpaces governance: M&A activity and remote hiring across new borders often introduce legacy risks that never get fully integrated or vetted.

The Warning Signs

Is your program drifting? Watch for these red flags:

“That’s how we’ve always done it”: the most dangerous phrase in compliance.
Policy ghosting: your manual references vendors or tools you no longer use.
Inconsistency: similar roles are being screened using different packages or criteria.
The “exception” rule: you have more undocumented “rush” hires than standard ones.

How to Anchor Your Program

To stop the drift, move from passive administration to active governance.

Assign an Owner: Compliance shouldn’t be “implied.” One person must own the bridge between Legal, HR, and the Vendor.
Audit the Workflow, Not Just the Paper: Don’t just read the policy; watch a recruiter or HR actually initiate a screen. Gaps often hide in the clicks, not the text.
Sync with Your Vendor: Regular check-ins and platform reviews are essential to ensure that the search strategies, screening packages, configurations, data sources, and decision tools still align with your policy and risk tolerance.

The Bottom Line: Compliance drift is silent until it’s deafening. If you aren’t actively managing the gap between what your policy says and what your business does, you’re already behind.

March 27th, 2026|Categories: Compliance Corner, Employment Decisions|Tags: Compliance, Employment Decisions|

OFAC getting more common in contract terms and background checks

Do you know what OFAC is about? OFAC is the acronym of the U.S. Department of Treasury’s Office of Foreign Assets Control, and its function is to administer and enforce sanctions against countries or individuals (like terrorists or narcotics traffickers) with actions ranging from trade restrictions to the blocking of assets.

For U.S. companies, the agency’s enforcement applies to banks, insurers, and others in the financial industry that may be involved in covered dealings, which include engaging in transactions prohibited by Congress such as trade with an embargoed country or with a specially designated national (SDN).

Violations of regulations, which extend to all U.S. citizens, can result in substantial fines and penalties. Criminal penalties can reach up to $20 million and imprisonment up to 30 years; civil fees can range from up to $65,000 to $1,075,000 per violation, depending on the activity at issue.

OFAC has significantly stepped up its enforcement efforts that have resulted in sizable settlement agreements with U.S. entities, and thus companies increasingly are incorporating sanctions compliance language based on OFAC regulations into contracts and agreements, as well as including OFAC checks in their employment-purpose background screening or in connection with business transaction due diligence.

Contract terms requiring a party to affirm that it is not the subject of any OFAC sanctions status, that no OFAC investigations are in process, or that it does not engage in transactions with countries like Iran or North Korea, are becoming standard. Some deals also include a provision attesting that a company is not owned by an individual on the list of SDNs, that the company is not based or located in an embargoed country, or to assure that the monies used to make an investment or purchase were not provided by a sanctioned country or individual. Of course, it is also important to conduct background checks to confirm these representations at the start of the contract and at reasonable intervals thereafter.

The use of compliance language does not insulate a company from OFAC liability. While such a provision may create a contract-based remedy to recover monetary damages based on a fine or settlement with the agency, the clause cannot eliminate liability. Like any other governmental regulator, OFAC is not bound by private contract and can take action even with such terms in place.

Learn more about OFAC.

January 29th, 2015|Categories: Commercial Transactions Due Diligence|Tags: Compliance, OFAC|