Thanks to the reporting of The Washington Free Beacon, we now know that Tencent co-owned one of the main investors in Womply, a San Francisco startup that raked in $2 billion in 2021 by helping businesses get expedited Paycheck Protection Program loans—and which was accused of profiting from “rampant fraud” in the application process. Tencent is partially owned by the government of China. 

The PPPFraudChronicle.com has learned that Womply’s affiliation with its foreign and Chinese owners is more than just distributing the billions of dollars that it reaped from facilitating fraud in the PPP.  It has just as much to do with the trafficking of the private financial information of US taxpayers that Womply obtained from PPP loan applications. The following link takes you to the Womply and Rakuten privacy disclaimer, which shows that Womply shared the sensitive information of US citizens with its foreign owners: https://www.womply.com/legal/offers/.  

On page 58-59 of the Congressional Report, We Are Not The Police: How Fintechs Facilitated Fraud In the Paycheck Protection Program, (which was the impetus for creating this publication) describes how Womply transferred sensitive data to their successor company Solo Global.  The report states, “This change gave Mr. Scammell, Mr.Capoccia, and their new business access to “over 2 [million] tax documents, over 1.5 [million] bank accounts from applicants, and over 1 [million] completions of various KYC/CIP/KBA inquiries,” from small businesses and sole proprietors who had used Womply to apply for federal relief benefits.”

Based on the information above which was uncovered in the Congressional Report, did Womply file a US Treasury CFIUS registration on being owned by Rakuten, a foreign entity?  CFIUS stands for the Committee on Foreign Investment in the United States. Under the purview of the US Treasury Department, the CFIUS committee has the authority to review foreign investments in US businesses and certain real estate transactions.  More specifically, a company must file a CFIUS registration with the US Treasury if a company collects sensitive personal data:

“CFIUS may review certain transactions involving U.S. businesses that maintain or collect sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. “Sensitive personal data” is defined to include ten categories of data maintained or collected by U.S. businesses that (i) target or tailor products or services to certain populations, including U.S. military members and employees of federal agencies with national security responsibilities, (ii) collect or maintain such data on at least one million individuals, or (iii) have a demonstrated business objective to maintain or collect such data on greater than one million individuals and such data is an integrated part of the U.S. business’s primary products or services. The categories of data include types of financial, geolocation, and health data, among others.”

This story is ongoing and was updated on 20th November 2023, at 10:30 AM.

Reference: Tencent co-owned a main investor in startup that helped expedite COVID relief program loans.