Early last month, a Rhode Island bank received an application for a $144,050 loan under the Paycheck Protection Program, the massive federal effort to assist small businesses hurt by the coronavirus crisis.

The application purported to be on behalf of the owners of Remington House, a restaurant on Post Road in Warwick, R.I. It listed 18 employees and an average monthly payroll of $46,000.

But when a bank official drove past the building, there were indications that the restaurant had been shut down before the pandemic. There were dumpsters on the property and notices ordering the stoppage of work were posted on the door and windows.

The once-popular restaurant had been closed since November 2018, according to federal prosecutors, who this week charged two men with conspiracy to commit bank fraud.

The case is the first criminal fraud prosecution in connection with the paycheck program. Industry officials warn that it will not be the last – not by a long shot. In fact, individuals who are working with banks to combat misconduct in the $660 billion program – including former California banking commissioner Walter Mix – estimate that fraud rates could be as high as 10% to 12%.

Those estimates, which are based on initial reviews of loan files at dozens of banks, are roughly consistent with what has happened after other disasters. In the aftermath of Hurricane Rita and Hurricane Katrina, a government audit found that around 16% of applicants for federal disaster assistance used invalid information. If 10% of the PPP’s funding went to fraudsters, taxpayers would be defrauded by tens of billions of dollars.

Assistant Attorney General Brian Benczkowskil told The Wall Street Journal earlier this week that prosecutors are mounting a broad search for fraud, and that they will apply scrutiny to the conduct of banks, in addition to the actions of borrowers.

Treasury Secretary Steven Mnuchin and SBA Administrator Jovita Carranza have pledged to review all PPP loans of $2 million or more.

Also in recent weeks, many banks have begun accepting applications from new small-business customers, which has left them more vulnerable to fraud.

Existing small-business customers are generally seen as safer, because bankers have already satisfied rules that require them to know those customers. Often, they have met the business owner face-to-face and shaken hands.

“The risk of fraud in the first round was probably not very significant because everybody was cherry-picking their customers,” said Adam Jiwan, chairman and CEO of Spring Labs, a Los Angeles technology company that offers tools to ferret out fraud. “The likelihood of fraud in phase two is high, as banks move beyond their existing relationships.”

The relatively late addition of online lenders to the program may have also increased the risk of fraud, since those companies are less likely than traditional banks to have a personal relationship with their customers. On the other hand, online lenders may have relatively sophisticated risk management procedures.