Cobalt Intelligence Workflow: Principal/Officer Verification – Preventing Unauthorized Borrowing

The Scenario: The "Rogue Employee" Application

Here is a fraud pattern every underwriter has seen: The business is real. The bank statements are real. The credit score is decent. But the person signing the Merchant Cash Advance (MCA) agreement isn't the owner—it's the controller or a disgruntled manager looking for a quick payout before quitting.

If you only verify that the business exists, you will fund this deal. And when the actual owner finds out, they will default, claiming unauthorized borrowing. You lose the principal, and your legal recourse is messy.

The Solution: Cross-Reference Signers Against State Records

You cannot rely on the name listed on a credit report or the application form. You need the "authoritative" list of principals directly from the Secretary of State (SOS).

By integrating the Cobalt Intelligence SOS API, you can programmatically extract the registered officers and principals for a business at the moment of application. If the applicant’s name doesn't fuzzily match one of the officers listed in the state record, you flag the deal for high-priority manual review.

Lender Workflow: The "Who Signed This?" Check

1. API Call: Entity Details

When you run a standard entity search, the response includes an officers array for states that publish this data (most do, with exceptions like NJ and DC).

2. Match Logic: The Comparison

Your system should automatically compare the applicantName from your intake form against the officers list returned by the API.

Code Snippet (Logic Example):

JavaScript

// Input: Applicant Name vs. API Officer List

const applicant = "Bob Smith";

const sosOfficers = ["Robert J. Smith", "Alice Dougherty"];

‍

function verifySigner(applicant, officers) {

  // 1. Check for Exact or "Fuzzy" Match

  const match = officers.find(officer => {

    return isFuzzyMatch(applicant, officer); // e.g., using Levenshtein distance

  });

‍

  if (match) {

    return "VERIFIED_OWNER";

  }

‍

  // 2. Check for "Authorized Rep" titles if no owner match

  // Some states list "Manager" or "Member" instead of specific names

  return "FLAG_MANUAL_REVIEW: Signer not found in SOS records";

}

Handling Edge Cases

1. Name Variations (Robert vs. Bob)

State records are formal; applications are often casual. "Bob" will not exact-match "Robert."

• Best Practice: Do not use strict string equality (===). Use a library that handles common nickname variations or a "contains" check (e.g., verifying "Smith" matches and the first initial matches).

2. Recent Officer Changes

Sometimes the owner bought the business last week, but the state website hasn't updated yet.

• The Fix: Check the documents array in the Cobalt API response. Look for document titles like "Change of Officer," "Amendment," or "Annual Report" filed recently. If a filing exists from the last 30 days, requesting the actual document image (via screenshotUrl or document retrieval) is safer than relying on the parsed text.

3. Multiple Officers

A business might list 5 officers. Any of them might be authorized to sign.

• Logic: Your code must iterate through the entire array. If any match is found, the check passes.

Sidebar: Common Fraud Patterns

• The "Straw" Owner: A bad actor uses a real business owner's name but their own email/phone. Mitigation: This check verifies the name, but you still need 2FA on contact info.
• The "Shell" Company: The officer is listed as another LLC (e.g., "Holdings Corp"). Mitigation: You may need to perform a nested search on that parent entity to find a human name.
• The "Registered Agent" Trick: Fraudsters sometimes list the Registered Agent (often a lawyer or service company) as the owner. Mitigation: Ensure your logic distinguishes between the agent object and the officers array—they are separate fields in the Cobalt response.

Real-World Implementation

1West, a major lending marketplace, uses this exact data point to filter submissions. By verifying that the owner of the application matches the SOS record, they prevent "incompletes" and fraud flags from their downstream funding partners.

‍