Improper Payments in Pandemic Assistance Programs

January 19, 2024 (R47902)
Jump to Main Text of Report

Background
Improper Payments Requirements
Fraud Risk Management
Leveraging Data for Payment Integrity
Widespread Weaknesses Identified in Pre-Pandemic Audits
Control Weaknesses in Emergency Spending Programs
Improper Payments in Pandemic Programs
Lack of Effective Pre-Payment Controls
Lack of Effective Post-Payment Controls
Lack of Fraud Risk Management Controls
Non-Compliance with Improper Payments Requirements
Additional Consequences of Fraud and Other Improper Payments
Considerations for Congress
Establishing a Central Anti-Fraud Entity
Require Emergency Spending Internal Control Plans
Lowering the PIIA Threshold

Tables

Table 1. Select Pandemic Relief Programs
Table A-1. Examples of Data Analytic Techniques in Payment Processing

Appendixes

Appendix.

Summary

Congress provided approximately $4.6 trillion to individuals, businesses, and state and local governments to mitigate the impact of the COVID-19 pandemic on the nation's health system and economy. The federal agencies that administer those funds are subject to the Payment Integrity Information Act (PIIA, P.L. 116-117), which requires them to develop and implement internal controls that prevent and detect fraud and other improper payments. One requirement is agencies must verify the identities and eligibility of individuals and organizations seeking pandemic funding prior to issuing payments, specifically by accessing the Department of the Treasury's Do Not Pay (DNP) resource. In addition, PIIA requires agencies to implement the fraud control principles and leading practices outlined in A Framework for Managing Fraud Risks in Federal Programs, which was published by the Government Accountability Office (GAO) in 2015. The leading practices include performing timely program risk assessments, maximizing the use of data analytics to prevent and identify fraud, and establishing an office within each agency that leads its anti-fraud efforts. PIIA also mandates that agencies determine the risk of significant improper payments associated with each program, estimate the amount of improper payments for each risk-susceptible program, and publicly report those estimates and other improper payments information. Audits of pandemic programs have found that many agencies did not meet PIIA requirements, resulting in hundreds of billions of dollars in fraud and other improper payments.

Among the most widespread weaknesses in pandemic programs was the lack of effective pre-payment controls. Several agencies allowed businesses and individuals to self-certify their information—meaning the agencies did not verify the identities or eligibility of applicants through DNP or other means prior to issuing payments. Similarly, many state agencies that administered federal pandemic funds, such as with the Unemployment Insurance program, did not conduct pre-payment verification of claimants. Some agencies also did not implement effective post-payment controls, such as reviewing documentation to verify that payments had been made to eligible entities for covered costs or establishing procedures to recover overpayments. Several agencies that administered some of the largest pandemic programs did not meet the anti-fraud standards of the framework. Among the most common weaknesses were a lack of timely fraud risk assessments and the absence of a dedicated anti-fraud entity within the agency. In addition, some agencies incorrectly determined that pandemic programs they administered were not susceptible to significant risk of improper payments or reported invalid estimates of improper payments for programs that were deemed at risk.

The consequences of large-scale fraud extend beyond the loss of funds. American businesses and individuals who were eligible for loans or benefits were unable to obtain assistance because the programs ran out of funding. Street gangs and transnational criminal organizations that fraudulently obtained billions in dollars in pandemic assistance used those funds to commit crimes and expand their operations. Finally, the public may lose confidence in the government's ability to safeguard program funds and meet the challenges posed by a nationwide emergency.

Congress may consider policies to address the weaknesses in fraud and improper payment controls revealed by audits of pandemic programs. Consistent with H.R. 8322 from the 117^th Congress, legislation might be introduced that would establish a central anti-fraud entity to share leading practices and oversee implementation of cutting-edge data analytic tools across the government. An anti-fraud entity might be located within the Office of Management and Budget (OMB), which issues government-wide guidance on improper payments and fraud, or within the oversight community, which has the most direct experience with agency anti-fraud efforts. Congress may also consider whether to require agencies to develop internal controls designed specifically for emergency spending programs, as GAO has recommended. These controls, based on guidance issued by OMB, could be implemented quickly to mitigate the risk of fraud and improper payments when agencies need to expedite the disbursement of funds. H.R. 877 would require agencies to deem programs with outlays of at least $100 million to be susceptible to significant levels of improper payments, thereby subjecting them to PIIA estimating and reporting requirements. Congress provided at least $100 million in pandemic funding to 173 different programs, but many of those programs are not subject to PIIA because they fall below the current spending threshold.

Background

In an effort to mitigate the impact of the COVID-19 pandemic on the nation's public health and economy, Congress passed a series of emergency spending bills.¹ Enacted between March 2020 and March 2021, these bills provided more than $4.6 trillion to individuals, businesses, and domestic government bodies to prepare for and respond to the pandemic.² The largest categories of pandemic expenditures were payments to individuals (including tax credits and rebates); business loans; payments to state, local, tribal, and territorial governments; unemployment compensation; and public health and social services.³ While the federal COVID-19 Public Health Emergency declaration ended May 11, 2023,⁴ billions of dollars in pandemic funding remained unexpended months later.⁵

Improper Payments Requirements

Programs that receive pandemic funding, like all federal programs, are subject to the requirements of the Payment Integrity Information Act (PIIA, P.L. 116-117).⁶ PIIA mandates that agencies implement internal controls⁷ that mitigate the risk of improper payments.⁸ Among other things, PIIA requires agencies to

establish pre- and post-payment review procedures that help prevent and detect improper payments,
recover overpayments when cost-effective,
assess the risk of significant⁹ improper payments for each program they manage,
develop and report estimates of improper payments for programs deemed to be at risk,
publish and implement corrective action plans to address weaknesses in payment integrity, and
report improper payments estimates of less than 10% for each program.

PIIA specifies that federal agencies, as well as state governments and contractors that administer federal funds, must utilize the Department of the Treasury's Do Not Pay Initiative (DNP) prior to issuing payments or making awards. DNP allows a user to check multiple databases at one time to verify the eligibility or identity of a vendor, grantee, loan recipient, or beneficiary. Pre-payment reviews are generally considered essential internal controls, because identifying and attempting to recover improper payments after they are made—often referred to as the "pay and chase" approach—is inefficient and costly.¹⁰

Fraud Risk Management

The Fraud Reduction and Data Analytics Act of 2015 (FRDAA, P.L. 114-186), which was enacted in June 2016, mandated additional controls for reducing the risk of a particular subset of improper payments: fraud. Fraud occurs when applicants obtain funds by willfully misrepresenting themselves. The FRDAA required agencies to establish a fraud risk management framework that incorporated the standards and leading practices established by the Government Accountability Office (GAO) in its publication, "A Framework for Managing Fraud Risks in Federal Programs."¹¹ Under the framework, agencies must do the following:

1. Create an organizational structure and culture conducive to fraud risk management. In particular, each agency should designate an entity to lead fraud risk management activities and ensure it has the resources to do so.
2. Plan regular fraud risk assessments and assess risks to determine fraud risk profiles. The assessments should be tailored to each program and should consider the suitability of existing controls.
3. Design and implement strategies with specific control activities to mitigate assessed fraud risks and collaborate to help ensure effective implementation. Strategies should focus on preventive control activities and involve both subject matter and data analysis experts.
4. Evaluate outcomes using a risk-based approach and adapt activities to improve fraud risk management. Agencies should collect and analyze data on potential and detected fraud and use the results to improve fraud management activities. Data analytic tools should be employed to the maximum extent possible.

Leveraging Data for Payment Integrity¹²

The GAO framework emphasizes the need for fraud analytics. Analyzing data has long been viewed as a tool in both the prevention and the detection of improper payments. Over time, federal agencies have expanded the types of analytic methods used for this purpose to include data matching and data mining.¹³ These methods range from being used to detect "common fraud" to "organized fraud."¹⁴ The increasing volume of data available for analysis—including from electronic records, bank transfers, and electronic communications—may contribute to the use of artificial intelligence techniques in payment integrity efforts.¹⁵ In addition to machine learning and natural language processing, among other possible techniques, agencies may also use predictive analytics to prevent and detect improper payments.¹⁶

Data Matching

Since at least the 1970s, federal agencies have shared, "matched," and compared data to identify possible improper payments. Matching data in this context may assist in identifying inconsistencies or irregularities among separate sources of information. Various statutes require agencies to exchange and match data on individuals for specific purposes, such as determining eligibility for a federal benefit program.¹⁷

The Computer Matching and Privacy Protection Act of 1988 (CMPPA; P.L. 100-503) has enabled some of this matching by establishing administrative requirements for agencies that conduct matching programs.¹⁸ While the CMPPA is sometimes cited as a hinderance to using data to ensure payment integrity,¹⁹ Congress has permitted some modifications to the CMPPA's requirements to explicitly enable the prevention and detection of improper payments.²⁰

Access to some data in DNP requires compliance with the CMPPA's provisions related to "matching agreements."²¹ However, Treasury, in consultation with the Office of Management and Budget (OMB), can waive the requirement for matching agreements.²²

Data Analytics and Automation

Beyond matching data, there are other approaches to how data can be used in the prevention of improper payments. OMB's Circular No. A-123, "Requirements for Payment Integrity Improvement," advises agencies to use data analytics to identify trends, patterns, anomalies, and exceptions within data to identify indicators of improper payments.²³ These analytic methods include rule-based analytics, anomaly detection, predictive analytics, network/link analytics, and text analytics.²⁴ Please see the Appendix for more detail on these methods.

In addition to the methods outlined in Circular No. A-123, some agencies use intelligent automation and robotic process automation (also called robotic processing automation) in payment processes.²⁵ In general, this method is designed to automate usually rule-based processes that may have been performed manually across multiple information systems, such as performing calculations, validating information, and matching data that corresponds to eligibility criteria. The joint alert points to some roles within an agency that may implement automation and analytic methods, including the chief information officer, the chief data officer, and program managers, as well as staff with analytics and data science skills.²⁶

Recovery Operations Center

The American Recovery and Reinvestment Act of 2009 (ARRA; P.L. 111-5) led to the establishment of one of the first multi-agency data analytics platforms. ARRA provided $862 billion to stimulate the job economy during the recession that followed the 2008 financial crisis. A central body comprised of more than a dozen agency inspectors general was created to coordinate oversight of ARRA funding, called the Recovery and Accountability Transparency Board.²⁷ A component of the board was the Recovery Operations Center (ROC), which used data analytics to monitor ARRA spending. ROC staff shared their data and tools with the inspector general (IG) community and applied data matching, text mining, and other techniques to review 1.7 million entities that received federal funds and successfully identify a range of fraudulent activities.²⁸ While some members of the oversight community argued that the ROC could serve as the basis for a centralized data analytics agency that could support IGs' anti-fraud efforts beyond the ARRA, the ROC was shuttered when the board sunset in 2015.²⁹

Widespread Weaknesses Identified in Pre-Pandemic Audits

In the years leading up to the pandemic, auditors reported widespread, persistent non-compliance with improper payments requirements at the 24 agencies subject to the Chief Financial Officers Act (P.L. 101-576), which have historically accounted for 99% of annual improper payments.³⁰ Every year between FY2011 and FY2018, except for one, at least-half of these agencies were non-compliant with improper payments requirements.³¹ Among the weaknesses that auditors identified were that some agencies

Lacked internal controls to address known risks. The Unemployment Insurance (UI) program was repeatedly deemed vulnerable to fraud from identity thieves and organized criminal groups that apply for benefits using stolen personally identifiable information.³²
Did not publish improper payments estimates for all programs and activities deemed at risk. Some multi-billion-dollar federal programs, such as Temporary Assistance to Needy Families and the Premium Tax Credit, did not consistently report improper payments estimates.³³
Published invalid improper payments estimates. The Department of Defense has published unreliable improper payments estimates for all of its programs for 12 consecutive years, starting in FY2010.³⁴ The Department of Labor (DOL) underestimated the amount of improper payments in the UI program for four consecutive years, starting in FY2017.³⁵
Had not performed required fraud risk assessments. The Department of Health and Human Services had not conducted a comprehensive fraud risk assessment of the Head Start program by 2019, heightening the risk of fraud and improper payments.³⁶

As a consequence of these and other weaknesses, government-wide improper payments increased 45% during the 2010s, peaking at $175 billion in FY2019.³⁷

Control Weaknesses in Emergency Spending Programs

For decades, auditors have reported that weak internal controls over emergency funding have left the government vulnerable to improper payments, especially fraud.³⁸ Disaster situations are unique in that there may be a perceived conflict between expediting the disbursal of funds and implementing safeguards to ensure that funds are used as intended by Congress.³⁹ In 2018, the Small Business Administration (SBA) IG described the challenges SBA faced in implementing disaster relief programs:

Unfortunately, the need to disburse such loans quickly poses many complications and may create opportunities for dishonest applicants to commit fraud. OIG and GAO audits have identified that SBA's disaster loans have been vulnerable to fraud and losses in the past because loan transactions are often expedited in order to provide quick relief to disaster survivors, and disaster lending personnel, who are brought into the workforce quickly, lack sufficient training or experience. Additionally, the volume of loan applications may overwhelm SBA's resources and its ability to exercise careful oversight of lending transactions.⁴⁰

In this environment, agencies may not accurately identify all of the risks to program funding, and therefore their internal controls may not adequately protect against fraud and improper payments.⁴¹ For example, in the 2000s and 2010s, some agencies that administered disaster funding

Did not establish internal control plans that fully identify and mitigate programmatic risks. The Additional Supplemental Appropriations for Disaster Relief Requirements Act of 2017 (P.L. 115-72) required each agency that received funds to submit an internal control plan specific to disaster spending. One agency did not submit a plan, one agency's plan did not address the risk of fraud, and another agency's plan was one paragraph—too incomplete to ensure that effective policies were outlined.⁴²
Lacked effective pre-payment verification processes. SBA failed to implement adequate preventive controls to ensure that only eligible borrowers obtained certain emergency loans—the eligibility of nearly 85% of borrowers could not be confirmed in post-payment reviews.⁴³
Did not ensure state and local entities that administer federal emergency programs met federal standards. Some state education agencies that received disaster recovery funding from the Department of Education lacked proper processes to detect fraud.⁴⁴

Throughout the 2010s, GAO issued a series of "priority" recommendations to OMB that would mitigate the risks associated with fraud, improper payments, and internal control weaknesses in emergency programs.⁴⁵ Seven of those priority recommendations remained open in April 2019, just months before the onset of COVID-19.

Improper Payments in Pandemic Programs

The scale of funding provided in response to the pandemic significantly exceeded that of previous federal emergency relief initiatives. Agencies received more than five times as much funding for pandemic relief—$4.6 trillion—than they did under ARRA. Overall, 66 programs received at least $1 billion in pandemic funding, and 173 programs received at least $100 million.⁴⁶ Funding was provided both to new programs that were established as part of the federal response to COVID-19 and to programs that existed prior to the pandemic. The funding for several programs, such as UI, is jointly administered by federal and state agencies. Table 1 shows the largest pandemic spending areas, the federal agency that administers each program, and the amount of funding each program received.

Table 1. Select Pandemic Relief Programs

Program	Administering Agency	Total Funding (Billions)
Economic Impact Payments	Department of the Treasury	$858.6
Business Loan Programs	Small Business Administration	$833.0
Unemployment Insurance	Department of Labor	$701.6
Coronavirus State and Local Fiscal Recovery Fund	Department of the Treasury	$350.0
Public Health and Social Services Emergency Fund	Department of Health and Human Services	$345.7
Education Stabilization Fund	Department of Education	$277.7
Coronavirus Relief Fund	Department of the Treasury	$150.0
Supplemental Nutrition Assistance Program	Department of Agriculture	$121.1
Other Areas (over 300 accounts)	Various	$976.8
Total		$4,614.5

Source: U.S. Government Accountability Office, COVID-19 Relief: Funding and Spending as of January 31, 2023, GAO-23-106647, p. 1, https://www.gao.gov/assets/820/817807.pdf.

Notes: Data are from January 31, 2023.

Federal and state agencies were tasked with getting pandemic funds out quickly while also ensuring that proper safeguards were in place.⁴⁷ Agencies generally disbursed funds rapidly for most pandemic programs.⁴⁸ SBA issued the equivalent of 14 years' worth of lending in 14 days,⁴⁹ for example, and the Internal Revenue Service (IRS) issued 157 million economic impact payments (EIPs) less than two months after the EIP program was established under the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).⁵⁰

In addition to providing funding for relief programs, the CARES Act established the Pandemic Response Accountability Committee (PRAC), a body of 21 IGs that was to play an oversight role similar to that of the Recovery and Accountability Transparency Board. PRAC and the Office of Federal Financial Management within OMB jointly issued an "alert" on using automation and data analytics to reduce payment integrity risks, noting that the pandemic highlighted preexisting issues.⁵¹ The alert also encouraged IGs to make use of a data analytics center established within PRAC a little more than a year after agencies began distributing relief funds, the Pandemic Analytics Center of Excellence (PACE).⁵²

At the outset of the pandemic, many pandemic programs lacked fundamental pre-payment, post-payment, and fraud management controls, and some agencies responded slowly to the need to rectify these weaknesses.⁵³ As a consequence, hundreds of billions of dollars may have been lost to fraud and other improper payments,⁵⁴ including billions to transnational criminal organizations and violent street gangs within the United States.⁵⁵

Lack of Effective Pre-Payment Controls

PIIA requires agencies to establish effective pre-payment controls, including the use of DNP. Several agencies, in order to expedite the disbursal of funds, allowed applicants to self-certify their eligibility for pandemic assistance. For example, under the Emergency Rental Assistance program, Treasury awarded grants to state and local governments, which in turn awarded the funds for rent, utilities, and home energy costs to renters under financial stress. Treasury did not require any documentation from applicants that would verify either that they had rental agreements in place or that they met the financial need criteria for the program. The eligibility information was self-certified.⁵⁶ While allowing self-certification reduced the administrative burden on applicants, it also exposed the program to significant risks of fraud and improper payments.

Similarly, SBA did not verify the information that applicants provided when they sought loans from two of the largest pandemic programs: Economic Injury Disaster Loans (EIDL) and the Paycheck Protection Program (PPP). EIDL offered low-interest loans to small businesses (including nonprofits) to help cover their operating expenses. To qualify for EIDL assistance, a business had to have been operating on or before January 31, 2020—information that the applicant was allowed to self-certify on the application. Similarly, applicants for SBA's PPP loans, which were intended to incentivize businesses to retain their workers, could self-attest that their organizations qualified for assistance. Michael Horowitz, the IG for the Department of Justice and the chair of PRAC, said the lack of verification directly contributed to the $200 billion of estimated fraud in the EIDL and PPP programs:⁵⁷

If you open up the bank window and say, give me your application and just promise me you are who you say you are, you attract a lot of fraudsters, and that's what happened here.⁵⁸

In one example, a fraud ring of 14 individuals submitted 75 applications for PPP loans in 2020.⁵⁹ By providing falsified data, bank records, and tax forms—none of which SBA verified—the ring obtained more than $20 million in assistance.⁶⁰

Many of the state agencies that determine UI eligibility—often called state workforce agencies—allowed UI applicants to self-certify their information for pandemic funds. The CARES Act provided first-time UI benefits to an expanded pool of eligible workers, supplemented the UI benefits of all unemployed workers, and extended the time workers were eligible for unemployment compensation. State agencies were quickly overwhelmed with applications. Initial claims jumped from 282,000 on March 20, 2020, to 57.4 million five months later.⁶¹ According to the DOL IG, state agencies were unprepared to process so many claims and did not initially apply standard internal controls, such as verifying eligibility and identity information before issuing payments.⁶² As a consequence of allowing applicants to self-certify their information, fraudsters stole between $100 billion and $135 billion in UI pandemic funds.⁶³

Pre-payment controls also failed due to inadequate services provided by federal contractors. The Health Resources and Services Administration (HRSA), a component of the Department of Health and Human Services, managed the Uninsured Program, which reimbursed health care providers for provision of COVID-19-related services to uninsured individuals. A contractor was responsible for confirming that a patient did not have insurance prior to reimbursing a provider. The contractor, however, tried to verify a patient's insurance status only when the provider submitted a Social Security Number. If no such number was provided, the contractor automatically issued a payment.⁶⁴ Moreover, the contractor misidentified some patients who did have insurance as being uninsured and paid providers for services that private insurance should have covered.⁶⁵ Due in large part to weaknesses in data quality and pre-payment eligibility assessments, the Uninsured Program issued an estimated $784 million in improper payments, the equivalent of a 19% error rate.⁶⁶

In one instance, an agency issued millions of payments to individuals whom it had identified as deceased.⁶⁷ The CARES Act established a refundable tax credit, the 2020 Recovery Rebates for Individuals program, which provided a refundable tax credit of up to $1,200 for eligible individuals and an additional $500 for each dependent minor in an eligible individual's household. The IRS was authorized to issue advance payments for the tax credit, referred to as EIPs. Four months after the program was established, the IRS had issued 2.2 million EIP payments worth $3.5 billion to individuals whom the IRS knew were deceased.⁶⁸ The IRS initially argued that the payments were proper because the CARES Act did not specify that dead people were ineligible, although it later issued guidance clarifying that deceased individuals did not qualify for EIPs.⁶⁹ In this instance, the agency performed a pre-payment review but interpreted the statute in such a way as to allow millions of improper payments to be issued.

Lack of Effective Post-Payment Controls

Post-payment controls, such as reviewing supporting documentation and payment data, are important tools for detecting and recovering improper payments. They are particularly important for detecting fraud and improper payments in programs that permitted applicants to self-certify identity or eligibility. However, some agencies did not establish and implement effective post-payment controls in a timely manner. For example, the CARES Act, enacted in March 2020, established both the ERA program and the Provider Relief Fund, a HRSA-managed program that reimbursed health care providers for costs associated with diagnosing, testing, or treating COVID-19. Twenty months after the CARES Act was passed, Treasury had issued more than $28 billion under ERA but had not established post-payment procedures to verify the eligibility and accuracy of payments to renters and identify and recover overpayments.⁷⁰ Similarly, by September 2021, HRSA had issued over $132 billion from the Provider Relief Fund but had not developed plans to identify or recover overpayments.⁷¹

State agencies that implemented federal pandemic programs also did not implement effective post-payment controls in some cases. DOL's Employment and Training Administration, which oversees federal funds for UI, issued guidance in May 2020 that specified the post-payment controls states must implement to verify that payments were being made to eligible individuals and to recover overpayments.⁷² Under this guidance, states must (1) verify eligibility information provided by beneficiaries by cross-matching it with employment and income data sources, and (2) recover overpayments through various offset programs.⁷³ The DOL IG determined that non-compliance with this guidance was widespread—40% of state agencies did not perform the required cross-matches and 38% did not attempt to recover overpayments through offset programs.⁷⁴

Related to the recovery of overpayments is the collection of delinquent loans. Agencies commonly attempt to collect loan debts by repossessing the collateral (if any) used for the loan, litigation, or offset programs managed by Treasury.⁷⁵ The Debt Collection Improvement Act of 1996 (P.L. 104-134) requires credit granting agencies to refer delinquent debt to Treasury for collection, unless it would cost more to recover the funds than the amount that would be charged off. SBA managed two of the largest pandemic loan programs, EIDL and PPP, and chose not to pursue collection on delinquent loans under $100,000. SBA justified this decision, in large part, by arguing that it would not be cost effective to attempt to collect on the loans, which the SBA IG estimates to total $1.1 billion for PPP⁷⁶ and as much as $62 billion for EIDL.⁷⁷ The SBA IG argued that the agency's decision was not justified because it did not perform an adequate cost-benefit analysis on collecting debt for either program.⁷⁸

Lack of Fraud Risk Management Controls

Agencies were required to begin implementing the standards and leading practices of the GAO framework in 2016. The lack of progress in subsequent years meant some agencies "were not adequately prepared to prevent fraud when the pandemic began."⁷⁹ This is particularly true for the two agencies with the largest fraud losses: SBA (PPP and EIDL) and DOL (UI). According to auditors, SBA and DOL shared three significant weaknesses in their fraud controls.

Each agency is required to identify or create an office to lead its fraud risk management activities. This entity is meant to oversee and coordinate the agency's fraud risk prevention, detection, and response activities. SBA did not establish its Fraud Risk Management Board until April 2022,⁸⁰ and DOL had not designated an anti-fraud entity by January 2023.⁸¹ It is not clear if DOL has done so since.

Agencies must also perform fraud risk assessments as soon possible to identify vulnerabilities in program operations. These assessments are the basis for developing effective internal controls that mitigate the risk of fraud and improper payments. SBA completed its fraud risk assessments for PPP and EIDL in October 2021, when PPP had already stopped accepting applications and two months before EIDL would follow suit.⁸² As of January 2023, DOL had not performed a fraud risk assessment of the UI program, and it is not clear if it has done so since.⁸³ One important duty of a DOL anti-fraud entity might be to collaborate with state workforce agencies to ensure that states have effective fraud controls in place. The California Employment Development Department was required by state law to review its anti-fraud policies annually, but it had not done so between January 2016 and January 2021.⁸⁴ As a consequence, the agency relied on "uninformed and disjointed techniques" to detect fraud and paid an estimated $10.4 billion to potential fraudsters between March and December of 2020.⁸⁵

The GAO framework requires agencies to outline the specific actions they will take to monitor and manage fraud risks. The most effective strategies emphasize pre-payment controls, but information gained by monitoring all fraud controls can help agencies determine whether those controls are effective and how they may be adjusted to achieve better results. By January 2023, SBA and DOL had both partially completed their anti-fraud strategies.⁸⁶

Non-Compliance with Improper Payments Requirements

PIIA requires agencies to assess all of the programs that they administer to determine if they are susceptible to significant amounts of improper payments. OMB Circular A-123,⁸⁷ which provides guidance to agencies on how to implement PIIA requirements, specifies that for newly established programs an assessment should be performed after the first 12 months of the program. Risk assessments must consider a number of factors, including whether the program is new to an agency or has experienced significant funding changes and the volume of payments the agency must review. Once a program is determined to be at risk, the agency must report a valid improper payment estimate for it, among other requirements.

Because PIIA requirements are not mandatory until 12 months after a program has been established, most agencies did not report on improper payments in new pandemic programs in FY2021.⁸⁸ In FY2022, several agencies performed inadequate risk assessments or reported unreliable improper payments estimates.

At least two agencies were determined to be non-compliant with PIIA in FY2022 because they performed inadequate risk assessments on pandemic assistance programs. SBA, for example, used flawed methodologies to conclude that there was no significant risk of improper payments for the $28.5 billion Restaurant Revitalization Fund (RRF) and the $14.6 billion Shuttered Venues Operator Grant (SVOG) program.⁸⁹ Similarly, the Federal Emergency Management Agency determined that the Funeral Assistance program, which provided billions of dollars to cover burial costs for people who died of COVID-19, was not at risk for significant improper payments, but it did not account for the program's weak internal controls or the volume of claims the agency would need to review.⁹⁰

Several agencies were non-compliant with PIIA requirements in FY2022 for reporting unreliable improper payments estimates for pandemic programs. The improper payments estimate for the Education Stabilization Fund at the Department of Education was inaccurate because the department lacked sufficient documentation to support its classification of sampled payments as improper, unknown, or proper.⁹¹ The Department of Housing and Urban Development reported an unreliable improper payment estimate for the Tenant Based Housing Assistance program because it did not test a wide enough range of payments.⁹² SBA did not use reliable samples for developing improper payment estimates for PPP and EIDL, and so neither program had valid estimates for FY2022.⁹³ Similarly, DOL did not provide a full estimate of improper payments for UI in FY2022, as it did not incorporate samples from all pandemic funding streams.⁹⁴

Additional Consequences of Fraud and Other Improper Payments

As noted, effective internal controls facilitate the objectives of a program by ensuring, among other things, that funds are spent in the manner intended. During the pandemic, federal and state agencies often disbursed funds without appropriate controls in place in order to get assistance out as quickly as possible. Some stakeholders argue that the idea that there is a tradeoff between speed and security "is a false premise."⁹⁵ PRAC Chairman and Justice Department IG David Horowitz argued that agencies should have run verified payments through DNP, as required, and that doing so would not have caused significant delays in issuing funds:

It's a false narrative that has been set out, that there are only two choices. One choice is get the money out right away, and that the only other choice is to spend weeks and months trying to figure out who was entitled to it. [Screening payments would have taken] 24 hours? 48 hours? Would that really have upended the program? I don't think it would have. And it was data sitting there. It didn't get checked.⁹⁶

The lack of effective internal controls not only undermined the effectiveness of pandemic programs but led to outcomes that were contrary to broader federal objectives. Notably, funds that were lost to fraud were not available to support the individuals and businesses that Congress intended. Had the billions in loans intended for businesses not been lost to fraud, for example, fewer stores may have closed and laid off workers. In addition, internal control weaknesses over pandemic programs compromised some agencies' financial statements. SBA received a disclaimer⁹⁷ on its FY2022 financial statements because it could not provide documentation to support transactions and balances for four pandemic programs: PPP, EIDL, RRF, and SVOG.⁹⁸ DOL received a qualified opinion⁹⁹ on its FY2022 financial statements due to concerns with UI pandemic funding accounts.¹⁰⁰

Some pandemic assistance was stolen by domestic street gangs and transnational criminal organizations that used those funds for criminal activity. Members of the Milwaukee street gang called the "Wild 100s" or "Shark Gang" were indicted for fraudulently obtaining pandemic unemployment assistance funds and using the money to purchase firearms, narcotics, jewelry, and vacations and to solicit murder for hire.¹⁰¹ In Shreveport, LA, members of the Step or Die gang were indicted for fraudulently obtaining PPP and EIDL loans,¹⁰² and in Brooklyn, NY, members of the Woo Gang were charged with stealing millions in UI funds.¹⁰³ In 2021, after the fraud scheme had been launched, Woo Gang members posted a music video on YouTube entitled "Trappin" that included the lyrics, "Unemployment got us workin' a lot."¹⁰⁴ By some estimates, foreign crime syndicates—such as those in Russia, China, and Nigeria—stole tens of billions of dollars from pandemic programs.¹⁰⁵ Criminal groups used stolen pandemic funds to further their activities, according to Jeremy Sheridan, former assistant director of the Office of Investigations at the U.S. Secret Service:

These groups are profiting so greatly from these types of schemes, they engage in a host of other crimes. Drug trade, crimes against children, more sophisticated cyber-related fraud. And this money is basically an investment to them to conduct more extensive criminal operations…some of which include crimes that will compromise national security.¹⁰⁶

There may be a cyclical effect to high levels of fraud and criminality: As public awareness of fraud spreads, it may create the perception that relief funds can be easily stolen and therefore make emergency programs a target for further exploitation.¹⁰⁷ Moreover, as the public becomes aware of high levels of fraud, it may lose trust in government in general, and specifically in the government's ability to safeguard taxpayer funds.¹⁰⁸

Considerations for Congress

There are policy options that Congress might wish to consider that may mitigate the risk of fraud and improper payments in federal programs, including emergency spending programs.

Establishing a Central Anti-Fraud Entity

Some agencies have been slow to implement comprehensive, effective anti-fraud controls. Audits of pandemic programs found that, despite the mandate of the FRDAA, "federal agencies did not strategically manage fraud risks in alignment with the GAO framework and were not adequately prepared to prevent fraud when the pandemic began."¹⁰⁹ Some agencies remain vulnerable to fraud: As of August 2023, agencies had 95 open GAO recommendations for better aligning their fraud practices with the leading practices and standards in the Framework, including 25 recommendations for enhancing the use of data analytics to manage fraud risks.¹¹⁰

H.R. 8322, the Strengthening Tools to Obstruct and Prevent Fraud Act of 2022, would have established, among other things, a dedicated anti-fraud office within OMB.¹¹¹ This proposed office, the Federal Real Anti-fraud Unified Directorate (FRAUD), was to coordinate activities related to reducing and preventing fraud and improper payments, including

sharing leading practices and tools with agencies;
providing technical assistance to agencies in implementing the fraud risk management activities of the GAO framework; and
assisting agencies with the collection and use of data, including working to reduce barriers to data sharing.

A central anti-fraud entity might facilitate the implementation of effective fraud controls at federal agencies. By disseminating leading practices and sharing lessons learned across the government, the entity might help agencies be aware of, and prepare for, emerging fraud threats and possibly provide solutions to agencies facing challenges in selecting and implementing appropriate data analysis tools. In addition, GAO has suggested that such an entity might serve as a successor to PACE, assisting IGs with their efforts to assess and identify fraud on a permanent basis.¹¹² If Congress chooses to create a central anti-fraud entity, it may wish to consider where it should be located. H.R. 8322 proposed placing FRAUD within OMB, which issues government-wide guidance on fraud and improper payments. There might also be benefits to placing it within the Council of the Inspectors General on Integrity and Efficiency (CIGIE), an independent entity within the executive branch that is composed of more than two dozen agency IGs and has, as its mission, to "continually identify, review, and discuss areas of weakness and vulnerability in Federal programs with respect to waste, fraud, and abuse."¹¹³ Placing an anti-fraud entity within the CIGIE might ensure that the investigative work of federal IGs is readily incorporated into the entity's guidance and that the entity's data analytics capabilities are supporting IGs' fraud detection efforts.

Require Emergency Spending Internal Control Plans

Congress has, at times, included in disaster funding legislation a requirement for OMB to establish criteria for agencies to follow when developing disaster relief internal control plans. The Disaster Relief Act of 2013 (P.L. 113-2), passed in response to Hurricane Sandy, included such a provision, as did the Additional Supplemental Appropriations for Disaster Relief Requirements Act of 2017 (P.L. 115-72), which provided funding to address the damage caused by a series of hurricanes and wildfires. The objective of having OMB establish criteria for disaster programs is to ensure that agencies establish effective controls for the payment integrity risks of emergency relief programs, some of which are unique, such as the emphasis on expedited disbursal.¹¹⁴ GAO has recommended that Congress require OMB to issue guidance to agencies to develop internal control plans for emergency programs that could be quickly implemented or adapted in response to a future disaster.¹¹⁵ Such a requirement might enable agencies to put into place effective pre-payment and post-payment controls in a more timely manner, thereby potentially reducing fraud and improper payments. The value of OMB's guidance might be limited by how carefully the guidance is drafted. For example, GAO criticized OMB's guidance for implementing internal controls over disaster funding as required by P.L. 115-72, noting that the guidance did not include sufficient direction to ensure that agencies would develop adequate control plans in a timely manner.¹¹⁶

Lowering the PIIA Threshold

H.R. 877, the Preventing Improper Payments Act of 2023, would require any program making more than $100 million in payments in a fiscal year to be deemed susceptible to significant improper payments.¹¹⁷ One issue Congress may wish to consider is whether to lower the threshold for programs subject to PIIA. As noted, 173 programs received at least $100 million in pandemic funding. Not all of these programs, however, were subject to all PIIA requirements. Currently, PIIA reporting and corrective action requirements apply only to programs with estimated improper payments of (1) $10 million when that represents at least 1.5% of program outlays or (2) $100 million. GAO has recommended that all new federal programs making more than $100 million in payments in any one fiscal year be deemed susceptible to significant levels of improper payments.¹¹⁸ New programs may be at an elevated risk level because staff are unfamiliar with program requirements. In addition, agencies have historically not developed and implemented internal controls for new relief programs in a timely manner.¹¹⁹ Such a mandate would potentially identify fraud and improper payments that might otherwise not be discovered under current guidance, thereby expanding the government's understanding of the scope of the problem and potentially reducing financial loss from fraud and overpayments. On the other hand, lowering the threshold might create diminishing returns, as the costs associated with fully implementing PIIA requirements on some new programs might exceed the amount of overpayments prevented and recovered.

Appendix.

Table A-1. Examples of Data Analytic Techniques in Payment Processing

Discerning trends, patterns, anomalies, and exceptions within data to minimize the risk of an improper payment

Technique	Description	Use in Payment Process
Rule-Based Analytics	Uses transaction-level data and seeks to identity transactions that depart from expected procedures or defined rules.	May isolate instances where a transaction departs from expected rules, including those that govern the use of purchase cards, concern procurement (e.g., in excess of a purchase order), and bar applicants who may be on an "excluded parties list," among other examples. For example, if a "rule" is that an incarcerated individual is not eligible for a payment under a benefit program, then a data match can be conducted to determine if the applicant is incarcerated before approving the transaction.
Anomaly Detection	Uses aggregated transaction data and "unsupervised modeling" (may also be called unsupervised learning or unsupervised machine learning) to identify outliers, or abnormal, non-conforming patterns in the data. Outliers are identified through analytic comparisons to "peer groups" based on unknown patterns in the data among suspected common and individual fraudsters.	May allow an agency to quickly review a large dataset with transaction data and identity outliers within that dataset that can then be "flagged" and further reviewed.
Network/Link Analytics	Identifies patterns within social networks, among associations, and commonalities between individuals to detect possible fraud schemes that would not be suspicious based on individual data alone.	May assist in detecting relational links between potential fraudsters and uncovering organized fraud. For example, an individual may not be suspicious based on their information alone, yet suspicion may arise when their information is linked or connected to others through a set of commonalities and associated attributes, revealing potential schemes that may have otherwise gone unnoticed.
Predictive Analytics	Uses known improper payment patterns (from analysis of past data) to infer that a potential payment features such patterns.	May be used to automatically reject the processing of a payment when a number of known fraud or improper payment characteristics are present. May be most effective when the model is developed after a program evolves through "more standard," cost-effective capabilities.
Text Analytics	Uses natural language processing (NLP) to parse a sequence of text or words and identifies patterns, such as sentiments, or other indicators, such as keywords, that may be suggestive of an improper payment.	May be used to review large amounts of text-based data. For example, the Office of the Inspector General (OIG) for the Small Business Administration (SBA) used NLP to identify potential fraud from information provided in phone calls made to its fraud, waste, and abuse complaint hotline.

Footnotes

1.	There were six pandemic funding bills: the Coronavirus Preparedness and Response Supplemental Appropriations Act of 2020 (P.L. 116-123); Families First Coronavirus Response Act of 2020 (P.L. 116-127); Coronavirus Aid, Relief, and Economic Security Act of 2020 (P.L. 116-136); Paycheck Protection Program and Health Care Enhancement Act of 2020 (P.L. 116-139); Supplemental Appropriations Act of 2021, div. M and N (P.L. 116-260); and the American Rescue Plan Act of 2021 (P.L. 117-2).
2.	U.S. Government Accountability Office, COVID-19 Relief: Funding and Spending as of January 31, 2023, GAO-23-106647, p. 1, https://www.gao.gov/assets/820/817807.pdf.
3.	USASpending.gov, "The Federal Response to COVID-19," https://www.usaspending.gov/disaster/covid-19.
4.	U.S. Centers for Disease Control and Prevention, "End of the Federal COVID-19 Public Health Emergency (PHE) Declaration," September 2023, https://www.cdc.gov/coronavirus/2019-ncov/your-health/end-of-phe.html.
5.	Pandemic Response Accountability Committee, "Total Funding Data for All Agencies," https://www.pandemicoversight.gov/data-interactive-tools/agencies.
6.	PIIA requirements are incorporated into OMB Circular No. A-123, Appendix C, Requirements for Payment Integrity Improvement.
7.	Internal controls are the policies and procedures that an agency follows to achieve an objective, such as ensuring that program funds are used as intended.
8.	An improper payment is a payment that should not have been made or was made in the wrong amount.
9.	PIIA defines "significant" improper payments as an amount equal to either (1) $10 million and 1.5% of program outlays or (2) $100 million.
10.	U.S. Government Accountability Office, A Framework for Managing Improper Payments in Emergency Assistance Programs, GAO-23-105876, July 2023, p. 27, https://www.gao.gov/assets/830/827993.pdf.
11.	GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP, pp. 6-7, https://www.gao.gov/assets/gao-15-593sp.pdf.
12.	This section was authored by Natalie Ortiz, Analyst in Government Organization and Management.
13.	GAO, Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO-04-548, May 27, 2004, pp. 38-39, https://www.gao.gov/assets/gao-04-548.pdf. See also GAO, "Big Data 101: Using Large-Scale Data Mining to Find Fraud," https://www.gao.gov/blog/2015/03/10/big-data-101-using-large-scale-data-mining-to-find-fraud, March 10, 2015; and GAO, Data Analytics for Oversight and Law Enforcement, GAO-13-680SP, July 2013, https://www.gao.gov/assets/gao-13-680sp.pdf.
14.	Chief Financial Officers Council and U.S. Department of the Treasury, Bureau of the Fiscal Service, Program Integrity: The Antifraud Playbook, October 17, 2018, p. 41, https://www.cfo.gov/assets/files/Interactive-Treasury-Playbook.pdf.
15.	Darrell M. West, "Using AI and Machine Learning to Reduce Government Fraud," Brookings Institution, September 10, 2021, https://www.brookings.edu/articles/using-ai-and-machine-learning-to-reduce-government-fraud/.
16.	GAO, Medicare Fraud Prevention: CMS Has Implemented a Predictive Analytics System, but Needs to Define Measures to Determine Its Effectiveness, GAO-13-104, October 2012, https://www.gao.gov/assets/gao-13-104.pdf.
17.	For more information, see CRS Report R47325, Computer Matching and Privacy Protection Act: Data Integration and Individual Rights, by Natalie R. Ortiz, pp. 1, 7.
18.	A matching program is defined as any computerized comparison of two or more automated systems of records or a system of records with nonfederal records for the purposes of (1) establishing or verifying the eligibility of, or continuing compliance with statutory and regulatory requirements by, applicants for, beneficiaries of, participants in, or providers of services under federal benefit programs that provide cash or in-kind assistance or payments; or (2) recouping payments or delinquent debts under such federal benefit programs (5 U.S.C. §552a(a)(8)(A)(i)). A matching program may also be any computerized comparison of two or more automated federal personnel or payroll systems of records or a system of federal personnel or payroll records with nonfederal records (5 U.S.C. §552a(a)(8)(A)(ii)). For more on matching programs and the CMPPA, see CRS Report R47325, Computer Matching and Privacy Protection Act: Data Integration and Individual Rights, by Natalie R. Ortiz.
19.	U.S. Congress, House Committee on Ways and Means, Subcommittee on Human Resources, On the Use of Data Matching to Improve Customer Service, Program Integrity, and Taxpayer Savings, committee print, 112^th Cong., 1^st sess., March 11, 2011, Serial 112-HR2, pp. 63, 70; GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP, July 2015, p. 7, https://www.gao.gov/assets/gao-15-593sp.pdf.
20.	31 U.S.C. §3354(d).
21.	Office of Management and Budget, Transmittal of Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement, M-21-19, March 5, 2021, p. 32, https://www.whitehouse.gov/wp-content/uploads/2021/03/M-21-19.pdf.
22.	The requirement for a matching agreement, including the content it is to specify, is enumerated in Title 5, Section 552a(o), of the U.S. Code. These requirements can be waived under Title 31, Section 3354(b)(3)(B)(i), of the U.S. Code.
23.	OMB, M-21-19, p. 28.
24.	OMB, M-21-19, p. 35.
25.	OMB, M-21-19, p. 2.
26.	OMB, M-21-19, pp. 2, 6.
27.	Testimony of Pandemic Response Accountability Committee Chair Michael E. Horowitz, in U.S. Congress, House Committee on Oversight and Reform, Examining Federal Efforts to Prevent, Detect, and Prosecute Pandemic Relief Fraud and Safeguard Funds for All Eligible Americans, 117^th Cong., 2^nd sess., June 14, 2022, H.Hrg. 117-86, https://www.govinfo.gov/content/pkg/CHRG-117hhrg47805/pdf/CHRG-117hhrg47805.pdf.
28.	GAO, Federal Data Transparency: Opportunities Remain to Incorporate Recovery Act Lessons Learned, GAO-13-871T, September 13, 2013, pp. 5-6, https://www.gao.gov/assets/gao-13-871t.pdf.
29.	GAO, Federal Spending Accountability: Preserving Capabilities of Recovery Operations Center Could Help Sustain Oversight of Federal Expenditures, GAO-15-814, September 2015, p. 21, https://www.gao.gov/assets/gao-15-814.pdf.
30.	GAO, Payment Integrity: Federal Agencies' Estimates of FY2019 Improper Payments, GAO-20-344, March 2020, p. 4, https://www.gao.gov/assets/gao-20-344.pdf.
31.	GAO, Payment Integrity, p. 14; GAO, Additional Guidance Could Provide More Consistent Compliance Determinations and Reporting by Inspectors General, GAO-17-484, May 2017, p. 8, https://www.gao.gov/assets/gao-17-484.pdf.
32.	U.S. Department of Labor, Office of Inspector General, Investigative Advisory Report: Weaknesses Contributing to Fraud in the Unemployment Insurance Program, July 2015, p. 13, https://www.oig.dol.gov/public/Press%20Releases/UI%20Program%20Letter%2050-15-001-03-315.pdf.
33.	GAO, Payment Integrity, p. 11.
34.	U.S. Department of Defense, Office of Inspector General, Audit of the Department of Defense's FY2022 Compliance with Payment Integrity Information Act Requirements, May 2023, p. 8, https://media.defense.gov/2023/May/23/2003227925/-1/-1/1/DODIG-2023-075.PDF.
35.	Testimony of Department of Labor Inspector General Larry D. Turner, in U.S. Congress, Senate Committee on Homeland Security and Governmental Affairs, Reducing Fraud and Expanding Access to COVID-19 Relief through Effective Oversight, 117^th Cong., 2^nd sess., March 17, 2022, S.Hrg. 117-564, https://www.hsgac.senate.gov/wp-content/uploads/imo/media/doc/Testimony-Turner-2022-03-17-REVISED.pdf.
36.	GAO, Head Start: Action Needed to Enhance Program Oversight and Mitigate Significant Fraud and Improper Payment Risks, GAO-19-519, September 2019, p. 25, https://www.gao.gov/assets/gao-19-519.pdf.
37.	GAO, Emergency Relief Funds: Significant Improvements are Needed to Address Fraud and Improper Payments, GAO-23-106556, February 2023, p. ii, https://www.gao.gov/assets/gao-23-106556.pdf.
38.	GAO, Catastrophic Disasters: Enhanced Leadership, Capabilities, and Accountability Controls Will Improve the Effectiveness of the Nation's Preparedness, Response, and Recovery Systems, GAO-06-618, September 2006, p. 8, https://www.gao.gov/assets/gao-06-618.pdf.
39.	GAO, Catastrophic Disasters.
40.	U.S. Small Business Administration, Office of Inspector General (SBA OIG), Semiannual Report to Congress: April 1, 2018 to September 30, 2018, October 2018, p. 11, https://www.oversight.gov/sites/default/files/oig-sa-reports/archive/17418/SBA-OIG-Fall-2018-Semiannual-Report.pdf.
41.	GAO, Hurricane Sandy Relief: Improved Guidance on Designing Internal Control Plans Could Enhance Oversight of Disaster Funding, GAO-14-58, November 2013, pp. 21-22, https://www.gao.gov/assets/gao-14-58.pdf.
42.	42 GAO, 2017 Disaster Relief Oversight: Strategy Needed to Ensure Agencies' Internal Control Plans Provide Sufficient Information, GAO-19-479, June 2019, pp. 9-17, https://www.gao.gov/assets/gao-19-479.pdf.
43.	SBA OIG, White Paper: Risk Awareness and Lessons Learned from Prior Audits of Economic Stimulus Loans, April 2020, p. 4, https://www.sba.gov/sites/sbagov/files/2020-04/SBA_OIG_WhitePaper_20-11_508.pdf.
44.	U.S. Department of Education, FY2019 Agency Financial Report, November 2019, p. 109, https://www2.ed.gov/about/reports/annual/2019report/agency-financial-report.pdf.
45.	GAO, Priority Open Recommendations, GAO-19-323SP, April 2019, pp. 4-5, https://www.gao.gov/assets/700/698787.pdf.
46.	Pandemic Response Accountability Committee, "Program Funding Data," https://www.pandemicoversight.gov/data-interactive-tools/programs.
47.	GAO, Emergency Relief Funds: Significant Improvements Are Needed to Ensure Transparency and Accountability for COVID-19 and Beyond, GAO-22-105715, March 2022, p. 1, https://www.gao.gov/products/gao-22-105715.
48.	GAO-22-105715, p. 19.
49.	SBA OIG, COVID-19 Pandemic EIDL and PPP Loan Fraud Landscape, June 2023, p. 3, https://www.sba.gov/sites/sbagov/files/2023-06/SBA%20OIG%20Report%2023-09.pdf. For more information about SBA pandemic programs, see CRS Report R47694, SBA as a Vehicle for Crisis Relief: Lessons from the COVID-19 Pandemic, coordinated by Adam G. Levin.
50.	Treasury Inspector General for Tax Administration, Implementation of Economic Impact Payments, May 2021, p. i, https://www.oversight.gov/sites/default/files/oig-reports/TIGTA/202146034fr.pdf.
51.	OMB and PRAC, "Payment Integrity Alert: The Use of Automation and Data Analytics," July 21, 2021, p. 1, https://www.pandemicoversight.gov/media/file/joint-payment-integrity-alert-use-automation-and-data-analytics-omb-and-prac. OMB and PRAC note that the alert is not official guidance nor does it establish any requirement on an agency to undertake specific activities "beyond consideration of appropriate steps to address ongoing or future issues related to payment integrity."
52.	OMB and PRAC, Payment Integrity Alert.
53.	PRAC, Lessons Learned in Oversight of Pandemic Relief Funds, June 2022, pp. 4-8, https://www.pandemicoversight.gov/media/file/prac-lessons-learned-update-june-2022pdf.
54.	SBA OIG, COVID-19 Pandemic EIDL and PPP Loan Fraud Landscape, p. 8; GAO, Unemployment Insurance, Estimated Amount of Fraud during Pandemic Likely Between $100 Billion and $135 Billion, GAO-23-106696, September 2023, p. 8, https://www.gao.gov/assets/870/861289.pdf.
55.	Testimony of Grant Thornton Principal Lina Miller, in U.S. Congress, House Committee on Oversight and Reform, Following the Money: Tackling Improper Payments, 117^th Cong., 2^nd sess., March 31, 2022, H.Hrg. 117-75, https://www.govinfo.gov/content/pkg/CHRG-117hhrg47264/pdf/CHRG-117hhrg47264.pdf.
56.	GAO, Emergency Rental Assistance: Additional Grantee Monitoring Needed to Manage Known Risks, GAO-22-105490, p. 5, https://www.gao.gov/assets/gao-22-105490.pdf.
57.	SBA OIG, COVID-19 Pandemic EIDL and PPP Loan Fraud Landscape, p. 8.
58.	Associated Press, "The Great Grift: How billions in COVID-19 relief aid was stolen or wasted," June 12, 2023, https://www.cbsnews.com/philadelphia/news/the-great-grift-five-things-to-know-about-how-covid-19-relief-aid-was-stolen-or-wasted-3/.
59.	U.S. Department of Justice, Office of Public Affairs, "Leader of $20M COVID-19 Relief Fraud Ring Sentenced to 15 Years," October 2023, https://www.justice.gov/opa/pr/leader-20m-covid-19-relief-fraud-ring-sentenced-15-years.
60.	Ibid.
61.	Turner, Reducing Fraud and Expanding Access to COVID-19 Relief through Effective Oversight, p. 5.
62.	Turner, Reducing Fraud and Expanding Access to COVID-19 Relief through Effective Oversight, p. 3.
63.	GAO, Unemployment Insurance, p. 17.
64.	U.S. Department of Health and Human Services, Office of Inspector General, HRSA Made COVID-19 Uninsured Program Payments to Providers on Behalf of Individuals Who Had Health Insurance Coverage and for Services Unrelated to COVID-19, A-02-21-01013, July 2023, p. 9, https://oig.hhs.gov/oas/reports/region2/22101013.pdf.
65.	Ibid., p. 10.
66.	Ibid., p. 7.
67.	Treasury Inspector General for Tax Administration, Implementation of Economic Impact Payments. p. 5.
68.	Treasury Inspector General for Tax Administration, Implementation of Economic Impact Payments, p. 5.
69.	Treasury Inspector General for Tax Administration, Implementation of Economic Impact Payments, pp. 5-6.
70.	GAO, COVID-19: Significant Improvements Are Needed for Overseeing Relief Funds and Leading Responses to Public Health Emergencies, GAO-22-105291, p. 3, https://www.gao.gov/assets/gao-22-105291.pdf.
71.	GAO, COVID-19: Additional Actions are Needed to Improve Accountability and Program Effectiveness of Federal Response, GAO-22-105051, October 2021, p. 3, https://www.gao.gov/assets/gao-22-105051.pdf.
72.	DOL OIG, COVID-19: States Struggled to Implement CARES Act Unemployment Insurance Programs, May 2021, p. 8, https://www.oig.dol.gov/public/reports/oa/2021/19-21-004-03-315.pdf.
73.	DOL OIG, COVID-19, p. 9.
74.	DOL OIG, COIVD-19, pp. 8-10.
75.	SBA OIG, Ending Active Collections on Delinquent COVID-19 Economic Injury Disaster Loans, September 2023, p. 1, https://www.sba.gov/sites/sbagov/files/2023-09/SBA%20OIG%20Report%2023-16.pdf.
76.	SBA OIG, SBA's Guaranty Purchases for Paycheck Protection Program Loans, September 2023, p. 2, https://www.sba.gov/sites/sbagov/files/2022-09/SBA%20OIG%20Report%2022-25.pdf.
77.	SBA OIG, Ending Active Collections on Delinquent COVID-19 Economic Injury Disaster Loans, p. 7.
78.	SBA OIG, Ending Active Collections, pp. 3-4. SBA's Guaranty Purchases for Paycheck Protection Program Loans, p. 4.
79.	GAO, COVID-19: Key Elements of Fraud Schemes and Actions to Better Prevent Fraud, GAO-24-107122, October 2023, p. 12, https://www.gao.gov/assets/d24107122.pdf.
80.	SBA, "Administrator Guzman Announces Expanded Efforts to Aggressively Crack Down on Bad Actors and Prevent Fraud in Programs," press release, April 1, 2022, https://www.sba.gov/article/2022/apr/01/administrator-guzman-announces-expanded-efforts-aggressively-crack-down-bad-actors-prevent-fraud.
81.	GAO-22-105715, pp. 15-16.
82.	GAO-22-105715, p. 15.
83.	GAO-22-105715, p. 16.
84.	California State Auditor, Employment Development Department: Significant Weaknesses in EDD's Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments, January 2021, pp. 9, 37, https://www.auditor.ca.gov/pdfs/reports/2020-628.2.pdf.
85.	California State Auditor, Employment Development Department, p. 33.
86.	GAO-22-105715, pp. 15-16.
87.	OMB M-21-19, p. 16.
88.	GAO-22-105715, p. 25.
89.	SBA OIG, Independent Auditor's Report on SBA's Fiscal Year 2022 Compliance with the Payment Integrity Information Act of 2019, May 2023, pp. 3-5, https://www.sba.gov/sites/sbagov/files/2023-05/SBA%20OIG%20Report%2023-07.pdf.
90.	U.S. Department of Homeland Security, Office of Inspector General, DHS' Fiscal Year 2022 Compliance with the Payment Integrity Information Act of 2019, May 2023, p. 24, https://www.oig.dhs.gov/sites/default/files/assets/2023-05/OIG-23-25-May23.pdf.
91.	U.S. Department of Education, Office of Inspector General, U.S. Department of Education's Compliance with Payment Integrity Information Reporting Requirements for FY2022, July 2023, pp. 19-24, https://oig.ed.gov/sites/default/files/reports/2023-08/Final-Audit-Report-Department-Education-PIIA-FY-2022-A23NY0119-508-compliant.pdf.
92.	U.S. Department of Housing and Urban Development, Office of Inspector General, Compliance with Payment Integrity Information Act of 2019, June 2022, p. 7, https://www.hudoig.gov/sites/default/files/2022-06/2022-FO-0005.pdf.
93.	SBA OIG, Independent Auditor's Report on SBA's Fiscal Year 2022 Compliance with the Payment Integrity Information Act of 2019, p. 2.
94.	DOL OIG, The U.S. Department of Labor Did Not Meet the Requirements for Compliance with the Payment Integrity Information Act for FY 2022, June 2023, p. 8, https://www.oig.dol.gov/public/reports/oa/2023/22-23-006-13-001.pdf.
95.	NBC News, "Biggest Fraud in a Generation: The Looting of the Covid Relief Plan Known as PPP," Ken Dilanian and Laura Strickler, March 28, 2022, https://www.nbcnews.com/politics/justice-department/biggest-fraud-generation-looting-covid-relief-program-known-ppp-n1279664.
96.	Associated Press, "The Great Grift."
97.	A disclaimer is when an auditor concludes that it cannot reach an opinion on an entity's financial statements.
98.	SBA OIG, Independent Auditor's Report on Fiscal Year 2022 Financial Statements, November 2023, p. 1, https://www.sba.gov/sites/sbagov/files/2023-11/SBA%20OIG%20Report%2024-03.pdf.
99.	A qualified opinion is when an auditor concludes that it cannot reach an opinion because misstatements may be material but not necessarily pervasive.
100.	DOL OIG, FY2022 Independent Auditor's Report on the Department of Labor's Consolidated Financial Statements, December 2022, pp. 29-30, https://www.oversight.gov/sites/default/files/oig-reports/DOL/22-23-002-13-001-FY-2022-Independent-Auditorson-DOLs-Consolidated-Financial-Statements.pdf.
101.	U.S. Department of Justice, Eastern District of Wisconsin, "Thirty Individuals Associated with Milwaukee Street Gang Charged with Federal Offenses Ranging from Fraud to Murder for Hire," press release, May 10, 2023, https://www.justice.gov/usao-edwi/pr/thirty-individuals-associated-milwaukee-street-gang-charged-federal-offenses-ranging.
102.	U.S. Department of Justice, Western District of Louisiana, "U.S. Attorney Brandon B. Brown Announces Indictment of 24 Individuals Associated with Shreveport Gang on Charges Related to CARES Act Fraud Scheme," press release, July 18, 2023, https://www.justice.gov/usao-wdla/pr/us-attorney-brandon-b-brown-announces-indictment-24-individuals-associated-shreveport.
103.	U.S. Department of Justice, "11 Members and Associates of Brooklyn-Based Woo Gang Charged with Mult-Million Dollar COVID-19 Unemployment Insurance Fraud," press release, February 17, 2022, https://www.justice.gov/usao-edny/pr/11-members-and-associates-brooklyn-based-woo-gang-charged-multi-million-dollar-covid-19.
104.	Ibid.
105.	Testimony of Grant Thornton Principal Lina Miller, in U.S. Congress, House Committee on Oversight and Reform, Following the Money: Tackling Improper Payments, 117^th Cong., 2^nd sess., March 31, 2022, H.Hrg. 117-75, https://www.govinfo.gov/content/pkg/CHRG-117hhrg47264/pdf/CHRG-117hhrg47264.pdf.
106.	Ken Dilanian, Kit Ramgopal, and Chloe Atkins, "Easy Money: How International Scam Artists Pulled Off an Epic Theft of COVID Benefits," NBC News, August 15, 2021, https://www.nbcnews.com/news/us-news/easy-money-how-international-scam-artists-pulled-epic-theft-covid-n1276789.
107.	GAO-22-105715, p. 11.
108.	GAO-22-105715, p. 11.
109.	GAO, COVID-19: Insights and Actions for Fraud Prevention, GAO-24-107157, November 2024, p. 5, https://www.gao.gov/assets/d24107157.pdf.
110.	GAO, COVID-19, p. 14.
111.	H.R. 8322 was introduced on July 11, 2022, and referred the same day to the House Committee on Oversight and Reform. It was ordered to be reported in the nature of a substitute on July 20, 2023. No further action was taken.
112.	GAO-22-105715, p. 33.
113.	CIGIE, "Mission," https://www.ignet.gov/content/mission-0.
114.	GAO, Hurricane Sandy Relief, pp. 5-6.
115.	GAO, Fraud Risk Management: Key Areas for Federal Agency and Congressional Action, GAO-23-106567, April 2023, p. 26, https://www.gao.gov/assets/gao-23-106567.pdf.
116.	GAO, 2017 Disaster Relief Oversight, p. 18.
117.	H.R. 877 was introduced on February 8, 2023, and referred the same day to the House Committee on Oversight and Accountability. No further action has been taken as of the date of this report.
118.	GAO-22-105715, p. 45.
119.	GAO-22-105715, p. 17.

Improper Payments in Pandemic Assistance Programs

Contents

Tables

Appendixes

Footnotes