In response to the COVID-19 pandemic, the U.S. Government provided $5 trillion in aid through 17 different relief programs,1 including unemployment, housing assistance, and small business loans. Government agencies were tasked to distribute unprecedented amounts of funds within record timeframes. Extremely tight deadlines driven by the enormous need for funds, topped with limited infrastructure and resources to monitor the distribution of such magnitude, created an environment for exceptional risks of potential fraud and improper payments. The Office of the Inspector General estimated 18% of unemployment payments, totaling approximately $163 billion were paid improperly, and the Small Business Administration estimated that 4.24% of the Paycheck Protection Program (PPP) payments and 4.50% of the Economic Injury Disaster Loan (EIDL) payments were paid improperly. Improper payments totaled approximately $36.7 billion. As of August 2023, the federal government announced the seizure of more than $1.4 billion in COVID-19 relief funds and had filed fraud-related criminal charges against more than 3,000 defendants.2
The challenges government agencies faced with distribution of COVID relief funds highlighted the importance of strong internal controls to facilitate payment distribution while maintaining program integrity. Investing in well-designed technology-driven fraud risk management will help with both the speed and integrity of application processing and funds disbursements.
Addressing Vulnerabilities throughout the Benefit Program Lifecycle
Incorporating Fraud Risk Management (FRM) into the Program Design
The constantly changing landscape of fraud frequently places the government in a vulnerable and undesirable position to "chase" fraudulent activity. To stay a step ahead of fraudsters, government agencies must understand their unique risks and vulnerabilities, as well as emerging fraud schemes and trends. Conducting a fraud risk assessment (FRA) as the first step of the program design phase will help them do so. The results of the FRA will lay out the foundation for the FRM strategy, understanding the existing controls environment and identifying highest potential risks and vulnerabilities.
Effective FRM requires a delicate balance between working with expediency and protecting the program against potential bad actors. The prevailing approach to FRM often introduces complexity and potentially amplifies vulnerabilities. These vulnerabilities stem from a misconception that effective FRM necessitates extensive information, documentation, and review time. A more streamlined and efficient process can be established by incorporating a simplified data collection process, data supplementation, and the integration of automated fraud risk features from the outset. By adopting this strategic approach, resources can be directed toward cases presenting higher risks, resulting in enhanced efficiency throughout the review process.3
Administering the Program: Key Strategies and Measures
Administering a successful financial assistance program requires careful allocation of the limited available time and resources to address critical program components. Focusing on the following key areas may help streamline the program execution processes while effectively managing fraud risks.
- Communications Hub — A dedicated call center plays an essential role in responding to whistleblowers and individuals possessing information pertinent to fraudulent activities. A proactive outreach campaign can also be used to impart clarity regarding eligibility requirements to prospective applicants and to deter potential fraudulent actors.
- Application Intake and Processing — Application intake and review processing serves two primary objectives: confirmation of applicant identity and verification of eligibility. It does not mean, however, that the application process needs to be cumbersome. Examples of an efficient application process include collection of necessary information and documentation, automated data supplementation and validation, streamlined verification procedures, and application of advanced data analytics to flag suspicious applications for additional review.
- Advanced Data Analytics — By harnessing the power of data analytics, organizations can better prevent, detect, and mitigate fraudulent activities. The following tools are indispensable for maintaining the trust and sustainability of financial assistance programs.
a. Advanced Querying
Advanced querying techniques allows one to sift through vast amounts of data quickly and extract valuable insights. For example, queries can be conducted on known high-risk data points such as disposable email domains,4 out-of-country IP addresses, or personal identifiable information used across known fraudulent applications. These queries can also be used to cross-reference data against external sources, such as enforcement announcements, watchlists, or relevant public records or law enforcement databases.
b. Network Analysis
Network analysis refers to the identification of groups (networks), (i.e. applications) that are connected by one or more data points. Data points can come from several sources, such as contact information, location data, tax IDs and even shared documents. By analyzing networks of beneficiaries or applicants, possible collusion patterns can be detected that might not be apparent through other methods.
c. Anomaly Detection
Anomaly detection refers to the analysis of behaviors and patterns to identify deviations from an expected behavior to determine which applications require further investigation. Anomalies can be found by comparing groups of applications to one another and identifying the applications that are statistically different from the rest.
d. Machine Learning
Leveraging historical investigation results, machine learning models can be built to learn about fraud trends and typologies. These models can then be applied to new or unreviewed applications to determine their probability of being fraudulent and as such prioritized for review.
- Case Management — A well-designed case management system facilitates the intake, tracking, processing, and disposition of applications. It also allows to upload and store all relevant documentation. Such a system can include data enrichment capabilities and pre-designed automated flags to identify applications with indicia of potential fraud. A structured case management system provides an environment for potential fraud cases to be thoroughly examined, documented, and managed from inception to resolution. A robust audit log containing a detailed record of the application lifecycle serves as a cornerstone in maintaining transparency, accountability, and consistency in handling program operations that are often subject to agency oversight.
- Payment — Disbursing financial assistance to eligible recipients while safeguarding program funds demands a focus on payment verification and security. Using electronic funds transfers achieves that goal while also assisting the recoupment process, when necessary. While checks have often been used as one of the widely accepted forms of payment, check fraud has been on the rise, beginning with the pandemic, which prompted the Financial Crimes Enforcement Network (FinCEN) to issue an alert in February 2023 to warn against the nationwide surge in check fraud schemes targeting the US mail.5 In 2022, banks issued approximately 680,000 reports of check fraud to the FinCEN, a remarkable leap from the 350,000 reports in 2021. In addition, the U.S. Postal Inspection Service reported approximately 300,000 complaints of mail theft, which was more than double the previous year’s total.6
How Guidehouse Can Help
Guidehouse has extensive experience helping organizations develop and implement strategic fraud risk management programs, including:
- Completing fraud and improper payment risk assessments to identify gaps and evaluate risk posture
- Building customized data analysis and machine learning-driven risk scoring tools
- Conducting investigations to determine the facts, analyze the root cause of the misconduct, identify control breakdowns, and deploy remediation measures if potential fraud is identified or suspected
- Performing governance reviews and implementation (policies, procedures, accountability and oversight, training for tone at the top, and skills assessments)