A report (R47902) issued on January 19, 2024 by the Congressional Research Service describes improper payments made in Pandemic Assistance Programs. Congress provided approximately $4.6 trillion to individuals, businesses, and state and local governments to mitigate the impact of the COVID-19 pandemic on the nation’s health system and economy. The federal agencies that administer those funds are subject to the Payment Integrity Information Act (PIIA, P.L. 116-117), which requires them to develop and implement internal controls that prevent and detect fraud and other improper payments. One requirement is agencies must verify the identities and eligibility of individuals and organizations seeking pandemic funding prior to issuing payments, by specifically accessing the Department of the Treasury’s Do Not Pay (DNP) resource.  

PIIA also requires agencies to implement the fraud control principles and leading practices outlined in A Framework for Managing Fraud Risks in Federal Programs, which was published by the Government Accountability Office (GAO) in 2015. The leading practices include performing timely program risk assessments, maximizing the use of data analytics to prevent and identify fraud, and establishing an office within each agency that leads its anti-fraud efforts. PIIA also mandates that agencies determine the risk of significant improper payments associated with each program, estimate the amount of improper payments for each risk-susceptible program, and publicly report those estimates and other improper payments information.  

Audits of pandemic programs have found that many agencies did not meet PIIA requirements, resulting in hundreds of billions of dollars in fraud and other improper payments. Among the most widespread weaknesses in pandemic programs was the lack of effective pre-payment controls. Several agencies allowed businesses and individuals to self-certify their information, meaning the agencies did not verify the identities or eligibility of applicants through DNP or other means prior to issuing payments. Similarly, many state agencies that administered federal pandemic funds, such as with the Unemployment Insurance program, did not conduct pre-payment verification of claimants. Some agencies also did not implement effective post-payment controls, such as reviewing documentation to verify that payments had been made to eligible entities for covered costs or establishing procedures to recover overpayments.  

Several agencies that administered some of the largest pandemic programs did not meet the anti-fraud standards of the framework. Among the most common weaknesses were a lack of timely fraud risk assessments and the absence of a dedicated anti-fraud entity within the agency. The consequences of large-scale fraud extend beyond the loss of funds. American businesses and individuals who were eligible for loans or benefits were unable to obtain assistance because the programs ran out of funding. Moving forward, consistent with H.R. 8322 from the 117th Congress, legislation might be introduced that would establish a central anti-fraud entity to share leading practices and oversee implementation of cutting-edge data analytic tools across the government.