Q&A: Mitigating fraud in COVID-19 assistance programs and other government relief efforts

The many programs set up by the federal government and state and local entities to provide relief to people and businesses amid the COVID-19 pandemic have been the targets of an overwhelming amount of fraud attempts. In this Q&A, members of CohnReznick’s Government team talk about this fraud and what steps recipients can take to protect their funding, both from current and potential future rounds of COVID-19 relief and any other instances of government aid.

This made me wonder, what can be done to mitigate the risk of fraud in future COVID-19 assistance programs, and other relief efforts? Joining me today to help answer this question are my colleagues Nick Atiee, Rochell Cottingham, Ron Frazier, and Shih-Hsien Yang.

My first question is for Rochell Cottingham. Rochell has over 25 years of experience in the areas of audit, compliance, performance monitoring, quality assurance, fraud prevention and detection, risk management, system development, and project management. This year, Rochell led several teams performing integrity oversight and compliance monitoring services for COVID-19 economic relief programs funded by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, the Consolidated Appropriations Act, and the American Rescue Plan Act (ARPA) of 2021.

Rochell, I recently read an article in the Washington Post that discussed the overwhelming amount of fraud occurring in various federal and state programs that were created by Congress’ $6 trillion in emergency coronavirus spending. We know our nation’s policymakers intended the funding to be disbursed quickly to rescue the U.S. economy from a potential depression. However, now there is evidence that fraud is rampant.

Based on what you and your team have seen, what advice would you have for a state agency that is developing its programmatic policies and procedures? What can they do to curb fraud, waste, and abuse of funds before a program is well underway?

Given these challenges and the desire to develop effective programmatic policies and procedures, the recommendation is always to take the necessary time on the front end to understand the needs of the program, evaluate program design options, and incorporate necessary controls. Dedicating time early on to implementing effective, efficient design elements and controls will pay off in the long run. Designing effective controls should also include evaluating the fraud risks associated with program design decisions, such as the use of attestations, the types of documents accepted, and use of third-party verification. How much risk is management willing to accept? If some design decisions increase program exposure, compensating controls should be considered.

A final piece is to incorporate anti-fraud measures and a process for continually assessing risks and performance over the program lifecycle. Policy and operational components often change over time, so as programs change, risks may also change, and they should be evaluated and responded to. Additionally, fraud schemes may change as parties become more familiar with program operations, so anti-fraud measures should also be reassessed regularly, and should be flexible enough to respond to new schemes as they materialize.

Ray: My next question is for Nick Atiee. Nick has over eight years of experience working with government clients, providing federal grants management, project management, and compliance monitoring services. Most recently, Nick helped the State of Texas administer its Emergency Rental Assistance Program, where well over $50 million in potentially fraudulent claims were identified and prevented.

Nick, what should implementers of economic relief programs do to make sure they are mitigating their exposure to fraud, waste, and abuse of funds once program implementation has commenced? In other words, what should program administrators be doing once the program is up and running and funds are being disbursed to participants?

During the program design phase, program administrators must assess the risks specific to their program, identify which processes and stakeholders contribute to each, and then determine unique indicators of each identified risk. It is so important to categorize the severity of each indicator and fraud risk. We help our clients review risks to determine if the program can mitigate the risk entirely through policy or process modifications. Bottom line, program administrators need to ask several questions: If a process change is necessary, does it need to take place in the application stage or the review stage? If in the application phase, does it require a business process control or software component? If in the review stage, how will reviewers verify it? Will it require certain information and/or permissions to be provided to the reviewers?

Ray: The next question is for Ron Frazier. Ron has more than 15 years of experience in project management, focusing on program compliance and integrity monitoring. Ron is also a licensed attorney and a certified project management professional. For the past two years, he has been providing integrity and compliance monitoring services to several state agencies charged with implementing CARES Act-funded programming.

Ron, in these COVID-19 assistance programs you are working on, are you seeing that states are choosing to apply very lenient eligibility and documentation requirements? If so, does that inherently increase the likelihood of improper payments, due to fraud or even human error?

In particular, the allowance for self-certification for some of the COVID-19 assistance programs has raised real concerns about consistency in documentation requirements and program oversight for internal controls. 

As a result, there is an inherently higher risk, and we are suggesting that states and state agencies make use of independent monitors to provide quality assurance and quality control as a supplement to their existing internal audit planning.

Ray: My next question is for data scientist Shih-Hsien Yang. Shih-Hsien, during this past year, you developed machine learning algorithms that were deployed in multiple states that detected thousands of fraudulent applications so that program administrators could intervene before funding was disbursed to fraudsters.

The Association of Certified Fraud Examiners (ACFE) recently published their 2022 Anti-Fraud Technology Benchmarking Report, in which they said they expect the use of artificial intelligence and machine learning to more than double over the next two years. Why should program administrators trust artificial intelligence and machine learning models to detect fraud in their programs? What is so special about this technology?

ML for fraud detection has been used in federal agencies and the private sector on a widespread scale for several years. In 2021, in view of the increasing trend of using AI technology in federal agencies and other entities, the U.S. Government Accountability Office (GAO) published its Artificial Intelligence Accountability Framework to ensure proper use of AI technology.

When it comes to combating fraud with increasingly sophisticated fraudsters, it’s crucial to be able to react in a timely and accurate manner. After all, taxpayers’ money is at stake. This is when ML can come into play. Once an ML model is developed, it enables near-real-time fraud detection that gives program administrators the ability to capture fraud before money goes out the door. Transactions are scored by the ML model, and program administrators can then allocate their limited time and resources to the riskiest cases.

Ray: As we’ve discussed, mitigating fraud requires proper programmatic design, continual monitoring and assessment, and the flexibility to address new risks as they arise. Contact our team for more information on how to identify and reduce fraud in new or existing programs.