Beyond finger-pointing: Common sense reform needed to prevent another fraud crisis
Linda Miller, the founder and CEO of Audient Group, LLC and a former deputy executive director of the Pandemic Response Accountability Committee, explains why C...
In the fall, I testified before the House Ways and Means Committee’s Subcommittee on Oversight on pandemic fraud and how to prevent such a massive fraud event in the future. The story of fraud in the pandemic is still being written. We may never know how much was stolen, but all told it could amount to $20 or $25 out of every $100 spent on pandemic relief programs.
It has become clearer than ever before that agencies were woefully underprepared to deal with the fraud threat that, in retrospect, was primed to explode long before the pandemic began. Massive data breaches had put nearly every American’s personal information up for sale. Meanwhile, shadowy online networks and sophisticated tools emerged that lowered the barrier to entry, allowing virtually anyone to use advanced fraud techniques that were, until recently, the province of a small group of elite criminals.
Yet agencies still have trouble appreciating the scale of the problem, much less responding to it. They continue to struggle with competency in data analytics and data sharing. They continue to struggle to keep pace with technological innovations in use in the private sector. And more fundamentally, they continue to struggle with poor incentives.
First, the data. Data use in the government is broken. Agencies rarely share data with one another, they have limited in-house data analytics skills, and they often eschew the use of third-party data due to privacy concerns which are largely the result of outdated laws, including the Fair Credit Reporting Act (FCRA) and the Privacy Act, which hamper agencies’ use of data to prevent fraud. This is especially true today, given the rise of data breaches and the epidemic of identity theft-based fraud perpetrated by sophisticated organized criminal groups. The tension between privacy protection and fraud prevention creates an untenable paralysis within government that fraudsters happily exploit.
Second, the government lags the private sector in the use of technology to identify and prevent fraud. Your bank likely has state-of-the-art technology that alerts you and it of a potential fraud event before it happens. In contrast, the government generally lacks basic “know your customer” tools to verify your identity, much less monitor your digital footprint for signs of compromise.
During the pandemic, fraud actors saw an enormous opportunity to exploit this weakness. State and federal agencies were, and are, vulnerable to fraud because they lack the tools necessary to detect fraud patterns. The acceleration of machine learning and artificial intelligence tools offer government agencies the ability to identify fraud schemes quickly. Natural language processing text analytics engines can identify duplicate passages in grant and loan applications in seconds. Massive amounts of third-party data can be mined and leveraged to identify past criminal activity and other suspicious indicators related to applicants and can identify patterns indicative of stolen or synthetic identities used in grant, loan and benefit applications. And social network analytics can identify the relationships between applicants that could indicate the existence of a fraud ring. Yet almost none of these tools and techniques are in use in government today.
And finally: incentives. Outside of the media attention pandemic fraud got, agency leaders face little pressure to monitor and respond to fraud risks because conventional wisdom erroneously holds that those activities slow things down and create unacceptable burdens for legitimate program beneficiaries. As a result, fraud becomes someone else’s problem, something to be dealt with later, after program funds have been disbursed and the emergency has passed — if ever. The burden then shifts to the investigative community, whose job it becomes to chase down and recover all the money stolen by fraudsters.
This is why I continue to believe it is critical that Congress create a well-funded, centralized antifraud office with the authority and resources to work solely on addressing the data, accountability and technology challenges stymying preventative fraud efforts at every level of government.
Fortunately, there already exist models for such an office. For instance, the Pandemic Analytics Center of Excellence (PACE), which currently resides within the Pandemic Response Accountability Committee (PRAC), has acquired over 100 public and non-public federal data sets and used them to identify fraud indicators and patterns that could only be observed by cross-referencing those data sets.
In addition, PACE promotes best practices and creates a centralized shared service, providing analytics capabilities to offices of inspectors general (OIGs). It also provides cutting edge tools and training to OIG investigators, and promotes overall data literacy throughout the oversight community.
Currently, the PACE is set to sunset with the PRAC in 2025 and codifying it as a permanent entity should be a legislative priority, as the Government Accountability Office has called for. As we learned with PACE’s predecessor, the Recovery Operations Center (ROC) — which supported OIGs in oversight of the American Recovery and Reinvestment Act of 2009 — years of progress and institutional knowledge can evaporate overnight when a temporary entity closes its doors. The DATA Act of 2014 authorized the Treasury Department to absorb ROC’s assets when the organization sunset, but Treasury elected not to do so and the ROC was dissolved in September 2015. The same fate may await PACE when the PRAC sunsets in September 2025.
And while the PACE should be made permanent to continue its work improving the capabilities of the IG community, for all the good it does, the PACE is a tool for the oversight community — it only helps us do a better job at the “pay and chase” model of fraud response.
We need a centralized analytics capability on the management side of government, where prevention can save billions in taxpayer dollars.
Today, agencies spend valuable time and money building redundant analytics systems, buying commercial tools duplicatively and trying and failing to institute data sharing agreements. And many simply do not know where to start or what to do when building out an antifraud program.
A centralized office — ideally within Treasury, where the Office of Payment Integrity is housed and could be expanded — with fraud risk and analytics competency and tools that can be leveraged across government, would establish an economy of scale to address these glaring gaps. Congress should provide the funding and mandate for this office to expand its reach and serve as a true centralized antifraud office with the infrastructure and authority to fill this crucial gap in program integrity in the U.S. government.
The COVID-19 pandemic will not be the last emergency that demands a sudden infusion of federal spending, creating a potential bonanza for enterprising fraudsters. In 2023 alone, there were a record-breaking 23 climate catastrophes and weather events costing at least $1 billion in property damage. Congress must establish antifraud funding for new and emergency programs to give these agencies the ability to build robust data-driven antifraud controls from the start.
It may be too late for our pandemic-era recovery programs, but Congress can act now to stop mass fraud in ongoing and future programs. It can create a centralized office to ensure that agencies have the tools they need to prevent fraud before it happens. It can establish antifraud funding for new and emergency programs to build these tools into their operations from the start. It can work to revise outdated laws that limit agencies’ ability to use data to prevent fraud, especially given the rise of data breaches and the epidemic of identity theft. It can incentivize agency leaders by holding regular hearings to discuss agency actions to prevent fraud and building fraud prevention targets into the performance metrics.
We cannot afford to keep learning the same lesson that when it comes to fighting fraud, an ounce of prevention is worth a pound of cure. We must act now to put more fraud prevention tools into the hands of government leaders and hold them accountable to prevent history from repeating itself in the future.
Linda Miller is a fraud risk subject matter expert and the former deputy executive director of the Pandemic response Accountability Committee (PRAC). She is the founder and CEO of Audient Group, LLC, a boutique consultancy focusing on helping government agencies prevent, detect and respond to fraud and improper payments.
Beyond finger-pointing: Common sense reform needed to prevent another fraud crisis
Linda Miller, the founder and CEO of Audient Group, LLC and a former deputy executive director of the Pandemic Response Accountability Committee, explains why C...
In the fall, I testified before the House Ways and Means Committee’s Subcommittee on Oversight on pandemic fraud and how to prevent such a massive fraud event in the future. The story of fraud in the pandemic is still being written. We may never know how much was stolen, but all told it could amount to $20 or $25 out of every $100 spent on pandemic relief programs.
It has become clearer than ever before that agencies were woefully underprepared to deal with the fraud threat that, in retrospect, was primed to explode long before the pandemic began. Massive data breaches had put nearly every American’s personal information up for sale. Meanwhile, shadowy online networks and sophisticated tools emerged that lowered the barrier to entry, allowing virtually anyone to use advanced fraud techniques that were, until recently, the province of a small group of elite criminals.
Yet agencies still have trouble appreciating the scale of the problem, much less responding to it. They continue to struggle with competency in data analytics and data sharing. They continue to struggle to keep pace with technological innovations in use in the private sector. And more fundamentally, they continue to struggle with poor incentives.
First, the data. Data use in the government is broken. Agencies rarely share data with one another, they have limited in-house data analytics skills, and they often eschew the use of third-party data due to privacy concerns which are largely the result of outdated laws, including the Fair Credit Reporting Act (FCRA) and the Privacy Act, which hamper agencies’ use of data to prevent fraud. This is especially true today, given the rise of data breaches and the epidemic of identity theft-based fraud perpetrated by sophisticated organized criminal groups. The tension between privacy protection and fraud prevention creates an untenable paralysis within government that fraudsters happily exploit.
Learn how DLA, GSA’s Federal Acquisition Service and the State Department are modernizing their contract and acquisition processes to make procurement an all-around better experience for everyone involved.
Second, the government lags the private sector in the use of technology to identify and prevent fraud. Your bank likely has state-of-the-art technology that alerts you and it of a potential fraud event before it happens. In contrast, the government generally lacks basic “know your customer” tools to verify your identity, much less monitor your digital footprint for signs of compromise.
During the pandemic, fraud actors saw an enormous opportunity to exploit this weakness. State and federal agencies were, and are, vulnerable to fraud because they lack the tools necessary to detect fraud patterns. The acceleration of machine learning and artificial intelligence tools offer government agencies the ability to identify fraud schemes quickly. Natural language processing text analytics engines can identify duplicate passages in grant and loan applications in seconds. Massive amounts of third-party data can be mined and leveraged to identify past criminal activity and other suspicious indicators related to applicants and can identify patterns indicative of stolen or synthetic identities used in grant, loan and benefit applications. And social network analytics can identify the relationships between applicants that could indicate the existence of a fraud ring. Yet almost none of these tools and techniques are in use in government today.
And finally: incentives. Outside of the media attention pandemic fraud got, agency leaders face little pressure to monitor and respond to fraud risks because conventional wisdom erroneously holds that those activities slow things down and create unacceptable burdens for legitimate program beneficiaries. As a result, fraud becomes someone else’s problem, something to be dealt with later, after program funds have been disbursed and the emergency has passed — if ever. The burden then shifts to the investigative community, whose job it becomes to chase down and recover all the money stolen by fraudsters.
This is why I continue to believe it is critical that Congress create a well-funded, centralized antifraud office with the authority and resources to work solely on addressing the data, accountability and technology challenges stymying preventative fraud efforts at every level of government.
Fortunately, there already exist models for such an office. For instance, the Pandemic Analytics Center of Excellence (PACE), which currently resides within the Pandemic Response Accountability Committee (PRAC), has acquired over 100 public and non-public federal data sets and used them to identify fraud indicators and patterns that could only be observed by cross-referencing those data sets.
In addition, PACE promotes best practices and creates a centralized shared service, providing analytics capabilities to offices of inspectors general (OIGs). It also provides cutting edge tools and training to OIG investigators, and promotes overall data literacy throughout the oversight community.
Currently, the PACE is set to sunset with the PRAC in 2025 and codifying it as a permanent entity should be a legislative priority, as the Government Accountability Office has called for. As we learned with PACE’s predecessor, the Recovery Operations Center (ROC) — which supported OIGs in oversight of the American Recovery and Reinvestment Act of 2009 — years of progress and institutional knowledge can evaporate overnight when a temporary entity closes its doors. The DATA Act of 2014 authorized the Treasury Department to absorb ROC’s assets when the organization sunset, but Treasury elected not to do so and the ROC was dissolved in September 2015. The same fate may await PACE when the PRAC sunsets in September 2025.
And while the PACE should be made permanent to continue its work improving the capabilities of the IG community, for all the good it does, the PACE is a tool for the oversight community — it only helps us do a better job at the “pay and chase” model of fraud response.
Read more: Commentary
We need a centralized analytics capability on the management side of government, where prevention can save billions in taxpayer dollars.
Today, agencies spend valuable time and money building redundant analytics systems, buying commercial tools duplicatively and trying and failing to institute data sharing agreements. And many simply do not know where to start or what to do when building out an antifraud program.
A centralized office — ideally within Treasury, where the Office of Payment Integrity is housed and could be expanded — with fraud risk and analytics competency and tools that can be leveraged across government, would establish an economy of scale to address these glaring gaps. Congress should provide the funding and mandate for this office to expand its reach and serve as a true centralized antifraud office with the infrastructure and authority to fill this crucial gap in program integrity in the U.S. government.
The COVID-19 pandemic will not be the last emergency that demands a sudden infusion of federal spending, creating a potential bonanza for enterprising fraudsters. In 2023 alone, there were a record-breaking 23 climate catastrophes and weather events costing at least $1 billion in property damage. Congress must establish antifraud funding for new and emergency programs to give these agencies the ability to build robust data-driven antifraud controls from the start.
It may be too late for our pandemic-era recovery programs, but Congress can act now to stop mass fraud in ongoing and future programs. It can create a centralized office to ensure that agencies have the tools they need to prevent fraud before it happens. It can establish antifraud funding for new and emergency programs to build these tools into their operations from the start. It can work to revise outdated laws that limit agencies’ ability to use data to prevent fraud, especially given the rise of data breaches and the epidemic of identity theft. It can incentivize agency leaders by holding regular hearings to discuss agency actions to prevent fraud and building fraud prevention targets into the performance metrics.
We cannot afford to keep learning the same lesson that when it comes to fighting fraud, an ounce of prevention is worth a pound of cure. We must act now to put more fraud prevention tools into the hands of government leaders and hold them accountable to prevent history from repeating itself in the future.
Linda Miller is a fraud risk subject matter expert and the former deputy executive director of the Pandemic response Accountability Committee (PRAC). She is the founder and CEO of Audient Group, LLC, a boutique consultancy focusing on helping government agencies prevent, detect and respond to fraud and improper payments.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
Network connectivity: An urgent matter of national security
NIST’s quantum standards: The time for upgrades is now
For federal agencies, targeted communications are central to executing CX initiatives